Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\pwahelper.exe.pdb source: pwahelper.exe.8.dr |
Source: |
Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe.8.dr |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\elevation_service.exe.pdb source: elevation_service.exe.8.dr |
Source: |
Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.* source: wab.exe, 00000008.00000002.2375969322.0000000006288000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\msoev.pdb source: msoev.exe.8.dr |
Source: |
Binary string: d:\dbs\el\omr\target\x86\ship\setupexe\x-none\LicLua.pdb source: LICLUA.EXE.8.dr |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\elevation_service.exe.pdbOGP source: elevation_service.exe.8.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.1999294674.0000000008915000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\notification_helper.exe.pdb source: notification_click_helper.exe.8.dr |
Source: |
Binary string: MpDlpCmd.pdbGCTL source: MpDlpCmd.exe.8.dr |
Source: |
Binary string: d:\dbs\el\ja2\target\x86\ship\dw\x-none\dw20.pdb source: DW20.EXE.8.dr |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\notification_helper.exe.pdbOGP source: notification_click_helper.exe.8.dr |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\ie_to_edge_stub.exe.pdbOGP source: ie_to_edge_stub.exe.8.dr |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\perfboost.pdb source: PerfBoost.exe.8.dr |
Source: |
Binary string: wab.pdbGCTL source: misc.exe1.8.dr, javacpl.exe.8.dr, MpDlpCmd.exe.8.dr, ie_to_edge_stub.exe.8.dr, DW20.EXE.8.dr, Uninstall.exe.8.dr, java.exe.8.dr, grv_icons.exe.8.dr, SCANPST.EXE.8.dr, SETLANG.EXE.8.dr, notification_click_helper.exe.8.dr, AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, PerfBoost.exe.8.dr, dbcicons.exe.8.dr, GoogleUpdate.exe.8.dr, msoev.exe.8.dr, LICLUA.EXE.8.dr, elevation_service.exe.8.dr, misc.exe0.8.dr, AutoIt3_x64.exe.8.dr, java.exe0.8.dr, accicons.exe.8.dr, MSOICONS.EXE.8.dr, pwahelper.exe.8.dr |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\msoev.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: msoev.exe.8.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 00000005.00000002.1992900389.0000000007945000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: javacpl.exe.8.dr |
Source: |
Binary string: wab.pdb source: misc.exe1.8.dr, javacpl.exe.8.dr, MpDlpCmd.exe.8.dr, ie_to_edge_stub.exe.8.dr, DW20.EXE.8.dr, Uninstall.exe.8.dr, java.exe.8.dr, grv_icons.exe.8.dr, SCANPST.EXE.8.dr, SETLANG.EXE.8.dr, notification_click_helper.exe.8.dr, AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, PerfBoost.exe.8.dr, dbcicons.exe.8.dr, GoogleUpdate.exe.8.dr, msoev.exe.8.dr, LICLUA.EXE.8.dr, elevation_service.exe.8.dr, misc.exe0.8.dr, AutoIt3_x64.exe.8.dr, java.exe0.8.dr, accicons.exe.8.dr, MSOICONS.EXE.8.dr, pwahelper.exe.8.dr |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\scanpst.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: SCANPST.EXE.8.dr |
Source: |
Binary string: d:\dbs\el\omr\target\x86\ship\setupexe\x-none\LicLua.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: LICLUA.EXE.8.dr |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\pwahelper.exe.pdbOGP source: pwahelper.exe.8.dr |
Source: |
Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb774 source: javacpl.exe.8.dr |
Source: |
Binary string: MpDlpCmd.pdb source: MpDlpCmd.exe.8.dr |
Source: |
Binary string: d:\dbs\el\ja2\target\x86\ship\dw\x-none\dw20.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: DW20.EXE.8.dr |
Source: |
Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.8.dr, java.exe0.8.dr |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\perfboost.pdbb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: PerfBoost.exe.8.dr |
Source: |
Binary string: D:\a\_work\e\src\out\Release_x64\ie_to_edge_stub.exe.pdb source: ie_to_edge_stub.exe.8.dr |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\setlang.pdb source: SETLANG.EXE.8.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb@g source: powershell.exe, 00000005.00000002.1999294674.0000000008915000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\scanpst.pdb source: SCANPST.EXE.8.dr |
Source: |
Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\setlang.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: SETLANG.EXE.8.dr |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Users\user\AppData\Local\Temp\chrome.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe |
Jump to behavior |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0 |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0 |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G |
Source: powershell.exe, 00000005.00000002.1992900389.0000000007948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: java.exe0.8.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B692E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fs03n2.sendspace.com |
Source: wab.exe, 00000008.00000002.2390087315.0000000021CF0000.00000004.00000010.00020000.00000000.sdmp, Uninstall.exe.8.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000002.00000002.2169302600.000001E2C4BB6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1989436125.000000000612E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr606 |
Source: powershell.exe, 00000005.00000002.1984224760.000000000521B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B4B41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1984224760.00000000050C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08 |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0 |
Source: powershell.exe, 00000005.00000002.1984224760.000000000521B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: Au3Info_x64.exe.8.dr |
String found in binary or memory: http://www.autoitscript.com/autoit3/ |
Source: Au3Info_x64.exe.8.dr |
String found in binary or memory: http://www.autoitscript.com/autoit3/8 |
Source: AutoIt3_x64.exe.8.dr |
String found in binary or memory: http://www.autoitscript.com/autoit3/J |
Source: javacpl.exe.8.dr, java.exe.8.dr, GoogleUpdate.exe.8.dr, java.exe0.8.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B68F6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sendspace.com |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B4B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000005.00000002.1984224760.00000000050C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lBfq |
Source: powershell.exe, 00000005.00000002.1989436125.000000000612E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000005.00000002.1989436125.000000000612E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000005.00000002.1989436125.000000000612E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B691B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n2.sendspaX |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B691B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2059336952.000001E2B4FD4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n2.sendspace.com |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B68F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2059336952.000001E2B691B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2059336952.000001E2B4FD4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2059336952.000001E2B4FD0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2059336952.000001E2B6917000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n2.sendspace.com/dlpro/90cd9178b57ca9e755cc53ffd63d0a44/664f9440/wlorhs/Undertaker.pcx |
Source: wab.exe, 00000008.00000002.2375969322.00000000062EC000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.1946722033.00000000062F2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.1934006716.00000000062F2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.1946764965.00000000062F6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n4.sendspace.com/ |
Source: wab.exe, 00000008.00000003.1934006716.00000000062F2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n4.sendspace.com/ace.com/dlpro/525cc5bd045f79d6fc570e988ce77b0f/664f945a/g1h76h/ZzDmwvhJ |
Source: wab.exe, 00000008.00000003.1934006716.00000000062F2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.2375969322.00000000062E2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000003.1946764965.00000000062F6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n4.sendspace.com/dlpro/525cc5bd045f79d6fc570e988ce77b0f/664f945a/g1h76h/ZzDmwvhJScPuYqxi |
Source: powershell.exe, 00000005.00000002.1984224760.000000000521B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: notification_click_helper.exe.8.dr, elevation_service.exe.8.dr, pwahelper.exe.8.dr |
String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff |
Source: notification_click_helper.exe.8.dr, elevation_service.exe.8.dr, pwahelper.exe.8.dr |
String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B5DDF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.2169302600.000001E2C4BB6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1989436125.000000000612E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: https://www.autoitscript.com/autoit3/ |
Source: AutoIt3Help.exe.8.dr |
String found in binary or memory: https://www.autoitscript.com/site/autoit/8 |
Source: AutoIt3Help.exe.8.dr, Au3Info_x64.exe.8.dr, AutoIt3_x64.exe.8.dr |
String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B4D6D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2059336952.000001E2B6426000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com |
Source: wab.exe, 00000008.00000002.2375969322.0000000006288000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/ |
Source: wab.exe, 00000008.00000002.2375969322.00000000062C2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000008.00000002.2389809411.0000000021530000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000008.00000003.1934006716.00000000062F2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/g1h76h |
Source: wab.exe, 00000008.00000002.2375969322.00000000062C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/g1h76hMU |
Source: powershell.exe, 00000002.00000002.2059336952.000001E2B4D6D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/wlorhsP |
Source: powershell.exe, 00000005.00000002.1984224760.000000000521B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/wlorhsXRwl |
Source: AppVDllSurrogate.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: OcPubMgr.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OcPubMgr.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OcPubMgr.exe.8.dr |
Static PE information: Resource name: RT_ICON type: TTComp archive data, binary, 1K dictionary |
Source: OcPubMgr.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OcPubMgr.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OcPubMgr.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: officeappguardwin32.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: officeappguardwin32.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AppVDllSurrogate32.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AppVDllSurrogate64.exe.8.dr |
Static PE information: Resource name: RT_ICON type: TTComp archive data, binary, 1K dictionary |
Source: OfficeScrSanBroker.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OfficeScrSanBroker.exe.8.dr |
Static PE information: Resource name: RT_ICON type: 68k Blit mpx/mux executable |
Source: OfficeScrSanBroker.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OfficeScrSanBroker.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: AppVLP.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Integrator.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: PerfBoost.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: PerfBoost.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: MpCmdRun.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: MpDlpCmd.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: VC_redist.x64.exe.8.dr |
Static PE information: Resource name: RT_ICON type: VAX-order 68K Blit (standalone) executable |
Source: integrator.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: UcMapi.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: UcMapi.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: UcMapi.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver p\327G\200<) |
Source: ai.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: ai.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: ai.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: ai.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Au3Check.exe.8.dr |
Static PE information: Resource name: RT_GROUP_ICON type: DOS executable (COM, 0x8C-variant) |
Source: Aut2exe.exe.8.dr |
Static PE information: Resource name: RT_ICON type: 370 XA sysV executable not stripped - version 6657 - 5.2 format |
Source: Aut2exe_x64.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: upx.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: ai.exe0.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver \240\357E) |
Source: OLicenseHeartbeat.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: SciTE.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Uninstall.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: AdobeARMHelper.exe.8.dr |
Static PE information: Resource name: RT_ICON type: PDP-11 pure executable - version 69 |
Source: AdobeARMHelper.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AdobeARMHelper.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: jaureg.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: jucheck.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: jucheck.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: jusched.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: jusched.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: grv_icons.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: java.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: javaw.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DitPack archive data |
Source: javaws.exe.8.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: GoogleCrashHandler.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver) |
Source: GoogleCrashHandler64.exe.8.dr |
Static PE information: Resource name: RT_ICON type: 386 compact demand paged pure executable not stripped |
Source: GoogleUpdateCore.exe.8.dr |
Static PE information: Resource name: RT_ICON type: Aarch64 COFF executable, not stripped, 66 sections, symbol offset=0x42aa70, 181 symbols, optional header size 43644, created Thu Jan 1 00:03:22 1970 |
Source: GoogleUpdateCore.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: pubs.exe.8.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: SQLDumper.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AdobeARMHelper.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AppSharingHookController64.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: GoogleUpdateCore.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: dbcicons.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate64.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: osmclienticon.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: msoev.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: GoogleUpdate.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: javaw.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: MsMpEng.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: Au3Info.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: aimgr.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: GoogleUpdateBroker.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: Au3Info_x64.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: PerfBoost.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: javaws.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: aimgr.exe0.8.dr |
Static PE information: Data appended to the last section found |
Source: Common.DBConnection.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: GoogleUpdateOnDemand.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: SDXHelper.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: upx.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: Au3Check.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: GoogleCrashHandler.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: sscicons.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: armsvc.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AppVLP.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: GoogleCrashHandler64.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: Microsoft.Mashup.Container.Loader.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AppSharingHookController.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AutoIt3Help.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: Uninstall.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate32.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: Wordconv.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: chrome.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: VSTOInstaller.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: MpDlpCmd.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: java.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: MpCopyAccelerator.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: ConfigSecurityPolicy.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: grv_icons.exe.8.dr |
Static PE information: Data appended to the last section found |
Source: GoogleUpdateComRegisterShell64.exe.8.dr |
Static PE information: Data appended to the last section found |