// Token: 0x060008D1 RID: 2257 RVA: 0x01054560 File Offset: 0x01052760 public static void WarnOrBanRegedit(RegistryKey key) { try { bool flag = false; if (key != null) { foreach (string text in key.GetValueNames()) { if (text == anti_anal.Warn) { key.DeleteValue(text); key.SetValue(anti_anal.Ban, Local.CreateMD5(anti_anal.RandomString(anti_anal.random.Next(30, 37)))); flag = true; } } GC.Collect(); foreach (string name in key.GetValueNames()) { if (!flag) { key.DeleteValue(name); key.SetValue(anti_anal.Warn, Local.CreateMD5(anti_anal.RandomString(anti_anal.random.Next(30, 37)))); flag = true; } } } } catch { } }
// Token: 0x060008D4 RID: 2260 RVA: 0x01054700 File Offset: 0x01052900 private static void CreateRegeditRecords(RegistryKey key, int count) { try { for (int i = 0; i < count; i++) { key.SetValue(Local.CreateMD5(anti_anal.RandomString(anti_anal.random.Next(30, 37))), Local.CreateMD5(anti_anal.RandomString(anti_anal.random.Next(30, 37)))); } } catch { } }
// Token: 0x060008D5 RID: 2261 RVA: 0x01054764 File Offset: 0x01052964 private static void RegeditAbuse() { RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64); RegistryKey registryKey2 = registryKey.OpenSubKey("Software\\Microsoft\\Office\\Outlook\\FormRegions\\IH", true); if (registryKey2 == null) { registryKey2 = registryKey.CreateSubKey("Software\\Microsoft\\Office\\Outlook\\FormRegions\\IH"); try { anti_anal.CreateRegeditRecords(registryKey2, 50); } catch { } } try { anti_anal.CheckIfRegeditExists(registryKey2, 50); } catch { } try { IL_4D: registryKey2 = registryKey.OpenSubKey("Software\\Microsoft\\Office\\Outlook\\FormRegions\\IH", true); if (registryKey2 != null) { foreach (string text in registryKey2.GetValueNames()) { if (text != anti_anal.Warn && text != anti_anal.Ban) { registryKey2.DeleteValue(text); registryKey2.SetValue(Local.CreateMD5(anti_anal.RandomString(anti_anal.random.Next(30, 37))), Local.CreateMD5(anti_anal.RandomString(anti_anal.random.Next(30, 37)))); } } } } catch { } Thread.Sleep(100); goto IL_4D; }