Suspicious command line after Fall Creators Update

Discussion in 'Malware Analysis' started by shmu26, Dec 28, 2017.

  1. shmu26

    shmu26 Level 53

    Jul 3, 2015
    So today I restored an old system image of Win10 pro x64, from 6 months ago, and then I went through all those microsoft updates etc, including RS3.
    A while later, Voodooshield picked up the following Powershell command line string. The beginning looks real scary, but the middle and end looks very ho-hum Microsoft update.
    What do you say? Am I pwned?

    "powershell" -noprofile -noninteractive -inputformat none -executionpolicy bypass add-provisionedappxpackage -online -packagepath "c:\windows\temp\installhevcappxpackage\microsoft.hevcvideoextension_8wekyb3d8bbwe.x64.appx" -dependencypackagepath "c:\windows\temp\installhevcappxpackage\microsoft.vclibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.appx" -licensepath "c:\windows\temp\installhevcappxpackage\microsoft.hevcvideoextension_8wekyb3d8bbwe.x64.xml"
    harlan4096 likes this.
Similar Threads Forum Date
Need Help Suspicious command line after Fall Creators Update Apps - Questions & Help Dec 28, 2017
Q&A HitmanPro flagging KIS drivers and files as suspicious HitmanPro (Sophos) Jan 2, 2018
Poll Make malicious/suspicious extensions thread a STICKY Browsers and Extensions Jan 2, 2018