Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 8_2_240C10F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
8_2_240C10F1 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 8_2_240C6580 FindFirstFileExA, |
8_2_240C6580 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 11_2_0040AE51 FindFirstFileW,FindNextFileW, |
11_2_0040AE51 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 13_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen, |
13_2_00407EF8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 14_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen, |
14_2_00407898 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.237.86.247 |
Source: wab.exe, 00000008.00000002.3287023885.0000000024090000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy) |
Source: wab.exe, wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy) |
Source: wab.exe |
String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook) |
Source: wab.exe, 00000008.00000002.3287311337.0000000024500000.00000040.10000000.00040000.00000000.sdmp |
String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook) |
Source: wab.exe, 00000008.00000002.3287311337.0000000024500000.00000040.10000000.00040000.00000000.sdmp |
String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo) |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.2 |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.23 |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237 |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237. |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.8 |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86 |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86. |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.2 |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.24 |
Source: powershell.exe, 00000002.00000002.2582058655.00000192819AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2582058655.000001928022A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247 |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/ |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/a |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/ac |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/aci |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acid |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidi |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidiz |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidize |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidizes |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidizes. |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidizes.m |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidizes.ms |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidizes.mso |
Source: powershell.exe, 00000002.00000002.2582058655.000001928022A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidizes.msoP |
Source: powershell.exe, 00000005.00000002.2439904128.0000000004CDA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/acidizes.msoXR |
Source: wab.exe, 00000008.00000002.3276172736.00000000084F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/mtyozjDM72.bin |
Source: wab.exe, 00000008.00000002.3276172736.00000000084F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://103.237.86.247/mtyozjDM72.binW |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281E1A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://103.237H |
Source: wscript.exe, 00000000.00000003.2000810163.00000203A10CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2002275025.00000203A10D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000000.00000003.2000810163.00000203A10CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2002275025.00000203A10D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabP |
Source: wscript.exe, 00000000.00000003.2000810163.00000203A10CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2002275025.00000203A10D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/ent |
Source: wscript.exe, 00000000.00000003.1998069751.00000203A1123000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1998183309.00000203A114B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d7cbb27807 |
Source: wab.exe, 00000008.00000002.3276172736.00000000084F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp |
Source: powershell.exe, 00000002.00000002.2695061689.0000019290072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2442003706.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000005.00000002.2439904128.0000000004CDA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.2582058655.0000019280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2439904128.0000000004B81000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000005.00000002.2439904128.0000000004CDA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: wab.exe, wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com |
Source: wab.exe, wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.com |
Source: wab.exe, 00000008.00000002.3287023885.0000000024090000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: wab.exe, 00000008.00000002.3287023885.0000000024090000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net/ |
Source: powershell.exe, 00000002.00000002.2582058655.0000019280001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000005.00000002.2439904128.0000000004B81000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lBjq |
Source: powershell.exe, 00000005.00000002.2442003706.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000005.00000002.2442003706.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000005.00000002.2442003706.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000005.00000002.2439904128.0000000004CDA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2582058655.0000019281299000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: wab.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: powershell.exe, 00000002.00000002.2695061689.0000019290072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2442003706.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: wab.exe, wab.exe, 0000000E.00000002.2508816421.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: wab.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 11_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
11_2_0040987A |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 11_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
11_2_004098E2 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 13_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
13_2_00406DFC |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 13_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
13_2_00406E9F |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 14_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
14_2_004068B5 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 14_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
14_2_004072B5 |