Source: unknown |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\update.bat" " |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe ana.py |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python ab.py |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe en.py |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe eni.py |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM cmd.exe |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe ana.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python ab.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe en.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe eni.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM cmd.exe |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: cmdext.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: cmdext.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: apisethost.appexecutionalias.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: daxexec.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: fltlib.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: container.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: appxdeploymentclient.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: capauthz.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: windows.staterepositorycore.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.applicationdata.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.applicationdata.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.applicationdata.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.applicationdata.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\taskkill.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe ana.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python ab.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe en.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe eni.py |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM cmd.exe |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |