| ZeroBOX

saiwer.exe "C:\Users\test22\AppData\Local\Temp\saiwer.exe"
2052
- gntuud.exe "C:\Users\test22\AppData\Local\Temp\9c69749b54\gntuud.exe"
  2144
  - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN gntuud.exe /TR "C:\Users\test22\AppData\Local\Temp\9c69749b54\gntuud.exe" /F
    2224
  - cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "gntuud.exe" /P "test22:N"&&CACLS "gntuud.exe" /P "test22:R" /E&&echo Y|CACLS "..\9c69749b54" /P "test22:N"&&CACLS "..\9c69749b54" /P "test22:R" /E&&Exit
    2284
    - cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      2360
    - cacls.exe CACLS "gntuud.exe" /P "test22:N"
      2400
    - cacls.exe CACLS "gntuud.exe" /P "test22:R" /E
      2468
    - cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      2524
    - cacls.exe CACLS "..\9c69749b54" /P "test22:N"
      2560
    - cacls.exe CACLS "..\9c69749b54" /P "test22:R" /E
      2616
  - linda5.exe "C:\Users\test22\AppData\Local\Temp\1000001001\linda5.exe"
    2704
    - regsvr32.exe "C:\Windows\System32\regsvr32.exe" YGCR.s /u -S
      2768
  - nash.exe "C:\Users\test22\AppData\Local\Temp\1000002001\nash.exe"
    3028
  - anon.exe "C:\Users\test22\AppData\Local\Temp\1000003001\anon.exe"
    2356
  - newlege.exe "C:\Users\test22\AppData\Local\Temp\1000004001\newlege.exe"
    2544
    - gntuud.exe "C:\Users\test22\AppData\Local\Temp\99e342142d\gntuud.exe"
      2648
      - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN gntuud.exe /TR "C:\Users\test22\AppData\Local\Temp\99e342142d\gntuud.exe" /F
        2736
      - mp3studios_97.exe "C:\Users\test22\AppData\Local\Temp\1000058001\mp3studios_97.exe"
        2300
        
        cmd.exe cmd.exe /c taskkill /f /im chrome.exe
        2392
        
        taskkill.exe taskkill /f /im chrome.exe
        2564
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
        2376
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2ce6e00,0x7fef2ce6e10,0x7fef2ce6e20
        2572
      - linda5.exe "C:\Users\test22\AppData\Local\Temp\1000061001\linda5.exe"
        2824
        
        regsvr32.exe "C:\Windows\System32\regsvr32.exe" YGCR.s /u -S
        3052
      - wish.exe "C:\Users\test22\AppData\Local\Temp\1000067001\wish.exe"
        2108
      - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
        2940
  - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\85f469ce401df1\cred64.dll, Main
    2608

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents