Windows Analysis Report
update.bat

Overview

General Information

Sample name: update.bat
Analysis ID: 1546597
MD5: f367f9325667365943803103e4f6d1c1
SHA1: 8af3410e29740193b254bb06f843b2e3795fc007
SHA256: 317d70c2f994f77d4058b6d1283213ead1c0d53cc7b7754acabcf76d09670877
Tags: batSPAM-ITAterrorists-cultures-wallpaper-tabs-trycloudflare-comuser-JAMESWT_MHT
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Maps a DLL or memory area into another process
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses taskkill to terminate processes
Yara signature match

Classification

AV Detection

barindex
Source: update.bat Virustotal: Detection: 12% Perma Link

System Summary

barindex
Source: update.bat, type: SAMPLE Matched rule: Koadic post-exploitation framework BAT payload Author: ditekSHen
Source: update.bat, type: SAMPLE Matched rule: MALWARE_BAT_KoadicBAT author = ditekSHen, description = Koadic post-exploitation framework BAT payload
Source: classification engine Classification label: mal60.evad.winBAT@19/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4060:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6216:120:WilError_03
Source: unknown Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\update.bat" "
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "cmd.exe")
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: update.bat Virustotal: Detection: 12%
Source: unknown Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\update.bat" "
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe ana.py
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python ab.py
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe en.py
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe eni.py
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM cmd.exe
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe ana.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python ab.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe en.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe eni.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM cmd.exe Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: apisethost.appexecutionalias.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: daxexec.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: fltlib.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: container.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: capauthz.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\System32\cmd.exe Section loaded: NULL target: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe protection: readonly Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: NULL target: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe protection: readonly Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: NULL target: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe protection: readonly Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: NULL target: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe protection: readonly Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe ana.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python ab.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe en.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe python.exe eni.py Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM cmd.exe Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM cmd.exe Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe VolumeInformation Jump to behavior
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
No contacted IP infos