| ZeroBOX

foto3553.exe "C:\Users\test22\AppData\Local\Temp\foto3553.exe"
1880
- LN8mW9ty.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\LN8mW9ty.exe
  2112
  - xi2IL2aC.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\xi2IL2aC.exe
    2156
    - mI5WY8ei.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\mI5WY8ei.exe
      2240
      - AY2yg0ZK.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\AY2yg0ZK.exe
        2292
        
        1af13hO1.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\1af13hO1.exe
        2336
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2384
        
        GiE6UzXAHqzzY1B.exe "C:\Users\test22\AppData\Local\Temp\GiE6UzXAHqzzY1B.exe"
        2720
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
        4548
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x7fef26c6e00,0x7fef26c6e10,0x7fef26c6e20
        4612
        
        cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\GiE6UzXAHqzzY1B.exe" /tn "\WindowsAppPool\GiE6UzXAHqzzY1B"
        2052
        
        schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\GiE6UzXAHqzzY1B.exe" /tn "\WindowsAppPool\GiE6UzXAHqzzY1B"
        3200
        
        J9gHKT9nvgbi3o1.exe "C:\Users\test22\AppData\Local\Temp\J9gHKT9nvgbi3o1.exe"
        3096
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3504
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
        5056
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x134,0x138,0x13c,0x108,0x140,0x7fef25c6e00,0x7fef25c6e10,0x7fef25c6e20
        5108
        
        cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\J9gHKT9nvgbi3o1.exe" /tn "\WindowsAppPool\J9gHKT9nvgbi3o1"
        3160
        
        schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\J9gHKT9nvgbi3o1.exe" /tn "\WindowsAppPool\J9gHKT9nvgbi3o1"
        3336
        
        NvoO7emaO6N0CgX.exe "C:\Users\test22\AppData\Local\Temp\NvoO7emaO6N0CgX.exe"
        3272
        
        cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\NvoO7emaO6N0CgX.exe" /tn "\WindowsAppPool\NvoO7emaO6N0CgX"
        3364
        
        schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\NvoO7emaO6N0CgX.exe" /tn "\WindowsAppPool\NvoO7emaO6N0CgX"
        3692
        
        QR1quzyXCWpIaCo.exe "C:\Users\test22\AppData\Local\Temp\QR1quzyXCWpIaCo.exe"
        3444
        
        cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\QR1quzyXCWpIaCo.exe" /tn "\WindowsAppPool\QR1quzyXCWpIaCo"
        3604
        
        schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\QR1quzyXCWpIaCo.exe" /tn "\WindowsAppPool\QR1quzyXCWpIaCo"
        3944
        
        TID1kUKJVi1qfvO.exe "C:\Users\test22\AppData\Local\Temp\TID1kUKJVi1qfvO.exe"
        3736
        
        W4LCHeXwJ8D8ORK.exe "C:\Users\test22\AppData\Local\Temp\W4LCHeXwJ8D8ORK.exe"
        2944
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3772
        
        cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\TID1kUKJVi1qfvO.exe" /tn "\WindowsAppPool\TID1kUKJVi1qfvO"
        3932
        
        schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\TID1kUKJVi1qfvO.exe" /tn "\WindowsAppPool\TID1kUKJVi1qfvO"
        3264
        
        cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\W4LCHeXwJ8D8ORK.exe" /tn "\WindowsAppPool\W4LCHeXwJ8D8ORK"
        3356
        
        schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\W4LCHeXwJ8D8ORK.exe" /tn "\WindowsAppPool\W4LCHeXwJ8D8ORK"
        2872
        
        0rnK339j3YfQnJa.exe "C:\Users\test22\AppData\Local\Temp\0rnK339j3YfQnJa.exe"
        3520
        
        cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\0rnK339j3YfQnJa.exe" /tn "\WindowsAppPool\0rnK339j3YfQnJa"
        3856
        
        schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\0rnK339j3YfQnJa.exe" /tn "\WindowsAppPool\0rnK339j3YfQnJa"
        2108
        
        2UP350IV.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\2UP350IV.exe
        2444
      - 3zc6jy08.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\3zc6jy08.exe
        3024
    - 4uV842oz.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\4uV842oz.exe
      3068
      - AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2092
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
        4744
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x7fef25c6e00,0x7fef25c6e10,0x7fef25c6e20
        4800
  - 5Kh12Tz.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\5Kh12Tz.exe
    2200
    - explothe.exe "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe"
      2352
      - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
        2960
      - cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
        1700
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        2004
        
        cacls.exe CACLS "explothe.exe" /P "test22:N"
        2528
        
        cacls.exe CACLS "explothe.exe" /P "test22:R" /E
        2332
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3064
        
        cacls.exe CACLS "..\fefffe8cea" /P "test22:N"
        2140
        
        cacls.exe CACLS "..\fefffe8cea" /P "test22:R" /E
        2252
      - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\test22\AppData\Local\Temp\1000010041\1.ps1"
        3044
        
        iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://accounts.google.com/
        3556
        
        iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3556 CREDAT:145409
        4008
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://accounts.google.com/
        3876
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x7fef25c6e00,0x7fef25c6e10,0x7fef25c6e20
        3232
      - rus.exe "C:\Users\test22\AppData\Local\Temp\1000011051\rus.exe"
        3480
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2544
      - foto3553.exe "C:\Users\test22\AppData\Local\Temp\1000012051\foto3553.exe"
        3296
        
        Xo7lZ2zB.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Xo7lZ2zB.exe
        3040
        
        Vq5kH4tS.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\Vq5kH4tS.exe
        2652
        
        HM0Nb2IZ.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\HM0Nb2IZ.exe
        3448
        
        oD9pg8wy.exe C:\Users\test22\AppData\Local\Temp\IXP005.TMP\oD9pg8wy.exe
        4084
        
        1GW74XK8.exe C:\Users\test22\AppData\Local\Temp\IXP006.TMP\1GW74XK8.exe
        2480
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        4108
        
        2uX315Hd.exe C:\Users\test22\AppData\Local\Temp\IXP006.TMP\2uX315Hd.exe
        4220
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
        4988
        
        3Aw3ON84.exe C:\Users\test22\AppData\Local\Temp\IXP005.TMP\3Aw3ON84.exe
        3924
        
        4Ye142Yf.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\4Ye142Yf.exe
        4480
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        4540
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
        4616
        
        chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x7fef26c6e00,0x7fef26c6e10,0x7fef26c6e20
        2232
        
        5tj76QQ.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\5tj76QQ.exe
        4704
        
        6gX51Dp.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6gX51Dp.exe
        4600
        
        cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\test22\AppData\Local\Temp\FCF4.tmp\FCF5.tmp\FCF6.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6gX51Dp.exe"
        4784
      - nano.exe "C:\Users\test22\AppData\Local\Temp\1000013051\nano.exe"
        4148
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        4348
      - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
        4500
- 6RG67Gn.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6RG67Gn.exe
  2428
  - cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\test22\AppData\Local\Temp\D54.tmp\D55.tmp\D66.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6RG67Gn.exe"
    2644
    - iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2456
      - iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2456 CREDAT:145409
        536
      - iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2456 CREDAT:79877
        4924

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents