| ZeroBOX

6703_1636277141_5925.exe "C:\Users\test22\AppData\Local\Temp\6703_1636277141_5925.exe"
2344
- 123.exe "C:\Users\test22\AppData\Local\Temp\123.exe"
  2640
  - AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\96b5728a-2182-4ac6-9780-9a4835abb8a7\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\96b5728a-2182-4ac6-9780-9a4835abb8a7\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
    2772
  - AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\e132ee2c-eb4f-4b88-a7bf-8f1f582dc6da\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\e132ee2c-eb4f-4b88-a7bf-8f1f582dc6da\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
    2780
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\123.exe" -Force
    1948
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\123.exe" -Force
    2800
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\123.exe" -Force
    2600
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deforcing.exe" -Force
    3028
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deforcing.exe" -Force
    3040
  - deforcing.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deforcing.exe"
    2020
    - AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\2ad87d7e-5e5e-4ada-9506-bd9e47fde881\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\2ad87d7e-5e5e-4ada-9506-bd9e47fde881\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
      1488
    - AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\5df72808-f7e9-414c-9780-53e050306c4c\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\5df72808-f7e9-414c-9780-53e050306c4c\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
      2660
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deforcing.exe" -Force
      1604
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deforcing.exe" -Force
      2400
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deforcing.exe" -Force
      2292
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\appertaining\svchost.exe" -Force
      776
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deforcing.exe" -Force
      2528
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\appertaining\svchost.exe" -Force
      644
    - aspnet_regsql.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"
      2152
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\123.exe" -Force
    2328
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\appertaining\svchost.exe" -Force
    2596
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\123.exe" -Force
    1060
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\appertaining\svchost.exe" -Force
    2832
  - aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
    2468
- OlecranonsCasein.exe "C:\Users\test22\AppData\Local\Temp\OlecranonsCasein.exe"
  2764

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents