qwertyasf

@cambaz Any updates?

Update link: https://www.mediafire.com/file/ozfu8aurs2mo5n0/update.zip/file

🔹 Program Name & Version: Program.exe 🔹 VirusTotal: https://www.virustotal.com/gui/file/a4749906d8fac64b1dfc357c089b2d5b49659082df6f5a6ec2538e259c3b396f?nocache=1 🔹 Protection Analysis (DIE, PEiD, ProtectionID results): DIE v3.10: File type: PE64 Architecture: AMD64 Endianness: Little Endian Mode: 64-bit Linker: Microsoft Linker Language: MSIL / C# (.NET) Framework: .NET Framework v4.8 (CLR v4.0.30319) Protector: .NET Reactor 6.x Control Flow Obfuscation Anti-Tamper Anti-ILDASM Heuristic protection: Obfuscation (modified EP + CLR constructor + virtualization) Calls encryption Anti-ILDASM techniques Anti-analysis / Anti-debug Packed or compressed data High entropy detected Compressed resource section (.rsrc) Licensing: LicensingProvider attribute License manager detected 🔹 Any Extra Protections (e.g. disk wiper, BSOD, VM detection): No destructive behavior detected. No disk wiper or BSOD behavior observed. Strong obfuscation and anti-tamper protections present. Possible anti-debug and anti-analysis mechanisms. VM detection: Not confirmed (static analysis only). 🔹 What Does the Program Do?: Unknown exact functionality. The application is a .NET GUI program and appears to be protected with heavy obfuscation using .NET Reactor. Further dynamic analysis is required to determine its real behavior. 🔹 Supported Systems & Architectures: Windows x64 Compatible with .NET Framework 4.8 environments 🔹 Screenshot(s) of the Program: 🔹 Limitations: Heavily protected with .NET Reactor, making analysis and modification difficult. Requires unpacking and deobfuscation for deeper inspection. 🔹 Download Link: https://www.mediafire.com/file/4ouyh7he0urxogk/Program.rar/file 🔹 Additional Notes: Uses strong .NET obfuscation (control flow + virtualization). Contains anti-tamper and anti-decompilation protections. Resources appear compressed and possibly embedded. Recommended tools: dnSpyEx, x64dbg, ExtremeDumper, de4dot (custom builds). Difficulty: Medium 🚧

🔹 Program Name & Version: Kyo version:??? 🔹 Protection Analysis (DIE, PEiD, ProtectionID results): 🔹 Any Extra Protections: VM detection , Upon opening, if it doesn't detect any login or that it was opened without using the login form, it displays an error message, opens the application (the form I need), and closes quickly. It executes a .bat file to delete the application. Information from the .bat file: :DEL1 del "New folder\pymg.exe" IF EXIST "New folder\pymg.exe" GOTO DEL1 :DEL2 del "New folder\del.bat" IF EXIST "New folder\del.bat" GOTO DEL2 🔹 What Does the Program Do?: memory edition for Pangya game 🔹 Supported Systems & Architectures : Windows 10-11 x64 & x32 🔹 Screenshot(s) of the Program: when opening the login(KYO.exe): To open the file that performs the memory editing (pymg.exe): What should I open would be this form (pymg.exe): 🔹 Limitations (e.g. trial restrictions, locked features): You can open it in x32dbg with the ScyllaHide plugin loaded with VMProtect x86/x64. 🔹 Download Link (Preferably original or clean source): https://mega.nz/file/CaYVESrC#iup3wkxVU_lR9zNqLyXOcC_Ja_usHMsy1CIpjfTDqc4 🔹 Additional Notes (Optional): The name of KYO.exe cannot be changed; it detects that it has been altered.

I saw that 😂 😂

🔹 Program Name & Version: Bse42edcddc9524c46654f2fe78.exe (version unknown) 🔹 VirusTotal: https://www.virustotal.com/gui/file/0825c3a7b304ebbbaf0595fe3f7403226684fd3da14434294cd84644992a4376 🔹 Protection Analysis (DIE, PEiD, ProtectionID results): DIE v3.10: - File type: PE64 - Architecture: AMD64 - Endianness: Little Endian - Mode: 64-bit - Compiler (heur): Microsoft Visual C/C++ - Language (heur): C++ - Libraries: - Direct3D 11 - Microsoft C/C++ Runtime - Heuristic protection: - Generic strange sections - Unreadable resources - Compressed or packed data (high entropy) - Section 7 ("wXb(PuL)") marked as compressed - Overlay detected at offset 0x009CA600 (size: 0x86) 🔹 Any Extra Protections (e.g. disk wiper, BSOD, VM detection): No destructive behavior detected. No disk wiper, no BSOD, no cFucker observed. Possible packing/compression and custom section usage. VM detection: Unknown (not detected during static analysis). 🔹 What Does the Program Do?: Auxiliary tool for the game BloodStrike. The program appears to provide in-game assistance/features related to BloodStrike. It is a GUI application and uses DirectX 11. Exact internal functionality requires further dynamic analysis. 🔹 Supported Systems & Architectures: Windows x64 (tested on Windows 10 x64) Likely compatible with Windows 7+ x64 🔹 Screenshot(s) of the Program: https://prnt.sc/677nvHdrkyOa 🔹 Limitations: Program functionality and limitations unknown. Further analysis required to determine restrictions or protections. 🔹 Download Link: https://www.mediafire.com/file/j1niaymv8r8a6dx/crackme.zip/file 🔹 Additional Notes: File appears to be packed or compressed. Contains unusual sections and high entropy data. Recommended tools: x64dbg, Scylla, DIE, Process Monitor. Difficulty: Intermediate

What password?

Somebody?

thx bro

thx

nicE

thx bro

nice

thx you

nice bro

thx

thx you

thx bro

nice

nice

thx bro

thx

thx you

nice bro

thx