MSS.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/lbxjP

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  k g e@½ê)íy9Ä$ñ©‚«á‘Å+á¨x^­‰·û#‡²/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  FBA’xH•Æn5l¥š£×JL‹ý[±¨[Sä8‹FFÈPFxA[~ä¯}]ØW4š¤âx¬ìhýÊEFÒ  0>úÚZœ§?Åý4Ôt/­_ãUÊñça¬$7Zcû[˜Ø¤9mŸ!¸L”]C3 socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  À$vu§Ýeæ±sÇɬ·³‹LùSï€%3äʐ-nðO æfÜ„ððe%ѱ[Šº]²|R½|þ{¸F”ë2}þ'TlÊa SgTzÙן÷¹ËTô ¯»0€BÊ;5úª!FD¼fÆçk.¹žMH5¨f¤Â6e÷W%·×}þœ¥Í€Ášéº3èÃ>ŠØ.oá˜ÊÁÿ°kû›Hj;D^ï›`ڀ¾½hÚsPåƒâ¯o`à]ô socket: 584		0	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  k g e@½ê)íy9Ä$ñ©‚«á‘Å+á¨x^­‰·û#‡²/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  FBA’xH•Æn5l¥š£×JL‹ý[±¨[Sä8‹FFÈPFxA[~ä¯}]ØW4š¤âx¬ìhýÊEFÒ  0>úÚZœ§?Åý4Ôt/­_ãUÊñça¬$7Zcû[˜Ø¤9mŸ!¸L”]C3 socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  À$vu§Ýeæ±sÇɬ·³‹LùSï€%3äʐ-nðO æfÜ„ððe%ѱ[Šº]²|R½|þ{¸F”ë2}þ'TlÊa SgTzÙן÷¹ËTô ¯»0€BÊ;5úª!FD¼fÆçk.¹žMH5¨f¤Â6e÷W%·×}þœ¥Í€Ášéº3èÃ>ŠØ.oá˜ÊÁÿ°kû›Hj;D^ï›`ڀ¾½hÚsPåƒâ¯o`à]ô socket: 584		0	0