HTMLIEBrowserHistory.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/MckQn

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 event)

Symantec

ISB.Downloader!gen40

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 28, 2023, 12:39 p.m.	buffer:  k g e<‚j€GÔöérùJk~çXL§ÓM5~í]A wN/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 588		0	0
WSASend Oct. 28, 2023, 12:39 p.m.	buffer:  FBAš§V$ÙÏÈo£Á06Æý²a1†Îh0p°²Ñæ€q(,OiÂüò‹˜}ˆ•Wki£gqmtühz//ˆa½;  0jìŸIÿ•æ?&wíA\s÷ÿËæ ² ľ°pâŒø‚Æ|=r2'¤ú‘ÓfE socket: 588		0	0
WSASend Oct. 28, 2023, 12:39 p.m.	buffer:  À+bþÍ¿™s{ƒ.˜]fçƒP«-âÖ%Ñ0Òœ‡Ñ"'+@Fá’¤ š"š ï¢÷þdAϨEÐsæ¾Ì‡,H=¼\£Äçn±â7Rp íù±­”LËõ9n¶!ݛN´D5,&ªÓP$†3çRþ•´4`¥<!ë "Ì,ÿjöÕ×ú.Yé( òÃbšÂ‡¢€øú8°–4Äi½~o–õpB2Xԃ\Äâ¤!¼§ó †{Ó#ð· socket: 588		0	0

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 28, 2023, 12:39 p.m.	buffer:  k g e<‚j€GÔöérùJk~çXL§ÓM5~í]A wN/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 588		0	0
WSASend Oct. 28, 2023, 12:39 p.m.	buffer:  FBAš§V$ÙÏÈo£Á06Æý²a1†Îh0p°²Ñæ€q(,OiÂüò‹˜}ˆ•Wki£gqmtühz//ˆa½;  0jìŸIÿ•æ?&wíA\s÷ÿËæ ² ľ°pâŒø‚Æ|=r2'¤ú‘ÓfE socket: 588		0	0
WSASend Oct. 28, 2023, 12:39 p.m.	buffer:  À+bþÍ¿™s{ƒ.˜]fçƒP«-âÖ%Ñ0Òœ‡Ñ"'+@Fá’¤ š"š ï¢÷þdAϨEÐsæ¾Ì‡,H=¼\£Äçn±â7Rp íù±­”LËõ9n¶!ݛN´D5,&ªÓP$†3çRþ•´4`¥<!ë "Ì,ÿjöÕ×ú.Yé( òÃbšÂ‡¢€øú8°–4Äi½~o–õpB2Xԃ\Äâ¤!¼§ó †{Ó#ð· socket: 588		0	0