Hello,
I continue to receive requests to make the malware collection static HTML like it was from 2019 - 2023.
While I too like and prefer static HTML, VXUG is very large in scope and has many moving parts.
As of July 2nd, 2026, VXUG has:
- 233,151 files
- 38,212 sub-directories
- 13.1TB 7z ultra compressed
Do you have any idea how large and nested these HTML files would be?
I continue to receive requests to make the malware collection static HTML like it was from 2019 - 2023.
While I too like and prefer static HTML, VXUG is very large in scope and has many moving parts.
As of July 2nd, 2026, VXUG has:
- 233,151 files
- 38,212 sub-directories
- 13.1TB 7z ultra compressed
Do you have any idea how large and nested these HTML files would be?
π₯°65β€19π12π€£4π’2π1
"hey smelly, out of curiosity, how did you learn so much? have you read every paper on vxug?"
fuck no. i probably havent read 10% of the library. if you unironically read everything there you would be two things
1. ultra mega fuck off malware brain
2. profoundly depressed
fuck no. i probably havent read 10% of the library. if you unironically read everything there you would be two things
1. ultra mega fuck off malware brain
2. profoundly depressed
π₯°98π37β€13π’8π€£6π₯3π€―1π1
Dawg, the Peter Stokes affadavit (nerd from Scattered Spider who was arrested) is fucked
This dude was on Snapchat sending people pictures of him with stacks of money, expensive hotels, jewelry, etc.
My Brother in Christ, they've got you dead to rights because of your flexing. You're going to do 40 years in prison now, 20 years if you beg for forgiveness. Why did you flex on Snapchat?
When he's released from prison he's going to be 40 years old (if he's lucky) and all of his Telegram homies are going to be gone. Telegram, Discord, Snapchat, etc may not even exist anymore.
Think of how much changes in 20 to 40 years. Now imagine that time being passed while sitting in a box with all white walls and steel bars.
This dude was on Snapchat sending people pictures of him with stacks of money, expensive hotels, jewelry, etc.
My Brother in Christ, they've got you dead to rights because of your flexing. You're going to do 40 years in prison now, 20 years if you beg for forgiveness. Why did you flex on Snapchat?
When he's released from prison he's going to be 40 years old (if he's lucky) and all of his Telegram homies are going to be gone. Telegram, Discord, Snapchat, etc may not even exist anymore.
Think of how much changes in 20 to 40 years. Now imagine that time being passed while sitting in a box with all white walls and steel bars.
π€£90π«‘24β€20π’17π±4π3π1π1
Still thinking about the time I went to BestBuy. I was in a pinch and needed to buy some computer stuff fast.
The guy behind the counter tried making an up-sale and pitched me some anti-virus product. He said it's good and protects you from viruses
I looked him straight in his eyes and said, "What? But I want the computer viruses on my computer"
He looked right back at me and just said "Okay".
He looked at me like this:
The guy behind the counter tried making an up-sale and pitched me some anti-virus product. He said it's good and protects you from viruses
I looked him straight in his eyes and said, "What? But I want the computer viruses on my computer"
He looked right back at me and just said "Okay".
He looked at me like this:
π₯°132π74π€£30β€7π€―1π’1π1π€©1π―1
On Tuesday, June 30th, Jennifer Gibbons, Vice President of State Government Affairs for ESA (Entertainment Software Association) testified before the United States California Senate regarding Minecraft and Call of Duty private servers, which she claims are actually piracy.
Gibbons told the California Senate these private servers are unsanctioned. She is representing the video game industry in the United States and vehemently opposes the recently introduced Protect Our Games Act, the United States version of Stop Killing Games.
She referred to Minecraft private servers as "The Black Market".
Gibbons told the California Senate these private servers are unsanctioned. She is representing the video game industry in the United States and vehemently opposes the recently introduced Protect Our Games Act, the United States version of Stop Killing Games.
She referred to Minecraft private servers as "The Black Market".
π€£173π±12π’5β€4π₯°2π1π1π1
vx-underground
On Tuesday, June 30th, Jennifer Gibbons, Vice President of State Government Affairs for ESA (Entertainment Software Association) testified before the United States California Senate regarding Minecraft and Call of Duty private servers, which she claims areβ¦
Thinking of hosting a private Minecraft server? Think again. That is ILLEGAL. You're operating A BLACK MARKET OF CRIME.
Do it and you could end up like this, buddy. It's all over for you and your band of criminal misfits *check notes* building a cool looking fort
Do it and you could end up like this, buddy. It's all over for you and your band of criminal misfits *check notes* building a cool looking fort
π₯°102π±30π€£24π7β€6π’1π1π«‘1
I'm not sure what's going, but from my European and South American colleagues, I have developed a sudden interest in the FIFA World Cup.
It might be over for me. I can feel the Europeans draining the cheeseburger from my blood (I don't know anything about FIFA).
It might be over for me. I can feel the Europeans draining the cheeseburger from my blood (I don't know anything about FIFA).
β€43π€£36π₯°8π’3π€2π1
vx-underground
I'm not sure what's going, but from my European and South American colleagues, I have developed a sudden interest in the FIFA World Cup. It might be over for me. I can feel the Europeans draining the cheeseburger from my blood (I don't know anything aboutβ¦
Media is too big
VIEW IN TELEGRAM
I'm not going to lie, I saw the Mexican people going absolutely schizo when Mexico defeated Ecuador and I thought to myself, "wtf thats badass, i want to be proud of the united states and go crazy af in the streets with random people".
β€59π₯18π€―8π’5π3π₯°1π€1π€£1
Honestly, if you're wanting to get into malware development and malware reverse engineering (specifically in regards to Windows), I think the most important thing you can learn is the concept of a file.
1. What is a file extension? This is pretty obvious, .exe, .pdf, .mp3, etc.
2. How are file extensions handled? This would introduce the idea of the Windows registry and how extension querying is handled vs. the Windows loader
3. Which file extensions (or file types, rather) are used for payload delivery? e.g. .exe, .dll, .xll, .vbs, .ps1, .py, .lua, .docx, .vcproj, etc. The .exe, .dll, (and other native types, like .sys) will be sort of self-explanatory, but the others would introduce different malware delivery mechanisms (malicious files) and potentially wiggle in the concept of payload smuggling.
4. Each of the previous listed file types are different. How are they different? .exe and .dll (and many others) are native to Windows and handled by the Windows loader. Why are the others still considered executable files? This is when you slowly step into interpretive languages and VM dependency (JVM, PVM, etc).
Somewhere in this you would eventually stumble into the Windows PE format, how the PE format is different for .NET binaries, how Electron .JS executables act differently, weird stuff like .docx file internals, etc.
Basically, I think understanding files and how they're handled is an excellent starting point and sets the stage for what will happen next.
pic unrelated
1. What is a file extension? This is pretty obvious, .exe, .pdf, .mp3, etc.
2. How are file extensions handled? This would introduce the idea of the Windows registry and how extension querying is handled vs. the Windows loader
3. Which file extensions (or file types, rather) are used for payload delivery? e.g. .exe, .dll, .xll, .vbs, .ps1, .py, .lua, .docx, .vcproj, etc. The .exe, .dll, (and other native types, like .sys) will be sort of self-explanatory, but the others would introduce different malware delivery mechanisms (malicious files) and potentially wiggle in the concept of payload smuggling.
4. Each of the previous listed file types are different. How are they different? .exe and .dll (and many others) are native to Windows and handled by the Windows loader. Why are the others still considered executable files? This is when you slowly step into interpretive languages and VM dependency (JVM, PVM, etc).
Somewhere in this you would eventually stumble into the Windows PE format, how the PE format is different for .NET binaries, how Electron .JS executables act differently, weird stuff like .docx file internals, etc.
Basically, I think understanding files and how they're handled is an excellent starting point and sets the stage for what will happen next.
pic unrelated
β€118π15π5π₯°5π₯2π«‘2β€βπ₯1
> Peter Stokes
> Scattered Spider guy
> Arrested
> Microsoft helps FBI
> Read court documents
> Page 12
> Microsoft tracks Stokes from GDID
> Microsoft Global Device Identifier (GDID)
> Stokes used Windows
> Page 34
> GDID assigned to each OS install
> GDID unique to each device
> GDID only change if OS wiped
> Stokes GDID 6755467234350028
> GDID reported internet activity to Microsoft
> GDID showed Stokes using Ngrok
> GDID reported Stokes IP address
> GDID showed Stokes web activity
> GDID showed timestamps of web activity
> GDID mapped with video game activity
> GDID showed games played
> GDID undocumented
> GDID only mentioned in one MSDN document
> Azure UCDOStatus
> Azure Monitor Logging
> Scattered Spider guy
> Arrested
> Microsoft helps FBI
> Read court documents
> Page 12
> Microsoft tracks Stokes from GDID
> Microsoft Global Device Identifier (GDID)
> Stokes used Windows
> Page 34
> GDID assigned to each OS install
> GDID unique to each device
> GDID only change if OS wiped
> Stokes GDID 6755467234350028
> GDID reported internet activity to Microsoft
> GDID showed Stokes using Ngrok
> GDID reported Stokes IP address
> GDID showed Stokes web activity
> GDID showed timestamps of web activity
> GDID mapped with video game activity
> GDID showed games played
> GDID undocumented
> GDID only mentioned in one MSDN document
> Azure UCDOStatus
> Azure Monitor Logging
π€―168π±23π€£8π₯°7β€5π’2π1
vx-underground
> Peter Stokes > Scattered Spider guy > Arrested > Microsoft helps FBI > Read court documents > Page 12 > Microsoft tracks Stokes from GDID > Microsoft Global Device Identifier (GDID) > Stokes used Windows > Page 34 > GDID assigned to each OS install > GDIDβ¦
Chat, I don't want to sound like a schizo, but it sure is STRANGE how much data Microsoft collects with it's telemetry functionality. It's very odd Microsoft documents and records all of your web browser activity, and gaming, and can tie it to your social media, so they can improve your "Windows Experience".
π₯°80π€―41π±18π€£16β€9π€9π―6π’2π2π1
vx-underground
> Peter Stokes > Scattered Spider guy > Arrested > Microsoft helps FBI > Read court documents > Page 12 > Microsoft tracks Stokes from GDID > Microsoft Global Device Identifier (GDID) > Stokes used Windows > Page 34 > GDID assigned to each OS install > GDIDβ¦
You can read about it yourself here on page 12 (or page 8 of affidavit), then page 33 and down (page 29 of affidavit)
https://www.justice.gov/usao-ndil/media/1450651/dl?inline
https://www.justice.gov/usao-ndil/media/1450651/dl?inline
β€37π€£11π₯°9π2π₯2
The United States is 250 years old.
To celebrate this occasion, we will be giving everyone two hundred and fifty (250) malwares.
God Bless
To celebrate this occasion, we will be giving everyone two hundred and fifty (250) malwares.
God Bless
π207π€£46π₯°19β€7π4π2π€2β€βπ₯1π₯1
vx-underground
Chat, today is a good day. Look at this "Grand Theft Auto 6 BETA for FREE" advertisement that fell onto my lap. It delivers a .rar that has a .exe inside. I am so happy. I am elated. It is free malware.
Literally shaking, screaming, crying, THROWING UP.
The .exe is bundled with BUN (some Javascript bullshit). I deobfuscated the main goop inside of it, found the C2 configuration (where it downloads cool malware from), and ... it's dead.
Cloudflare KILLED THEIR C2. THE MALWARE IS DEAD. THEY KILLED THE MALWARE CAMPAIGN.
How are we supposed to get malware from fake Grand Theft Auto 6 advertisements if Cloudflare KILLS their infrastructure???
RIP NWHStealer campaign ID 202fdde5193b.
RIP NWHStealer c2 unauth-amper(.)cc
The .exe is bundled with BUN (some Javascript bullshit). I deobfuscated the main goop inside of it, found the C2 configuration (where it downloads cool malware from), and ... it's dead.
Cloudflare KILLED THEIR C2. THE MALWARE IS DEAD. THEY KILLED THE MALWARE CAMPAIGN.
How are we supposed to get malware from fake Grand Theft Auto 6 advertisements if Cloudflare KILLS their infrastructure???
RIP NWHStealer campaign ID 202fdde5193b.
RIP NWHStealer c2 unauth-amper(.)cc
π€£103π’15β€13π3π«‘3π₯°2π€2
vx-underground
Literally shaking, screaming, crying, THROWING UP. The .exe is bundled with BUN (some Javascript bullshit). I deobfuscated the main goop inside of it, found the C2 configuration (where it downloads cool malware from), and ... it's dead. Cloudflare KILLEDβ¦
I only have one question though... This malware kills itself if it detects the following strings:
- sandbox
- sand box
- malware
- virus
- maltest
- peter wilson (??????)
- paul jones (??????)
who THE FUCK is peter wilson and paul jones???
- sandbox
- sand box
- malware
- virus
- maltest
- peter wilson (??????)
- paul jones (??????)
who THE FUCK is peter wilson and paul jones???
π€£142π14β€10π±5π€3π₯°1
I'm on the weird part of the internet reading about Termite microbiomes
Now I'm frustrated scientists haven't conducted more research into biotechnologies that allow humans to extract nutrition from woody stuff like lignin
tldr why science man no let us eat wood wtf
Now I'm frustrated scientists haven't conducted more research into biotechnologies that allow humans to extract nutrition from woody stuff like lignin
tldr why science man no let us eat wood wtf
π₯59π18π―11β€5π«‘3π₯°2