This tool is made for data exfiltration. All information collected is sent using discord webhooks.
- Create a Webhook on your Discord Server. I recommend creating a new server.
- Replace YOUR_WEBHOOK_HERE in line 6 with your webhook.
Use Invoke-Obfuscation.
Or use Somalifuscator for .bat files
- Persistence via Task Scheduler & Windows Registry
- Extracts WiFi Passwords
- Extracts Browser Data (Brave, Chrome, Firefox, Microsoft Edge etc.)
- Extracts Discord Token
- Get System Information (Version, CPU, DISK, GPU, RAM, IP, Installed Apps etc.)
- Takes Desktop Screenshot
- List of Installed Applications
- List of Installed Antiviruses
- List of all Network Adapters
- List of Apps that Run On Startup
- List of Running Services & Applications
- List TCP Connections and Underlying Process
- Extracts Product Key
- Open a new Elevated Powershell Console and Paste the Contents below
$ErrorActionPreference = "SilentlyContinue"
function Cleanup {
Unregister-ScheduledTask -TaskName "KDOT" -Confirm:$False
Remove-Item -Path "$env:appdata\KDOT" -force -recurse
Remove-MpPreference -ExclusionPath "$env:APPDATA\KDOT"
Remove-MpPreference -ExclusionPath "$env:LOCALAPPDATA\Temp"
Remove-ItemProperty –Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" –Name "KDOT" -Force
Write-Host "[~] Successfully Uninstalled !" -ForegroundColor Green
}
Cleanup
- Join our server https://discord.com/invite/batch
This project is licensed under the MIT License - see the LICENSE file for details
I, the creator, am not responsible for any actions, and or damages, caused by this software. You bear the full responsibility of your actions and acknowledge that this tool was created for educational purposes only. This tool's main purpose is NOT to be used maliciously, or on any system that you do not own, or have the right to use. By using this software, you automatically agree to the above.