popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • inst.exe "C:\Users\test22\AppData\Local\Temp\inst.exe"

    2544

    • Pyftpsushffsruhxwfdkstart.exe "C:\Users\test22\AppData\Local\Temp\Pyftpsushffsruhxwfdkstart.exe"

      2632

      • powershell.exe "C:\Windows\system32\windowspowershell\v1.0\powershell.exe" -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwBhADIAYQBhADAAOQA1ADMALQBhAGMAMABmAC0ANAAzADIAMAAtAGEAMwA2ADUALQA2ADIAMABjAGEANgBjAGYANgAxADEAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXAB0AGUAcwB0ADIAMgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAUAB5AGYAdABwAHMAdQBzAGgAZgBmAHMAcgB1AGgAeAB3AGYAZABrAHMAdABhAHIAdAAuAGUAeABlACcAOwB0AHIAeQAgAHsADQAKACAAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApACAADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACgAIgBFAHIAcgBvAHIAOgAgACIAIAArACAAJABfAC4ARQB4AGMAZQBwAHQAaQBvAG4ALgBNAGUAcwBzAGEAZwBlACkAIAAtAEYAbwByAGUAIABSAGUAZAAgAA0ACgB9AA==

        2980

    • RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

      2712

      • powershell.exe "C:\Windows\system32\windowspowershell\v1.0\powershell.exe" -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwAwAGMAZQAwAGQAYgBiAGIALQBjADAAZQA4AC0ANABlADgAOAAtADkAZAAyADYALQA5ADQAYwBiAGIANgA1ADAANwBmAGYANgAnADsAJAB5AD0AJwBDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrAFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAFIAZQBnAEEAcwBtAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABGAGkAbABlACgAJAB5ACkAIAANAAoAIAAgAC4AIAAoAFsAXwAzADIALgBfADgAOABdADoAOgBfADcANAAoACQAeAApACkADQAKACAAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQANAAoAfQAgAA0ACgBjAGEAdABjAGgAIABbAE4AbwB0AFMAdQBwAHAAbwByAHQAZQBkAEUAeABjAGUAcAB0AGkAbwBuAF0ADQAKAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AIABsAG8AYwBhAHQAaQBvAG4AIABpAHMAIAB1AG4AdAByAHUAcwB0AGUAZAAuACAAQwBvAHAAeQAgAGYAaQBsAGUAIAB0AG8AIABhACAAbABvAGMAYQBsACAAZAByAGkAdgBlACwAIABhAG4AZAAgAHQAcgB5ACAAYQBnAGEAaQBuAC4AJwAgAC0ARgBvAHIAZQBnAHIAbwB1AG4AZABDAG8AbABvAHIAIABSAGUAZAANAAoAfQANAAoAYwBhAHQAYwBoACAADQAKAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A

        2804

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf