REM Windows Simple PowerShell Command Execution Script
REM -----------------------------------------------
REM This script opens PowerShell and executes some basic commands

REM Wait for device recognition
DELAY 1000

REM Open Run dialog
GUI r
DELAY 500

REM Start PowerShell
STRING powershell -NoP -NonI -W Hidden
DELAY 200
ENTER
DELAY 1500

REM Create a new directory for our work
STRING $workdir = "$env:USERPROFILE\Documents\duck_data"; New-Item -ItemType Directory -Force -Path $workdir | Out-Null
DELAY 200
ENTER
DELAY 500

REM Change to that directory
STRING cd $workdir
DELAY 200
ENTER
DELAY 300

REM Get system information
STRING Write-Output "=== System Information Collected by Rubber Duck ===" | Out-File -FilePath .\system_info.txt
DELAY 200
ENTER
DELAY 300

REM Computer name and Windows version
STRING Write-Output "`n=== Computer Name and OS ===" | Out-File -FilePath .\system_info.txt -Append
DELAY 200
ENTER
DELAY 300

STRING Get-ComputerInfo | Select-Object CsName, OsName, OsVersion, OsBuildNumber | Format-List | Out-File -FilePath .\system_info.txt -Append
DELAY 200
ENTER
DELAY 1000

REM Network information
STRING Write-Output "`n=== Network Interfaces ===" | Out-File -FilePath .\system_info.txt -Append
DELAY 200
ENTER
DELAY 300

STRING Get-NetIPAddress | Where-Object {$_.AddressFamily -eq "IPv4"} | Select-Object InterfaceAlias, IPAddress | Format-Table -AutoSize | Out-File -FilePath .\system_info.txt -Append
DELAY 200
ENTER
DELAY 1000

REM Hardware information
STRING Write-Output "`n=== Hardware Information ===" | Out-File -FilePath .\system_info.txt -Append
DELAY 200
ENTER
DELAY 300

STRING Get-WmiObject -Class Win32_Processor | Select-Object Name, NumberOfCores, MaxClockSpeed | Format-List | Out-File -FilePath .\system_info.txt -Append
DELAY 200
ENTER
DELAY 1000

STRING Get-WmiObject -Class Win32_ComputerSystem | Select-Object TotalPhysicalMemory | ForEach-Object { [PSCustomObject]@{ TotalRAM_GB = [math]::Round($_.TotalPhysicalMemory/1GB, 2) } } | Format-List | Out-File -FilePath .\system_info.txt -Append
DELAY 200
ENTER
DELAY 1000

REM Display the output file
STRING notepad .\system_info.txt
DELAY 200
ENTER
DELAY 3000

REM Close notepad
ALT F4
DELAY 500

REM Create a simple pop-up message as proof of execution
STRING Add-Type -AssemblyName PresentationFramework; [System.Windows.MessageBox]::Show('Rubber Duck payload executed successfully!', 'Rubber Duck Demo', 'OK', 'Information')
DELAY 200
ENTER

REM Clean up by exiting PowerShell
DELAY 3000
STRING exit
DELAY 200
ENTER 