Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

5.8.9600.16384 3.85%
5.8.9600.16384 0.05%
5.8.9431.0 0.20%
5.8.9431.0 0.01%
5.8.9200.16384 2.21%
5.8.9200.16384 12.21%
5.8.8400.0 0.05%
5.8.8400.0 0.05%
5.8.8250.0 0.01%
5.8.8102.0 0.05%
5.8.7600.16385 21.69%
5.8.7600.16385 32.81%
5.8.7600.16385 0.01%
5.8.7600.16385 0.01%
5.8.7600.16385 4.56%
5.8.7600.16385 0.14%
5.8.7264.0 0.01%
5.7.0.18066 11.46%
5.7.0.18066 0.10%
5.7.0.18066 0.05%
5.7.0.18066 0.01%
5.7.0.18066 0.14%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
View more

Relationships

Parent process
Related files

wscript.exe

Microsoft Windows Script Host by Microsoft

Remove wscript.exe
Version:   5.8.7600.16385
MD5:   d1ab72db2bedd2f255d35da3da0d4b16
SHA1:   860265276b29b42b8c4b077e5c651def9c81b6e9
SHA256:   047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wscript.exe?

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows that provides scripting abilities comparable to batch files, but with a wider range of supported features. It was originally called Windows Scripting Host, but was renamed for the second release.

About wscript.exe (from Microsoft)

Microsoft® Windows® Script Host (WSH) is a language-independent scripting host for Windows Script compatible scripting engines. It brings simple, powerful, and flexible scripting to the Windows 32-bit

Overview

wscript.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user).

DetailsDetails

File name:wscript.exe
Publisher:Microsoft Corporation
Product name:Microsoft ® Windows Script Host
Description:Microsoft ® Windows Based Script Host
Typical file path:C:\Windows\System32\wscript.exe
Original name:wscript.exe.mui
File version:5.8.7600.16385
Size:138.5 KB (141,824 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:5.988827
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • vbefile
  • VBSFile
  • jsefile
  • JSFile
Scheduled tasks
  • The job '4804' runs on registration in the path '\4804'
  • The task 'SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041' runs daily in the path '\SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041'
  • The job 'SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132' runs daily in the path '\SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132'
  • The task '80e45e89-e004-444c-a9bb-a8361c5d9ecc' runs on registration in the path '\Event Viewer Tasks\80e45e89-e004-444c-a9bb-a8361c5d9ecc'
  • The job '4834' runs on registration in the path '\4834'
  • The job 'SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432' runs daily in the path '\SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432' runs on logon in the path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a' runs daily in the path '\SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a'
  • The job 'SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a' runs on logon in the path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • The job '4895' runs on registration in the path '\4895'
  • The task '4469' runs on registration in the path '\4469'
  • The task '4806' runs on registration in the path '\4806'
  • The job '4729' runs on registration in the path '\4729'
  • The task '4792' runs on registration in the path '\4792'
  • The task '4696' runs on registration in the path '\4696'
  • The task '4797' runs on registration in the path '\4797'
  • The task 'SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c' runs daily in the path '\SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c'
  • The job 'SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c' runs on logon in the path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • The job '4394' runs on registration in the path '\4394'
  • The task '4510' runs on registration in the path '\4510'
  • The task '4638' runs on registration in the path '\4638'
  • The job '4628' runs on registration in the path '\4628'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'IntelTBRunOnce' → wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'TempSnippingTool' → wscript.exe //B "C:\users\user\appdata\Local\Temp\TempSnippingTool.vbs"
  • 'SpeedUpSystem' → wscript "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"
  • 'ActiveXService' → wscript "C:\users\user\appdata\Roaming\ActiveX\invis.vbs" "C:\users\user\appdata\Roaming\ActiveX\svchost.exe"
  • 'Protector' → wscript.exe "C:\users\user\appdata\Roaming\SDIV 2.0\Prot\prot.vbs" check
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • Login entry path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • Login entry path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • Login entry path '\USER_ESRV_SVC'
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Start Savin-repairJob' → wscript.exe "C:\users\user\appdata\Local\Start Savin\repair.js" "Start Savin-repairJob"
Network connections
  • [TCP] 112-230-121-188.amsterdam.bgtn.net (188.121.230.112:1243)
  • [UDP] listens on port 59549
  • [UDP] listens on port 62202

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00118128%
    0.028634%
    Kernel CPU:0.00082452%
    0.013761%
    User CPU:0.00035676%
    0.014873%
    Kernel CPU time:1,031,017,473 ms/min
    100,923,805ms/min
    CPU cycles:6,749,765/sec
    17,470,203/sec
    Context switches:9/sec
    284/sec
    Memory
    Private memory:10.47 MB
    21.59 MB
    Private (maximum):16.96 MB
    Private (minimum):8.68 MB
    Non-paged memory:10.47 MB
    21.59 MB
    Virtual memory:110.58 MB
    140.96 MB
    Virtual memory (peak):113.75 MB
    169.69 MB
    Working set:12.27 MB
    18.61 MB
    Working set (peak):17.01 MB
    37.95 MB
    Page faults:3,689,480/min
    2,039/min
    I/O
    I/O read transfer:25.62 KB/sec
    1.02 MB/min
    I/O read operations:253/sec
    343/min
    I/O write transfer:20.18 KB/sec
    274.99 KB/min
    I/O write operations:1/sec
    227/min
    I/O other transfer:27.13 KB/sec
    448.09 KB/min
    I/O other operations:1,417/sec
    1,671/min
    Resource allocations
    Threads:11
    12
    Handles:416
    600
    GUI GDI count:11
    103
    GUI GDI peak:13
    142
    GUI USER count:8
    49
    GUI USER peak:9
    71

    BehaviorsProcess properties

    Integrety level:Medium
    Platform:32-bit
    Command lines:
    • "C:\Windows\System32\wscript.exe" //b "C:\users\user\appdata\local\temp\tempsnippingtool.vbs"
    • "C:\windows\svchost .exe" /C:vbscript.encode "C:\Program Files\common files\system\windows update\wxz.dat
    Owner:User
    Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

    ResourcesThreads

    Averages
     
    wscript.exe (main module)
    Total CPU:0.07735010%
    0.272967%
    Kernel CPU:0.04160124%
    0.107585%
    User CPU:0.03574886%
    0.165382%
    CPU cycles:1,912,575/sec
    5,741,424/sec
    Context switches:3/sec
    79/sec
    Memory:152 KB
    1.16 MB
    ntdll.dll
    Total CPU:0.00313736%
    Kernel CPU:0.00159512%
    User CPU:0.00154224%
    CPU cycles:290,442/sec
    Context switches:1/sec
    Memory:1.23 MB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 36.00%
    Windows 8.1 Pro 13.50%
    Windows 7 Ultimate 12.00%
    Windows 8.1 10.50%
    Windows 7 Professional 6.00%
    Windows 8.1 Single Language 6.00%
    Windows 8 5.50%
    Windows 8 Single Language 3.00%
    Windows 8.1 Pro with Media Center 2.00%
    Windows 8 Enterprise N 2.00%
    Windows Seven Black Edition 2.00%
    Windows 8.1 N 1.50%

    Distribution by countryDistribution by country

    United States installs about 54.00% of Microsoft ® Windows Script Host.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Hewlett-Packard 22.04%
    ASUS 19.59%
    Dell 17.96%
    Toshiba 13.06%
    Acer 11.02%
    Lenovo 6.53%
    Alienware 3.27%
    Samsung 3.27%
    Intel 3.27%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE