Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip

Overview

General Information

Sample name:file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip
Analysis ID:1585241
MD5:ec90b1260256d877c6cb088e04c3c617
SHA1:a3879a6b1c8cd2e826024048d591e0ff49121778
SHA256:6332404bf6e4b94c66acdf7524507d782fc65487c867a9543bc801989d8dc08e
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Modifies the windows firewall
Tries to delay execution (extensive OutputDebugStringW loop)
Uses netsh to modify the Windows network and firewall settings
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Explorer Process Tree Break
Sigma detected: Office Autorun Keys Modification
Sigma detected: Potential Persistence Via Visual Studio Tools for Office
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6324 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • svchost.exe (PID: 6940 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5632 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 7112 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6196 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5912 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 6876 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 6468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6584 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • 3.19.1+SetupWIService.exe (PID: 7036 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe" MD5: A7046C3136192E6E7B5180728B3B3B49)
  • 3.19.1+SetupWIService.exe (PID: 4048 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe" MD5: A7046C3136192E6E7B5180728B3B3B49)
    • cmd.exe (PID: 6460 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4308 cmdline: taskkill /F /IM WIService.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7012 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4880 cmdline: taskkill /F /IM WIui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 304 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 456 cmdline: taskkill /F /IM wirtpproxy.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 1608 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4888 cmdline: taskkill /F /IM wiservice-ui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 1448 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 2920 cmdline: taskkill /F /IM vncsrv.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2212 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 444 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 1776 cmdline: cmd /C taskkill /F /IM WildixOutlookSync32.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7132 cmdline: taskkill /F /IM WildixOutlookSync32.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 4400 cmdline: cmd /C taskkill /F /IM WildixOutlookSync64.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4204 cmdline: taskkill /F /IM WildixOutlookSync64.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • wiservice.exe (PID: 3720 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: D62710F3678538E483FFC7EA112D7F68)
    • RegAsm.exe (PID: 4864 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5124 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 1500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5652 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6156 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 1696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6128 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 2560 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 4872 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 4896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6856 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6204 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1284 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 1736 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 2920 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • cmd.exe (PID: 72 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 2212 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • wiservice.exe (PID: 5632 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 1940 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: D62710F3678538E483FFC7EA112D7F68)
    • explorer.exe (PID: 2432 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk" MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 724 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId MD5: D62710F3678538E483FFC7EA112D7F68)
    • explorer.exe (PID: 3604 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
    • cmd.exe (PID: 3648 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 2664 cmdline: schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 5136 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3880 cmdline: schtasks /delete /TN "Wildix\WIService failed update recovery" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • spoolsv.exe (PID: 2092 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
  • spoolsv.exe (PID: 2628 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
  • wiservice.exe (PID: 1436 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 4400 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 5476 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog MD5: D62710F3678538E483FFC7EA112D7F68)
      • wiservice.exe (PID: 2848 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --check_oi_enabled MD5: D62710F3678538E483FFC7EA112D7F68)
  • explorer.exe (PID: 2424 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 3268 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: D62710F3678538E483FFC7EA112D7F68)
  • explorer.exe (PID: 1640 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 4572 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" MD5: D62710F3678538E483FFC7EA112D7F68)
      • WildixOutlookSync32.exe (PID: 6900 cmdline: "C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe" MD5: 206E87E60FE774EC5A94EB99B8B2B070)
      • WildixOutlookIntegration.exe (PID: 6432 cmdline: "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" MD5: 0D4C25344365AF560C17E3EB7D649427)
  • chrome.exe (PID: 3908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1896,i,15324952792588395162,7501920974813279422,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files\Wildix\WIService\WIService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe, ProcessId: 4048, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WIService
Sigma detected: Explorer Process Tree Break
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 804, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 2424, ProcessName: explorer.exe
Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: Wildix Outlook Integration, EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 4572, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\WildixOutlookAddin\Description
Sigma detected: Potential Persistence Via Visual Studio Tools for Office
Source: Registry Key setAuthor: Bhabesh Raj: Data: Details: Wildix Outlook Integration, EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 4572, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\WildixOutlookAddin\Description
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6940, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.ico
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.ico
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpd
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfu
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfu
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.db
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.ico
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifest
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vsto
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.config
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnk
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIService
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: feedback.wildix.com
Source: global trafficDNS traffic detected: DNS query: crt.sectigo.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: dns-tunnel-check.googlezip.net
Source: global trafficDNS traffic detected: DNS query: tunnel.googlezip.net
Source: global trafficDNS traffic detected: DNS query: id.google.com
Source: global trafficDNS traffic detected: DNS query: www.virustotal.com
Source: global trafficDNS traffic detected: DNS query: www.recaptcha.net
Source: global trafficDNS traffic detected: DNS query: recaptcha.net
Source: global trafficDNS traffic detected: DNS query: docs.virustotal.com
Source: global trafficDNS traffic detected: DNS query: cdn.readme.io
Source: global trafficDNS traffic detected: DNS query: files.readme.io
Source: global trafficDNS traffic detected: DNS query: assets.zendesk.com
Source: global trafficDNS traffic detected: DNS query: static.zdassets.com
Source: global trafficDNS traffic detected: DNS query: ekr.zdassets.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CDJump to dropped file
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30D802E0E248FEE17AAF4A62594CC75AJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unidrv.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\imgprint.gpd
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unidrvui.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unires.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdnames.gpd
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stddtype.gdl
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdschem.gdl
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdschmx.gdl
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\Old
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrv.dll
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrvui.dll
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\imgprint.gpd
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unires.dll
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdnames.gpd
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stddtype.gdl
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschem.gdl
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschmx.gdl
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\Old\1
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.BUD
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\Old
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrv.dll
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrvui.dll
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\imgprint.gpd
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unires.dll
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdnames.gpd
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stddtype.gdl
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschem.gdl
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschmx.gdl
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\Old\1
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.BUD
Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\Old\1\stddtype.gdl
Source: classification engineClassification label: mal60.evad.winZIP@159/73@37/91
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\Wildix
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1388:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1472:120:WilError_03
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeMutant created: NULL
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5996:120:WilError_03
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.integration_service.outlook_sync
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5492:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1444:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:400:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3016:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6000:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeMutant created: \Sessions\1\BaseNamedObjects\{6911E02E-8ED2-43E9-8D4C-33AFFF26C38A}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6468:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsqD070.tmp
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync32.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync64.exe")
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile read: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe "C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe "C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService failed update recovery" /F
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe "C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe"
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --check_oi_enabled
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1896,i,15324952792588395162,7501920974813279422,262144 /prefetch:8
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --check_oi_enabled
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe "C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe"
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1896,i,15324952792588395162,7501920974813279422,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: apphelp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: hid.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: secur32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: version.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: userenv.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wininet.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: mswsock.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msimg32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: sspicli.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wldp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbgcore.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: propsys.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: cscapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: netutils.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: wfaxport.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: wldp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: profapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeSection loaded: netutils.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: profapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: cscapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: netutils.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: winsta.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: spinf.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: printercleanuptask.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: taskschd.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: cscapi.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: netutils.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: winsta.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: spinf.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: printercleanuptask.dll
Source: C:\Windows\System32\spoolsv.exeSection loaded: taskschd.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: hid.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: secur32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: version.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: userenv.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wininet.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: mswsock.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msimg32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: sspicli.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wldp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: profapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbgcore.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: winsta.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: hid.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: secur32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: version.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: userenv.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wininet.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddIn
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.ico
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.ico
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpd
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLL
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfu
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfu
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.db
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.ico
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifest
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vsto
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.config
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnk
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIService
Source: file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipStatic file information: File size 25345201 > 1048576
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsDialogs.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIService
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIService
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeRegistry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\msomapi\ConfigContextData 1
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 176
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1989B120000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 198B4B80000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 213FCF80000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 213FEBB0000 memory reserve | memory write watch
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeMemory allocated: 30A0000 memory reserve | memory write watch
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeMemory allocated: 32E0000 memory reserve | memory write watch
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeMemory allocated: 3120000 memory reserve | memory write watch
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 373
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeWindow / User API: threadDelayed 9218
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsDialogs.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Windows\System32\svchost.exe TID: 6848Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe TID: 3056Thread sleep count: 66 > 30
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 6140Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5132Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5136Thread sleep count: 373 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4516Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 680Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4984Thread sleep count: 184 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4120Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 5528Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 6236Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe TID: 2712Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe TID: 4532Thread sleep count: 231 > 30
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe TID: 4000Thread sleep time: -90000s >= -30000s
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe TID: 456Thread sleep count: 9218 > 30
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe TID: 456Thread sleep count: 257 > 30
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Program Files\Wildix VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Program Files\Wildix VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeQueries volume information: C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Program Files\Wildix\WIService\websocket-sharp.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\spoolsv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Modifies the windows firewall
Source: C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
Windows Service		1
Windows Service		23
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		11
Process Injection		1
Modify Registry		LSASS Memory3
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		311
Disable or Modify Tools		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		11
Registry Run Keys / Startup Folder		151
Virtualization/Sandbox Evasion		NTDS151
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading		11
Process Injection		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Rundll32		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync1
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion		Proc Filesystem25
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\System.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsExec.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\fax\wfaxport.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\wfaxport.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\wiservice.exe0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unidrv.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unires.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Office.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\UC.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\UninstallWIService.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe3%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\dotnet-dump.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\websocket-sharp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsDialogs.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
files.readme.io
104.18.167.110
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		high
      plus.l.google.com
      		142.250.185.206
      		truefalse
        		high
        cf.zdassets.com
        		216.198.53.3
        		truefalse
          		unknown
          www.recaptcha.net
          		142.250.184.227
          		truefalse
            		high
            feedback.wildix.com
            		3.69.183.96
            		truefalse
              		unknown
              default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
              		217.20.57.36
              		truefalse
                		high
                recaptcha.net
                		142.250.186.35
                		truefalse
                  		high
                  www.virustotal.com
                  		34.54.88.138
                  		truefalse
                    		high
                    bg.microsoft.map.fastly.net
                    		199.232.214.172
                    		truefalse
                      		high
                      static.zdassets.com
                      		216.198.53.3
                      		truefalse
                        		high
                        play.google.com
                        		142.250.186.46
                        		truefalse
                          		high
                          dns-tunnel-check.googlezip.net
                          		216.239.34.159
                          		truefalse
                            		high
                            tunnel.googlezip.net
                            		216.239.34.157
                            		truefalse
                              		high
                              id.google.com
                              		142.250.185.131
                              		truefalse
                                		high
                                ekr.zdassets.com
                                		216.198.53.3
                                		truefalse
                                  		high
                                  www.google.com
                                  		142.250.185.228
                                  		truefalse
                                    		high
                                    docs.virustotal.com
                                    		34.117.229.111
                                    		truefalse
                                      		unknown
                                      ssl.readmessl.com
                                      		104.16.241.118
                                      		truefalse
                                        		unknown
                                        cdn.readme.io
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          assets.zendesk.com
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            crt.sectigo.com
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              apis.google.com
                                              		unknown
                                              		unknownfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                142.250.186.46
                                                		play.google.comUnited States
                                                		15169GOOGLEUSfalse
                                                34.54.88.138
                                                		www.virustotal.comUnited States
                                                		2686ATGS-MMD-ASUSfalse
                                                34.117.229.111
                                                		docs.virustotal.comUnited States
                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                142.250.185.228
                                                		www.google.comUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.185.206
                                                		plus.l.google.comUnited States
                                                		15169GOOGLEUSfalse
                                                104.18.38.233
                                                		unknownUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                173.194.76.84
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                172.217.23.106
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                104.16.241.118
                                                		ssl.readmessl.comUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                3.69.183.96
                                                		feedback.wildix.comUnited States
                                                		16509AMAZON-02USfalse
                                                52.109.32.97
                                                		unknownUnited States
                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                142.250.185.162
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                199.232.214.172
                                                		bg.microsoft.map.fastly.netUnited States
                                                		54113FASTLYUSfalse
                                                142.250.186.110
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.184.227
                                                		www.recaptcha.netUnited States
                                                		15169GOOGLEUSfalse
                                                35.190.80.1
                                                		a.nel.cloudflare.comUnited States
                                                		15169GOOGLEUSfalse
                                                172.217.18.99
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                172.217.18.10
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.186.74
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.186.99
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                52.113.194.132
                                                		unknownUnited States
                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                142.250.186.35
                                                		recaptcha.netUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.184.195
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.185.67
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.186.78
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                1.1.1.1
                                                		unknownAustralia
                                                		13335CLOUDFLARENETUSfalse
                                                142.250.186.36
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                216.58.212.131
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                104.18.167.110
                                                		files.readme.ioUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                142.250.186.163
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                172.217.18.3
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.185.232
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                216.58.206.46
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                239.255.255.250
                                                		unknownReserved
                                                		unknownunknownfalse
                                                142.250.185.131
                                                		id.google.comUnited States
                                                		15169GOOGLEUSfalse
                                                216.198.53.3
                                                		cf.zdassets.comUnited States
                                                		7321LNET-ASNUSfalse
                                                184.28.90.27
                                                		unknownUnited States
                                                		16625AKAMAI-ASUSfalse
                                                172.64.149.23
                                                		unknownUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                216.58.212.163
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.185.74
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                216.239.34.157
                                                		tunnel.googlezip.netUnited States
                                                		15169GOOGLEUSfalse

                                                Private

                                                IP
                                                192.168.2.16
                                                127.0.0.1

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1585241
                                                Start date and time:2025-01-07 11:22:44 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:92
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • EGA enabled
                                                Analysis Mode:stream
                                                Analysis stop reason:Timeout
                                                Sample name:file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip
                                                Detection:MAL
                                                Classification:mal60.evad.winZIP@159/73@37/91
                                                Cookbook Comments:
                                                • Found application associated with file extension: .zip

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 104.18.38.233, 172.64.149.23, 199.232.214.172, 142.250.186.163, 142.250.186.110, 173.194.76.84, 142.250.185.142, 216.58.212.131, 142.250.185.238, 142.250.186.78, 172.217.23.106, 142.250.184.234, 142.250.185.234, 142.250.186.170, 142.250.185.106, 142.250.184.202, 216.58.206.74, 142.250.185.138, 216.58.206.42, 142.250.185.170, 142.250.186.74, 142.250.185.74, 216.58.212.138, 142.250.185.202, 142.250.181.234, 142.250.186.138, 142.250.181.238, 142.250.185.131, 172.217.18.3, 142.250.185.162, 142.250.185.67, 142.250.185.232
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                • Timeout during stream target processing, analysis might miss dynamic analysis data
                                                • VT rate limit hit for: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe

                                                Created / dropped Files

                                                C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):1691760
                                                Entropy (8bit):6.377248011693859
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:AC174E068FA99EA6B346353BA69757CE
                                                SHA1:CD1A42D84C18E8473FBEC6A6A3AC731DBB1FCC9B
                                                SHA-256:19C680C1691BA446F2751B79355F2EF7206BBDA3684B058370F26FD2A82F5D6B
                                                SHA-512:E9B0249979ABE566651CDC14F3C18A93B5B8C5C4C45E97FDB7A39D828A7FE930FEE8F1EE7B0A50A5213B4C2B0727E7C07FA5EF591FA80F555D6654CADD5B9BBD
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Reputation:unknown
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........xj..xj..xj......xj...n..xj...i..xj...o..xj...k..xj...m..xj...n..xj...k..xj..xk..yj...o..xj...j..xj......xj..x...xj...h..xj.Rich.xj.........................PE..d...2..c.........." .....V..........d-.......................................@......~.....`.........................................P...........|....... ....0..t.......p*... ..........T.......................(...`...8............p...............................text....U.......V.................. ..`.rdata.......p.......Z..............@..@.data........ ......................@....pdata..t....0......................@..@.rsrc... ...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):985712
                                                Entropy (8bit):5.551919340566682
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:390B04A388FFD833D4E93ED4153AE58D
                                                SHA1:1D21644C16772988DD817B40E3886585BBB2D4B2
                                                SHA-256:BB0E790F27DCBEC3B0DCB9F01F27A38C3D2D1F775538C6CFBF9883795F38EFF2
                                                SHA-512:2FD5E8435110FD10DA4B17496377D619C249A11CEFDF4B01796029BB4A24E6A13EAA133158D250C9CC3C7BC9DBECA42BCE09F5AB3523B415A54F9461F3E5BA2A
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... .......h....@.....................................K.......................p*........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):37488
                                                Entropy (8bit):6.42379201827549
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D332E42FFA4175720FBC2AA4AC4C57E3
                                                SHA1:4148438DBD61126A5B223409E6FF49F8F838362C
                                                SHA-256:9B070077A44937BEF43C386D4A89051300BC4FAA50C115A1D10FDBB052B66CA8
                                                SHA-512:EB3C246EE059B94CE994B301486117AF1C06B7995FE107EC7F6A9CF0465A8BBFD45D46BCCF87623644BB9C4E345E141BC0F1BDA1FF8FC8D73CE255EEAC0FEA8D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... ....................................@..................................v..O.......d............h..p*..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):53872
                                                Entropy (8bit):6.209840303982636
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D454D5F84DD74C88DE630BA148470B43
                                                SHA1:C2CB551054DF4EEE747783450BD5A79E711774B1
                                                SHA-256:D4C2959CC59021EC109C0546AB6B44C9D62FE34F8648FA2E82693B6F6FDB9717
                                                SHA-512:D30B2E6B7A1908FE80D5B52CC349D0BC128DBD807413AF3303626DC9758C11A3FA58E99E3A368C284C7B9573C06A7DD6B1228C398B1E1D84C1AEAD545713FD08
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ....................................@.................................0...K.......@...............p*........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):483440
                                                Entropy (8bit):5.88808533617672
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:3A1269C0A167AC4D9A444A6123F62647
                                                SHA1:578575D8D7A073EF2AE8AF7DE65558ECC0FC0F99
                                                SHA-256:ABC3A0B4FE5DB6717ED3D1BED438BACF053000BCA6C75DD8BE0047D776CEBB20
                                                SHA-512:63DA1B64A5AFFF89A7031470EB3F08ABA8F4EE381025777EBBD5EA6404F68C92A998169C8B0B21DB3495CDF6A63AC836154C348DDD7D469EAACE293FD0A0482D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ..............................s.....@.................................(L..S....`...............6..p*........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):703088
                                                Entropy (8bit):5.944616866544071
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D3E0B67E13A5705481C6CA3C7193E7CF
                                                SHA1:41EE7FAA47F8FBBC025170B5D137E11F4475922E
                                                SHA-256:F0A7EAAABC1D4D46F45646C9676136377DD72FEFE0365DE51CC7A0CD048AA8C0
                                                SHA-512:6087C957A49F5472F3D77D4F3B4114C536A5777C03AE33223835698AD3C2865CE3BB2F8FF8DB1CD0DF49FB7CF73FA61B4DFA849430295E82B3D82601E1B66E95
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ....................................`.....................................O.......................p*..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                C:\Program Files\Wildix\WIService\Office.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):420464
                                                Entropy (8bit):5.859763778856411
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:5759B4F594B5D6B05CDF7D3818A41CF8
                                                SHA1:63F4C42A3E3279F918991886DF6C53A5121C6D9B
                                                SHA-256:E31181E899F6A109B782D20D6A77392D3F8A4C945D818861D9DC0ACB3B67D477
                                                SHA-512:D53609028B3495DAA23C370ECD65500CB7F636A9950E7C54970CBA79A0C38DC6C81CBCC44C97392EA5B33F581C243D2C0A268E08ADFAF1D1EFA2746FC120089C
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ..............................s........................................!..W....@..L............@..p*...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):43120
                                                Entropy (8bit):6.314942767785965
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:2BFDFE0FB1AA5E9B398C49BB006B92A9
                                                SHA1:5AABCCBC39F240DEEB048FCB4A7D636D787E4E34
                                                SHA-256:BF0DC8C853201F9AC9E8B5A9696C24C46DCD9B8AE20CA5744B5B11574E175156
                                                SHA-512:71E937DDDCF890661819A80679B62CC16912A713EE13F26DD9AB0E05438A680E4925AFBFDEEDC3409F908512F6AF34DC33C552A50A90C6C9321D285A851C6244
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ...............................[....`.................................(...O.......L............~..p*..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):17520
                                                Entropy (8bit):6.83969555329617
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9F018137CCC7684C1922C8D8FA7BA364
                                                SHA1:E2C26A5BE58B2511043F918939B40134428A4E7A
                                                SHA-256:7F1D68C22394D54159E918B089CF721DC0F5EF5BD2E9699ED135945ED20E020F
                                                SHA-512:713C6D48BB186326492FF1466810FF7E270719F5A9A755C4BF84BC66679587223EA9973842EB3D719E2A5B564F488CDE34E39BB5286DBAD428E26E8EA7ED800C
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ...............................0....`................................../..O....@..@...............p*...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):36976
                                                Entropy (8bit):6.423492405586302
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:F632DC6A8B6A9D34F1A24B39475965E2
                                                SHA1:44F478B7B76F9B23E5E78D25157BF58FE675A223
                                                SHA-256:7B10A8C77CE1BA7B68ED742590031BACEC6EEA9641AB0AD2F0DDA40BF7D05C61
                                                SHA-512:6B54ACBD0C5510EABCABE475011E14DA71C096A2F4E4235C605283D9E87903F202C94D3F24006DBC67C143064212CF80D545362C73B7E903AF607A9207666DBC
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ..............................>.....`.................................O{..O.......4............f..p*...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                C:\Program Files\Wildix\WIService\Serilog.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):130672
                                                Entropy (8bit):6.183884930918232
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:381D1F6EAC3487FB809F4A67B20BBFC0
                                                SHA1:7AE67391144F1C3BDDB739F89499E4DFC2E01561
                                                SHA-256:CEA976F7B2AD44B80CAABCD2E2E443D4A58BB31839C6E12F68E49234FDCFD121
                                                SHA-512:A702FC408F953B96E5BFFAAB5953E08FF7F4215A6A87BA94E283EEB6D1E87BD79D34D8421ECD98180844BB037553F958D4E9B71900A085C3B62757BD848CDD74
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@............`.....................................O.......................p*... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                C:\Program Files\Wildix\WIService\UC.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):461424
                                                Entropy (8bit):5.25726869136666
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:6CD6DE9E328D4FDDBD0E3D5673369C3B
                                                SHA1:0A0915D6B89CAEF5A9D8D170089ABEBEAF6A183C
                                                SHA-256:5282E7BD01BD8C7A29E418E9F9EA7559A1A6E9F4CA3311399DC957296CEF5FF4
                                                SHA-512:53B1D121698D22A821093F88A5D1270A8243D7CDC836AF338045562363C0C2AFA222D925B6FFD89C238B0775A6F946F539431FC46E9964CE2D382BE9434D2752
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aF..%'..%'..%'...[~.$'..%'..$'...[..$'..Rich%'..........PE..L.....tg...........!..."..................................................................@.......................................... ..................p*..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@......tg........j.................tg..........................tg........l.................tg............................................RSDS.BO..$.M..+.V.C{....C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\oi_release\UC.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02........................................................................................................................

                                                C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Category:dropped
                                                Size (bytes):162168
                                                Entropy (8bit):7.073455164608616
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4D27F2943AD5052773E7741645B23DD6
                                                SHA1:61B2A58C06C45A5682A24C32E4317EE07C685CFC
                                                SHA-256:802AEB611760C67B68BE019480F65F8EA7BAC6CC30BC89D840DF895A7C3DA55F
                                                SHA-512:85C5CA1FAF19A1168932C1C7259314A276ACBDDBD6F60BF5B9A89DEFE8440FDDB21E9EC9C04C1EC1F03FF3951162B20059C8A7218D72933872824A2367641B6E
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@.......................................@..........................................p...............O..p*...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata.......`...........................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):397424
                                                Entropy (8bit):5.896845001178328
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:1A03B412419726F712C0C944D9223EBE
                                                SHA1:D996B0D84B4FD60A0C88375D20E8FAD796D30946
                                                SHA-256:232B5CE24F0E7EE6341A59E7BA939B63F6C5918AD847B453234029146C3F60A0
                                                SHA-512:705D5C732F913C8C2E392592C91128F6FE5706ACF1FDF933042A2C4D40AAC90D3DF0478E9ECE9885E718E3FF5C81E7CB76974070148B4E8D9729F52057C8CF6A
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.tg.........." ..0.................. ........... .......................@............`.....................................O.......@...............p*... ......P................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc....... ......................@..B........................H.......@...H=...............*...........................................0...........(......({...}....( ...o!...o"...o#.........%....o$....(%.....s&...}.....{....r...p(...+((...o)....{.......{....(|...o*....{.... .....{....(|...o+....{.... .....{....(|...o,....{.....".{....(|...o-....{.....o...."...A.s/...o0....s&...}.....{....r7..p.........(1...o)....{.....2.{....(|...o*....{.... .....{....(|...o+....{.... .....{....(|...o,....{.......{....(|...o-....{.....o...."..PA.s/...o0

                                                C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifest

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3755)
                                                Category:dropped
                                                Size (bytes):19152
                                                Entropy (8bit):5.393272662156399
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:B079016897676DE86F27C99F428B8808
                                                SHA1:4A75733DF4F6D833898599100AD6ECA2CDD8AE17
                                                SHA-256:9ACDD49BF2F04E1E6400905BA43D617A67C1260E8B97B93DB322234767FFC35A
                                                SHA-512:4CD033711E425FA9ED5AA8C8F8DCB575C865735B3B2B3FE6DF04AA22B84A5C7F249245DFC3E5DBF6265229D71967C8C3F51F692AF30FBC1B83DDB7BB829830FC
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                C:\Program Files\Wildix\WIService\WildixOutlookAddin.vsto

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3784)
                                                Category:dropped
                                                Size (bytes):5585
                                                Entropy (8bit):5.810263805047951
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:DB9C70488F4DA3E672D17C6C7EEB5ED6
                                                SHA1:49BA2D0791E5B3523FB076792843A71D4000E15B
                                                SHA-256:5D457F66530E9A4553D428BD95ACFBFB578884561619F90BE19D171DD253DEFC
                                                SHA-512:B138ABA72CAF390AAB04DD77F1E660751534878F2E8278E1C92433AC305AC215C30E0FA60522658FCD63D18B821D0B869BB6B369FBF3D4FD3B4C65C09DCC093B
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="Amazon.com" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-microsoft-com

                                                C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):23664
                                                Entropy (8bit):6.560940967824352
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:FAEA425A09F6DCC14F03D967946FC6E3
                                                SHA1:8569910F5F5B369CAD5FA232ED5EE8A3CC38564E
                                                SHA-256:17DD9AB9E3C5733DF4BE6D2B6F6961F053E1B22C1E44F6B611359412C1B0DB49
                                                SHA-512:6EF24695606B67E78A02A9C5911D2325A39FB5DDA230F5DA7858EE436A317C5779AD4C01285948EF5A09813E190A3B53AE952DFD52D9D7CD38FBFE832202E4A4
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A............" ..0..*...........H... ...`....... ....................................`.................................XH..O....`...............2..p*...........G..8............................................ ............... ..H............text....(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B.................H......H.......x$..$#............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......(....*:.(......(....*~.(......o....(......o....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(.....r...p( ....s....(".....($.....

                                                C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):586864
                                                Entropy (8bit):5.063139636129146
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:0D4C25344365AF560C17E3EB7D649427
                                                SHA1:3D44C52059AD8ABEBAD9578179BA7E6DED2C55E7
                                                SHA-256:0672D29C4D7BBC087FE5ED4AAA8E2842E16D3947114DBB64EFA8613E106379F1
                                                SHA-512:AA91EC560C875914D1F085CF80EBED3A5B2668DFDA5DC3782861C13BAD598C82A0C4A919005053754BC44BE432627ECFE446DAE9D2DD4E00FD861F0333CA8D78
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.tg..............0..............+... ...@....@.. ....................... .......p....`..................................+..O....@..................p*..........t*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc..............................@..B.................+......H.......p....0..........T... +...........................................~....*..(....*..0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r...p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r5..p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..;.......~..........(&...rm..p(1...~....~....o2...o3......,..(0....*.........

                                                C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.config

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):146
                                                Entropy (8bit):4.983767070197417
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:05BD64DBD44CF1C95236670D3842562F
                                                SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):5364336
                                                Entropy (8bit):6.803295159333163
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:206E87E60FE774EC5A94EB99B8B2B070
                                                SHA1:BD463F6584F263B85B656C58AFBB1D7AF14975DE
                                                SHA-256:EFFC0165FADBCDC21A9C3C000922CB98A293398486A24E50A70789F257CF9F20
                                                SHA-512:72E9FC83E77BD9E69AEC91CB836CACEC0C7A20B04A8EB02F7698DF16A3AC095BF972BCBE4F1AA85D17E00C6FA703D87763C328E7D1F717DF4B8F2C1BC21107C1
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 3%
                                                Reputation:unknown
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............{..{..{......{......]{....<.{......{......{.......{......{......{..{...z..{..{..L...(y..L...{..L...{..L.>.{..{V.{..L...{..Rich.{..........PE..L.....tg...............".,<.........X.6......@<...@..........................pR......R...@.................................L(J......0N...............Q.p*....O.T.....G.p.....................G.......G.@............@<..............................text....+<......,<................. ..`.rdata.......@<......0<.............@..@.data...T....PJ..N...2J.............@....rsrc........0N.......M.............@..@.reloc..T.....O.......O.............@..B........................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):6427248
                                                Entropy (8bit):6.617744849493833
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9EA16A6444682CE6BC5A12433EB47453
                                                SHA1:893F4F4E1498CB641B85368D7203B2BFE0A5B658
                                                SHA-256:1ACE7C7705205DD8B5933C0A76827177912AD3201F5448425B11BD897BB92CC2
                                                SHA-512:C4B0BADCA6B592D07D2DC883B2DB37EED1548A8F69117EE9CA6EB640419FABB12D62F5A59D752001F2090997F69FFE07D8651E0D57B9335CCB520D5C455FD56D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......a{..%..C%..C%..Cnb.B(..Cnb.B...CjfoC"..Cjf.B6..Cjf.B/..Cjf.BO..Cnb.B>..Cnb.B0..C%..CB..C%..C9..C.f.B...C.f.B...C.f.B2..C.fmC$..C%..C$..C.f.B$..CRich%..C........................PE..d...a.tg.........."....".ZF..8......P.@........@..............................b.....u0b...`...................................................Y.......`.......].l.....a.p*...@b.(....;S.p....................<S.(....:S.@............pF.`............................text...?XF......ZF................. ..`.rdata.......pF......^F.............@..@.data...\c...0Y.......Y.............@....pdata..l.....].......\.............@..@_RDATA..\.....`......._.............@..@.rsrc.........`......._.............@..@.reloc..(....@b......Ra.............@..B........................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):3430
                                                Entropy (8bit):3.577875788113156
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                Malicious:true
                                                Reputation:unknown
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                C:\Program Files\Wildix\WIService\dotnet-dump.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):5319784
                                                Entropy (8bit):6.624489203238988
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:1529A91171C5E94E3053B933E4244417
                                                SHA1:1E7340E648898F396E39F86A5CC37AD396FD4918
                                                SHA-256:9CC8F2C258EE3E9A0B15D6F289B27EA96992ADBAB92428A04BAE0A258FAF78BD
                                                SHA-512:3FB39B3B3620B818FFD28932855E397F3EF5AD151CE396A4A650823F711065F49709013D6DED8268A7A29FFD989C372F4AE3C2CAAA7F5D51124E2A39AF05ACFC
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P......e.Q...@.......................................... ................Q.p*...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):23812
                                                Entropy (8bit):5.102231290969022
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):59116
                                                Entropy (8bit):5.051886370413466
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:FC574EB0EAAF6A806F6488673154F91F
                                                SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                Category:dropped
                                                Size (bytes):21225
                                                Entropy (8bit):3.9923245636306675
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:6798F64959C913673BD66CD4E47F4A65
                                                SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):7996
                                                Entropy (8bit):5.128824009655858
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):940144
                                                Entropy (8bit):6.458898363798956
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:1DED360B71C4C83EB10B0C08B6597C9E
                                                SHA1:80CC899D7CC2483B01185CD528210A399C76DBDD
                                                SHA-256:D9B43DF509EE41A62E74241A541723E309FA5A4470E3132E7DD2C54314DF4E2D
                                                SHA-512:45616968A18B7789F9256CFD7E2023D6644A34B5F29ADF138E058BBDCDC2231FA3DC37DD28796F85AB1D63E60F9E9C8C010AEE162DAC9031B0E605C463966A78
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.<..so..so..so.|pn..so.|vn..so.xwn..so.xpn..so.xvn..so.|wn..so.|un..so.|rn..so..ro..socxwn..socxvn..socxsn..socx.o..socxqn..soRich..so........PE..d...H.tg.........." ..."..................................................................`..........................................5..p...`6.......`..p........~......p*...p..l.......T.......................(.......@...............p............................text.............................. ..`.rdata..............................@..@.data...4x...P...X...:..............@....pdata...~..........................@..@_RDATA..\....P......................@..@.rsrc...p....`......................@..@.reloc..l....p......................@..B........................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfu

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):306752
                                                Entropy (8bit):6.141499008290493
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4F95ADAFA7E0E034EDF87B2BFDC4CDFA
                                                SHA1:E6422B41682E01BAFC3D36B20F5113F8691D83EA
                                                SHA-256:45EEC2C2BC825849E9EA8DAC2F2E6EB76353DB498EE74788CDAB82BC7F42625B
                                                SHA-512:BAB4849A4E5BEC7895CA657C2E642D926DB897987B73E9B615F3C7C35EB58AB0E3E17D7F3EFE4A88382052C0E14F32082804EBC4744724CA4755A9C336500125
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:CSR-dfu2..0.....signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2C.......@...................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfu

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):894220
                                                Entropy (8bit):6.412259430484631
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:F80C203D2184BE4E9CDA039C517F1556
                                                SHA1:2FE1E31B80688B88DEF0CF9AD1193C5D41C2645F
                                                SHA-256:F40F0499B23D21C2C24DB452A5482DBD36957935F593DD4D60935DE2550B1EEB
                                                SHA-512:A0F7A12F2A600A7796678E1C279D04A88FFF4118A9B4372719E5A1FB674D5EECA993548EEA79C376AB1D872EB6ECD2D8F87C7898C96E11842190EFDF0FCE0040
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2G...N.......................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):72304
                                                Entropy (8bit):5.55290876998526
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:1340C9F8BF2A24074FF43CB663983AC4
                                                SHA1:3BCF98D2D6FDA3A5BA47BF37F8B462E5683E0BD2
                                                SHA-256:ED2448275402FD4F4F945B121B386168F0F40DDC09B33CEA0D2C42ABB1C78AE4
                                                SHA-512:A0022237AA0211659609CF0F2188530C141ED5B7AF994A3A27CACAB6DE71D3D81863DF3E6AEB8661E5A593403439668DF9EAFDB7F0814364960ACC0FF135ECE9
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&......&......&......&...^;..&...&...&......&......&......&......&......&......&..Rich.&..........PE..L.....kQ...........!.....P...........Q.......`......................................P...................................;...pu..x.......d<..............p*..........................................0k..@............`...............................text....M.......P.................. ..`.rdata...%...`...0...`..............@..@.data...(...........................@....rsrc...d<.......@..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):24688
                                                Entropy (8bit):6.923218305340772
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:50F7B26074413150020CBBC07323B58D
                                                SHA1:35AD00A36CF8DBC90E6E38931E6EA14C02BF1440
                                                SHA-256:683D0127506E21F29F8F3CB51ED6955B39832D19BFADFC0E845AFD58C5738799
                                                SHA-512:659A23E20AAA062D176AC982A50CFE46B247C13F0F8B05C8F41B8DB0F7637A4102AF79DC4DCEFA0B7890E1DA4DD87E63510634464FDAB4EFF0538AFDEE9845AE
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......]...]...]3$.]...]3$.]...]..]...]3$.]...]...]I..]3$.]...]3$.]...]3$.]...]3$.]...]Rich...]........PE..L.....kQ.....................................0....@..........................p...............................................6..d....`...............6..p*..........................................85..@............0..0............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):490096
                                                Entropy (8bit):6.084433322393528
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A7AF473BDC6493C11CE071B11E324E5A
                                                SHA1:2788D07F0D5CB3C56E845905A5669603F37159A6
                                                SHA-256:566DC91237523877C6D5ACA8B5B5E7145937982A5409C78F148E18390DDDE069
                                                SHA-512:18293FD7C26E00490AACBF0DEBC8A1E05C6734E0546A8F12C3EE8067D232CEAC77DF269237736A956741B4D350852EF33F909600C77B4FE8392F802AB8974840
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-9/.iXA.iXA.iXA..W..mXA.iX@..XA.N.:.lXA...?.hXA.N.<.hXA.N.,.fXA.N./..XA.N.;.hXA.N.=.hXA.N.9.hXA.RichiXA.........PE..L...I..M...........!.........@......DT............L|................................[b....@.............................c ..d...d....................P..p*.............................................@...............................H............text....x.......................... ..`.rdata..cX.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..N$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):559728
                                                Entropy (8bit):6.452474379327697
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:E353CFB37F8EBCAA044FEF89AD1B59F3
                                                SHA1:F751BB2E7ED3DF10EADC73A780798C94D2EC10D8
                                                SHA-256:81EEFF257350C01742D16971501A54755A97DD441FF91E912958F068C1763448
                                                SHA-512:6D6CFE50E3DC87D45F25000FC992ACD3CF564A5CC928FFA3BEB99E799F528618174DE042EDCB31A73AA736CE69159A690B8D532CA1134D11134AA85F06293FE5
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...l..M...........!.....@... ...............P....B|.........................p......#.....@.............................L...T...<....................`..p*... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):637552
                                                Entropy (8bit):6.8685472952194955
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D0DE1837CAAEDD6D0EB2E7DFE3A16601
                                                SHA1:FF8729A83E98CA5DFC09C8BE65FCE9C45DB536A2
                                                SHA-256:B6C7F4CB86FFA0CB076C55D659F390DF2F62A6D3FA5A896281A43E6109F77DEB
                                                SHA-512:44C02013F4D5569F35E89C783BCC2B14C3F79FE61011656FE15B57846E99343F404C3057A006D45B83678DCFBAE269E9555D6A946A355CC47D24E5AD00F33AB3
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L......M...........!.....0...p......+#.......@.....x.................................F....@..........................q...~..Pc..<....`..................p*...p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):701552
                                                Entropy (8bit):6.836069284857721
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:E14902AD1CF232867326AF9C91830B51
                                                SHA1:772FF493E1DD52B4B9399841E7DF7FCADFDD2A26
                                                SHA-256:DA7C567F81C6E5206858B9C3AD844950CE804CD42FD26823A862D6C8D413A558
                                                SHA-512:0DBB5438D6B448283ED379793DB205FC2E481144BC5BE6D91A54B1F9912E5C813341ED1AB53DDDD6715A64085A3FFA9BF97A07CADBE64E7228F142CE8182C0E6
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gR.......................W.............#.............u.................Rich............PE..L..."..N...........!................r..............o......................................@.........................H ...t...........p..................p*.......2..X...8...........................p...@...x........................................text............................... ..`.data....h.......d..................@....rsrc........p.......R..............@..@.reloc...2.......4...V..............@..Bb..N.......N....a..N....a..N$...b..NH...a..Ni...b..N....a..N....a..N....b..N.......N....b..N....b..N=...b..Ne...b..N....b..N....b..N....b..N....a..N#......N....b..NM......N....b..Np...a..N.......N....b..N....a..N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core-Console-L1-1-0.dll.API-MS-Win-Core-DateTime-L1-1-0.dll.API-MS-Win-Core-Debug-L1-1-0.dll.API-MS-

                                                C:\Program Files\Wildix\WIService\proxyex.lnk

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Dec 31 14:42:44 2024, mtime=Tue Jan 7 09:24:11 2025, atime=Tue Dec 31 14:42:44 2024, length=16788080, window=hide
                                                Category:dropped
                                                Size (bytes):928
                                                Entropy (8bit):4.5887587992232115
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:78EF3BF7A89AAC7F84564088BE4389CD
                                                SHA1:8EBEEFD620938A45BFD9516FFFC34102B8CFB793
                                                SHA-256:EB38183FB6D48DF22B0808CD121BD094AEB0D5CFB2816E4872D0AFA001FB6326
                                                SHA-512:6A02CF2F429FEBC8F74626E00DA4CFCAC55DA910D7A640F64D432E7522BD9F922D3D2E0B562F2B38766C0DCA0FE0C08CC7AB7F67F3BF833700A29E4DDF48704C
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.... ........[..}./K.`.......[..p*...........................P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....'Z.R..Wildix..>......'Z.R'Z.R...........................'.W.i.l.d.i.x.....\.1.....'Z.S..WISERV~1..D......'Z.R'Z.S..........................*H.W.I.S.e.r.v.i.c.e.....h.2.p*...YV} .WISERV~1.EXE..L......YV}'Z.R.............................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......]..................C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......093954...........hT..CrF.f4... ..H1...........%..hT..CrF.f4... ..H1...........%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                C:\Program Files\Wildix\WIService\resources\cdr.db

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3039004, page size 1024, file counter 3247, database pages 22038, cookie 0x1c6, schema 4, UTF-8, version-valid-for 3247
                                                Category:dropped
                                                Size (bytes):22566912
                                                Entropy (8bit):6.156856755685782
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:3241A121BCF26F5E8B36663E3056B2CA
                                                SHA1:FAF689142817E79961EE45D61D40EF0204488D89
                                                SHA-256:DE37FC1A3B827F05BFF563D523CBA8007272462C24C9C1939F9B1FD13F789088
                                                SHA-512:03530AE86E5342FF84494BEF17EEDE041D918A0193357711076649493B9020A5729CCF0737BD226B8A32ED7D88E342316050DEE9C8CD13A3AE281C2B7FE2C562
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:SQLite format 3......@ ......V..................................................................._...........V.............................................................................................................................................>.......StableFILTERSFILTERS.CREATE TABLE FILTERS (...ID BIGINT NOT NULL,...NAME VARCHAR(128) NOT NULL,...DESCRIPTION CLOB(2147483647),...STATE CLOB(2147483647) NOT NULL,...PRIMARY KEY (ID)..)-...A...indexsqlite_autoindex_FILTERS_1FILTERS.........w...##..5tableEVENTS_TAGSEVENTS_TAGS.CREATE TABLE EVENTS_TAGS (...EVENT_ID INTEGER NOT NULL,...TAG_ID INTEGER NOT NULL..).n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARCHAR(2...86...+,.

                                                C:\Program Files\Wildix\WIService\websocket-sharp.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):261232
                                                Entropy (8bit):5.839129701085833
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:B43803E3279FAB53E4393FBBF40B1949
                                                SHA1:ACA0E59D227808534303708354D2FD4AA2B356DB
                                                SHA-256:2B2E4F436377B7770071FD387ABE01B9D7088214E43718C9827D82E4BEA31BE6
                                                SHA-512:ECFBB03CAC1203927A6E21267C8198A62B359CCCF2A3E0EF4D9AA3C0B0A075F43D0E6B7FFFE2E225A170ABBA122BC62FF38A8682E64886CEDDF6B0236CE325A8
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@......{.....@.................................,...O.......................p*... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                C:\Program Files\Wildix\WIService\wildix-oi.ico

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                Category:dropped
                                                Size (bytes):175221
                                                Entropy (8bit):3.6057445859805903
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                C:\Program Files\Wildix\WIService\wildix.ico

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                Category:dropped
                                                Size (bytes):99667
                                                Entropy (8bit):6.776502745804188
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                SHA1:965419910C1929CF695C530456950616B85596C5
                                                SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                C:\Program Files\Wildix\WIService\wiservice.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):16788080
                                                Entropy (8bit):6.685932138686767
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D62710F3678538E483FFC7EA112D7F68
                                                SHA1:54212AF34D394BEF6620C2D2CBB874660EBBE523
                                                SHA-256:0F4903937AD02B65A212319365DE974F7B6529201343271B2E4CEC76A03522EB
                                                SHA-512:81CE8E21FB80EDD29CDCF890FF694D3D4FB5242B18EB7DDD882AC46978B259D27F636914A0F059556FBE9D8EA7A3103EDF1C6AC6300F81C2891EFBE90B3F6F43
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........5...f...f...f..g...f..gZ..f..zf...f..g...f..g...f..g...f..g...f..g...f...f...f...f...fp.g...fp.g...fp.g...fp.xf...f...f...fp.g...fRich...f................PE..d.....tg.........."....".p....R......>.........@.............................P......O.....`..................................................|..X....p..0...............p*...@..........p.......................(...p...@...............h............................text...*o.......p.................. ..`.rdata...V9......X9..t..............@..@.data...............................@....pdata..............................@..@_RDATA..\....`....... ..............@..@.rsrc...0....p......."..............@..@.reloc.......@......................@..B................................................................................................................................................................

                                                C:\Program Files\Wildix\WIService\x-bees.ico

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                Category:dropped
                                                Size (bytes):207760
                                                Entropy (8bit):6.4085333829790425
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:F214B5E008F3D23F4F01951247BAE991
                                                SHA1:DB7928B37992CD0635AB5FC1E89547C6BE813B55
                                                SHA-256:CED79B247B0C8DE449312B7CF5690E8E9DA968F22CC722DA70124BDF2A84C427
                                                SHA-512:FA5211DF2922ABC3C5091E2098DF5FAD9681E2CDC8A3287AEC49F8694B11B776A2001DED052995A34E5EF52B55A207E6069393DD9BAAEFB82CEFC98824BC7774
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ .:...Vx..(....... ..... .........%...%........................................................................................................................................................................)B..)B............................. ........................#3..R...U..."1........................."...!... ................Dt..]...a...Jw.........................$....!(..0O...H......*;..l...m...r...z...):......5I..;R... .....%....L...i...m...Q...$...Fo..S...U...Kq.."+..i...........w......(....>l..l...v...x...Iu..n...v...{...y...Tz..............Ut.....*...' ...=a..k.......m...?[..b...d...B\..............Ke.........+!..* ..)..."*2..R...a...e...........m...r...b...'..............-"..,!..* ..)...'...#"!..Y...o...s..._........................../$...#..,!..* ..)...'....F^..........H^.........................1%../$...#..,!..* ..)....Ni..........Ph.!.

                                                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Dec 31 14:43:18 2024, mtime=Tue Jan 7 09:24:09 2025, atime=Tue Dec 31 14:43:18 2024, length=162168, window=hide
                                                Category:dropped
                                                Size (bytes):1955
                                                Entropy (8bit):3.402204070104966
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:6A33BAEC5AE4984DFE52B08815217626
                                                SHA1:1D3F3BECD94C7A2676746D87EF5283863555C4AA
                                                SHA-256:9B924D63EF0911280255ACB2C46DE09A510D1394286B835D8F798616C701368B
                                                SHA-512:634376B0A3F4AAE594F902FFE81598797ECF3D868B0396EE7B629BE5B64190BF53CFBD036CFE538566D6075B62F3744CDE4FE0E0A7E74C4FB5F5109FBF2A3300
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.@.. .....Y..[..Od.I.`....Y..[..xy...........................P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....'Z.R..Wildix..>......'Z.R'Z.R...........................'.W.i.l.d.i.x.....\.1.....'Z.S..WISERV~1..D......'Z.R'Z.S..........................*H.W.I.S.e.r.v.i.c.e.....z.2.xy...Yi} .UNINST~1.EXE..^......Yi}'Z.S....KU........................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f..................C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                C:\ProgramData\Wildix\WIService\dissettings.json

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):56
                                                Entropy (8bit):4.355851127144314
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30D802E0E248FEE17AAF4A62594CC75A

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:Certificate, Version=3
                                                Category:dropped
                                                Size (bytes):1559
                                                Entropy (8bit):7.399832861783252
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:ADAB5C4DF031FB9299F71ADA7E18F613
                                                SHA1:33E4E80807204C2B6182A3A14B591ACD25B5F0DB
                                                SHA-256:7FA4FF68EC04A99D7528D5085F94907F4D1DD1C5381BACDC832ED5C960214676
                                                SHA-512:983B974E459A46EB7A3C8850EC90CC16D3B6D4A1505A5BCDD710C236BAF5AADC58424B192E34A147732E9D436C9FC04D896D8A7700FF349252A57514F588C6A1
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:0...0..........}[Q&.v...t...S..0...*.H........0..1.0...U....US1.0...U....New Jersey1.0...U....Jersey City1.0...U....The USERTRUST Network1.0,..U...%USERTrust RSA Certification Authority0...181102000000Z..301231235959Z0..1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....Sectigo Limited1705..U....Sectigo RSA Domain Validation Secure Server CA0.."0...*.H.............0.........s3..< ....E..>..?.A.20.l.......-?.M......b..Hy...N..2%.....P?.L.@*.9.....2A.&.#z. ... .<.Do.u..@.2.....#>...o]Q.j.i.O.ri..Lm.....~......7x...4.V.X....d[.7..(h.V...\......$..0......z...B......J.....@..o.BJd..0.....'Z..X......c.oV...`4.t........_.........n0..j0...U.#..0...Sy.Z.+J.T.......f.0...U........^.T...w.......a.0...U...........0...U.......0.......0...U.%..0...+.........+.......0...U. ..0.0...U. .0...g.....0P..U...I0G0E.C.A.?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v..+........j0h0?..+.....0..3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%..+.....0.

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                Category:dropped
                                                Size (bytes):71954
                                                Entropy (8bit):7.996617769952133
                                                Encrypted:true
                                                SSDEEP:
                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:Certificate, Version=3
                                                Category:dropped
                                                Size (bytes):1413
                                                Entropy (8bit):7.480496427934893
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:285EC909C4AB0D2D57F5086B225799AA
                                                SHA1:D89E3BD43D5D909B47A18977AA9D5CE36CEE184C
                                                SHA-256:68B9C761219A5B1F0131784474665DB61BBDB109E00F05CA9F74244EE5F5F52B
                                                SHA-512:4CF305B95F94C7A9504C53C7F2DC8068E647A326D95976B7F4D80433B2284506FC5E3BB9A80A4E9A9889540BBF92908DD39EE4EB25F2566FE9AB37B4DC9A7C09
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:0...0..i.......9rD:.".Q..l..15.0...*.H........0{1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....Comodo CA Limited1!0...U....AAA Certificate Services0...190312000000Z..281231235959Z0..1.0...U....US1.0...U....New Jersey1.0...U....Jersey City1.0...U....The USERTRUST Network1.0,..U...%USERTrust RSA Certification Authority0.."0...*.H.............0..........e.6......W.v..'.L.P.a. M.-d.....=.........{7(.+G.9.:.._..}..cB.v.;+...o... ..>..t.....bd......j."<......{......Q..gF.Q..T?.3.~l......Q.5..f.rg.!f..x..P:.....L....5.WZ....=.,..T....:M.L..\... =.."4.~;hf.D..NFS.3`...S7.sC.2.S...tNi.k.`.......2..;Qx.g..=V...i....%&k3m.nG.sC.~..f.)|2.cU.....T0....}7..]:l5\.A...I......b..f.%....?.9......L.|.k..^...g.....[..L..[...s.#;-..5Ut.I.IX...6.Q...&}.M....C&.A_@.DD...W..P.WT.>.tc/.Pe..XB.C.L..%GY.....&FJP...x..g...W...c..b.._U..\.(..%9..+..L...?.R.../..........0..0...U.#..0......#>.....)...0..0...U......Sy.Z.+J.T.......f.0...U...........0...U.......0....0...U

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30D802E0E248FEE17AAF4A62594CC75A

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):338
                                                Entropy (8bit):3.2696065936360785
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:F603DE464738B4DEBDEFFFD9A307A7D4
                                                SHA1:31C7D8F088C259FDB71CB59A8DF870FCEE23C531
                                                SHA-256:C3F84D62237BFCC9CE68841076FABC319B450C3BCEA43627CA27D08032EE5024
                                                SHA-512:4FCFE3D51D484213CC51515B8CCCCEB3C1D0BCF953E530D2E206197A38C8CA4C368E49017BD7CC3C0FF99FC9DE6026586B78B1593665A71B177F28736FD649CC
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:p...... .........4.T.`..(....................................................... ........@u.>r...Q..V...............h.t.t.p.:././.c.r.t...s.e.c.t.i.g.o...c.o.m./.S.e.c.t.i.g.o.R.S.A.D.o.m.a.i.n.V.a.l.i.d.a.t.i.o.n.S.e.c.u.r.e.S.e.r.v.e.r.C.A...c.r.t...".3.3.e.4.e.8.0.8.0.7.2.0.4.c.2.b.6.1.8.2.a.3.a.1.4.b.5.9.1.a.c.d.2.5.b.5.f.0.d.b."...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):328
                                                Entropy (8bit):3.2303632638255086
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A2EB06909C1944F92C863F71FF321B8C
                                                SHA1:A2218C3551BC2068AF28BF067C2540796E7D98A5
                                                SHA-256:0E0E6E354270615A907445FCB3094BE630F7E4F39D2BF5F9E06B511198D72D0A
                                                SHA-512:3E660FE13A711EB9D44942EA6035131F622AD4CFE8C8297222D2E475DB2A5191AFD8F55C0AA11CEA938A96C10E652958DC65F39DC1E002B24DE0A01757FA144E
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:p...... ........Quox.`..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):306
                                                Entropy (8bit):3.168979328164212
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:5010308D8E1F00E56711AD95A94E6A0C
                                                SHA1:CD74525943D486545EEA1DF4B81E29E5E07AF315
                                                SHA-256:E6E7C7BD5B7EF4AAD2860EED40B54D79EBCCA39CD81AD421DFEC395A56C6B15B
                                                SHA-512:5FCCF13975C6A9343AFA71B3080858E336BAE0C5620615CD87C942394485A5AA07D65FD2519D43854BF60BBA22A316A441392FC66F375FF7BE9275B4B275821C
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:p...... ....h...=.6f.`..(....................................................... .........(.f....Q..V...............h.t.t.p.:././.c.r.t...u.s.e.r.t.r.u.s.t...c.o.m./.U.S.E.R.T.r.u.s.t.R.S.A.A.d.d.T.r.u.s.t.C.A...c.r.t...".d.8.9.e.3.b.d.4.3.d.5.d.9.0.9.b.4.7.a.1.8.9.7.7.a.a.9.d.5.c.e.3.6.c.e.e.1.8.4.c."...

                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5FD975D6-3E1B-4B5F-958E-5037F2AA5D95

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):183022
                                                Entropy (8bit):5.293730794765036
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:69211ED25A394DEBECE4431A5B2138CD
                                                SHA1:4C8C9DA9C91BF01315670210250CB6CD07AB8B56
                                                SHA-256:7D4EC439BEC322D054DFF50616169CD2283292A0CBE8B56308FA70F032289064
                                                SHA-512:5D585F3B72C1FCDE0E3E153BD9DD342D4979D98468C5AFD65E492DAA23F8613CDF4FD5B943361AB9E0960EE020BD9C3FB3B163A932AB193D2063C5317C62607D
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2025-01-07T10:24:25">.. Build: 16.0.18406.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results?fullframe=yes</o:url>.. <o:ticket o:policy="DELEGATION" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Bearer {}" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.Resourc

                                                C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\System.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):12288
                                                Entropy (8bit):5.814115788739565
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\modern-header.bmp

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                Category:dropped
                                                Size (bytes):28326
                                                Entropy (8bit):2.5710862958427496
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\modern-wizard.bmp

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                Category:dropped
                                                Size (bytes):26494
                                                Entropy (8bit):1.9568109962493656
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsDialogs.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):9728
                                                Entropy (8bit):5.158136237602734
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:6C3F8C94D0727894D706940A8A980543
                                                SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nsqD0BF.tmp\nsExec.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\Temp1_file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip\entry001\3.19.1+SetupWIService.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):7168
                                                Entropy (8bit):5.298362543684714
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 09:24:56 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2673
                                                Entropy (8bit):3.988516122049724
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:1CE46B806D02121F2715E529AE761A61
                                                SHA1:4908564E660C88EEF76805003423598593D7F581
                                                SHA-256:22EAED1554BD0C4E48AB45FC34E1F79B89AF857C1EAB719251E3106E94B57BE1
                                                SHA-512:33670AAE8537E858156A1747BA06BECBEC7F1D7DA0DE2010555962AC122C4FB9C4A036C1ACF9D856022858F05577CB9E4FD222C999C9DAD877B816CFCFC2B1CC
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.@.. ...$+.,......e.`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 09:24:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2675
                                                Entropy (8bit):4.003441858459818
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:99695383EEF150DC0B76D998069D6BEB
                                                SHA1:75549C46BA39999F02B69E4BE71F94967C40DB51
                                                SHA-256:66A0475C1D36B9EF8A47DF4E6D14E90645ADE96D22DB10E293A8FCCA80DC3F0E
                                                SHA-512:5229555992CCC3E1237530792DB4B19B08CD2390BFCE7ABD14A2BD512133BB6D8AC8500C072D9EECD1C43C91C8BEEB5B403DD3C5709659E5E97EF1F0C3E7F6D4
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.@.. ...$+.,.....e.`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2689
                                                Entropy (8bit):4.01291924233624
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:26734DD92EBEA87ABC6CA694B93C107A
                                                SHA1:83529173F59622A20B24A293258E5A03EAF22B21
                                                SHA-256:337A974801875558DEAC12A58A28EB77CBB7380EB64D8305DCB90BA52BC191EA
                                                SHA-512:703FBDC4DC9E0DCCEAC567B62B134723AB193FE927F1F70E427BBE216FE43FD806010A7ACA273C42EBE796C8E0485C52C7EB387AA75133357FEFA97D6256DA2F
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 09:24:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2677
                                                Entropy (8bit):3.9977536835455436
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:5E1D4B226E49BE72953D3071BB532968
                                                SHA1:A289E6CF8DCE8D75A30341FD776BAD99E6AF96A2
                                                SHA-256:509653815E973C74910D8C0546A02058F67DDC0414425FA699C9C1662FD864AC
                                                SHA-512:018904D61AD6266F0DEA14D8043B4C04AB27EEB6A0EB0D3A48BBE7AC458A6D42F2D1F76921BD8FCA3ECCB961CE6D1E47FC69E2C305031DE7562C1D10231D29AD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.@.. ...$+.,....kL~e.`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 09:24:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2677
                                                Entropy (8bit):3.988812380066939
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:C76040D13F9BE6AEA8BD88AE81805BA1
                                                SHA1:A8DAB9499F8723CCB20F60C1B9CB40548A978B6F
                                                SHA-256:B76C4A3BB49F00B048494CFB08F510F600CD97D23909E0AF543D9262380778F8
                                                SHA-512:96821C8EC5EE99D911548A2A187461DF67D6546FAB3ED663412A75BE4976DF9D8603703F74672D60FA9E226C99B6C974D1BFB441FB0C3433DBFAF79DA52EF411
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.@.. ...$+.,.....D.e.`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 09:24:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2679
                                                Entropy (8bit):3.9997202390700064
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A0E0326C99E988711410DF0A74330336
                                                SHA1:541B754BB2FE98A5F51DE242641871238D09A0D2
                                                SHA-256:C06FCB47281CC39FEFAC7524DB3EAF0D23B06720A0C3C0EBBC403C6BAA0151D7
                                                SHA-512:C3DA16C3A4B7B605569D17BEF0F956133A8957A400AD2C57B8837300460CBEAE4BFA14B53B0F91C6D401CF712E4A892F1743B1DAE68DF12B2061394D8BBF4C05
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:L..................F.@.. ...$+.,.....$ue.`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....'Z.R..PROGRA~1..t......O.I'Z.R....B...............J.......'.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Wildix\OutlookIntegration\netlog.txt

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):688
                                                Entropy (8bit):5.253492451757517
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9268FEF171887BB8D93A03310566347C
                                                SHA1:2C22AEBEE62F584CB27D72C505C6E7F793291E5E
                                                SHA-256:76956002A7D8446347F853E0A3E1F45C567FBA61EFF50D5AF11EEE11BCED0AEF
                                                SHA-512:0CFC4B2BBE5098663F7970A5E6FF7D6115C1CF703E01DFC5F409310AEB9C93994F831D422FD82085C5899E4C6D3228C36BF0922AA22A3CB3B7A0FA341E589D5A
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:<- 221.. {"msgdata":{"command":"authorize","msgdata":{"app":"int_outlook_presence","version":"3.19.1","pbx":{"hostname":"localhost","port":0,"secure":true},"user":{"extension":""}}},"message":"M_WISERVICE","id":"YS9ToBQf50EQpJCF"}..-> 102.. {"id":"YS9ToBQf50EQpJCF","message":"R_WISERVICE","msgdata":{"status":"authorized","type":"authorize"}}..<- 85.. {"msgdata":{"type":"get_all_contacts"},"message":"E_OUTLOOK","id":"LuZRgkKdrcFozUtk"}..-> 127.. {"id":"c844b6e4-3050-4979-a15c-4973e57ec5a7","message":"E_HEADSET","msgdata":{"status":"disconnected","type":"headset_status"}}..-> 95.. {"id":"LuZRgkKdrcFozUtk","message":"R_OUTLOOK","msgdata":{"contacts":[],"type":"all_contacts"}}..

                                                C:\Users\user\AppData\Roaming\Wildix\OutlookIntegration\settings.json

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):403
                                                Entropy (8bit):4.736514840867516
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:40FF5697A69DAD8B9509DE319AB8C36A
                                                SHA1:35FE6975C71BAAC3C8130D1D1D362A88F306D82F
                                                SHA-256:F9C3B1E4721B5FC1E47750B840AFA1C42C39D5C157D33C99421AAECE88E8D2B9
                                                SHA-512:C1F251799897BD01CC9B7C7C99DB7F89FD1D6E01A14578B73C726EF7E3527005DA01D815039887D095B3723BBFEEE66D16A7F7A73CB4B6E978FABADFCFA938F6
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{.. "debug": false,.. "log_level": "info",.. "show_photo": true,.. "hide_private_events": true,.. "launch_outlook": false,.. "last_outlook_version": "0.0.0",.. "default_im_app": "Lync",.. "last_domain": "<default>",.. "photo_refresh_timeout_seconds": 86400,.. "cache_refresh_timeout_seconds": 86400,.. "cache_wipe_timeout_days": 7,.. "event_folders": {},.. "sync_new_event_folders": true..}

                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):38
                                                Entropy (8bit):3.8924071185928772
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:79BC2DAD2D6C0232998EF454D71C4DBD
                                                SHA1:6A026317AC5B65340BA4F744E7DE9631EA25D504
                                                SHA-256:19C594461EC7DE3526592D1666788F41B5286995BD1BCAE55D05E84714531E1A
                                                SHA-512:E8BDEF565DB12684DEAC6E98875419056A7BA790228720D87338913C2D871187493AAAC1F8267CC91EE43102419EB8A7792D256C2E89703707C4F0AC89248B78
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:websocket:8888;lotus:9901;oiwss:8888..

                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):502
                                                Entropy (8bit):4.739062311597673
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D5E8498D2AD13AF1EF1F19D3BB176A50
                                                SHA1:1702A8DE813331F577E57DAAF4DF0ABB71559F3F
                                                SHA-256:B7A7B6B8FB876509A384CBCC65A2735979CA76407A140F96FD40B51729FBA0D0
                                                SHA-512:775D6E0DF6359FA16B364AA4A6FC2C1FA11DADCCA7B8A91DFDE31BCBB53B83102E41B9ACF17EC499DF605CEF77FB9BCBCD609A61200E56077678686A1DE00F4D
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "headset": {},. "hotkeys": {. "actions": {. "call": "F11". },. "requirements": {}. },. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "3b4d3955-bfb4-444d-8caf-bf86aa3e63db",. "pbx": "",. "setIconTryCount": 0.}

                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                Download File
                                                Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4926
                                                Entropy (8bit):3.2460431879734895
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:960C6906E7338BDAB4A482EB4F04645D
                                                SHA1:D7FB1551B5E952B2F110D949056AE930156D47D1
                                                SHA-256:97D7B09ACE03BF49EE997E4665304D254D1CD34D7E1476D20014FEC8E586E7E1
                                                SHA-512:25AB6C1DEBB1E77BE0FBE7B693C8EA3CB6ED8FCBCDBB4C0AF897259B7D18C5316EE3985D2719A0ECBF9E93DBC6589EF6D912EB6B527BBD18B63431D25E8687C7
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                C:\Windows\System32\drivers\etc\hosts

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:ASCII text, with CRLF, LF line terminators
                                                Category:dropped
                                                Size (bytes):857
                                                Entropy (8bit):4.712765723284222
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9AC77B45979A66F73EDB70B72908A616
                                                SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):14362
                                                Entropy (8bit):4.18034476253744
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):2278
                                                Entropy (8bit):4.581866117244519
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:932F57E78976810729855CD1B5CCD8EF
                                                SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):532080
                                                Entropy (8bit):6.370246167881384
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:1D574CE34B4086B8440B578497E4BAC6
                                                SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                C:\Windows\System32\spool\drivers\x64\unires.dll

                                                Download File
                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):856688
                                                Entropy (8bit):5.596774833480957
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:unknown
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                Static File Info

                                                General

                                                File type:Zip archive data, at least v2.0 to extract, compression method=store
                                                Entropy (8bit):7.998404803598568
                                                TrID:
                                                • ZIP compressed archive (8000/1) 100.00%
                                                File name:file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip
                                                File size:25'345'201 bytes
                                                MD5:ec90b1260256d877c6cb088e04c3c617
                                                SHA1:a3879a6b1c8cd2e826024048d591e0ff49121778
                                                SHA256:6332404bf6e4b94c66acdf7524507d782fc65487c867a9543bc801989d8dc08e
                                                SHA512:72d9cbd651645dfef91f691cf9c6d5b32cd85ff9b5c174da566c62d9e8667fede17d7a23aefb5d9e51e645fa45208580fdaa67ac6f37525a7e676718c5614bb2
                                                SSDEEP:786432:405aYlEce3VElRP8+J8jzSB9DgAm9RxV4k38F2HF:401DN++JUG9DKR84l
                                                TLSH:AA47334CD03A13B378F48A7C77160AB9B0AD92EC96516C779702D36A2B775F6D34E088
                                                File Content Preview:PK.........P'Z..............$.entry001/.. ............z.`.....z.`.....z.`..PK.........P'Z............".$.entry001/3.19.1+SetupWIService.exe.. ............z.`.....z.`.....z.`.....tT..7.._2I&9.H0.h.....!.t.&$..20q..( T2.#.79...h..(.. ........k[{K.z.....$...

                                                File Icon

                                                Icon Hash:1c1c1e4e4ececedc