Windows Analysis Report
https://openboxinstaller.s3-eu-west-1.amazonaws.com/msi/0/1.9.99/OpenBoxAddInSetup.msi

Overview

General Information

Sample URL: https://openboxinstaller.s3-eu-west-1.amazonaws.com/msi/0/1.9.99/OpenBoxAddInSetup.msi
Analysis ID: 1560044
Infos:

Detection

Score: 28
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Potential Persistence Via Visual Studio Tools for Office
Stores files to the Windows start menu directory

Classification

Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\Documents\OBX components\OPENBOX SOFTWARE AGREEMENT.rtf Jump to behavior
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.42.65.85:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.86.251.30:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.123.128.254:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49772 version: TLS 1.2
Source: Binary string: F:\gs2\VS\out\binaries\x86ret\bin\i386\DPCA.pdb source: 671177.msi.19.dr
Source: Binary string: d:\Git\RP\gridcommon-xaml\WPF\SfGridCommon.WPF\Src\obj\Release-XML\Syncfusion.SfGridCommon.WPF.pdbD source: Syncfusion.SfGridCommon.WPF.dll.19.dr
Source: Binary string: F:\gs2\VS\out\binaries\x86ret\bin\i386\DPCA.pdb= source: 671177.msi.19.dr
Source: Binary string: D:\a\1\s\Source\Office\obj\Release\OfficeApi.pdbSHA256) source: OfficeApi.dll.19.dr
Source: Binary string: C:\Src\NUnit\nunit\src\NUnitFramework\framework\obj\Release\net45\nunit.framework.pdb source: nunit.framework.dll.19.dr
Source: Binary string: C:\projects\exceptionless-net\src\Exceptionless.Signed\obj\Release\net45\Exceptionless.Signed.pdb source: Exceptionless.Signed.dll.19.dr
Source: Binary string: C:\Src\NUnit\nunit\src\NUnitFramework\framework\obj\Release\net45\nunit.framework.pdbSHA256 source: nunit.framework.dll.19.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\ref\System.ValueTuple\4.0.3.0\net47\System.ValueTuple.pdb source: System.ValueTuple.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net462/Microsoft.Extensions.Options.pdb source: Microsoft.Extensions.Options.dll.19.dr
Source: Binary string: D:\Projects\adx.net\adx.net\Source\ADXRegistrator\Release\adxregistrator.pdb source: adxregistrator.exe, 00000016.00000000.1823074703.000000000033C000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: System.Runtime.CompilerServices.Unsafe.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net462/Microsoft.Extensions.Options.pdbSHA256 source: Microsoft.Extensions.Options.dll.19.dr
Source: Binary string: D:\a\1\s\Source\Excel\obj\Release\ExcelApi.pdb source: ExcelApi.dll.19.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256 source: Microsoft.Extensions.DependencyInjection.Abstractions.dll.19.dr
Source: Binary string: c:\Users\levgi_000\Documents\Code\Projects\ProductionStackTrace\ProductionStackTrace\obj\Release\ProductionStackTrace.pdb source: ProductionStackTrace.dll.19.dr
Source: Binary string: D:\a\_work\1\s\src\TestFramework\MSTest.Core\obj\Release\Microsoft.VisualStudio.TestPlatform.TestFramework.pdb source: Microsoft.VisualStudio.TestPlatform.TestFramework.dll.19.dr
Source: Binary string: D:\a\1\s\Source\Office\obj\Release\OfficeApi.pdb source: OfficeApi.dll.19.dr
Source: Binary string: c:\Users\btord\Documents\Projects\LiveCharts\WpfView\obj\Release\LiveCharts.Wpf.pdb source: adxregistrator.exe, 00000016.00000002.1846675317.0000000003F24000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864319647.0000000006DC0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: d:\Git\RP\gridcommon-xaml\WPF\SfGridCommon.WPF\Src\obj\Release-XML\Syncfusion.SfGridCommon.WPF.pdb source: Syncfusion.SfGridCommon.WPF.dll.19.dr
Source: Binary string: qc:\Users\levgi_000\Documents\Code\Projects\ProductionStackTrace\ProductionStackTrace\obj\Release\ProductionStackTrace.pdb source: ProductionStackTrace.dll.19.dr
Source: Binary string: c:\Users\btord\Documents\Projects\LiveCharts\Core40\obj\Release\LiveCharts.pdb source: adxregistrator.exe, 00000016.00000002.1842413835.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.0000000003F24000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864152354.0000000006D90000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: /_/obj/DocumentFormat.OpenXml/Release/net46/DocumentFormat.OpenXml.pdbSHA256 source: DocumentFormat.OpenXml.dll.19.dr
Source: Binary string: G:{0:N}; A:{1}.pdb; F: source: ProductionStackTrace.dll.19.dr
Source: Binary string: C:\projects\exceptionless-net\src\Exceptionless.Signed\obj\Release\net45\Exceptionless.Signed.pdbSHA256.EK source: Exceptionless.Signed.dll.19.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\ref\System.ValueTuple\4.0.3.0\net47\System.ValueTuple.pdbT*n* `*_CorDllMainmscoree.dll source: System.ValueTuple.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: Microsoft.Extensions.DependencyInjection.Abstractions.dll.19.dr
Source: Binary string: /_/obj/DocumentFormat.OpenXml/Release/net46/DocumentFormat.OpenXml.pdb source: DocumentFormat.OpenXml.dll.19.dr
Source: Binary string: System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll.19.dr
Source: Binary string: D:\Projects\adx.net\adx.net\Source\ADXDeployment\obj\Release\AddinExpress.Deployment.pdb source: adxregistrator.exe, adxregistrator.exe, 00000016.00000002.1856504938.0000000005E52000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\s\Source\Excel\obj\Release\ExcelApi.pdbSHA256 source: ExcelApi.dll.19.dr
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior

Networking

barindex
Source: Yara match File source: 22.2.adxregistrator.exe.5e50000.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.2.adxregistrator.exe.55d0000.3.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Users\user\AppData\Local\Open Box Models\Openbox\netstandard.dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.Deployment.dll, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.MSO.2005.dll, type: DROPPED
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global traffic HTTP traffic detected: GET /msi/0/1.9.99/OpenBoxAddInSetup.msi HTTP/1.1Host: openboxinstaller.s3-eu-west-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPGM+89coY52tUp&MD=T6MAUVP5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPGM+89coY52tUp&MD=T6MAUVP5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -300X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; StandardBias=0; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAQcqnfwIbuVGzBPcbSTRjyhXAFoyYUiJ3qcfH3jCfVMXltA0Q3MMFkFuieRjW9Loi/NVMH0qY7z3vtmdtCeoxioNIA90NqS/ywdduC73xnwGB7zBMbHMzwoOGdtu5FNdfOhE%2B8D14YtX3Wo%2B9GVtPcXGX7jxHtanBlz6y8I7fCALXxkzYwcMzDuo7I7ixMHVoAh9Ty1DFMz%2BtlPY0Xo8coj6MY4zaCmKCliehLAtNolYt3zMflSnEjaEpKom2wCsj7J81TiOVlbt9kjZFsB1GwTt9t18xkYm4eRE6Rc4JPZEMtECUh5AYllKvk5TrvcwYcq4Xa%2BSHlm%2B%2B64J8r1ANlcQZgAAEN4Ybkcfy1FUShqyOG4e9sewAbyO0til3RthCC03u/6LXWDUrlscO513jpTflsDF6oMfmlByF7ZhlZ3XRlX2LXqRGgOVKIo1yEH7Tz48R9dAZsuQEu/JlyGX/bInNpRMZUsEkd9SdPBvZH9l01UgWIay9oQRHPvUVCJw84DJwJCdsOTuOLqvT7kvNQwwxcNnQSMsNLZMssCdrlRN7myjWd5IonATyUJyvkBO9qdRo7LR6MZS1lpDZLds8GI9Db6zHwxj5qoZ8MhjvOd5zZ3s/pOP8mHVdGAu1uQSHJdZesE0n6tORPfi2zQourJ6gM0vx/l90d2sxF04Kb61g14WQeczLt9f2jydeZMT6XimNZLSfhzZrJfS5FzRzMvIvVlp11MlTzBoYKEU/76Ou57KKKFR0qSqE2knJdJy95i7pDNMn8KYPnHgtSKOC41fZQ0IKyIfqs2N3MbySvVgYKhCPR/DUD8eLpkNIiTCQ0CwNg32hiXrywjeJ66weqTPI9RS%2BSxpTv3F30l6cYAas1/p6g4A4LYU27zcMRjcOKpbnah3NSRWmiUmBThD46zk31sYmMfTWIcmZUW1fWJZ9/RM6EU/4dcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1732182376User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 96E3AD87F325420FA2B7D7996F0D953EX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitOrigin: https://www.bing.comAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=op&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=56f01a4ba4e741a1b6a9a732822814ff&ig=89e18f0cc08f4fc9a46d087899c6f947 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=o&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=56f01a4ba4e741a1b6a9a732822814ff&ig=daa27e7196f848b5a20ff8ad394f2173 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /PPRelatedSearch?query=Classic_%7Ba3dd4f92-658a-410f-84fd-6fbbbef2fffe%7D&lang=en-CH HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=ope&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=56f01a4ba4e741a1b6a9a732822814ff&ig=1d315b61c87b4f21b392e681109e14f2 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=open&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=56f01a4ba4e741a1b6a9a732822814ff&ig=09a2ed4c094b4988973541e9316da145 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rb/17/jnc,nj/6aa-EF2IAVwnTTOiwAbhwI_VmCw.js?bu=DygxeIQBiQGMAYEBe37GAckBMbkBMcwB&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1732182425&IPMH=32718bd0&IPMID=1707317459775; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=openb&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=5&cvid=56f01a4ba4e741a1b6a9a732822814ff&ig=21fb963c8bb8475d95e7a4c462a8108d HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=openbo&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=6&cvid=56f01a4ba4e741a1b6a9a732822814ff&ig=c2b61b7ebc034173b0586fa4030ae6c4 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=openbox&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=7&cvid=56f01a4ba4e741a1b6a9a732822814ff&ig=52bbcee5eda9415f87aacecd12129c51 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /search?q=openbox&form=WMSRPA&ao=1&qs=SW&cvid=56f01a4ba4e741a1b6a9a732822814ff&pq=openbox&cc=CH&setlang=en-CH&wsso=Moderate&qfig=52bbcee5eda9415f87aacecd12129c51&darkschemeovr=1 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 RestrictedAPIX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 416x588X-BM-DeviceDimensionsLogical: 416x588X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: StrictX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brHost: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/f4st08wpuYBQ5KWRJ3MqAsJB8zg.css?bu=C74JowP_A5oK_wjpCPIGXV1dXQ&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF
Source: global traffic HTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/yy4SnZtT2-rfsZpLbcm-u8xyafQ.css?bu=B8QCSLICmgFdXc8C&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1
Source: global traffic HTTP traffic detected: GET /rp/jntgpWGm3ZUsmq-owYox_-o5sgg.png HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/qCN8rZj8NNOAJFZKf12N8ipmd2g.svg HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/UiXP8YB9Gdj7KgQRWs9cXdPeWvs.png HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /th?id=OSK.6263701f1fe037855b63880e33b3514c&w=64&h=64&c=7&qlt=30&pcl=1b1a19&o=6&pid=SANGAM HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rb/3H/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1
Source: global traffic HTTP traffic detected: GET /fd/ls/l?IG=4B54F006B63048239757B9127CF09F2B&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:10,%22BC%22:10,%22SE%22:-1,%22TC%22:-1,%22H%22:26,%22BP%22:2180,%22CT%22:2182,%22IL%22:2},%22ad%22:[-1,-1,420,2736,420,2736,0]}&P=SERP&DA=BNZE01 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/mbLm4_280bBvzG6v_Hk7nL1KXBM.js HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rb/6m/cir3,ortl,cc,nc/86nahuYhxjiWblppiNlDkKK2XLk.css?bu=M8IKvArICrwKrAu8CrILvAq8CrwKvQu8CsQLvArKC7wK0Au8CtYLvAraCrwK4Aq8CtQKvAq8CqMLvArvCrwK9Qq8CukKvAq8CoULiAu8CrwKoAuOC7wKlAuXC7wKggy8CtwLvAqwDA&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1
Source: global traffic HTTP traffic detected: GET /rs/6v/sQ/jnc,nj/2RFgnacsz6nPw9vvxd8AGFyaQr8.js?or=w HTTP/1.1Referer: https://www.bing.com/Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1
Source: global traffic HTTP traffic detected: GET /th?id=OIP.0NKeubjYfY3hmros-s0ZUwAAAA&w=100&h=100&c=1&vt=10&pcl=1b1a19&bgcl=1b1a19&r=0&o=6&pid=5.1 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /fd/ls/l?IG=4B54F006B63048239757B9127CF09F2B&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1732182436593%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1732182436593%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DM%22%7D%5D HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /fd/ls/l?IG=4B54F006B63048239757B9127CF09F2B&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1732182436594%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DARKMODE%22%7D%5D HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /fd/ls/l?IG=4B54F006B63048239757B9127CF09F2B&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1732182436595%2C%22Name%22%3A%22%22%2C%22FID%22%3A%22NTWKTYP%22%7D%5D HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /th?id=OSK.b9225e13c52fa7ab4b0259bf569f22c2:OSK.15ca290dbf6f79ca3173611303c187f4:OSK.df522cac518a23c8773b3bf45a0325fa&w=100&h=100&c=7&pcl=1b1a19&o=6&pid=SANGAM&bw=3&bc=1B1A19 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /fd/ls/l?IG=4B54F006B63048239757B9127CF09F2B&TYPE=Event.ClientInst&DATA=%5B%7B%22width%22%3A%22420%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1732182436602%2C%22Name%22%3A%22MW%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22height%22%3A%222736%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1732182436603%2C%22Name%22%3A%22MT%22%2C%22FID%22%3A%22BRH%22%7D%2C%7B%22RawDPR%22%3A%221.0%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1732182436603%2C%22Name%22%3A%221.0%22%2C%22FID%22%3A%22DPR%22%7D%2C%7B%22T%22%3A%22CI.EffectiveLocation%22%2C%22TS%22%3A1732182436611%2C%22Name%22%3A%22tryWriteEffectiveLocation%22%2C%22FID%22%3A%22EffectiveLocation%22%7D%5D HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rb/6m/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AbwK&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1
Source: global traffic HTTP traffic detected: GET /geolocation/write?isDevLoc=false&lat=26.682584762573242&lon=-81.79415893554688&dispName=Fort%2520Myers%252C%2520Florida&isEff=1&effLocType=6&clientsid=undefined&darkschemeovr=1 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 RestrictedAPIX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1707317459X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 416x588X-BM-DeviceDimensionsLogical: 416x588X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: E7820F9996D44E0495EAEF6765FEDDF2X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A41090080B6X-MSEdge-ExternalExp: bfb3swp0129t2,d-thshld42,dsbrmchat,fliptrat10,qfmathswtophit_c,wsbref-c,wsbrel_prod,wsbswgc-t1X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: StrictX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brHost: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/IdEISQ9wmRcno7BEmDNCUXM2tT8.js HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/927Cz2OI3S9hrbXauDAfIEUYRvo.js HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/S4YbtOUBwMVsDR9KTyiwywKMQJg.js HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/0JF4gwQ3-JD96FgMlz9ecEkDlTY.js HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /rp/4ucWBkL-KL1zGhKHz72gejtRcbc.js HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1732182425&DM=0&CW=420&CH=2736&SCW=420&SCH=2736&BRW=MW&BRH=MT&DPR=1.0&UTC=-300; ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; TOptOut=1; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic DNS traffic detected: DNS query: openboxinstaller.s3-eu-west-1.amazonaws.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: application/jsonP3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"Set-Cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 16-Dec-2025 09:47:08 GMT; path=/; HttpOnlyX-EventID: 673f019cd9bd4e0192cffe1e42ee530eUserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=X-XSS-Protection: 0X-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: FD1EE2D5A36043EFA18E590C4FF61ECB Ref B: EWR30EDGE0317 Ref C: 2024-11-21T09:47:08ZDate: Thu, 21 Nov 2024 09:47:08 GMTConnection: closeContent-Length: 0
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: adxregistrator.exe, 00000016.00000002.1846675317.000000000448E000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864939265.0000000007212000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007001000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.000000000427D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: Exceptionless.Signed.dll.19.dr String found in binary or memory: http://james.newtonking.com/projects/json
Source: adxregistrator.exe, 00000016.00000002.1842413835.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.0000000003F24000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864152354.0000000006D90000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://lvcharts.net/App/examples/v1/wpf/Types%20and%20Configuration
Source: adxregistrator.exe, 00000016.00000002.1864939265.00000000071B3000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.000000000442F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://materialdesigninxaml.net/winfx/xaml/themes
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/).
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007001000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.000000000427D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/lockedCanvasehttp://purl.oclc.org/ooxml/drawingml/compatibility
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/aFChunk
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/attachedTemplate
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/audio
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/calcChain
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chart
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chartUserShapes
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chartsheet
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/commentAuthors
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/comments
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/connections
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/control
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customProperties
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customProperty
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customXml
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customXmlProps
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramColors
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramData
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramLayout
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/diagramQuickStyle
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/dialogsheet
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/drawing
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/endnotes
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/extendedProperties
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/externalLink
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/externalLinkPath
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/fontTable
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/footer
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/footnotes
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/frame
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/glossaryDocument
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/handoutMaster
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/header
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/htmlPubSaveAs
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/hyperlink
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/image
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeHeaderSource
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeRecipientData
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/mailMergeSource
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/metadata/thumbnail
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/movie
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/notesMaster
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/notesSlide
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/numbering
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/oleObject
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/package
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheDefinition
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheRecords
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotTable
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/presProps
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/printerSettings
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/queryTable
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/revisionHeaders
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/revisionLog
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/settings
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/sharedStrings
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/sheetMetadata
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slide
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideLayout
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideMaster
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateInfo
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/slideUpdateUrl
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/subDocument
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/table
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/tableSingleCells
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/tableStylesyhttp://purl.oclc.org/ooxml/offic
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/theme
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/themeOverride
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/transform
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/usernames
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/video
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/viewProps
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/volatileDependencies
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/webSettings
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/worksheet
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/xmlMaps
Source: adxregistrator.exe, 00000016.00000002.1846675317.000000000442F000.00000004.00000800.00020000.00000000.sdmp, Syncfusion.SfSkinManager.WPF.dll.19.dr String found in binary or memory: http://schemas.syncfusion.com/wpf
Source: adxregistrator.exe, 00000016.00000002.1842413835.0000000002F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: adxregistrator.exe, adxregistrator.exe, 00000016.00000002.1852131111.00000000055D2000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.add-in-express.com
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007001000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.000000000427D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gimp.org/xmp/
Source: Exceptionless.Signed.dll.19.dr String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: 671177.msi.19.dr String found in binary or memory: http://www.openboxmodels.com
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.yworks.com/xml/yfiles-wpf/3.0/xaml
Source: Exceptionless.Signed.dll.19.dr String found in binary or memory: https://collector.exceptionless.io
Source: Exceptionless.Signed.dll.19.dr String found in binary or memory: https://collector.exceptionless.io?https://config.exceptionless.ioEhttps://heartbeat.exceptionless.i
Source: Exceptionless.Signed.dll.19.dr String found in binary or memory: https://config.exceptionless.ioDhttps://heartbeat.exceptionless.io&exceptionless/4.0.0
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/IronyProject
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/IronyProject?
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json?
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/NetOfficeFw/NetOffice
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: https://github.com/NetOfficeFw/NetOffice0
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/NetOfficeFw/NetOffice?
Source: DocumentFormat.OpenXml.dll.19.dr String found in binary or memory: https://github.com/OfficeDev/Open-XML-SDK
Source: System.ValueTuple.dll.19.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: System.ValueTuple.dll.19.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: Microsoft.Extensions.DependencyInjection.Abstractions.dll.19.dr, Microsoft.Extensions.Options.dll.19.dr String found in binary or memory: https://github.com/dotnet/runtime
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/icsharpcode/AvalonEdit
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/icsharpcode/AvalonEdit?
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lbugnion/mvvmlight
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lbugnion/mvvmlight?
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/spreadsheetlab/XLParser
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/spreadsheetlab/XLParser?
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: https://sectigo.com/CPS0
Source: adxregistrator.exe, adxregistrator.exe, 00000016.00000002.1852131111.00000000055D2000.00000002.00000001.01000000.00000008.sdmp, adxregistrator.exe, 00000016.00000002.1856504938.0000000005E52000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.add-in-express.com/files/adxversions/
Source: adxregistrator.exe, 00000016.00000002.1852131111.00000000055D2000.00000002.00000001.01000000.00000008.sdmp, adxregistrator.exe, 00000016.00000002.1856504938.0000000005E52000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.add-in-express.com/files/adxversions/adx-net.txtfhttps://www.add-in-express.com/download
Source: adxregistrator.exe, 00000016.00000002.1852131111.00000000055D2000.00000002.00000001.01000000.00000008.sdmp, adxregistrator.exe, 00000016.00000002.1856504938.0000000005E52000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.add-in-express.com/news-latest.php
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0.html
Source: adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0.html?
Source: ExcelApi.dll.19.dr, OfficeApi.dll.19.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: adxregistrator.exe, 00000016.00000002.1846675317.0000000003F24000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864939265.0000000007130000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864939265.0000000006E60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://www.gridlines.com
Source: adxregistrator.exe, 00000016.00000002.1857234531.0000000005F20000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000003.1830751420.000000000412C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.openboxmodels.com/
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.42.65.85:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.86.251.30:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.123.128.254:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49772 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\67116f.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1529.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1587.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{D13C35CA-F2F7-4F15-9C04-A00736B009EB} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1692.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\671177.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\671177.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI1529.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_05E59811 22_2_05E59811
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_0687615A 22_2_0687615A
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_055B8EC8 22_2_055B8EC8
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_055B1448 22_2_055B1448
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_055B1438 22_2_055B1438
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_055B9D6B 22_2_055B9D6B
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_055B0BB0 22_2_055B0BB0
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_072BEBC0 22_2_072BEBC0
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_072BEBD0 22_2_072BEBD0
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_076A7B78 22_2_076A7B78
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_076A0628 22_2_076A0628
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Code function: 22_2_076A0618 22_2_076A0618
Source: System.Xml.XPath.dll.19.dr Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: adxregistrator.exe, 00000016.00000002.1852131111.00000000055D2000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: AReturns the Office.VBProject object for the template or document.Y
Source: Microsoft.Vbe.Interop.dll.19.dr Binary or memory string: $Microsoft.Vbe.Interop.VBProjectClass)
Source: Microsoft.Vbe.Interop.dll.19.dr Binary or memory string: %Microsoft.Vbe.Interop.VBProjectsClass)
Source: adxregistrator.exe, adxregistrator.exe, 00000016.00000002.1852131111.00000000055D2000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: AReturns the Office.VBProject object for the template or document.
Source: Microsoft.Vbe.Interop.dll.19.dr Binary or memory string: %Microsoft.Vbe.Interop.VBProjectsClass
Source: Microsoft.Vbe.Interop.dll.19.dr Binary or memory string: $Microsoft.Vbe.Interop.VBProjectClass
Source: classification engine Classification label: sus28.troj.win@28/330@4/4
Source: manual.pdf.19.dr Initial sample: http://www.scottsaddins.com/
Source: manual.pdf.19.dr Initial sample: http://www.fast-standard.org/
Source: manual.pdf.19.dr Initial sample: https://www.microsoft.com/en-us/research/blog/lambda-the-ultimatae-excel-worksheet-function/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Mutant created: NULL
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSIF50E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: adxregistrator.exe String found in binary or memory: U-AddinExpress.MSO.ADXBackstageGroupButtonStyle
Source: adxregistrator.exe String found in binary or memory: /LaunchFKeywordTopic
Source: adxregistrator.exe String found in binary or memory: /helpcol ms-help://addinexpress.
Source: adxregistrator.exe String found in binary or memory: /helpcol ms-help://addinexpress.
Source: adxregistrator.exe String found in binary or memory: "{0}" /sid="{1}" /installDir="{2}"
Source: adxregistrator.exe String found in binary or memory: /installerClassName=
Source: adxregistrator.exe String found in binary or memory: /install=
Source: adxregistrator.exe String found in binary or memory: /installDir=
Source: adxregistrator.exe String found in binary or memory: /installerclass=
Source: adxregistrator.exe String found in binary or memory: /installerarguments=
Source: adxregistrator.exe String found in binary or memory: /installerpath=
Source: adxregistrator.exe String found in binary or memory: /installermethod=
Source: adxregistrator.exe String found in binary or memory: {25df0fc1-7f97-4070-add7-4b13bbfd7cb8}
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2036,i,4189800988639774150,13901250345461583541,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://openboxinstaller.s3-eu-west-1.amazonaws.com/msi/0/1.9.99/OpenBoxAddInSetup.msi"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Downloads\OpenBoxAddInSetup.msi"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A7768F95FC427E3E885B211F39AAEAED C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 292262621E47CEE3681A434C573B0B3F
Source: C:\Windows\System32\msiexec.exe Process created: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe "C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe" /install="OpenBoxAddIn.dll" /privileges=user
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2036,i,4189800988639774150,13901250345461583541,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Downloads\OpenBoxAddInSetup.msi" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A7768F95FC427E3E885B211F39AAEAED C Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 292262621E47CEE3681A434C573B0B3F Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe "C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe" /install="OpenBoxAddIn.dll" /privileges=user Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\AddIns\OpenboxAddinv2.AddinModule Jump to behavior
Source: Binary string: F:\gs2\VS\out\binaries\x86ret\bin\i386\DPCA.pdb source: 671177.msi.19.dr
Source: Binary string: d:\Git\RP\gridcommon-xaml\WPF\SfGridCommon.WPF\Src\obj\Release-XML\Syncfusion.SfGridCommon.WPF.pdbD source: Syncfusion.SfGridCommon.WPF.dll.19.dr
Source: Binary string: F:\gs2\VS\out\binaries\x86ret\bin\i386\DPCA.pdb= source: 671177.msi.19.dr
Source: Binary string: D:\a\1\s\Source\Office\obj\Release\OfficeApi.pdbSHA256) source: OfficeApi.dll.19.dr
Source: Binary string: C:\Src\NUnit\nunit\src\NUnitFramework\framework\obj\Release\net45\nunit.framework.pdb source: nunit.framework.dll.19.dr
Source: Binary string: C:\projects\exceptionless-net\src\Exceptionless.Signed\obj\Release\net45\Exceptionless.Signed.pdb source: Exceptionless.Signed.dll.19.dr
Source: Binary string: C:\Src\NUnit\nunit\src\NUnitFramework\framework\obj\Release\net45\nunit.framework.pdbSHA256 source: nunit.framework.dll.19.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\ref\System.ValueTuple\4.0.3.0\net47\System.ValueTuple.pdb source: System.ValueTuple.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net462/Microsoft.Extensions.Options.pdb source: Microsoft.Extensions.Options.dll.19.dr
Source: Binary string: D:\Projects\adx.net\adx.net\Source\ADXRegistrator\Release\adxregistrator.pdb source: adxregistrator.exe, 00000016.00000000.1823074703.000000000033C000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: System.Runtime.CompilerServices.Unsafe.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net462/Microsoft.Extensions.Options.pdbSHA256 source: Microsoft.Extensions.Options.dll.19.dr
Source: Binary string: D:\a\1\s\Source\Excel\obj\Release\ExcelApi.pdb source: ExcelApi.dll.19.dr
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256 source: Microsoft.Extensions.DependencyInjection.Abstractions.dll.19.dr
Source: Binary string: c:\Users\levgi_000\Documents\Code\Projects\ProductionStackTrace\ProductionStackTrace\obj\Release\ProductionStackTrace.pdb source: ProductionStackTrace.dll.19.dr
Source: Binary string: D:\a\_work\1\s\src\TestFramework\MSTest.Core\obj\Release\Microsoft.VisualStudio.TestPlatform.TestFramework.pdb source: Microsoft.VisualStudio.TestPlatform.TestFramework.dll.19.dr
Source: Binary string: D:\a\1\s\Source\Office\obj\Release\OfficeApi.pdb source: OfficeApi.dll.19.dr
Source: Binary string: c:\Users\btord\Documents\Projects\LiveCharts\WpfView\obj\Release\LiveCharts.Wpf.pdb source: adxregistrator.exe, 00000016.00000002.1846675317.0000000003F24000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864319647.0000000006DC0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: d:\Git\RP\gridcommon-xaml\WPF\SfGridCommon.WPF\Src\obj\Release-XML\Syncfusion.SfGridCommon.WPF.pdb source: Syncfusion.SfGridCommon.WPF.dll.19.dr
Source: Binary string: qc:\Users\levgi_000\Documents\Code\Projects\ProductionStackTrace\ProductionStackTrace\obj\Release\ProductionStackTrace.pdb source: ProductionStackTrace.dll.19.dr
Source: Binary string: c:\Users\btord\Documents\Projects\LiveCharts\Core40\obj\Release\LiveCharts.pdb source: adxregistrator.exe, 00000016.00000002.1842413835.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1846675317.0000000003F24000.00000004.00000800.00020000.00000000.sdmp, adxregistrator.exe, 00000016.00000002.1864152354.0000000006D90000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: /_/obj/DocumentFormat.OpenXml/Release/net46/DocumentFormat.OpenXml.pdbSHA256 source: DocumentFormat.OpenXml.dll.19.dr
Source: Binary string: G:{0:N}; A:{1}.pdb; F: source: ProductionStackTrace.dll.19.dr
Source: Binary string: C:\projects\exceptionless-net\src\Exceptionless.Signed\obj\Release\net45\Exceptionless.Signed.pdbSHA256.EK source: Exceptionless.Signed.dll.19.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\ref\System.ValueTuple\4.0.3.0\net47\System.ValueTuple.pdbT*n* `*_CorDllMainmscoree.dll source: System.ValueTuple.dll.19.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: Microsoft.Extensions.DependencyInjection.Abstractions.dll.19.dr
Source: Binary string: /_/obj/DocumentFormat.OpenXml/Release/net46/DocumentFormat.OpenXml.pdb source: DocumentFormat.OpenXml.dll.19.dr
Source: Binary string: System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll.19.dr
Source: Binary string: D:\Projects\adx.net\adx.net\Source\ADXDeployment\obj\Release\AddinExpress.Deployment.pdb source: adxregistrator.exe, adxregistrator.exe, 00000016.00000002.1856504938.0000000005E52000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\s\Source\Excel\obj\Release\ExcelApi.pdbSHA256 source: ExcelApi.dll.19.dr
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\WpfBindingErrors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Globalization.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XmlSerializer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.FileVersionInfo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Tasks.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Buffers.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Cryptlex.LexActivator.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Principal.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.Watcher.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Licensing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\GalaSoft.MvvmLight.Platform.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.Concurrent.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Emit.Lightweight.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Tools.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Themes.Office2019Colorful.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Emit.ILGeneration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Exceptionless.Wpf.Signed.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.ReaderWriter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\itextsharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Web.WebView2.Wpf.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.TextWriterTraceListener.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Drawing.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.StackTrace.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\OpenAIWrap.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Emit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Office.Interop.Excel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Logging.Abstractions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\ICSharpCode.AvalonEdit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Globalization.Calendars.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.MSO.2005.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\WordApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Duplex.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.ToolbarControls.2005.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\DashboardHandler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 671176.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Web.WebView2.Core.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XPath.XDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxloader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Tasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.WebSockets.Client.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.Expressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Dynamic.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Xml.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Documenter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\XLParser.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XmlDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Windows.Forms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Office.Interop.Word.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 671172.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.Deployment.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.DependencyInjection.Abstractions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Exceptionless.Signed.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\yWorks.yFilesWPF.Algorithms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\ClipBoardLinker.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Sockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1587.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.MemoryMappedFiles.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\ExcelApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.WebHeaderCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\LexActivator.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.UnmanagedMemoryStream.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Anthropic.SDK.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Resources.ResourceManager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\GalaSoft.MvvmLight.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\NetOffice.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Http.Rtc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XPath.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Web.WebView2.WinForms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Tools.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSIF58C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\MaterialDesignThemes.Wpf.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.VisualStudio.TestPlatform.TestFramework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Http.WebRequest.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfGridCommon.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Themes.Office365.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Compression.FileSystem.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Timer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.TraceSource.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Memory.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Numerics.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Compression.ZipFile.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Encoding.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Windows.Forms.Integration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\VBIDEApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Tracing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Overlapped.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Vbe.Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\GongSolutions.WPF.DragDrop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Encodings.Web.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Amy.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\LexActivator32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 671173.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.CognitiveServices.Speech.csharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Office.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\PowerPointApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Drawing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Win32.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ValueTuple.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 671174.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSIF50E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Globalization.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.NameResolution.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\OpenBoxAddin.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Debug.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Pipes.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.TypeConverter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\OfficeApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.IsolatedStorage.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.Annotations.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxloader64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.EventBasedAsync.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Exceptionless.Windows.Signed.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.NetworkInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfTreeView.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.ThreadPool.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\ThinkSharp.FeatureTour.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\yWorks.yFilesWPF.Adapter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.Specialized.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Data.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Core.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.AppContext.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Claims.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.ML.Tokenizers.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Handles.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Process.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.InteropServices.WindowsRuntime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ObjectModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\yWorks.yFilesWPF.Viewer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\DocumentFormat.OpenXml.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\nunit.framework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.SecureString.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Resources.Reader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.DriveInfo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfBusyIndicator.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Data.Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.RegularExpressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 671175.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Ping.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.WebSockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.NonGeneric.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.DependencyInjection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\ProductionStackTrace.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.NetTcp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfSkinManager.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Windows.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Irony.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.CompilerServices.VisualC.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.InteropServices.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Console.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\OpenAI_API.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 671171.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Compression.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.Queryable.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Contracts.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Resources.Writer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Requests.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Shared.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Bcl.AsyncInterfaces.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\stdole.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Thread.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Formatters.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\netstandard.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Xaml.Behaviors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1529.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Csp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Logging.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Options.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfGrid.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Open Box Models\Openbox\MaterialDesignColors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1529.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1587.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\Documents\OBX components\OPENBOX SOFTWARE AGREEMENT.rtf Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Memory allocated: 10E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Memory allocated: 2F10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Memory allocated: 28D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\WpfBindingErrors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Globalization.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XmlSerializer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.FileVersionInfo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Tasks.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Buffers.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Cryptlex.LexActivator.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.Watcher.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Principal.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Licensing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\GalaSoft.MvvmLight.Platform.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.Concurrent.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Tasks.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Emit.Lightweight.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Tools.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Themes.Office2019Colorful.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Emit.ILGeneration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Exceptionless.Wpf.Signed.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.ReaderWriter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\itextsharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Web.WebView2.Wpf.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.TextWriterTraceListener.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Drawing.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.StackTrace.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\OpenAIWrap.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Emit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Office.Interop.Excel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Logging.Abstractions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\ICSharpCode.AvalonEdit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Globalization.Calendars.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.MSO.2005.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\WordApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Duplex.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.ToolbarControls.2005.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 671176.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\DashboardHandler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Web.WebView2.Core.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XPath.XDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxloader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Tasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.WebSockets.Client.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.Expressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Dynamic.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Xml.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Documenter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\XLParser.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XmlDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Windows.Forms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Office.Interop.Word.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 671172.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.Deployment.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.DependencyInjection.Abstractions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Exceptionless.Signed.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\yWorks.yFilesWPF.Algorithms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\ClipBoardLinker.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Sockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1587.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.MemoryMappedFiles.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\ExcelApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.WebHeaderCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\LexActivator.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.UnmanagedMemoryStream.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Anthropic.SDK.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Resources.ResourceManager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\GalaSoft.MvvmLight.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\NetOffice.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Http.Rtc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XPath.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Web.WebView2.WinForms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Tools.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\MaterialDesignThemes.Wpf.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF58C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Http.WebRequest.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.VisualStudio.TestPlatform.TestFramework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfGridCommon.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Themes.Office365.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Compression.FileSystem.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Timer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.TraceSource.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Memory.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Numerics.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Compression.ZipFile.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Encoding.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Windows.Forms.Integration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\VBIDEApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Tracing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Overlapped.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Vbe.Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\GongSolutions.WPF.DragDrop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Encodings.Web.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Amy.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\LexActivator32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 671173.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.CognitiveServices.Speech.csharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Office.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Reflection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\PowerPointApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Drawing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Win32.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ValueTuple.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 671174.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Globalization.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF50E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.NameResolution.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Debug.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\OpenBoxAddin.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Pipes.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.TypeConverter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\OfficeApi.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.IsolatedStorage.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.Annotations.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxloader64.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.EventBasedAsync.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.NetworkInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Exceptionless.Windows.Signed.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfTreeView.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.ThreadPool.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\ThinkSharp.FeatureTour.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\yWorks.yFilesWPF.Adapter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.Specialized.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Data.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Core.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.AppContext.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Claims.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.ML.Tokenizers.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Handles.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Process.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.InteropServices.WindowsRuntime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Xml.XDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ObjectModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\yWorks.yFilesWPF.Viewer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\DocumentFormat.OpenXml.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ComponentModel.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\nunit.framework.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.SecureString.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Resources.Reader.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.FileSystem.DriveInfo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfBusyIndicator.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Data.Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.RegularExpressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 671175.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Ping.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.WebSockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Collections.NonGeneric.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.DependencyInjection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\ProductionStackTrace.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.NetTcp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\SpreadsheetGear2017.Windows.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfSkinManager.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Irony.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.CompilerServices.VisualC.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.InteropServices.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Console.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\OpenAI_API.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 671171.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.Compression.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Linq.Queryable.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Diagnostics.Contracts.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Resources.Writer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Requests.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.Shared.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.IO.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Text.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Bcl.AsyncInterfaces.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\stdole.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Threading.Thread.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Runtime.Serialization.Formatters.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\netstandard.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1529.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Net.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Xaml.Behaviors.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.Security.Cryptography.Csp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Logging.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Microsoft.Extensions.Options.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\Syncfusion.SfGrid.WPF.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\System.ServiceModel.Security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Open Box Models\Openbox\MaterialDesignColors.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe TID: 5144 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: adxregistrator.exe, 00000016.00000002.1857234531.0000000005F20000.00000004.08000000.00040000.00000000.sdmp, adxregistrator.exe, 00000016.00000003.1830751420.000000000412C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: #=zSktWZQEMuYRy
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Queries volume information: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.MSO.2005.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Queries volume information: C:\Users\user\AppData\Local\Open Box Models\Openbox\OpenBoxAddin.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Queries volume information: C:\Users\user\AppData\Local\Open Box Models\Openbox\AddinExpress.Deployment.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Open Box Models\Openbox\adxregistrator.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs