| ZeroBOX

fotocr05.exe "C:\Users\test22\AppData\Local\Temp\fotocr05.exe"
2060
- y6317478.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\y6317478.exe
  2148
  - y0651307.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\y0651307.exe
    2192
    - k9845936.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\k9845936.exe
      2260
    - l5196213.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\l5196213.exe
      2328
  - m8217450.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\m8217450.exe
    2868
    - metado.exe "C:\Users\test22\AppData\Local\Temp\a9e2a16078\metado.exe"
      2980
      - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN metado.exe /TR "C:\Users\test22\AppData\Local\Temp\a9e2a16078\metado.exe" /F
        2100
      - cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "test22:N"&&CACLS "metado.exe" /P "test22:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "test22:N"&&CACLS "..\a9e2a16078" /P "test22:R" /E&&Exit
        2212
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        2296
        
        cacls.exe CACLS "metado.exe" /P "test22:N"
        2236
        
        cacls.exe CACLS "metado.exe" /P "test22:R" /E
        2080
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        2552
        
        cacls.exe CACLS "..\a9e2a16078" /P "test22:N"
        2776
        
        cacls.exe CACLS "..\a9e2a16078" /P "test22:R" /E
        2452
      - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
        2376
- n9782940.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\n9782940.exe
  3028
explorer.exe C:\Windows\Explorer.EXE
1236

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents