> For the complete documentation index, see [llms.txt](https://quarklab.gitbook.io/quark-lab/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://quarklab.gitbook.io/quark-lab/quark-stealer/windows-stealer.md).

# Windows Stealer

{% hint style="danger" %}
We’ve officially pulled Quark Stealer from public distribution. Going forward, it’s no longer available for general sale.
{% endhint %}

## 📖 Basic description <a href="#basic-description" id="basic-description"></a>

<figure><img src="/files/eCOwqesHizOjgdzd0MJj" alt=""><figcaption></figcaption></figure>

{% embed url="<https://t.me/+Qxz7dQSGkddlZTRh>" %}
Channel link
{% endembed %}

{% embed url="<https://quarklab.app/stealer-logs>" %}
Website
{% endembed %}

> The software collects personal and general device data for authorisation purposes. It features a practical web panel with a minimalistic design and a clear log structure. The build is written in C++ and has a weight of 600 Kb. Linking is static, and DLLs are not pulled from the server. The server-side log decoding is also included. The communication with the C2 server is established through a proprietary protocol that operates on top of TCP. The data collection includes 100 browsers and 100 crypto-wallets, which encompass both cryptocurrency and desktop wallets stored on the device. Additionally, Steam files are collected, along with 2 Telegram clients (tdata folders) and 5 Discord clients. The Discord token is decrypted and saved. There are 27 different password managers available. The logs are encrypted and stored on your servers. To use them, you will need to purchase a VDS.

{% hint style="warning" %}
**Stealer collection functionality:**

* Data from 106 browsers;
* Data from 107 cryptocurrency wallets;
* Any FileGrabber extensions;
* Environment variables;
* Installed software;
* Windows Credential Manager and Windows Vault;
* Browser history of the infected device;
* Infected device's browser bookmarks;
* Browser autocomplete fields;
* Data from 2 Telegram clients;
* Steam folder;
* Discord tokens;
* Data from 27 password managers;
* OpenVpn configurations;
* Outlook;
* Loader;
* Google tokens;
  {% endhint %}

<details>

<summary>Chromium browsers</summary>

Google Chrome, Google Chrome Beta, Google Chrome (x86), Google Chrome SxS, 360ChromeX, Chromium, Microsoft Edge, Brave Browser, Epic Privacy Browser, Amigo, Vivaldi, Kometa, Orbitum, Mail.Ru Atom, Comodo Dragon, Torch, Comodo, Slimjet, 360Browser, 360 Secure Browser, Maxthon3, Maxthon5, Maxthon, QQBrowser, K-Meleon, Xpom, Lenovo Browser, Xvast, Go! Safer Secure Browser, Sputnik, Nichrome, CocCoc Browser, Uran, Chromodo, Yandex Browser, 7Star, Chedot, CentBrowser, Iridium, Opera Stable, Opera Neon, Opera Crypto Developer, Opera GX, Elements Browser, Citrio, Sleipnir5 ChromiumViewer, QIP Surf, Liebao, Coowon, ChromePlus, Rafotech Mustang, Suhba, TorBro, RockMelt, Bromium, Twinkstar, CCleaner Browser, AcWebBrowser, CoolNovo, Baidu Spark, SRWare Iron, Titan Browser, AVAST Browser, AVG Browser, UCBrowser, URBrowser, Blisk, Flock, CryptoTab Browser, SwingBrowser, Sidekick, Superbird, SalamWeb, GhostBrowser, NetboxBrowser, GarenaPlus, Kinza, InsomniacBrowser, ViaSat Browser, Naver Whale, Falkon

</details>

<details>

<summary>Gecko browsers</summary>

Firefox, SeaMonkey, Waterfox, K-Meleon, Thunderbird, CLIQZ, IceDragon, Cyberfox, BlackHawk, Pale Moon, IceCat, Basilisk, BitTube, SlimBrowser

</details>

<details>

<summary>Crypto extensions </summary>

Metamask, Metamask (Edge), Metamask (Opera), BinanceChain, Bitapp, Coin98, Safe Pal, Safe Pal (Edge), DAppPlay, Guarda, Equal, Guild, Casper, Casper (Edge), ICONex, Math, Math (Edge), Mobox, Phantom, TronLink, XinPay, Ton, Sollet, Slope, DuinoCoin, Starcoin, Hiro Wallet, MetaWallet, Swash, Finnie, Keplr, Crocobit, Oxygen, Nifty, Liquality, Ronin, Ronin (Edge), Oasis, Temple, Pontem, Solflare, Yoroi, iWallet, Wombat, Coinbase, MewCx, Jaxx Liberty (Web), OneKey, Hycon Lite Client, SubWallet (Polkadot), Goby, TezBox, ONTO Wallet, Hashpack, Cyano, Martian Wallet, Sender Wallet, Zecrey, Auro, Terra Station, KardiaChain, Rabby, NeoLine, Nabox, XDeFi, KHC, CLW, Polymesh, ZilPay, Byone, Eternl, Guarda (Web), Nami, Maiar DeFi Wallet, Leaf Wallet, Brave Wallet, Opera Wallet, CardWallet, Flint, Exodus (Web), TrustWallet, CryptoAirdrop

</details>

<details>

<summary>Desktop wallets</summary>

Coinomi, Dash, Litecoin, Bitcoin, Dogecoin, Qtum, Armory, Bytecoin, MultiBit, Jaxx Liberty, Exodus, Ethereum, Electrum, Electrum-LTC, Atomic Wallet, Guarda, WalletWasabi, ElectronCash, Sparrow, IOCoin, PPCoin, BBQCoin, Mincoin, DevCoin, YACoin, Franko, FreiCoin, InfiniteCoin, GoldCoinGLD, Binance, Terracoin, Daedalus Mainnet, MyMonero, MyCrypto, AtomicDEX, Bisq, Defichain-Electrum, TokenPocket (Browser), Zap

</details>

<details>

<summary>Password managers</summary>

Authenticator, Authenticator (Edge), Trezor Password Manager, GAuth Authenticator, EOS Authenticator, 1Password, 1Password (Edge), KeePassXC (Web), KeePassXC (Web Edge), Dashlane, Dashlane (Edge), Bitwarden, Bitwarden (Edge), NordPass, Keeper, RoboForm (Web), RoboForm (Web Edge), LastPass, LastPass (Edge), BrowserPass, MYKI, MYKI (Edge), Splikity, CommonKey, SAASPASS, Zoho Vault, Authy (Web)

</details>

<details>

<summary>Discord clients</summary>

Discord, DiscordCanary, DiscordPTB, Lightcord, DiscordDevelopment

</details>

<details>

<summary>Telegram clients</summary>

Kotatogram, Telegram desktop

</details>

{% hint style="info" %}
**Panel functionality:**

<mark style="color:red;">**Login page**</mark> - Secure login page to the panel, using multiple encryption algorithms;&#x20;

<mark style="color:red;">**LogList**</mark> - list of logs with general information on each log;&#x20;

<mark style="color:red;">**Builder**</mark> - convenient and flexibly customizable builder;&#x20;

<mark style="color:red;">**Telegram bot customization**</mark> for tapping;&#x20;

<mark style="color:red;">**Customize**</mark> the font in the dashboard;&#x20;

<mark style="color:red;">**Dashboard**</mark> - handy information page with weekly stats taken into account;

<mark style="color:red;">**File pumper**</mark> - increase the size of any file right in your web panel;

<mark style="color:red;">**Compress build**</mark> - compress a build with upx right in your web panel;

<mark style="color:red;">**Google recovery**</mark> - recover cookies from google account directly in your web panel;
{% endhint %}

## &#x20;                                          <mark style="color:purple;">**PRICE: 2000$**</mark>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://quarklab.gitbook.io/quark-lab/quark-stealer/windows-stealer.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.