// Token: 0x060000A2 RID: 162 RVA: 0x00008FB0 File Offset: 0x000071B0
private static void DetectVM()
{
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (ManagementObjectCollection managementObjectCollection = managementObjectSearcher.Get())
{
foreach (ManagementBaseObject managementBaseObject in managementObjectCollection)
{
if ((managementBaseObject["Manufacturer"].ToString().ToLower() == "microsoft corporation" && managementBaseObject["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL")) || managementBaseObject["Manufacturer"].ToString().ToLower().Contains("vmware") || managementBaseObject["Model"].ToString() == "VirtualBox")
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/VM Detected");
Protection.Error();
}
}
}
}
foreach (ManagementBaseObject managementBaseObject2 in new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_VideoController").Get())
{
if (managementBaseObject2.GetPropertyValue("Name").ToString().Contains("VMware") && managementBaseObject2.GetPropertyValue("Name").ToString().Contains("VBox"))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/VM Detected");
Protection.Error();
}
}
}
// Token: 0x06000097 RID: 151 RVA: 0x00008CCC File Offset: 0x00006ECC
private static void Misc()
{
if (Process.GetProcessesByName(Process.GetCurrentProcess().ProcessName).Count <Process>() > 1)
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/Already running");
Protection.Error();
}
Process p = Process.GetCurrentProcess();
int processId = (int)new PerformanceCounter("Process", "Creating Process ID", p.ProcessName).NextValue();
if (Process.GetProcessById(processId).ProcessName == "cmd")
{
Console.Title = "Outbuilt.OOO Protection";
Console.Clear();
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Application not allowed to run in CMD!");
Thread.Sleep(2000);
Process.GetCurrentProcess().Kill();
}
if (Process.GetProcessById(processId).ProcessName == "powershell")
{
Console.Title = "Outbuilt.OOO Protection";
Console.Clear();
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Application not allowed to run in powershell!");
Thread.Sleep(2000);
Process.GetCurrentProcess().Kill();
}
}
// Token: 0x0600009C RID: 156 RVA: 0x00008EAA File Offset: 0x000070AA
private static void Admin()
{
if (!Protection.IsAdministrator())
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/AppNotAdmin");
Protection.Error();
}
}
// Token: 0x06000090 RID: 144 RVA: 0x00008A78 File Offset: 0x00006C78
private static void Detect()
{
if (Protection.GetModuleHandle("SbieDll.dll").ToInt32() != 0)
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/Sandboxie");
Protection.Error();
}
}
// Token: 0x060000B8 RID: 184 RVA: 0x00009B68 File Offset: 0x00007D68
internal static void AssemblyHashAlgorithm()
{
int num = new Random().Next(3000, 10000);
DateTime now = DateTime.Now;
Thread.Sleep(num);
if ((DateTime.Now - now).TotalMilliseconds < (double)num)
{
Protection.Error();
}
}
// Token: 0x060000A1 RID: 161 RVA: 0x00008F64 File Offset: 0x00007164
private static void DetectEmulation()
{
long tickCount = (long)Environment.TickCount;
Thread.Sleep(500);
if ((long)Environment.TickCount - tickCount < 500L)
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/Emulation");
Protection.Error();
}
}
// Token: 0x0600008E RID: 142 RVA: 0x00008A14 File Offset: 0x00006C14
public static void Start()
{
try
{
new WebClient().DownloadString("https://google.com");
}
catch
{
Protection.Error();
}
Protection.CMD();
Protection.Detect();
Protection.DetectVM();
Protection.Outbuilt.DefaultDependencyAttribute();
}
// Token: 0x0600008D RID: 141 RVA: 0x000089A4 File Offset: 0x00006BA4
private static void CMD()
{
string pathRoot = Path.GetPathRoot(Environment.SystemDirectory);
if (!File.Exists(pathRoot + "Windows\\System32\\cmd.exe"))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/CMD missing");
Protection.Error();
}
if (!File.Exists(pathRoot + "Windows\\System32\\taskkill.exe"))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/taskkill missing");
Protection.Error();
}
}
// Token: 0x060000BB RID: 187 RVA: 0x00009BF8 File Offset: 0x00007DF8
internal static void ByteEqualityComparer()
{
string[] array = Protection.Outbuilt.GetArray();
List <string> whitelist = new List <string>
{
"winstore.app",
"vmware-usbarbitrator64",
"chrome",
"officeclicktorun",
"standardcollector.service",
"svchost",
"explorer"
};
Debugger.Log(0, null, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s");
for (;;)
{
foreach (Process process in Process.GetProcesses())
{
if (process != Process.GetCurrentProcess())
{
for (int i = 0; i < array.Length; i++)
{
int id = Process.GetCurrentProcess().Id;
if (process.ProcessName.ToLower().Contains(array[i]) && !whitelist.Contains(process.ProcessName.ToLower()))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/" + process.ProcessName);
Thread.Sleep(500);
Protection.Error();
}
if (process.MainWindowTitle.ToLower().Contains(array[i]) && !whitelist.Contains(process.ProcessName.ToLower()))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/" + process.ProcessName);
Thread.Sleep(500);
Protection.Error();
}
if (process.MainWindowHandle.ToString().ToLower().Contains(array[i]) && !whitelist.Contains(process.ProcessName.ToLower()))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/" + process.ProcessName);
Thread.Sleep(500);
Protection.Error();
}
if (Protection.GetModuleHandle("HTTPDebuggerBrowser.dll") != IntPtr.Zero || Protection.GetModuleHandle("FiddlerCore4.dll") != IntPtr.Zero || Protection.GetModuleHandle("RestSharp.dll") != IntPtr.Zero || Protection.GetModuleHandle("Titanium.Web.Proxy.dll") != IntPtr.Zero)
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/HTTPDebuggerBrowser");
Protection.Error();
}
if (File.ReadAllText("C:\\WINDOWS\\System32\\Drivers\\Etc\\hosts").Contains(array[i]))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/Hosts Debugger");
Protection.Error();
}
Protection.CheckForAnyProxyConnections();
}
}
}
}
}
