// Token: 0x06000090 RID: 144 RVA: 0x00008A78 File Offset: 0x00006C78
private static void Detect()
{
if (Protection.GetModuleHandle("SbieDll.dll").ToInt32() != 0)
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/Sandboxie");
Protection.Error();
}
}
// Token: 0x060000BB RID: 187 RVA: 0x00009BF8 File Offset: 0x00007DF8
internal static void ByteEqualityComparer()
{
string[] array = Protection.Outbuilt.GetArray();
List <string> whitelist = new List <string>
{
"winstore.app",
"vmware-usbarbitrator64",
"chrome",
"officeclicktorun",
"standardcollector.service",
"svchost",
"explorer"
};
Debugger.Log(0, null, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s");
for (;;)
{
foreach (Process process in Process.GetProcesses())
{
if (process != Process.GetCurrentProcess())
{
for (int i = 0; i < array.Length; i++)
{
int id = Process.GetCurrentProcess().Id;
if (process.ProcessName.ToLower().Contains(array[i]) && !whitelist.Contains(process.ProcessName.ToLower()))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/" + process.ProcessName);
Thread.Sleep(500);
Protection.Error();
}
if (process.MainWindowTitle.ToLower().Contains(array[i]) && !whitelist.Contains(process.ProcessName.ToLower()))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/" + process.ProcessName);
Thread.Sleep(500);
Protection.Error();
}
if (process.MainWindowHandle.ToString().ToLower().Contains(array[i]) && !whitelist.Contains(process.ProcessName.ToLower()))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/" + process.ProcessName);
Thread.Sleep(500);
Protection.Error();
}
if (Protection.GetModuleHandle("HTTPDebuggerBrowser.dll") != IntPtr.Zero || Protection.GetModuleHandle("FiddlerCore4.dll") != IntPtr.Zero || Protection.GetModuleHandle("RestSharp.dll") != IntPtr.Zero || Protection.GetModuleHandle("Titanium.Web.Proxy.dll") != IntPtr.Zero)
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/HTTPDebuggerBrowser");
Protection.Error();
}
if (File.ReadAllText("C:\\WINDOWS\\System32\\Drivers\\Etc\\hosts").Contains(array[i]))
{
Directory.CreateDirectory("C:/ProgramData/Outbuilt");
File.Create("C:/ProgramData/Outbuilt/Hosts Debugger");
Protection.Error();
}
Protection.CheckForAnyProxyConnections();
}
}
}
}
}