Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbS source: powershell.exe, 00000006.00000002.2410289196.00000000079ED000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2409876793.00000000222C4000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: @ntkrnlmp.pdb source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2409876793.00000000222C4000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officeappguardwin32.pdb source: officeappguardwin32.exe.9.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbW source: powershell.exe, 00000006.00000002.2410289196.00000000079ED000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: lambda_methodCore.pdb source: powershell.exe, 00000006.00000002.2416249131.0000000008BE7000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\*.* source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2409876793.00000000222C4000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\notification_helper.exe.pdb source: notification_click_helper.exe.9.dr |
Source: |
Binary string: @winload_prod.pdb source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\notification_helper.exe.pdbOGP source: notification_click_helper.exe.9.dr |
Source: |
Binary string: )"WINLOA~1.PDBk,"$5,"$5," source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: winload_prod.pdb source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdbGCTL source: OfficeScrSanBroker.exe.9.dr, jucheck.exe.9.dr, officeappguardwin32.exe.9.dr, dbcicons.exe.9.dr, sscicons.exe.9.dr, notification_click_helper.exe.9.dr, accicons.exe.9.dr |
Source: |
Binary string: wab.pdb source: OfficeScrSanBroker.exe.9.dr, jucheck.exe.9.dr, officeappguardwin32.exe.9.dr, dbcicons.exe.9.dr, sscicons.exe.9.dr, notification_click_helper.exe.9.dr, accicons.exe.9.dr |
Source: |
Binary string: in32.pdb source: officeappguardwin32.exe.9.dr |
Source: |
Binary string: System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.2402584546.0000000003515000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officescrsanbroker.pdbbroker.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OfficeScrSanBroker.exe.9.dr |
Source: |
Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\* source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2409876793.00000000222C4000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officescrsanbroker.pdb source: OfficeScrSanBroker.exe.9.dr |
Source: |
Binary string: ,"4winload_prod.pdb source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officeappguardwin32.pdbin32.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: officeappguardwin32.exe.9.dr |
Source: |
Binary string: LC:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: broker.pdb source: OfficeScrSanBroker.exe.9.dr |
Source: |
Binary string: @winload_prod.pdbf,"@ source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: )"WINLOA~1.PDB source: wab.exe, 00000009.00000003.2409829520.00000000222C0000.00000004.00001000.00020000.00000000.sdmp |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Users\user\AppData\Local\Temp\chrome.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe |
Jump to behavior |
Source: OfficeScrSanBroker.exe.9.dr |
String found in binary or memory: http://SoftwareMicrosoft16.0CommonDebugHKEY_LOCAL_MACHINEHKEY_CURRENT_USER |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://es5.github.io/#x15.4.4.21 |
Source: powershell.exe, 00000002.00000002.2504527085.000002505A59A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fs03n4.sendspace.com |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://java.sun.com |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://java.sun.comnot |
Source: wab.exe, 00000009.00000002.2799289733.0000000022290000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000002.00000002.2581460938.000002506881F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2407208321.0000000006097000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: powershell.exe, 00000006.00000002.2403153242.000000000518C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.Service |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjects |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjectsItemsSortKeyArrayOfR |
Source: powershell.exe, 00000002.00000002.2504527085.00000250587B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2403153242.0000000005031000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://stackoverflow.com/a/1465386/4224163 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://stackoverflow.com/a/15123777) |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://stackoverflow.com/questions/1026069/capitalize-the-first-letter-of-string-in-javascript |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://stackoverflow.com/questions/1068834/object-comparison-in-javascript |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/ |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/DisableUser |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/DisableUserResponse |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/EnableUser |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/EnableUserResponse |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/GetConfig |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/GetConfigResponse |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/ReadSettings |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/ReadSettingsResponse |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/WriteSettings |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/WriteSettingsResponse |
Source: officeappguardwin32.exe.9.dr |
String found in binary or memory: http://tempuri.org/IRoamingSettingsService/WriteSettingshttp://tempuri.org/IRoamingSettingsService/R |
Source: powershell.exe, 00000006.00000002.2403153242.000000000518C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://www.computerhope.com/forum/index.php?topic=76293.0 |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: powershell.exe, 00000002.00000002.2504527085.000002505A561000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sendspace.com |
Source: jucheck.exe.9.dr |
String found in binary or memory: http://www.tutorialspoint.com/javascript/array_map.htm |
Source: powershell.exe, 00000002.00000002.2504527085.00000250587B1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000006.00000002.2403153242.0000000005031000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lBjq |
Source: powershell.exe, 00000006.00000002.2407208321.0000000006097000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000006.00000002.2407208321.0000000006097000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000006.00000002.2407208321.0000000006097000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith |
Source: powershell.exe, 00000002.00000002.2504527085.000002505A586000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n4.sendspaX |
Source: powershell.exe, 00000002.00000002.2504527085.000002505A586000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2504527085.0000025058C43000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n4.sendspace.com |
Source: powershell.exe, 00000002.00000002.2504527085.0000025058C3F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2504527085.000002505A582000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2504527085.000002505A561000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2504527085.000002505A586000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2504527085.0000025058C43000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n4.sendspace.com/dlpro/81d69660376a5bce96e9e379357cd531/664f8719/i41a76/Semicylinder.psm |
Source: wab.exe, 00000009.00000003.2365648701.00000000069E2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2372986169.00000000069E2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2787822130.00000000069E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n1.sendspace.com/ |
Source: wab.exe, 00000009.00000003.2365648701.00000000069E2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2372986169.00000000069E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n1.sendspace.com/=6 |
Source: wab.exe, 00000009.00000003.2372986169.00000000069E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n1.sendspace.com/Z6: |
Source: wab.exe, 00000009.00000003.2365648701.00000000069CD000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2787822130.00000000069BD000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.2787822130.00000000069BA000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2365503757.00000000069E2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2372986169.00000000069CC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n1.sendspace.com/dlpro/a249fc130e1351275114f8d6a64c794e/664f873c/12acii/aLnQbzJIDX45.bin |
Source: powershell.exe, 00000006.00000002.2403153242.000000000518C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: notification_click_helper.exe.9.dr |
String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff |
Source: notification_click_helper.exe.9.dr |
String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith |
Source: powershell.exe, 00000002.00000002.2504527085.0000025059A59000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml |
Source: jucheck.exe.9.dr |
String found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/upda |
Source: powershell.exe, 00000002.00000002.2581460938.000002506881F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2407208321.0000000006097000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.2504527085.000002505A55C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2504527085.00000250589DD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com |
Source: wab.exe, 00000009.00000002.2787822130.0000000006958000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/ |
Source: wab.exe, 00000009.00000002.2787822130.0000000006958000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/J |
Source: wab.exe, 00000009.00000003.2365648701.00000000069CA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pr |
Source: wab.exe, 00000009.00000002.2797826895.0000000021AD0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/12acii |
Source: wab.exe, 00000009.00000002.2787822130.000000000699D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/12aciiBl |
Source: wab.exe, 00000009.00000002.2787822130.000000000699D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/12aciiyl |
Source: powershell.exe, 00000002.00000002.2504527085.00000250589DD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/i41a76P |
Source: powershell.exe, 00000006.00000002.2403153242.000000000518C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/i41a76XRll |
Source: AppVDllSurrogate.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: OcPubMgr.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OcPubMgr.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OcPubMgr.exe.9.dr |
Static PE information: Resource name: RT_ICON type: TTComp archive data, binary, 1K dictionary |
Source: OcPubMgr.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OcPubMgr.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OcPubMgr.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: officeappguardwin32.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: officeappguardwin32.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AppVDllSurrogate32.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AppVDllSurrogate64.exe.9.dr |
Static PE information: Resource name: RT_ICON type: TTComp archive data, binary, 1K dictionary |
Source: OfficeScrSanBroker.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OfficeScrSanBroker.exe.9.dr |
Static PE information: Resource name: RT_ICON type: 68k Blit mpx/mux executable |
Source: OfficeScrSanBroker.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OfficeScrSanBroker.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: AppVLP.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Integrator.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: PerfBoost.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: PerfBoost.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: MpCmdRun.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: MpDlpCmd.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: VC_redist.x64.exe.9.dr |
Static PE information: Resource name: RT_ICON type: VAX-order 68K Blit (standalone) executable |
Source: UcMapi.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: UcMapi.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: UcMapi.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver p\327G\200<) |
Source: ai.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: ai.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: ai.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: ai.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: integrator.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Au3Check.exe.9.dr |
Static PE information: Resource name: RT_GROUP_ICON type: DOS executable (COM, 0x8C-variant) |
Source: Aut2exe.exe.9.dr |
Static PE information: Resource name: RT_ICON type: 370 XA sysV executable not stripped - version 6657 - 5.2 format |
Source: Aut2exe_x64.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: upx.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: ai.exe0.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver \240\357E) |
Source: SciTE.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Uninstall.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: AdobeARMHelper.exe.9.dr |
Static PE information: Resource name: RT_ICON type: PDP-11 pure executable - version 69 |
Source: AdobeARMHelper.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AdobeARMHelper.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: jaureg.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: jucheck.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: jucheck.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: jusched.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: jusched.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OLicenseHeartbeat.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: grv_icons.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: java.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: javaw.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DitPack archive data |
Source: javaws.exe.9.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: GoogleCrashHandler.exe.9.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver) |
Source: GoogleCrashHandler64.exe.9.dr |
Static PE information: Resource name: RT_ICON type: 386 compact demand paged pure executable not stripped |
Source: VSTOInstaller.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: chrome.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: grv_icons.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: MpDlpCmd.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: Au3Info_x64.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: PerfBoost.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: aimgr.exe0.9.dr |
Static PE information: Data appended to the last section found |
Source: SQLDumper.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: Au3Check.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AppSharingHookController64.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: Microsoft.Mashup.Container.Loader.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AutoIt3Help.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: Uninstall.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: armsvc.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate32.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: javaws.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: msoev.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: javaw.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: MsMpEng.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: aimgr.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: java.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: Au3Info.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: ConfigSecurityPolicy.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: MpCopyAccelerator.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: Wordconv.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AdobeARMHelper.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: Common.DBConnection.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: SDXHelper.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: upx.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: GoogleCrashHandler.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AppSharingHookController.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: GoogleCrashHandler64.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AppVLP.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate64.exe.9.dr |
Static PE information: Data appended to the last section found |
Source: dbcicons.exe.9.dr |
Static PE information: Data appended to the last section found |