API tools faq
paste
italianncheater

Timesmasher

italianncheater
Jan 19th, 2021
652
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 2.77 KB
raw download clone embed print report
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Diagnostics.Eventing.Reader;
  4. using System.Threading;
  5.  
  6. namespace TimeModificationCheck {
  7.     class Program {
  8.  
  9.         class CheckInfo {
  10.             public CheckInfo(bool result, DateTime previousTime, DateTime newTime, DateTime? generatedAt, long? recordIdentifier) {
  11.                 this.Result = result;
  12.                 this.Previous = previousTime;
  13.                 this.New = newTime;
  14.                 this.Time = generatedAt;
  15.                 this.Id = recordIdentifier;
  16.             }
  17.  
  18.             public CheckInfo(bool result) {
  19.                 this.Result = result;
  20.             }
  21.  
  22.             public bool Result { get; }
  23.             public DateTime Previous { get; }
  24.             public DateTime New { get; }
  25.             public DateTime? Time { get; }
  26.             public long? Id { get; }
  27.  
  28.         };
  29.  
  30.         static void Main(string[] args) {
  31.  
  32.             Console.Title = "Timesmasher by @italianncheater";
  33.             Console.ForegroundColor = ConsoleColor.Yellow;
  34.             Console.WriteLine("Analyzing logs...\n\n");
  35.             Console.ForegroundColor = ConsoleColor.White;
  36.  
  37.             CheckInfo info = checkTimeModification();
  38.  
  39.             Thread.Sleep(2000);
  40.             if (info.Result) {
  41.                 Console.WriteLine("[!] And u got exposed!");
  42.                 Console.WriteLine("Previous time: {0} | New time: {1}\nGenerated at: {2} | Record ID: {3}\n\n",
  43.                     info.Previous, info.New, info.Time, info.Id);
  44.             } else Console.WriteLine("[?] U seems to be legit!\n\n");
  45.  
  46.             Console.Write("Press ENTER to exit the program...");
  47.             Console.ReadLine();
  48.         }
  49.  
  50.         static CheckInfo checkTimeModification() {
  51.             EventRecord entry;
  52.             string logPath = @"C:\Windows\System32\winevt\Logs\Security.evtx";
  53.             EventLogReader logReader = new EventLogReader(logPath, PathType.FilePath);
  54.             DateTime pcStartTime = startTime();
  55.  
  56.             while ((entry = logReader.ReadEvent()) != null) {
  57.                 if (entry.Id != 4616) continue;
  58.                 if (entry.TimeCreated <= pcStartTime) continue;
  59.  
  60.                 IList<EventProperty> properties = entry.Properties;
  61.                 DateTime previousTime = DateTime.Parse(properties[4].Value.ToString());
  62.                 DateTime newTime = DateTime.Parse(properties[5].Value.ToString());
  63.  
  64.                 if (Math.Abs((previousTime - newTime).TotalMinutes) > 5)
  65.                     return new CheckInfo(true, previousTime, newTime, entry.TimeCreated, entry.RecordId);
  66.             }
  67.             return new CheckInfo(false);
  68.         }
  69.  
  70.         static DateTime startTime() {
  71.             return DateTime.Now.AddMilliseconds(-Environment.TickCount);
  72.         }
  73.     }
  74. }
  75.  
RAW Paste Data
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!