Smart keylogging capability to steal SSH Credentials including password & Private Key

The stolen credentials are written to C:\Users\<Username>\Desktop\desktop.ini ADS log stream.

To get the credentials type the cmd command:

more < "C:\Users\<Username>\Desktop\desktop.ini:log"

To remove the stored credentials type the powershell command:

Remove-Item -Path "C:\Users\d1rk\Desktop\desktop.ini" -Stream "log"

N.B: Refer to the Demo down below for each use case