JDS.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/puovb

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  k g e@½ð²}¡ápñ_3û³I¼:è:ìÝÈNUysLg0¥/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  FBAQÙû3¾d2’~Ýuë¡k¬)‹ž=Þ{f›LRŠDrdibßÁ¬sd²'Ô;@‘ Çnÿ/JI\OR  0Uö°Ø&¦<n󃈚pé²Ð™yÝA4V—¤¾.ÁNj*Ú³@tx ˪g9u3ù‹® socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  À´öùKçòø‚)ÆÒ&W ÁXgŠW)JÕ f±©&Býߎ³RՍK e©FsêaÂC{X6%g¯0&³ø»› —×?ÏÂA&+š"æÐâJr%C@N½Š› ?,œ6$³A#R,¨¬Ð’Òœ/źœ!9S÷F]æà"ÆH'@s9³^9VÒmÔ»Ù¢ =ø%rX„B¾F¤ub‘±?„Ä4Zù`ЧÓbqA.±gúbv7!Œ`„žM]5‘a socket: 584		0	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  k g e@½ð²}¡ápñ_3û³I¼:è:ìÝÈNUysLg0¥/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  FBAQÙû3¾d2’~Ýuë¡k¬)‹ž=Þ{f›LRŠDrdibßÁ¬sd²'Ô;@‘ Çnÿ/JI\OR  0Uö°Ø&¦<n󃈚pé²Ð™yÝA4V—¤¾.ÁNj*Ú³@tx ˪g9u3ù‹® socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  À´öùKçòø‚)ÆÒ&W ÁXgŠW)JÕ f±©&Býߎ³RՍK e©FsêaÂC{X6%g¯0&³ø»› —×?ÏÂA&+š"æÐâJr%C@N½Š› ?,œ6$³A#R,¨¬Ð’Òœ/źœ!9S÷F]æà"ÆH'@s9³^9VÒmÔ»Ù¢ =ø%rX„B¾F¤ub‘±?„Ä4Zù`ЧÓbqA.±gúbv7!Œ`„žM]5‘a socket: 584		0	0