WAB! Recently when looking for some bugs to leverage red teaming, I found the following Windows binaries load several libraries from the application directory. Note that these files are also digitally signed by Microsoft. C:\Program Files\Windows Mail\wabmig.exe C:\Program Files\Windows Mail\wab.exe Attackers can leverage this behavior to perform DLL hijacking / proxying attacks and obtain code execution on a target system, establish persistence and/or distribute malware. Sigcheck output: PS C:\Program Files\Windows Mail> sigcheck .