Source: | Binary string: C:\temp\build\thehoff\Quicksilver_MR40.0902791019568\Quicksilver_MR4\vpn\tools\DART\DARTOffline\WINXP\Win32\Release\DartOffline.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: AppVlp.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: powershell_ise.pdb94 source: ActivitiesCache.sqlite |
Source: | Binary string: a\AgentExecutor.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: powershell.pdbUGP source: ActivitiesCache.sqlite |
Source: | Binary string: D:\T\BuildResults\bin\Release\AcroRd32Exe.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: powershell.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: C:\temp\build\thehoff\Quicksilver_MR40.0902791019568\Quicksilver_MR4\vpn\tools\DART\DARTOffline\WINXP\Win32\Release\DartOffline.pdbHHFGCTL source: ActivitiesCache.sqlite |
Source: | Binary string: C:\drone\src\build_output\Win32\Release\csc_ui.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: "\AgentExecutor.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: AppVlp.pdbGCTL source: ActivitiesCache.sqlite |
Source: | Binary string: powershell_ise.pdb source: ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://ocsp.digicert.com0A |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://ocsp.digicert.com0C |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://ocsp.digicert.com0N |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://ocsp.digicert.com0X |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://www.cisco.com0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://clients2.google.com/service/update2/crxupdate_urlBrowser |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://crbug.com/820996 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://crbug.com/820996LaunchElevatedProcessataProtectionIdEnterpriseDataPrADMDialogCopyPasteFixADM |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://ims-na1-stg1.adobelogin.com/ims/authorize/v1?https://ims-na1.adobelogin.com/ims/authorize/v1 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/AES |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/BalTerm |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/BalTerm%20Terminal |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/CWiles |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/CWiles%20Items/C%2 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/CWiles%20Items/Org |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/CWiles%20Items/Tea |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/CWiles%20Items/pri |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/CWiles%20Items/rea |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Prinsengracht |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Prinsengracht%20An |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Silos.docx |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Silos.docx?web=1 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Tutorials/Metsa |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Tutorials/Metsa%20 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Tutorials/Monthly |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Tutorials/Monthly% |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Tutorials/Network |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Tutorials/Network% |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Tutorials/Providen |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Vessel |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/Vessel%20Pro%20For |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec-my.sharepoint.com/personal/cwiles_logistec_com/Documents/Desktop/cwiles_report_unas |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec.sharepoint.com/sites/FSSARTeam/Shared |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec.sharepoint.com/sites/lgtops/CargoHandlingMonthlyPerformanceReport/1655 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec.sharepoint.com/sites/lgtops/CargoHandlingMonthlyPerformanceReport/1655%20Balterm/16 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec.sharepoint.com/sites/lgtops/CargoHandlingMonthlyPerformanceReport/1655%20Balterm/AR |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://logistec.sharepoint.com/sites/lgtops/CargoHandlingMonthlyPerformanceReport/2022ByCompany.xls |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://mail.google.com/ |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://wns2-ch1p.notify.windows.com/?token=AwYAAADSjAb88iRkUDS2eKDRGw%2fxW1oV4DmPkaRPlR7%2bLwVdteGH |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/cloud-and-software/end_user_license_agreement.htmlhttps:// |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://www.google.com/m8/feedshttps://www.googleapis.com/auth/userinfo.profile |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://www.googleapis.com/auth/contacts.readonlyofflineaccess_type2382840d-9c54-438f-af1c-8a8d1a547 |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://www.googleapis.com/auth/drivehttps://www.googleapis.com/auth/gmail.compose |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://www.immunet.com |
Source: ActivitiesCache.sqlite | String found in binary or memory: https://www.immunet.comOpen |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenameAgentExecutor.exeF vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenamecsc_ui.exeD vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: <br/><i></i><br/><b>00:00:00</b>CDefaultPluginHandler::CDefaultPluginHandlerC:\drone\src\src\Common\Utility\DefaultPluginHandler.cppSkipping interface '%s', File: '%s'.Disposed plugin C++ based interface '%s', File '%s'.CDefaultPluginHandler::~CDefaultPluginHandlerFailed to dispose C++ plugin for interface '%s', File: '%s'.Created Default plugin handler for C++ based interface '%s', File: '%s'.WinVerifyTrustEx\Wintrust.dllCode-signing verification succeeded. File (%s)Time stamp on the file %s is earlier than the kill date.CVerifyFileSignatureWindows::IsValidC:\drone\src\src\Common\Crypt\VerifyFileSignatureWindows.cppFailed to get the time stamp of the file: %s.GetFileVersionInfoWCVerifyFileSignatureWindows::CheckFileNameAndVersionVersion.dllAuthenticodeUtils::GetSignatureInfoWinTrustData is invalid. You must call IsValid first!CVerifyFileSignatureWindows::GetSigInfoCVerifyFileSignatureWindows::CheckFileSignatureEmbedded version %s in file %s does not meet minimum requirement.Embedded original filename in file %s does not match %s.VerQueryValue\StringFileInfo\040904b0\OriginalFilenameGetFileVersionInfoGetFileVersionInfoSizeVerQueryValueWGetFileVersionInfoSizeW/0.0.0.0:messagesLC_MESSAGEScharset=%s/%s/%s/%s.moPOSIXCCTimer::~CTimerC:\drone\src\src\Common\Utility\timer.cppFailed to entry point from wintrust.dllWTHelperProvDataFromStateData\wintrust.dllCertificate trust data was not foundSigner information was not foundCountersignature was not found in the certificateTrust provider certificate was not foundSubject name was not found in the certificateFailed to load wintrust.dllWTHelperGetProvCertFromChainWTHelperGetProvSignerFromChainAuthenticodeUtils::logMsgC:\drone\src\src\Common\Crypt\AuthenticodeUtils.cpp2.5.4.3?\ vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenameDeskConfig.exe vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenamePowerShell.EXEj% vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenameHelp.exe456789012345678901234567890123456789012345678901234567890.exe vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenamepowershell_ise.EXEj% vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: TJfile_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\SetThreadDescriptionUnknown priority.::GetThreadPriority returned g]J vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenameappvlp.exej% vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenamePreferences.exe vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenamedartoffline.exeD vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: OriginalFilenamePenTest.exeH vs ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary string: B\\?\pipe\NGLWFPipe__INS:(ML;;NW;;;LW)D:P(A;;GA;;;OW)(A;;GA;;;AC)\\?\pipe\\Device\NamedPipe\win\src\named_pipe_policy.ccSameObject check failed: InitializeProcThreadAttributeListUpdateProcThreadAttributewin\src\process_thread_policy.ccCreateProcessWAction: STATUS_ACCESS_DENIEDapp name: command line: NtCreateProcessExntdll.dllNtSuspendProcessNtResumeProcessNtQuerySymbolicLinkObjectNtOpenSymbolicLinkObjectNtClose%d\Sessions\BNOLINKSNtCreateEventNtOpenEventwin\src\signed_policy.ccHandle AccessCheck failed: 8[CD[CP[Cm[Cu[C@ntdll.dllg_interceptionsNtMapViewOfSectionNtUnmapViewOfSectiong_originals |
Source: ActivitiesCache.sqlite | Binary string: \??\UNC\\\.\\Device\SftVol\ntdll.dllA:\Device\\\?\/?/UNC/\?\UNC\ |
Source: ActivitiesCache.sqlite | Binary string: g\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrdr\4202392NtQueryObjectRtlNtStatusToDosErrorRtlCompareUnicodeString\Device\WinDFSCdmRedirectorVolume\Device\HarddiskVolumeDirectoryFileEventSectionKey<>:"\|?*Software\Policies\Adobe\Acrobat Reader\DC\F |
Source: ActivitiesCache.sqlite | Binary string: \\.\ko.%x.%x.%xSoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer320123456789abcdef\Device\HarddiskVolume: |
Source: ActivitiesCache.sqlite | Binary string: sbox_alternate_desktop_local_winstation_\??\\\?\\\?\UNC\\\.\\??\pipe\\??\mailslot\\/?/?\\Device\ |
Source: ActivitiesCache.sqlite | Binary string: ^tes.ini\Justsystem\Justsystem\*\Intuit\Quicken\Log\Intuit\Quicken\Log\qw.log\Enfocus Prefs Folder\Enfocus Prefs Folder\*\Adobe\Acrobat\FeatOut\Microsoft\Speech\Adobe\Flash Player\AssetCache\Adobe\Acrobat\DC\SearchEmbdIndexacrord32_super_sbx\device\volume{*}\*?:?:\HKEY_CURRENT_USER\%sHKEY_CURRENT_USER\%s\*HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Privileged*HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\Privileged*HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles*HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cFavoriteFiles*HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cAdHocFiles*HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Installer\NotificationAppx*Software\Adobe\Adobe Acrobat\DC\DiskCabsSoftware\Adobe\Adobe Synchronizer\DCHKEY_CURRENT_USER\Software\Adobe\CommonFiles\UsageSoftware\Adobe\CommonFiles\Usage\AcrobatDCSoftware\Adobe\CommonFiles\Usage\Reader DCHKEY_CURRENT_USER\SOFTWARE\Lotus\Notes\Installer*HKEY_CURRENT_USER\SOFTWARE\Lotus\Notes*HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech*HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties*HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache*HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache*HKEY_CURRENT_USER\SOFTWARE\Adobe\CommonFiles*HKEY_CLASSES_ROOT*HKEY_CURRENT_USER*HKEY_LOCAL_MACHINE*HKEY_USERS*HKEY_CURRENT_CONFIG*SOFTWARE\Justsystem\ATOK\Setup\FolderATFSVR\Acrobat\plug_ins\test_tools\AcroNGLTools\qe-ngl-tool.exe?ihs*_*IMSC*_Imejp.ConfigrationIO_*FileView__Satori_PropMgrGlobal_IMJP_*FileView__Satori_PropMgrGlobal_IME*SatoriKnlDict_MemoryDictionary_*_IME_*_CodeDictionarySharedMemory_*FileView___IMJP*UD_FileMapping_{**_IMJP_??_UD_FileMapping_**_IMJP_?_UD_FileMapping_**_IMJP_??_UD_ManagementBlock_**_IMJP_?_UD_ManagementBlock_**microsoft_imjp*AtlDebugAllocator_FileMappingNameStatic3_*windows_shell_global_countersMSCTF.Shared.*M |
Source: ActivitiesCache.sqlite | Binary string: /qnBROADCASTCEFRELOAD=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 /qb\/\*cef_* CLEANUP_CEFFOLDER=1 DISABLE_FIU_CHECK=1 /qn/i msiexec.exe ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exeAcroRd32.exe ADDLOCAL=OptionalFeatures,DistillerCJKNative,DistillerCJKSupport,PaperCaptureOptional,PreFlightPlugin DISABLE_FIU_CHECK=1 TRANSITION_INSTALL_MODE=4 SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exeSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithListMRUListMRUListAppDoNotTakePDFOwnershipAtLaunchAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstoreAdobe Reader XIRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrdr\RtlGetVersionntdll.dllAdobe Systems, IncorporatedAdobe Inc.Adobe Systems Incorporated1.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.2.840.113549.1.9.61.3.6.1.4.1.311.3.3.1kernel32IsWow64ProcessSystem\CurrentControlSet\Control\CitrixProductVersionNumSoftware\Adobe\Acrobat\ExeEnableLUASoftware\Microsoft\Windows\CurrentVersion\Policies\System /FixPDF /RegisterFileTypesOwnership /PRODUCT:Reader /VERSION:12.03305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplication |
Source: ActivitiesCache.sqlite | Binary string: bIsUserEntitledpolicy_configurator.cppRegistry set for Kaizen Purchase from Browser CommonSoftware\Adobe\Acrobat Reader\DC\FEAT\cFeatDir*.ajt*.uifProgramW6432\Adobe\Acrobat\Privileged\DC\Microsoft\Crypto\RSA\Arcot\Ids\Microsoft\Outlook*.dll*.manifest*.config*.p12*.pfx\Adobe\Acrobat\%d.0\Adobe\Color\Microsoft\IME*\Microsoft\IMJP*\Adobe\Acrobat\DC\Replicate\Security\*\Adobe\Acrobat\DC\Security\*TEMPTMP\*\Temp\JFEAT_temp*\Temp\Low\Temp\Adobe\Acrobat\DC*.exe*.bat*.cmd*.com*.cpl*.ocx*.pif*.scr*.scf*:$**:Zone.Identifier*\/?/?\??*:\device\volume{*}\*:\Adobe\Acrobat\DC\Adobe\Linguistics\.ms-ad\Microsoft\RMSLocalStorage\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\Adobe\LogTransport2\Adobe\Headlights\Lotus\Notes\Data\Lotus\Notes\Data\*.nbf\Lotus\Notes\Data\names.nsf\Lotus\Notes\Data\JOBSCHED.NJF\Lotus\Notes\Data\cluster.ncf\Lotus\Notes\Data\ticket.idt\Lotus\Notes\Data\*.reg\Lotus\Notes\Data\no |
Source: | Binary string: C:\temp\build\thehoff\Quicksilver_MR40.0902791019568\Quicksilver_MR4\vpn\tools\DART\DARTOffline\WINXP\Win32\Release\DartOffline.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: AppVlp.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: powershell_ise.pdb94 source: ActivitiesCache.sqlite |
Source: | Binary string: a\AgentExecutor.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: powershell.pdbUGP source: ActivitiesCache.sqlite |
Source: | Binary string: D:\T\BuildResults\bin\Release\AcroRd32Exe.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: powershell.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: C:\temp\build\thehoff\Quicksilver_MR40.0902791019568\Quicksilver_MR4\vpn\tools\DART\DARTOffline\WINXP\Win32\Release\DartOffline.pdbHHFGCTL source: ActivitiesCache.sqlite |
Source: | Binary string: C:\drone\src\build_output\Win32\Release\csc_ui.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: "\AgentExecutor.pdb source: ActivitiesCache.sqlite |
Source: | Binary string: AppVlp.pdbGCTL source: ActivitiesCache.sqlite |
Source: | Binary string: powershell_ise.pdb source: ActivitiesCache.sqlite |
Source: ActivitiesCache.sqlite | Binary or memory string: /qnBROADCASTCEFRELOAD=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 /qb\/\*cef_* CLEANUP_CEFFOLDER=1 DISABLE_FIU_CHECK=1 /qn/i msiexec.exe ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exeAcroRd32.exe ADDLOCAL=OptionalFeatures,DistillerCJKNative,DistillerCJKSupport,PaperCaptureOptional,PreFlightPlugin DISABLE_FIU_CHECK=1 TRANSITION_INSTALL_MODE=4 SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exeSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithListMRUListMRUListAppDoNotTakePDFOwnershipAtLaunchAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstoreAdobe Reader XIRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrdr\RtlGetVersionntdll.dllAdobe Systems, IncorporatedAdobe Inc.Adobe Systems Incorporated1.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.2.840.113549.1.9.61.3.6.1.4.1.311.3.3.1kernel32IsWow64ProcessSystem\CurrentControlSet\Control\CitrixProductVersionNumSoftware\Adobe\Acrobat\ExeEnableLUASoftware\Microsoft\Windows\CurrentVersion\Policies\System /FixPDF /RegisterFileTypesOwnership /PRODUCT:Reader /VERSION:12.03305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplication |
Source: ActivitiesCache.sqlite | Binary or memory string: o unregister plugin: %s, Result: %dFailed to Start plugin: %s, Result: %dPresentation register failed: %dFailed to Start plugin: NAM, Result: %dCMainFrame::refreshloadedModulesUnexpected NULL Module Manager.Unable to stop plugin: %s, Result: %dCMainFrame::relayoutUIAnyConnect UI Disabled.Unable to unregister plugin: NAM, Result %dCMainFrame::loadL2ModuleCMainFrame::unloadOrphanedHiddenModulesCMainFrame::loadHiddenModulesCMainFrame::constructUIFailure occured when attempting to create Statistic Window.CMainFrame::ShutdownThe GUI has been told to shutdown - [%s]CMainFrame::postQuitThe GUI has posted Quit[%s] has reported Plugin_Success to Stop() callUnable to stop plugin: %s[%s] has been told to unregister during shutdown procedure.Unexpected NULL module in the module manager at %uSoftware\Cisco\Cisco Secure Client\ComponentStatus::GetDisplayVersionCMainFrame::GetHiddenModuleInfoShell_TrayWndCMainFrame::SetToastPreferenceRegSetValueExEnableStatusPopupsCMainFrame::unregisterTrayItemsCMainFrame::KillTimerCMainFrame::registerTrayItemsCMainFrame::SetTimerCMainFrame::handleXMLUIRefreshRefresh UI received from plugin : %sCMainFrame::handleXMLApplicationNodesUnknown application node receivedUnexpected Error, invalid popup node valueCMainFrame::handleXMLPopupNotificationUnexpected input XML received for popupRefresh UI complete. |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe | Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation | Jump to behavior |