Advice Request Document with VBS macros - What do these mean?

[PixelsAreNeeded]

Hello,

I have a question for you, this is after I looked at a triage using RedLine on my machine. I wanted to know what the following commands are doing:

“C:\WINDOWS\system32\cscript.exe //E:vbscript //Nologo C:\WINDOWS\TEMP\m_a7F83.tmp,”
“C:\WINDOWS\System32\netsh.exe wlan show interfaces,”
“\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1,”
“C:\WINDOWS\System32\netsh.exe wlan show drivers,”
“C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s NetSetupSvc”

Is this normal behavior?

 

[Andy Ful]

Hello,

I have a question for you, this is after I looked at a triage using RedLine on my machine. I wanted to know what the following commands are doing:

“C:\WINDOWS\system32\cscript.exe //E:vbscript //Nologo C:\WINDOWS\TEMP\m_a7F83.tmp,”
“C:\WINDOWS\System32\netsh.exe wlan show interfaces,”
“\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1,”
“C:\WINDOWS\System32\netsh.exe wlan show drivers,”
“C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s NetSetupSvc”

Is this normal behavior?

One correction: there are no VBS macros, but there are VBA macros.
The first command runs the VBScript code from the temporary file C:\WINDOWS\TEMP\m_a7F83.tmp .
The netsh commands are standard, you can run them from CMD to see the effect.
Conhost.exe is the new host process for console windows, so it will appear if you run any console program like cmd.exe, netsh.exe, etc.
The command svchost.exe -k netsvcs -p -s NetSetupSvc , starts the NetSetupSvc service which manages the installation of network drivers and permits the configuration of low-level network settings.