| ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.19 11:11
Evaluating Solidity su...
11.19 11:11
AI is everywhere, and ...
11.19 11:11
IT Sicherheitsnews stü...
11.19 11:11
Windows 11: Security-U...
11.19 11:11
Botnet serving as ‘bac...
11.19 11:11
Attackers are hijackin...
11.19 11:11
Sequoia, GV Back Start...
11.19 11:11
Payment Firm Neo4j Fol...
11.19 11:11
Segmenting Hybrid Clou...
11.19 11:11
heise-Angebot: iX-Work...

| ZeroBOX

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\boy1start.ps1
316
- boy1.pif "C:\Users\Public\boy1.pif"
  2180
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\boy1.pif"
    2812
  - AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\golden.pdf"
    2924
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\TfOyvHCStQAJyb.exe"
    2968
  - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp"
    3020
  - RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
    2084
explorer.exe C:\Windows\Explorer.EXE
1236

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf