Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Users\user\AppData\Local\Temp\chrome.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe |
Jump to behavior |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1DDF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fs12n5.sendspace.com |
Source: wab.exe, 0000000A.00000002.2759736787.00000000239A0000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000002.00000002.2600669071.000001CB2C082000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2261205376.000000000575A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2261205376.0000000005897000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000005.00000002.2256558573.000000000484C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1C011000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2256558573.00000000046F1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000005.00000002.2256558573.000000000484C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1DDBF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sendspace.com |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1C011000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000005.00000002.2256558573.00000000046F1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000005.00000002.2261205376.0000000005897000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000005.00000002.2261205376.0000000005897000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000005.00000002.2261205376.0000000005897000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1DDE4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs12n5.sendspaX |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1DDE4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2443831319.000001CB1C4A4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs12n5.sendspace.com |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1C4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2443831319.000001CB1DDBF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2443831319.000001CB1DDE4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2443831319.000001CB1DDE0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2443831319.000001CB1C4A4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs12n5.sendspace.com/dlpro/49f996627c0399c13e97a7cb372f855b/664f94d2/uq21t8/Blokadens.msi |
Source: wab.exe, 0000000A.00000003.2232376663.00000000080E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n2.sendspace.com/ |
Source: wab.exe, 0000000A.00000002.2744457018.00000000080E8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2239862529.00000000080E7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n2.sendspace.com/Vn |
Source: wab.exe, 0000000A.00000003.2232376663.00000000080E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n2.sendspace.com/dlpro/15f7659e72d924eaa8d6602ae7a3a179/664f950b/6v0noo/nNznaMdneHnj42.b |
Source: wab.exe, 0000000A.00000003.2232376663.00000000080E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs13n2.sendspace.com/om:443 |
Source: powershell.exe, 00000005.00000002.2256558573.000000000484C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1D471000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.2600669071.000001CB2C082000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2261205376.000000000575A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2261205376.0000000005897000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1C23D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2443831319.000001CB1D954000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com |
Source: wab.exe, 0000000A.00000002.2744457018.0000000008078000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/ |
Source: wab.exe, 0000000A.00000002.2744948578.0000000008220000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 0000000A.00000002.2744457018.00000000080B7000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2232376663.00000000080E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/6v0noo |
Source: wab.exe, 0000000A.00000002.2744457018.00000000080B7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/6v0noo) |
Source: wab.exe, 0000000A.00000003.2232376663.00000000080E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/6v0nooBc |
Source: powershell.exe, 00000002.00000002.2443831319.000001CB1C23D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/uq21t8P |
Source: powershell.exe, 00000005.00000002.2256558573.000000000484C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/uq21t8XR |
Source: MicrosoftEdgeUpdateSetup.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: MicrosoftEdgeUpdateSetup.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: MicrosoftEdgeUpdateSetup.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: MicrosoftEdgeUpdateSetup.exe.10.dr |
Static PE information: Resource name: RT_GROUP_ICON type: COM executable for DOS |
Source: msoadfsb.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: msoasb.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver\262B) |
Source: msoasb.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AppVDllSurrogate.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AppVDllSurrogate32.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: OcPubMgr.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OcPubMgr.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OcPubMgr.exe.10.dr |
Static PE information: Resource name: RT_ICON type: TTComp archive data, binary, 1K dictionary |
Source: OcPubMgr.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OcPubMgr.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OcPubMgr.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: AppVDllSurrogate64.exe.10.dr |
Static PE information: Resource name: RT_ICON type: TTComp archive data, binary, 1K dictionary |
Source: AppVLP.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Integrator.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: officeappguardwin32.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: officeappguardwin32.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: OfficeScrSanBroker.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OfficeScrSanBroker.exe.10.dr |
Static PE information: Resource name: RT_ICON type: 68k Blit mpx/mux executable |
Source: OfficeScrSanBroker.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: OfficeScrSanBroker.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: PerfBoost.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: PerfBoost.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: MpCmdRun.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: MpDlpCmd.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: UcMapi.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: UcMapi.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: UcMapi.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver p\327G\200<) |
Source: VC_redist.x64.exe.10.dr |
Static PE information: Resource name: RT_ICON type: VAX-order 68K Blit (standalone) executable |
Source: integrator.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Au3Check.exe.10.dr |
Static PE information: Resource name: RT_GROUP_ICON type: DOS executable (COM, 0x8C-variant) |
Source: Aut2exe.exe.10.dr |
Static PE information: Resource name: RT_ICON type: 370 XA sysV executable not stripped - version 6657 - 5.2 format |
Source: Aut2exe_x64.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: ai.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: ai.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: ai.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: ai.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: ai.exe0.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (block device driver \240\357E) |
Source: upx.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: SciTE.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: Uninstall.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: AdobeARMHelper.exe.10.dr |
Static PE information: Resource name: RT_ICON type: PDP-11 pure executable - version 69 |
Source: AdobeARMHelper.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: AdobeARMHelper.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: jaureg.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: jucheck.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: jucheck.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: jusched.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant) |
Source: jusched.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: OLicenseHeartbeat.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: grv_icons.exe.10.dr |
Static PE information: Resource name: RT_ICON type: COM executable for DOS |
Source: java.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DOS executable (COM) |
Source: javaw.exe.10.dr |
Static PE information: Resource name: RT_ICON type: DitPack archive data |
Source: armsvc.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: Au3Check.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: javaw.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: Au3Info_x64.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: MicrosoftEdgeUpdateOnDemand.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: AutoIt3Help.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: aimgr.exe0.10.dr |
Static PE information: Data appended to the last section found |
Source: AppSharingHookController.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: Microsoft.Mashup.Container.Loader.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: MpDlpCmd.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: dbcicons.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: Uninstall.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: chrome.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: ConfigSecurityPolicy.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: MpCopyAccelerator.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: Au3Info.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: SQLDumper.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: Wordconv.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: msoasb.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: AppSharingHookController64.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: AppVLP.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: grv_icons.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: AdobeARMHelper.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: SDXHelper.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: msoev.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: upx.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: MsMpEng.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate64.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: PerfBoost.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: AppVDllSurrogate32.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: aimgr.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: java.exe.10.dr |
Static PE information: Data appended to the last section found |
Source: VSTOInstaller.exe.10.dr |
Static PE information: Data appended to the last section found |