App Directories
%APPDATA%\Discord\%APPDATA%\Discord Canary\%APPDATA%\Discord PTB\
Target Files
InfoStealers target Discord tokens by extracting data from LevelDB and log files and decrypting them using the master key stored in the Local State file via DPAPI. Each encrypted token is prefixed with “dQw4w9WgXcQ:”.
If Discord tokens are stolen, attackers may leverage the Discord API to access and exfiltrate sensitive user information.
- Master Key:
Local State - LevelDB:
*.ldb - Logs:
*.logs