wezg.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/t2Iek

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Nov. 11, 2023, 4:10 p.m.	buffer:  k g eO(ÑYJ¹ê°,hÚÿF;¾lœR=Ðøž%†3uÙ¢/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Nov. 11, 2023, 4:10 p.m.	buffer:  FBA3(Iƒwk4yUgÕº(±YÜ»#Âè­ÏTHvºU¦v–yGgöò\š£\FƒÏø»ž%LôÿÜ¡   0`nÍ ËÆnxÑþˆ|Ûu}¸ó± ö2"ä2E¬ÆÆ\=›yÒväÔ+ÿfÀŒ socket: 584		0	0
WSASend Nov. 11, 2023, 4:10 p.m.	buffer:  ÀE#F‹··D"ÐÐÈÂCzÈli€Oô‰"Ør­¯H:ÓÈؽ™–JÙA4‡ÞŸ_Ýg/ªNÄ²“ £_õ†Ö§@[:'™7ÙÞ%â½ÐStóښ±ÏAñ¹âÁ¯ÝìY¤6§QwxãQ·)/è뚎@½<ÜàsÿU¬ålw#¼Ùý$Ĕoø&±qݶª•§ìZ{˜œ§Àè7nsΪEÿ°ßq.z{ÐàùÇ¥õsŸ­µX¸|ô®ËgÉx socket: 584		0	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Nov. 11, 2023, 4:10 p.m.	buffer:  k g eO(ÑYJ¹ê°,hÚÿF;¾lœR=Ðøž%†3uÙ¢/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Nov. 11, 2023, 4:10 p.m.	buffer:  FBA3(Iƒwk4yUgÕº(±YÜ»#Âè­ÏTHvºU¦v–yGgöò\š£\FƒÏø»ž%LôÿÜ¡   0`nÍ ËÆnxÑþˆ|Ûu}¸ó± ö2"ä2E¬ÆÆ\=›yÒväÔ+ÿfÀŒ socket: 584		0	0
WSASend Nov. 11, 2023, 4:10 p.m.	buffer:  ÀE#F‹··D"ÐÐÈÂCzÈli€Oô‰"Ør­¯H:ÓÈؽ™–JÙA4‡ÞŸ_Ýg/ªNÄ²“ £_õ†Ö§@[:'™7ÙÞ%â½ÐStóښ±ÏAñ¹âÁ¯ÝìY¤6§QwxãQ·)/è뚎@½<ÜàsÿU¬ålw#¼Ùý$Ĕoø&±qݶª•§ìZ{˜œ§Àè7nsΪEÿ°ßq.z{ÐàùÇ¥õsŸ­µX¸|ô®ËgÉx socket: 584		0	0