HTMLIEcontentHistory.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/w2GD0

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Symantec	ISB.Downloader!gen40
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
Google	Detected
ZoneAlarm	HEUR:Trojan.VBS.SAgent.gen
Varist	VBS/Agent.BFC!Eldorado

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 30, 2023, 5:35 p.m.	buffer:  k g e?jã¥Ë¡š®òHОAú ٍ¾YBBáãm”ƒ/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 592		0	0
WSASend Oct. 30, 2023, 5:35 p.m.	buffer:  FBA]Yý;ÍöxÂÒ¥ÙDÓݬáèü/±RôOök”X® XŽ°¦ô©äPÿ>Z ‡ò’ü.Ӏè >h^  0©²g:$ÿ¤(Y]rI!fPÍQ³ýò~o@*©ñs÷g>£ïË4Ù6±ówsm*šï socket: 592		0	0
WSASend Oct. 30, 2023, 5:35 p.m.	buffer:  À®€4çS†£±†®Møæ&0ÜāðZŽ°¸ò‡òGØå“È:Ì>dúl¡P®O¤OB.?å+í*bïëZŸìŸ8nKÎøUO]GŸ¸0 äº,’ÅŠý”0זõãUçˆØW1ÊÛ\&O/"ÙUÆ } 6hañ¥¯zŠ8ù¹ÿ°®Ä=%ßãתã+´1Æþd›ÅðEÑk—}ôÙÁ+ bâyG(”AA#X]}ÿ Õ¢ÿW‡—SºRÓlGò) socket: 592		0	0

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 30, 2023, 5:35 p.m.	buffer:  k g e?jã¥Ë¡š®òHОAú ٍ¾YBBáãm”ƒ/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 592		0	0
WSASend Oct. 30, 2023, 5:35 p.m.	buffer:  FBA]Yý;ÍöxÂÒ¥ÙDÓݬáèü/±RôOök”X® XŽ°¦ô©äPÿ>Z ‡ò’ü.Ӏè >h^  0©²g:$ÿ¤(Y]rI!fPÍQ³ýò~o@*©ñs÷g>£ïË4Ù6±ówsm*šï socket: 592		0	0
WSASend Oct. 30, 2023, 5:35 p.m.	buffer:  À®€4çS†£±†®Møæ&0ÜāðZŽ°¸ò‡òGØå“È:Ì>dúl¡P®O¤OB.?å+í*bïëZŸìŸ8nKÎøUO]GŸ¸0 äº,’ÅŠý”0זõãUçˆØW1ÊÛ\&O/"ÙUÆ } 6hañ¥¯zŠ8ù¹ÿ°®Ä=%ßãתã+´1Æþd›ÅðEÑk—}ôÙÁ+ bâyG(”AA#X]}ÿ Õ¢ÿW‡—SºRÓlGò) socket: 592		0	0