| ZeroBOX

Amadey.exe "C:\Users\test22\AppData\Local\Temp\Amadey.exe"
2560
- Utsysc.exe "C:\Users\test22\AppData\Local\Temp\e8b5234212\Utsysc.exe"
  2680
  - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\test22\AppData\Local\Temp\e8b5234212\Utsysc.exe" /F
    2772
  - cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "Utsysc.exe" /P "test22:N"&&CACLS "Utsysc.exe" /P "test22:R" /E&&echo Y|CACLS "..\e8b5234212" /P "test22:N"&&CACLS "..\e8b5234212" /P "test22:R" /E&&Exit
    2836
    - cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      2912
    - cacls.exe CACLS "Utsysc.exe" /P "test22:N"
      2952
    - cacls.exe CACLS "Utsysc.exe" /P "test22:R" /E
      3004
    - cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      3052
    - cacls.exe CACLS "..\e8b5234212" /P "test22:N"
      604
    - cacls.exe CACLS "..\e8b5234212" /P "test22:R" /E
      2124
  - 1.exe "C:\Users\test22\AppData\Local\Temp\1000006001\1.exe"
    2200
  - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\aca439ae61e801\cred64.dll, Main
    2472
    - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\aca439ae61e801\cred64.dll, Main
      2512
      - netsh.exe netsh wlan show profiles
        2620
  - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\aca439ae61e801\clip64.dll, Main
    2592
  - abd.exe "C:\Users\test22\AppData\Local\Temp\1000008001\abd.exe"
    2752
    - Utsysc.exe "C:\Users\test22\AppData\Local\Temp\ea7c8244c8\Utsysc.exe"
      1080
      - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\test22\AppData\Local\Temp\ea7c8244c8\Utsysc.exe" /F
        2416
      - cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "Utsysc.exe" /P "test22:N"&&CACLS "Utsysc.exe" /P "test22:R" /E&&echo Y|CACLS "..\ea7c8244c8" /P "test22:N"&&CACLS "..\ea7c8244c8" /P "test22:R" /E&&Exit
        2636
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        1656
        
        cacls.exe CACLS "Utsysc.exe" /P "test22:N"
        560
        
        cacls.exe CACLS "Utsysc.exe" /P "test22:R" /E
        2884
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        1780
        
        cacls.exe CACLS "..\ea7c8244c8" /P "test22:N"
        3036
        
        cacls.exe CACLS "..\ea7c8244c8" /P "test22:R" /E
        1120
      - haloup.exe "C:\Users\test22\AppData\Local\Temp\1000080001\haloup.exe"
        2136
      - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\465dbc52837d81\cred64.dll, Main
        2876
        
        rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\465dbc52837d81\cred64.dll, Main
        916
        
        netsh.exe netsh wlan show profiles
        2564
      - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\465dbc52837d81\clip64.dll, Main
        2388
      - amers.exe "C:\Users\test22\AppData\Local\Temp\1000081001\amers.exe"
        3016
  - trafico.exe "C:\Users\test22\AppData\Local\Temp\1000009001\trafico.exe"
    1996
  - TEST32.exe "C:\Users\test22\AppData\Local\Temp\1000020001\TEST32.exe"
    1520
  - build2.exe "C:\Users\test22\AppData\Local\Temp\1000024001\build2.exe"
    1456
  - TEST32.exe "C:\Users\test22\AppData\Local\Temp\1000027001\TEST32.exe"
    1792
  - lom30.exe "C:\Users\test22\AppData\Local\Temp\1000029001\lom30.exe"
    3376
    - ZC1Hg57.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ZC1Hg57.exe
      3420
      - BD4sp82.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\BD4sp82.exe
        3488
        
        kG1Do08.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\kG1Do08.exe
        3532
        
        dw4YC64.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\dw4YC64.exe
        3576
        
        yR0Hb97.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\yR0Hb97.exe
        3620
        
        1TO62yp3.exe C:\Users\test22\AppData\Local\Temp\IXP005.TMP\1TO62yp3.exe
        3664
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3708
        
        2jX0103.exe C:\Users\test22\AppData\Local\Temp\IXP005.TMP\2jX0103.exe
        3768
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3856
        
        3mI23vW.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\3mI23vW.exe
        4000
        
        4ec216QK.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\4ec216QK.exe
        4092
        
        AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3124
        
        5Az4sH9.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\5Az4sH9.exe
        3136
        
        explothe.exe "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe"
        3264
        
        schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
        1108
        
        cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
        3280
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3392
        
        cacls.exe CACLS "explothe.exe" /P "test22:N"
        3728
        
        cacls.exe CACLS "explothe.exe" /P "test22:R" /E
        3624
        
        cacls.exe CACLS "..\fefffe8cea" /P "test22:N"
        2304
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        4060
        
        cacls.exe CACLS "..\fefffe8cea" /P "test22:R" /E
        3536
      - 6Ye1nZ1.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\6Ye1nZ1.exe
        300
    - 7wT5Ey89.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\7wT5Ey89.exe
      3432
      - cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\EDD5.tmp\EDF6.tmp\EDF7.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\7wT5Ey89.exe"
        2964
        
        iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
        3544
        
        iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3544 CREDAT:145409
        552
        
        iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3544 CREDAT:79875
        1772
        
        iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3544 CREDAT:145411
        948
explorer.exe C:\Windows\Explorer.EXE
1452

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents