HTMLIEbrowserHistorycache.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/QBMBa

File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 events)

Symantec	ISB.Downloader!gen40
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
ZoneAlarm	HEUR:Trojan.VBS.SAgent.gen

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Nov. 2, 2023, 10:03 a.m.	buffer:  k g eBõJ¥Ë¡š®òHОAú ٍ¾YBBáãm”ƒ/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 592		0	0
WSASend Nov. 2, 2023, 10:03 a.m.	buffer:  FBA]Yý;ÍöxÂÒ¥ÙDÓݬáèü/±RôOök”X® XŽ°¦ô©äPÿ>Z ‡ò’ü.Ӏè >h^  0õ~‰­k“ž`wÊÒ°†pô¡Ã¡Ö«’®à²OÛRšÿTæÿqŽLdª‚Z¾LDG;X socket: 592		0	0
WSASend Nov. 2, 2023, 10:03 a.m.	buffer:  ÀºiXÊjcùÉgtn¯‘(?;ؤtÌàhÆLÚFßÁb¼Yþx¡ïræEë/]/R§ÍãʏŇvêÙÛϤÕñ†G”èqs«QÍ!àýŒ¬µ,ÌöS’âf6‘,«÷â}ú€Ú”`fûi#!?ź.”ëW72ÎoÇ ±¯m/¹uúhØ fŸ%ì]rºp²È쟇ñŸ±-ÿ¡¡¯Ì&ª—Rˆ~‘ˆË$Rò]Ñ(¥Â²ژxelxOþßñ socket: 592		0	0

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Nov. 2, 2023, 10:03 a.m.	buffer:  k g eBõJ¥Ë¡š®òHОAú ٍ¾YBBáãm”ƒ/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 592		0	0
WSASend Nov. 2, 2023, 10:03 a.m.	buffer:  FBA]Yý;ÍöxÂÒ¥ÙDÓݬáèü/±RôOök”X® XŽ°¦ô©äPÿ>Z ‡ò’ü.Ӏè >h^  0õ~‰­k“ž`wÊÒ°†pô¡Ã¡Ö«’®à²OÛRšÿTæÿqŽLdª‚Z¾LDG;X socket: 592		0	0
WSASend Nov. 2, 2023, 10:03 a.m.	buffer:  ÀºiXÊjcùÉgtn¯‘(?;ؤtÌàhÆLÚFßÁb¼Yþx¡ïræEë/]/R§ÍãʏŇvêÙÛϤÕñ†G”èqs«QÍ!àýŒ¬µ,ÌöS’âf6‘,«÷â}ú€Ú”`fûi#!?ź.”ëW72ÎoÇ ±¯m/¹uúhØ fŸ%ì]rºp²È쟇ñŸ±-ÿ¡¡¯Ì&ª—Rˆ~‘ˆË$Rò]Ñ(¥Â²ژxelxOþßñ socket: 592		0	0