HTMLDesginbrowser.vbs

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/QzBhy

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Symantec	ISB.Downloader!gen40
Avast	Script:SNH-gen [Trj]
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
ZoneAlarm	HEUR:Trojan.VBS.SAgent.gen
AVG	Script:SNH-gen [Trj]

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 28, 2023, 12:37 p.m.	buffer:  k g e<öE¼hðæȺ­ÕÁÚ°6ýæ‰K`Ô"8ÞW²×­ç/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 972		0	0
WSASend Oct. 28, 2023, 12:37 p.m.	buffer:  FBA•û<.5†«?BÔϺNzˆmó½@5Y¿%—cô±óæ%ãøÊx°à«ÅÚ›nUá²Ë›Ä”ÿ  0ƒ¾~I€Xës„[Mç%4àLØ!žœ´¿ñ‡c ó†ÉÈrsք•Œ\}½GëÿY socket: 972		0	0
WSASend Oct. 28, 2023, 12:37 p.m.	buffer:  À¿²Àwú¤8F°Rq˜Í·»q¿ShXƒ‹(X0véÉ&èØyŸ5Äç%¶ÏňZhӔJ)9v÷AçÁX‘¨ˆW÷¢­ìt ùtažÿ )“OÔêi«%’gVáºÄ(ÞÏ{S&øVƒ­£.FñAɨÝxcш-ÄüE4Õ+¼Ø҈ýá¯×°aGO€ï<<“íɜÚVݹkÖXºJÄ#~B~؄n™°5¶.!` Ï÷ïSb‹K?殀Á socket: 972		0	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 28, 2023, 12:37 p.m.	buffer:  k g e<öE¼hðæȺ­ÕÁÚ°6ýæ‰K`Ô"8ÞW²×­ç/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 972		0	0
WSASend Oct. 28, 2023, 12:37 p.m.	buffer:  FBA•û<.5†«?BÔϺNzˆmó½@5Y¿%—cô±óæ%ãøÊx°à«ÅÚ›nUá²Ë›Ä”ÿ  0ƒ¾~I€Xës„[Mç%4àLØ!žœ´¿ñ‡c ó†ÉÈrsք•Œ\}½GëÿY socket: 972		0	0
WSASend Oct. 28, 2023, 12:37 p.m.	buffer:  À¿²Àwú¤8F°Rq˜Í·»q¿ShXƒ‹(X0véÉ&èØyŸ5Äç%¶ÏňZhӔJ)9v÷AçÁX‘¨ˆW÷¢­ìt ùtažÿ )“OÔêi«%’gVáºÄ(ÞÏ{S&øVƒ­£.FñAɨÝxcш-ÄüE4Õ+¼Ø҈ýá¯×°aGO€ï<<“íɜÚVݹkÖXºJÄ#~B~؄n™°5¶.!` Ï÷ïSb‹K?殀Á socket: 972		0	0