Windows Analysis Report
http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com

Overview

General Information

Sample URL: http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com
Analysis ID: 1541049
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Drops PE files with a suspicious file extension
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Creates driver files
Downloads executable code via HTTP
Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: Use Short Name Path in Command Line
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Source: Binary string: ConfigSecurityPolicy.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1419380624.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, ConfigSecurityPolicy.exe.12.dr
Source: Binary string: MpAzSubmit.pdb source: MpAzSubmit.dll.12.dr
Source: Binary string: MpRTP.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1403422225.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp, MpRtp.dll.12.dr
Source: Binary string: mpextms.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1424534327.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdBoot.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: endpointdlp.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1417366778.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, endpointdlp.dll.12.dr, endpointdlp.dll0.12.dr
Source: Binary string: MpAzSubmit.pdbOGPS source: MpAzSubmit.dll.12.dr
Source: Binary string: MpSenseComm.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1404088087.0000015D0E676000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpClient.pdb source: MpSigStub.exe, 0000000E.00000003.1462865934.00000219156AE000.00000004.00000020.00020000.00000000.sdmp, MpClient.dll0.12.dr
Source: Binary string: MpDetours.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418208096.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetours.dll0.12.dr
Source: Binary string: MpSigStub.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422173252.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpSigStub.exe, 0000000E.00000000.1457913538.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp, MpSigStub.exe, 0000000E.00000002.1665984914.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: MpCommu.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1401048832.0000015D0E660000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdFilter.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdNisDrv.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdFilter.pdbOGPS source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEng.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422345242.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe.12.dr
Source: Binary string: MpSigStub.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422173252.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpSigStub.exe, 0000000E.00000000.1457913538.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp, MpSigStub.exe, 0000000E.00000002.1665984914.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: MpRTP.pdbOGPS source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1403422225.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp, MpRtp.dll.12.dr
Source: Binary string: MpAdlElvtStub.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000002.1668879976.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000000.1396524457.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: MpOAV.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1402800297.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpUpdate.pdbGCTL source: MpUpdate.dll.12.dr
Source: Binary string: MpDlpService.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421597354.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpDlpService.exe.12.dr
Source: Binary string: MpCmdRun.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420288879.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCmdRun.exe0.12.dr, MpCmdRun.exe.12.dr
Source: Binary string: MpAdlElvtStub.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000002.1668879976.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000000.1396524457.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: MpOAV.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1402800297.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDefenderCoreService.pdbGCTL source: MpDefenderCoreService.exe.12.dr
Source: Binary string: MpDetoursCopyAccelerator.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418340957.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetoursCopyAccelerator.dll0.12.dr, MpDetoursCopyAccelerator.dll.12.dr
Source: Binary string: MpDLP.pdb source: MpDlp.dll.12.dr
Source: Binary string: endpointdlp.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1417366778.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, endpointdlp.dll.12.dr, endpointdlp.dll0.12.dr
Source: Binary string: ConfigSecurityPolicy.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1419380624.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, ConfigSecurityPolicy.exe.12.dr
Source: Binary string: DefenderCSP.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1399289905.0000015D0E65F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpCmdRun.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420288879.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCmdRun.exe0.12.dr, MpCmdRun.exe.12.dr
Source: Binary string: MpCopyAccelerator.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420518051.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCopyAccelerator.exe.12.dr
Source: Binary string: WdNisDrv.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDlpCmd.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421272989.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDlpCmd.exe.12.dr
Source: Binary string: MpDetours.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418208096.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetours.dll0.12.dr
Source: Binary string: WdDevFlt.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1456675201.0000015D0E67F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpSenseComm.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1404088087.0000015D0E676000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpCommu.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1401048832.0000015D0E660000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDetoursCopyAccelerator.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418340957.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetoursCopyAccelerator.dll0.12.dr, MpDetoursCopyAccelerator.dll.12.dr
Source: Binary string: WdBoot.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdDevFlt.pdbOGPS source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1456675201.0000015D0E67F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDlpCmd.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421272989.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDlpCmd.exe.12.dr
Source: Binary string: MpDLP.pdbOGPS source: MpDlp.dll.12.dr
Source: Binary string: MsMpEng.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422345242.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe.12.dr
Source: Binary string: MpCopyAccelerator.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420518051.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCopyAccelerator.exe.12.dr
Source: Binary string: MpClient.pdbGCTL source: MpSigStub.exe, 0000000E.00000003.1462865934.00000219156AE000.00000004.00000020.00020000.00000000.sdmp, MpClient.dll0.12.dr
Source: Binary string: mpextms.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1424534327.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpUpdate.pdb source: MpUpdate.dll.12.dr
Source: Binary string: MpDefenderCoreService.pdb source: MpDefenderCoreService.exe.12.dr
Source: Binary string: DefenderCSP.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1399289905.0000015D0E65F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDlpService.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421597354.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpDlpService.exe.12.dr

Networking
barindex
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: WdNisDrv.sys.12.dr Static PE information: Found NDIS imports: FwpmTransactionAbort0, FwpmTransactionCommit0, FwpmTransactionBegin0, FwpmEngineOpen0, FwpmSubLayerAdd0, FwpmEngineClose0, FwpmFilterAdd0, FwpmCalloutAdd0, FwpmSubLayerDeleteByKey0, FwpmCalloutDeleteByKey0, FwpmFilterDeleteByKey0, FwpsCalloutUnregisterByKey0, FwpsQueryPacketInjectionState0, FwpsInjectTransportSendAsync0, FwpsStreamInjectAsync0, FwpsInjectionHandleDestroy0, FwpsInjectionHandleCreate0, FwpsFlowRemoveContext0, FwpsFlowAssociateContext0, FwpsCalloutRegister2, FwpsCalloutUnregisterById0, FwpsCopyStreamDataToBuffer0, FwpsFlowAbort0, FwpsAllocateNetBufferAndNetBufferList0, FwpsFreeNetBufferList0
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 24 Oct 2024 08:57:42 GMTContent-Type: application/octet-streamContent-Length: 13554464Connection: keep-aliveCache-Control: public,max-age=172800Last-Modified: Thu, 10 Oct 2024 17:25:31 GMTX-CID: 10004X-CCC: c8f5eedd-9fca-40ac-a31c-6acfdf21da03Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'X-XSS-Protection: 1; mode=blockX-Frame-Options: SAMEORIGINX-Cache-Status: STALEAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 fc 34 be 82 b8 55 d0 d1 b8 55 d0 d1 b8 55 d0 d1 eb 2a d4 d0 a3 55 d0 d1 eb 2a d3 d0 a9 55 d0 d1 eb 2a d5 d0 76 55 d0 d1 eb 2a d1 d0 b1 55 d0 d1 b8 55 d1 d1 98 54 d0 d1 eb 2a d9 d0 f3 55 d0 d1 eb 2a 2f d1 b9 55 d0 d1 eb 2a d2 d0 b9 55 d0 d1 52 69 63 68 b8 55 d0 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 26 c1 06 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 24 00 00 03 00 00 d0 c9 00 00 00 00 00 20 73 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 10 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 cc 00 00 10 00 00 0a a0 cf 00 02 00 60 c1 00 00 08 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 9c f8 03 00 64 00 00 00 00 70 04 00 a4 6d c8 00 00 40 04 00 94 26 00 00 00 e0 cc 00 20 f3 01 00 00 e0 cc 00 74 06 00 00 28 a6 03 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 35 03 00 28 00 00 00 40 34 03 00 40 01 00 00 00 00 00 00 00 00 00 00 a8 35 03 00 c8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 f5 02 00 00 10 00 00 00 00 03 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 f9 00 00 00 10 03 00 00 00 01 00 00 10 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 10 29 00 00 00 10 04 00 00 20 00 00 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 94 26 00 00 00 40 04 00 00 30 00 00 00 30 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 a4 6d c8 00 00 70 04 00 00 70 c8 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 74 06 00 00 00 e0 cc 00 00 10 00 00 00 d0 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$4UUU*U*U*vU*UUT*U*/U*URichUPEd&g"$
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: unknown TCP traffic detected without corresponding DNS query: 74.248.121.8
Source: global traffic HTTP traffic detected: GET /d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: 74.248.121.8Connection: Keep-Alive
Source: wget.exe, 00000004.00000002.1380149359.0000000000A70000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.2.dr String found in binary or memory: http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e5
Source: MpSigStub.exe, 0000000E.00000002.1665318676.00000219156E9000.00000004.00000020.00020000.00000000.sdmp, MpSigStub.exe, 0000000E.00000003.1663282437.00000219156E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?56e5
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1401048832.0000015D0E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1401048832.0000015D0E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1401048832.0000015D0E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457549734.0000015D0E652000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457445843.0000015D0E64A000.00000004.00000020.00020000.00000000.sdmp, ThirdPartyNotices.txt.12.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MpUxAgent.dll.12.dr String found in binary or memory: https://aka.ms/FileIndicatorSupportuxUrluxBodyuxIdjitTitlejitBodybodyimageherosrcbinding%hs/toast/ac
Source: MpDefenderCoreService.exe.12.dr String found in binary or memory: https://collector.azure.microsoft.scloud/OneCollector/1.0/
Source: MpDefenderCoreService.exe.12.dr String found in binary or memory: https://config.edge.skype.com/config/v1/
Source: MpDefenderCoreService.exe.12.dr String found in binary or memory: https://config.edge.skype.com/config/v1/https://config.edge.skype.net/config/v1/Skype
Source: MpDefenderCoreService.exe.12.dr String found in binary or memory: https://config.edge.skype.net/config/v1/
Source: MpCmdRun.exe0.12.dr, MpDefenderCoreService.exe.12.dr, MpCmdRun.exe.12.dr String found in binary or memory: https://ecs.office.com/config/v1/
Source: MpCmdRun.exe0.12.dr String found in binary or memory: https://ecs.office.com/config/v1/ECSURI:SOFTWARE
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457549734.0000015D0E652000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457445843.0000015D0E64A000.00000004.00000020.00020000.00000000.sdmp, ThirdPartyNotices.txt.12.dr String found in binary or memory: https://github.com/Azure/azure-storage-cpp)
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457549734.0000015D0E652000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457445843.0000015D0E64A000.00000004.00000020.00020000.00000000.sdmp, ThirdPartyNotices.txt.12.dr String found in binary or memory: https://github.com/Microsoft/cpprestsdk)
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457549734.0000015D0E652000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457445843.0000015D0E64A000.00000004.00000020.00020000.00000000.sdmp, ThirdPartyNotices.txt.12.dr String found in binary or memory: https://github.com/open-source-parsers/jsoncpp.git)
Creates driver files
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdBoot.sys Jump to behavior
PE file contains executable resources (Code or Archives)
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.4.dr Static PE information: Resource name: CABINET type: Microsoft Cabinet archive data, many, 13133082 bytes, 230 files, at 0x2c +A "Catalogs\igd.cat" +A "Powershell\MSFT_MpBehavioralNetworkBlockingRules.cdxml", number 1, 1450 datablocks, 0x1503 compression
Source: MpUpdate.dll.12.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: ProtectionManagement.dll.mui0.12.dr Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: ProtectionManagement.dll.mui0.12.dr Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: MpAsDesc.dll.mui12.12.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: MpAsDesc.dll.mui13.12.dr Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
PE file contains more sections than normal
Source: WdNisDrv.sys.12.dr Static PE information: Number of sections : 11 > 10
PE file does not import any functions
Source: mpuxagent.dll.mui18.12.dr Static PE information: No import functions for PE file found
Source: ProtectionManagement.dll.mui3.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui28.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui38.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui9.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui6.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui11.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui14.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui1.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui1.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui42.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui16.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui4.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui22.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui.12.dr Static PE information: No import functions for PE file found
Source: MsMpLics.dll0.12.dr Static PE information: No import functions for PE file found
Source: MsMpLics.dll.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui25.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui33.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui0.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui48.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui.12.dr Static PE information: No import functions for PE file found
Source: ProtectionManagement.dll.mui.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui45.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui3.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui10.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui4.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui30.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui50.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui7.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui26.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui16.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui0.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui7.12.dr Static PE information: No import functions for PE file found
Source: ProtectionManagement.dll.mui1.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui0.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui49.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui7.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui39.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui6.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui27.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui6.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll0.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui32.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui1.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui15.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui43.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui8.12.dr Static PE information: No import functions for PE file found
Source: ProtectionManagement.dll.mui0.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui20.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui31.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui15.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui11.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui21.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui41.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui51.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui5.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui2.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui34.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui24.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui44.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui5.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui2.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui14.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui2.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui37.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui8.12.dr Static PE information: No import functions for PE file found
Source: ProtectionManagement.dll.mui2.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui17.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui8.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui10.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui4.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui46.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui13.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui23.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui13.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui36.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui17.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui3.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui29.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui19.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui12.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui47.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui5.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui3.12.dr Static PE information: No import functions for PE file found
Source: MpEvMsg.dll.mui9.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui12.12.dr Static PE information: No import functions for PE file found
Source: MpAsDesc.dll.mui18.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui9.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui35.12.dr Static PE information: No import functions for PE file found
Source: mpuxagent.dll.mui40.12.dr Static PE information: No import functions for PE file found
Source: MpDlp.dll.12.dr Binary string: ~$RealtimeProtection::DlpProcessCache::DlpProcessStateCache::UpdateFileInternalstd::nulloptDLP::SetUserDecisionForWarnFile: Updating user bypass decision for the file %ls to %dDLP::GetUserDecisionForWarnFile: Returning current user desicion on the file %ls as %d[DLP]: Active DLP Process (Memory map case). Pid %d, FileName %ls[DLP]: Active DLP Process. Pid %d, ProcessName %ls, FileName %ls\Device\MupLanmanRedirector
Source: MpDlp.dll.12.dr Binary string: \\.\\GLOBAL??\\Device\\SystemRoot\\\?\Volume{\\?\UNC %ls%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X%ls\??\%ls\??\UNC\%lsY
Source: endpointdlp.dll.12.dr Binary string: NULL\\?\UNC\\?\Volume{\??\\\\Device\\\?\\\.\\SystemRoot\\??\%ls\GLOBAL??\%ls%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X%ls\??\UNC\%ls\*.SHA256Y
Source: MpRtp.dll.12.dr Binary string: CGetVolumePathNamesForVolumeNameW\Device\LanmanRedirector
Source: MpRtp.dll.12.dr Binary string: NE\DEVICE\\.\boottransactionfilesamplefilerequestedsamplefileexpensive->%lu%ld%ld%cremoteremovablefixednot boot%ws / %wsPassthrough%SystemDrive%\SystemRoot\{5737d832-9e2c-4922-9623-48a220290dcb}AUDITFolderGuardTargetDiskFolderGuardTargetPathFolderGuardIdFolderGuardProcessImageFileName(unknown)ExceptionReturnNtReturnHrLogNtLogHrFailFast%hs(%u)\%hs!%p: %hs!%p: (caller: %p) %hs(%d) tid(%x) %08X %ws Msg:[%ws] CallContext:[%hs] [%hs(%hs)]
Source: MpDlpService.exe.12.dr Binary string: rK>GetSystemTimePreciseAsFileTime\\.\\\?\\\?\UNC\\Device\Mup\\\
Source: MpDlp.dll.12.dr Binary string: \VarFileInfo\Translation\StringFileInfo\%04x%04x\%sOriginalFilenamefirefox.exechrome.exeacrobat.exedotxdotmprnpptdotgzdocxrarxltdocmasdtmpxlsbxlsxxlsxltmdocb7zxlwxpsziptxtppsxoxpstifdoctsvxlsmexecsvxltxpdfsplpotxppspotmpptxposzipxxlmppampptmtarConfigurationbad exceptionbad allocation^\d+\.\d+$_\Device\LanmanRedirector\\Device\Harddisk\Device\CdRom\Device\Floppy\Device\WinDfs\\Device\RdpDr\\Device\WebDavRedirector\\Device\Mup\;LanmanRedirector\;\Device\Mup\DfsClient\;\Device\Mup\\Device\SftVol\File ID\Device\ImDisk0
Source: MpCmdRun.exe0.12.dr Binary string: IdImageFileNameFirst Resource TypeTypeScan SourceFirst Resource PathEngineIdResource CountReasonProcessMessagePIDStartStopDataIsSignedFile\Device\\\?\\FI_UNKNOWN\drivers\error: invalid data: System Windows path changed during the trace from "%ls" to "%ls"
Source: MpDlp.dll.12.dr Binary string: o\Device\LanmanRedirector\SystemRoot\SystemRoot\%lsMpRtp_IgnoreFilterSendMessageErrors\MicrosoftMalwareProtectionControlPortWD
Source: MpRtp.dll.12.dr Binary string: BuildLabExfile_FilterExperimentMode\Device\LanmanRedirector\\Device\Harddisk\Device\CdRom\Device\Floppy\Device\WinDfs\\Device\RdpDr\\Device\WebDavRedirector\\Device\Mup\;LanmanRedirector\;\Device\Mup\DfsClient\;\Device\Mup\\Device\SftVol\File ID\Device\ImDisk0
Source: MpDetours.dll0.12.dr Binary string: C>_.\\.\\\?\UNC\\\?\\Device\Mup\\\
Source: MpDlp.dll.12.dr Binary string: \Device\Mup\Client\\\.\\Device\Mup\tsclient\SCARD\Device\Mup\tsclient\ObjectLengthHashDigestLengthj
Source: MpRtp.dll.12.dr Binary string: MpRtp_SimulateDevVolumeProtectonState\\?\%s\\?\UNC\\Device\Mup\\\
Source: MpDlp.dll.12.dr Binary string: \\?\\\?\UNC\\Device\Mup\\\invalid distance too far backNULL
Source: MpRtp.dll.12.dr Binary string: \Device\MountPointManager
Source: MpRtp.dll.12.dr Binary string: 8\Device\%s[ProcessExclusion] %ls discarded, hr = %#lx\REGISTRY\MACHINE@@P
Source: MpCmdRun.exe.12.dr Binary string: amcore\antimalware\source\service\tools\mpcmdtool\mpperformancereport.cppImageFileNameProcessIdTypeIdFirst Resource PathFirst Resource TypeResource CountScan SourceProcessEngineIdPIDReasonDataMessageStartStop\\?\IsSignedFile\drivers\\Device\error: invalid data: System path changed during the trace from "%ls" to "%ls"
Source: endpointdlp.dll0.12.dr Binary string: C>_.NULL\\?\Volume{\\?\UNC\\\??\\\?\\Device\\SystemRoot\\\.\\GLOBAL??\\??\%ls\??\UNC\%ls%ls%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X%ls\*.SHA256advapi32.dll4
Source: MpRtp.dll.12.dr Binary string: System\Device\Mup(
Source: MpDlp.dll.12.dr Binary string: o\??\Volume%s%s\%s\Device\MountPointManager\\%s
Source: classification engine Classification label: mal60.troj.evad.win@7/238@0/1
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6176:120:WilError_03
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6 Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, MpAsDesc.dll.mui29.12.dr Binary or memory string: Select ActionPA6Block executable content from email client and webmail;Block all Office applications from creating child processes:Block Office applications from creating executable contentBBlock Office applications from injecting code into other processesIBlock JavaScript or VBScript from launching downloaded executable content1Block execution of potentially obfuscated scripts'Block Win32 API calls from Office macro`Block executable files from running unless they meet a prevalence, age, or trusted list criteria*Use advanced protection against ransomwareYBlock credential stealing from the Windows local security authority subsystem (lsass.exe)@Block process creations originating from PSExec and WMI commands8Block untrusted and unsigned processes that run from USBJBlock only Office communication applications from creating child processes0Block Adobe Reader from creating child processes#Block WebShell Creation For Servers0Block persistence through WMI event subscription>Block abuse of in-the-wild exploited vulnerable signed drivers$Block rebooting machine in Safe Mode0Block use of copied or impersonated system tools)Antimalware engine has stopped responding
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com"
Source: unknown Process created: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe "C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe"
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe /stub 1.1.24010.2001 /payload 4.18.24090.11 /program C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com" Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe /stub 1.1.24010.2001 /payload 4.18.24090.11 /program C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: wer.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: aepic.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: phoneinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: flightsettings.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: flightsettings.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: windows.security.authentication.onlineid.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: flightsettings.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: flightsettings.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: ConfigSecurityPolicy.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1419380624.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, ConfigSecurityPolicy.exe.12.dr
Source: Binary string: MpAzSubmit.pdb source: MpAzSubmit.dll.12.dr
Source: Binary string: MpRTP.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1403422225.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp, MpRtp.dll.12.dr
Source: Binary string: mpextms.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1424534327.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdBoot.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: endpointdlp.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1417366778.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, endpointdlp.dll.12.dr, endpointdlp.dll0.12.dr
Source: Binary string: MpAzSubmit.pdbOGPS source: MpAzSubmit.dll.12.dr
Source: Binary string: MpSenseComm.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1404088087.0000015D0E676000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpClient.pdb source: MpSigStub.exe, 0000000E.00000003.1462865934.00000219156AE000.00000004.00000020.00020000.00000000.sdmp, MpClient.dll0.12.dr
Source: Binary string: MpDetours.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418208096.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetours.dll0.12.dr
Source: Binary string: MpSigStub.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422173252.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpSigStub.exe, 0000000E.00000000.1457913538.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp, MpSigStub.exe, 0000000E.00000002.1665984914.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: MpCommu.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1401048832.0000015D0E660000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdFilter.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdNisDrv.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdFilter.pdbOGPS source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsMpEng.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422345242.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe.12.dr
Source: Binary string: MpSigStub.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422173252.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpSigStub.exe, 0000000E.00000000.1457913538.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp, MpSigStub.exe, 0000000E.00000002.1665984914.00007FF71B7D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: MpRTP.pdbOGPS source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1403422225.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp, MpRtp.dll.12.dr
Source: Binary string: MpAdlElvtStub.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000002.1668879976.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000000.1396524457.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: MpOAV.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1402800297.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpUpdate.pdbGCTL source: MpUpdate.dll.12.dr
Source: Binary string: MpDlpService.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421597354.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpDlpService.exe.12.dr
Source: Binary string: MpCmdRun.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420288879.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCmdRun.exe0.12.dr, MpCmdRun.exe.12.dr
Source: Binary string: MpAdlElvtStub.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000002.1668879976.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000000.1396524457.00007FF78D571000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: MpOAV.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1402800297.0000015D0E661000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDefenderCoreService.pdbGCTL source: MpDefenderCoreService.exe.12.dr
Source: Binary string: MpDetoursCopyAccelerator.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418340957.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetoursCopyAccelerator.dll0.12.dr, MpDetoursCopyAccelerator.dll.12.dr
Source: Binary string: MpDLP.pdb source: MpDlp.dll.12.dr
Source: Binary string: endpointdlp.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1417366778.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, endpointdlp.dll.12.dr, endpointdlp.dll0.12.dr
Source: Binary string: ConfigSecurityPolicy.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1419380624.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, ConfigSecurityPolicy.exe.12.dr
Source: Binary string: DefenderCSP.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1399289905.0000015D0E65F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpCmdRun.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420288879.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCmdRun.exe0.12.dr, MpCmdRun.exe.12.dr
Source: Binary string: MpCopyAccelerator.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420518051.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCopyAccelerator.exe.12.dr
Source: Binary string: WdNisDrv.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDlpCmd.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421272989.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDlpCmd.exe.12.dr
Source: Binary string: MpDetours.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418208096.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetours.dll0.12.dr
Source: Binary string: WdDevFlt.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1456675201.0000015D0E67F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpSenseComm.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1404088087.0000015D0E676000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpCommu.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1401048832.0000015D0E660000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDetoursCopyAccelerator.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1418340957.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDetoursCopyAccelerator.dll0.12.dr, MpDetoursCopyAccelerator.dll.12.dr
Source: Binary string: WdBoot.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WdDevFlt.pdbOGPS source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1457288058.0000015D0EA74000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1456675201.0000015D0E67F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDlpCmd.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421272989.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpDlpCmd.exe.12.dr
Source: Binary string: MpDLP.pdbOGPS source: MpDlp.dll.12.dr
Source: Binary string: MsMpEng.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1422345242.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe.12.dr
Source: Binary string: MpCopyAccelerator.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1420518051.0000015D0E662000.00000004.00000020.00020000.00000000.sdmp, MpCopyAccelerator.exe.12.dr
Source: Binary string: MpClient.pdbGCTL source: MpSigStub.exe, 0000000E.00000003.1462865934.00000219156AE000.00000004.00000020.00020000.00000000.sdmp, MpClient.dll0.12.dr
Source: Binary string: mpextms.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1424534327.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpUpdate.pdb source: MpUpdate.dll.12.dr
Source: Binary string: MpDefenderCoreService.pdb source: MpDefenderCoreService.exe.12.dr
Source: Binary string: DefenderCSP.pdbGCTL source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1399289905.0000015D0E65F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MpDlpService.pdb source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1421597354.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp, MpDlpService.exe.12.dr
Binary contains a suspicious time stamp
Source: WdNisDrv.sys.12.dr Static PE information: 0x80ACA81D [Sun May 30 02:21:17 2038 UTC]
PE file contains sections with non-standard names
Source: WdNisDrv.sys.12.dr Static PE information: section name: fothk
Source: WdNisDrv.sys.12.dr Static PE information: section name: GFIDS
Source: MpClient.dll.12.dr Static PE information: section name: .didat
Source: MpCommu.dll.12.dr Static PE information: section name: .didat
Source: MpDetours.dll.12.dr Static PE information: section name: .detourc
Source: MpDetours.dll.12.dr Static PE information: section name: .detourd
Source: MpDetoursCopyAccelerator.dll.12.dr Static PE information: section name: .detourc
Source: MpDetoursCopyAccelerator.dll.12.dr Static PE information: section name: .detourd
Source: MpDlp.dll.12.dr Static PE information: section name: .didat
Source: MpRtp.dll.12.dr Static PE information: section name: .didat
Source: MpSvc.dll.12.dr Static PE information: section name: .didat
Source: NpRep.dll.12.dr Static PE information: section name: .didat
Source: ProtectionManagement.dll.12.dr Static PE information: section name: .didat
Source: MpClient.dll0.12.dr Static PE information: section name: .didat
Source: MpDetours.dll0.12.dr Static PE information: section name: .detourc
Source: MpDetours.dll0.12.dr Static PE information: section name: .detourd
Source: MpDetoursCopyAccelerator.dll0.12.dr Static PE information: section name: .detourc
Source: MpDetoursCopyAccelerator.dll0.12.dr Static PE information: section name: .detourd
Source: MpCmdRun.exe.12.dr Static PE information: section name: .didat
Source: NisSrv.exe.12.dr Static PE information: section name: .didat
Source: MpCmdRun.exe0.12.dr Static PE information: section name: .didat

Persistence and Installation Behavior
barindex
Drops PE files with a suspicious file extension
Source: C:\Windows\SysWOW64\wget.exe File created: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com Jump to dropped file
Sample is not signed and drops a device driver
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdBoot.sys Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdDevFlt.sys Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdFilter.sys Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdNisDrv.sys Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Cyrl-RS\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mt-MT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lo-LA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-CA\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\gd-GB\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\kk-KZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpClient.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ro-RO\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ta-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpOAV.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ne-NP\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\da-DK\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\el-GR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hi-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\he-IL\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\quz-PE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MsMpLics.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\et-EE\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sk-SK\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sv-SE\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ca-ES-valencia\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lt-LT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDetoursCopyAccelerator.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tr-TR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ProtectionManagement.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ka-GE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpCopyAccelerator.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ml-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\et-EE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pl-PL\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pa-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\uk-UA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ar-SA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\id-ID\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mr-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-GB\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpAzSubmit.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\th-TH\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\endpointdlp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpCmdRun.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpCommu.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fa-IR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\he-IL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nb-NO\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpRecovery.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nl-NL\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lb-LU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pl-PL\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sq-AL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ro-RO\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\vi-VN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lv-LV\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ca-ES\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fi-FI\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MsMpLics.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDefenderCoreService.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Cyrl-BA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpRtp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\is-IS\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\da-DK\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\km-KH\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\eu-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hr-HR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpOAV.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\en-US\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ms-MY\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\or-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sv-SE\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hu-HU\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpAsDesc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\NisSrv.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\endpointdlp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDlpCmd.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\gu-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSvc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sl-SI\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\kn-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\DlpUserAgent.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\af-ZA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\id-ID\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mi-NZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fi-FI\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cy-GB\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fi-FI\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lv-LV\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pl-PL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Latn-RS\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sv-SE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nb-NO\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\NpRep.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpAsDesc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdNisDrv.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sl-SI\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ar-SA\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hr-HR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sk-SK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdDevFlt.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nb-NO\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\da-DK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ConfigSecurityPolicy.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-GB\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDlp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tt-RU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tr-TR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MsMpEng.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nn-NO\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ug-CN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\uk-UA\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpDetours.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpEvMsg.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdFilter.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tr-TR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDetours.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mpextms.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-PT\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-PT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\kok-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bg-BG\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDlpService.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hu-HU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpUpdate.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\th-TH\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ga-IE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lt-LT\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cs-CZ\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdBoot.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ca-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bs-Latn-BA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpClient.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpCopyAccelerator.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\te-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cs-CZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-MX\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cs-CZ\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\az-Latn-AZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\am-ET\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nl-NL\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\as-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ur-PK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpCmdRun.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\el-GR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\DefenderCSP.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-PT\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-MX\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bn-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\el-GR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nl-NL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-CA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bg-BG\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fil-PH\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\vi-VN\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mk-MK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSenseComm.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Latn-RS\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpUxAgent.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hu-HU\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\gl-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpDetoursCopyAccelerator.dll Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe File created: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe System information queried: FirmwareTableInformation Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Cyrl-RS\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mt-MT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lo-LA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-CA\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\kk-KZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\gd-GB\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpClient.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ro-RO\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ta-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpOAV.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ne-NP\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\da-DK\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\el-GR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\he-IL\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hi-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\quz-PE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MsMpLics.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\et-EE\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sk-SK\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sv-SE\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ca-ES-valencia\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lt-LT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDetoursCopyAccelerator.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tr-TR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ProtectionManagement.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ka-GE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpCopyAccelerator.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ml-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\et-EE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pl-PL\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pa-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\uk-UA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ar-SA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\id-ID\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mr-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-GB\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpAzSubmit.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\th-TH\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\endpointdlp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpCmdRun.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpCommu.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fa-IR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\he-IL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nb-NO\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpRecovery.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nl-NL\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lb-LU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pl-PL\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sq-AL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ro-RO\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\vi-VN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lv-LV\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fi-FI\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ca-ES\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MsMpLics.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDefenderCoreService.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Cyrl-BA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpRtp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\is-IS\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\da-DK\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\km-KH\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\eu-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hr-HR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpOAV.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\en-US\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ms-MY\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\or-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sv-SE\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpAsDesc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\NisSrv.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hu-HU\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\endpointdlp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDlpCmd.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSvc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\gu-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sl-SI\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\kn-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\DlpUserAgent.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\af-ZA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\id-ID\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fi-FI\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mi-NZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cy-GB\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fi-FI\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lv-LV\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pl-PL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Latn-RS\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sv-SE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ru-RU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nb-NO\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\NpRep.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpAsDesc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\de-DE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdNisDrv.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sl-SI\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ar-SA\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hr-HR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sk-SK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdDevFlt.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nb-NO\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\da-DK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ConfigSecurityPolicy.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-GB\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDlp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ja-JP\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tt-RU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tr-TR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-ES\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MsMpEng.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nn-NO\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ug-CN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\uk-UA\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpDetours.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpEvMsg.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\it-IT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdFilter.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\tr-TR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDetours.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mpextms.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-PT\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-PT\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-BR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\kok-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bg-BG\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-FR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpDlpService.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hu-HU\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpUpdate.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\th-TH\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ga-IE\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\lt-LT\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cs-CZ\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\Drivers\WdBoot.sys Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ca-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bs-Latn-BA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpClient.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpCopyAccelerator.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\te-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cs-CZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-MX\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\cs-CZ\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\az-Latn-AZ\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\ProtectionManagement.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\am-ET\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\as-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nl-NL\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ur-PK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpCmdRun.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\el-GR\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-CN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\DefenderCSP.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\pt-PT\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\ko-KR\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\zh-TW\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\es-MX\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bn-IN\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\el-GR\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\nl-NL\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fr-CA\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\bg-BG\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\vi-VN\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\fil-PH\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\mk-MK\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSenseComm.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\sr-Latn-RS\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpUxAgent.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\en-US\MpEvMsg.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\hu-HU\MpAsDesc.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\gl-ES\mpuxagent.dll.mui Jump to dropped file
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\x86\MpDetoursCopyAccelerator.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe TID: 7604 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries disk information (often used to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe File opened: PhysicalDrive0 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1399289905.0000015D0E65F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: /NULLkernel32.dllMicrosoft HvVMwareVMware
Source: MpSigStub.exe, 0000000E.00000003.1663174616.000002191570B000.00000004.00000020.00020000.00000000.sdmp, MpSigStub.exe, 0000000E.00000002.1665318676.000002191570B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW8
Source: MpSigStub.exe, 0000000E.00000002.1665318676.0000021915640000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW64
Source: wget.exe, 00000004.00000002.1380149359.0000000000A78000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1426163494.0000015D0E663000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: [read : ToSubclass] boolean IsVirtualMachine = FALSE;
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1399289905.0000015D0E65F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMware
Source: MpSigStub.exe, 0000000E.00000003.1663174616.000002191570B000.00000004.00000020.00020000.00000000.sdmp, MpSigStub.exe, 0000000E.00000002.1665318676.000002191570B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1399289905.0000015D0E65F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: DefenderDetectionsNameURLSeverityCategoryCurrentStatusExecutionStatusInitialDetectionTimeLastThreatStatusChangeTimeNumberOfDetectionsHealthProductStatusComputerStateDefenderEnabledRtpEnabledNisEnabledQuickScanOverdueFullScanOverdueSignatureOutOfDateRebootRequiredFullScanRequiredEngineVersionSignatureVersionDefenderVersionQuickScanTimeFullScanTimeQuickScanSigVersionFullScanSigVersionTamperProtectionEnabledIsVirtualMachineDeviceControlStateConfigurationPolicyGroupsGroupDataPolicyRulesRuleDataDeduplicateAccessEventsTamperProtectionEnableFileHashComputationMeteredConnectionUpdatesSupportLogLocationExcludedIpAddressesAllowNetworkProtectionOnWinServerDisableCpuThrottleOnIdleScansDisableLocalAdminMergeSchedulerRandomizationTimeDisableTlsParsingDisableHttpParsingDisableDnsParsingDisableDnsOverTcpParsingDisableSshParsingPlatformUpdatesChannelEngineUpdatesChannelSecurityIntelligenceUpdatesChannelDisableGradualReleaseAllowNetworkProtectionDownLevelEnableDnsSinkholeDisableInboundConnectionFilteringDisableRdpParsingAllowDatagramProcessingOnWinServerDisableDatagramProcessingEnableConvertWarnToBlockDisableNetworkProtectionPerfTelemetryHideExclusionsFromLocalAdminsThrottleForScheduledScanOnlyDaysUntilAggressiveCatchupQuickScanASROnlyPerRuleExclusionsDataDuplicationDirectoryDataDuplicationRemoteLocationDisableFtpParsingDeviceControlEnabledDefaultEnforcementAllowSwitchToAsyncInspectionPassiveRemediationDisableCoreServiceECSIntegrationDisableCoreServiceTelemetryDataDuplicationLocalRetentionPeriodIntelTDTEnabledDisableSmtpParsingDisableQuicParsingNetworkProtectionReputationModeEnableUdpSegmentationOffloadEnableUdpReceiveOffloadEnableEcsConfigurationRandomizeScheduleTaskTimesArchiveMaxSizeArchiveMaxDepthScanOnlyIfIdleEnabledSecuredDevicesConfigurationHideExclusionsFromLocalUsersOobeEnableRtpAndSigUpdatePerformanceModeStatusDataDuplicationMaximumQuotaDisableCacheMaintenanceSecurityIntelligenceLocationUpdateAtScheduledTimeOnlyQuickScanIncludeExclusionsScheduleSecurityIntelligenceUpdateTimeScheduleSecurityIntelligenceUpdateDayBehavioralNetworkBlocksRemoteEncryptionProtectionRemoteEncryptionProtectionConfiguredStateRemoteEncryptionProtectionMaxBlockTimeRemoteEncryptionProtectionAggressivenessRemoteEncryptionProtectionExclusionsBruteForceProtectionBruteForceProtectionConfiguredStateBruteForceProtectionMaxBlockTimeBruteForceProtectionAggressivenessBruteForceProtectionExclusionsBruteForceProtectionPluginsBruteForceProtectionLocalNetworkBlockingBruteForceProtectionSkipLearningPeriodScanUpdateSignatureOfflineScanRollbackPlatformRollbackEngineNULL!.
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process information queried: ProcessInformation Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe File created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MsMpEng.exe Jump to dropped file
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cachehostorigin=au.download.windowsupdate.com" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cachehostorigin=au.download.windowsupdate.com"
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe c:\users\user~1\appdata\local\temp\50f419bb-3ef6-49af-a8da-42c49aededf6\mpsigstub.exe /stub 1.1.24010.2001 /payload 4.18.24090.11 /program c:\users\user\desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cachehostorigin=au.download.windowsupdate.com.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cachehostorigin=au.download.windowsupdate.com" Jump to behavior
Source: C:\Users\user\Desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe Process created: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe c:\users\user~1\appdata\local\temp\50f419bb-3ef6-49af-a8da-42c49aededf6\mpsigstub.exe /stub 1.1.24010.2001 /payload 4.18.24090.11 /program c:\users\user\desktop\download\updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cachehostorigin=au.download.windowsupdate.com.exe Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MpSigStub.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1667229053.0000015D0E673000.00000004.00000020.00020000.00000000.sdmp, updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe, 0000000C.00000003.1666862441.0000015D0E65D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\C:\Users\user~1\AppData\Local\Temp\50F419BB-3EF6-49AF-A8DA-42C49AEDEDF6\MsMpEng.exe
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541049 URL: http://74.248.121.8/d/msdow... Startdate: 24/10/2024 Architecture: WINDOWS Score: 60 33 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->33 6 updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe@cacheHostOrigin=au.download.windowsupdate.com.exe 365 2->6         started        10 cmd.exe 2 2->10         started        process3 file4 23 C:\Users\user\AppData\Local\...\MsMpEng.exe, PE32+ 6->23 dropped 25 C:\Users\user\AppData\Local\...\MpSigStub.exe, PE32+ 6->25 dropped 27 C:\Users\user\AppData\...\mpuxagent.dll.mui, PE32 6->27 dropped 29 200 other files (none is malicious) 6->29 dropped 35 Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS) 6->35 37 Sample is not signed and drops a device driver 6->37 12 MpSigStub.exe 19 12 6->12         started        15 wget.exe 2 10->15         started        19 conhost.exe 10->19         started        signatures5 process6 dnsIp7 39 Query firmware table information (likely to detect VMs) 12->39 31 74.248.121.8, 49699, 80 SUDDENLINK-COMMUNICATIONSUS United States 15->31 21 updateplatform.amd...d.windowsupdate.com, PE32+ 15->21 dropped 41 Drops PE files with a suspicious file extension 15->41 file8 signatures9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
74.248.121.8
 unknown United States
19108 SUDDENLINK-COMMUNICATIONSUS false

Contacted Domains

Name IP Active
bg.microsoft.map.fastly.net 199.232.214.172 true