Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FACTURE NON PAYEE.pdf

Overview

General Information

Sample name:FACTURE NON PAYEE.pdf
Analysis ID:1564514
MD5:73bb06673d213234b76df1f40ec3b838
SHA1:3c55b846722f46d0e8a76c3f2f6304cfeec91d9d
SHA256:390907e6794b5e411710cc087a73fb5dbe237038cb9c539d0ed8386ce5cff4c8
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
Changes security center settings (notifications, updates, antivirus, firewall)
Reads the Security eventlog
Reads the System eventlog
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Potential PowerShell Execution Policy Tampering
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 424 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FACTURE NON PAYEE.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6656 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3896 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1600,i,4384993080612932353,4786337553903259896,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 5488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urlz.fr/tdWs MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1900,i,17275964156629918062,16033610021979403989,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • svchost.exe (PID: 5552 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7816 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 7856 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 7900 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 8036 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 4120 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 4984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 8092 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Bluetrait MSP Agent.exe (PID: 5208 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
  • WmiApSrv.exe (PID: 3640 cmdline: C:\Windows\system32\wbem\WmiApSrv.exe MD5: 9A48D32D7DBA794A40BF030DA500603B)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe, ProcessId: 5208, TargetFilename: C:\Windows\TEMP\__PSScriptPolicyTest_egexbfbn.jzr.ps1
Sigma detected: Potential PowerShell Execution Policy Tampering
Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Details: Unrestricted, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe, ProcessId: 5208, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 5552, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: Page contains button: 'Cliquez ici pour installer BluetraitAgent' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'cliquez ici pour installer bluetraitagent'
Source: unknownHTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 169.150.236.104:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: unknownTCP traffic detected without corresponding DNS query: 104.21.234.214
Source: global trafficDNS traffic detected: DNS query: sogetis.bluetrait.io
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: downloads.level.io
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 169.150.236.104:443 -> 192.168.2.16:49735 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

barindex
Reads the Security eventlog
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\BluetraitAgent
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Reads the System eventlog
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\BluetraitAgent
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Bluetrait
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile deleted: C:\Windows\Temp\__PSScriptPolicyTest_egexbfbn.jzr.ps1
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Security
Source: classification engineClassification label: mal56.evad.winPDF@44/46@11/171
Source: FACTURE NON PAYEE.pdfInitial sample: https://urlz.fr/tdWs
Source: FACTURE NON PAYEE.pdfInitial sample: https://urlz.fr/tdws
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile created: C:\Program Files (x86)\Bluetrait Agent\config.json
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4984:120:WilError_03
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-28 06-57-26-802.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FACTURE NON PAYEE.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1600,i,4384993080612932353,4786337553903259896,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urlz.fr/tdWs
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1900,i,17275964156629918062,16033610021979403989,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1600,i,4384993080612932353,4786337553903259896,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urlz.fr/tdWs
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1900,i,17275964156629918062,16033610021979403989,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Windows\System32\wbem\WmiApSrv.exe C:\Windows\system32\wbem\WmiApSrv.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasapi32.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasman.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rtutils.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: netfxperf.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: pdh.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: bitsperf.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: bitsproxy.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: esentprf.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfts.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: utildll.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: tdh.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msdtcuiu.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: atl.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msdtcprx.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mtxclu.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: clusapi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: resutils.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ktmw32.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msscntrs.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfdisk.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wmiclnt.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfnet.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: browcli.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfos.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfproc.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: sysmain.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasctrs.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: tapiperf.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfctrs.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: usbperf.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: tquery.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptdll.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfos.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfdisk.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wmiclnt.dll
Source: C:\Windows\System32\wbem\WmiApSrv.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiApSrv.exeSection loaded: loadperf.dll
Source: C:\Windows\System32\wbem\WmiApSrv.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiApSrv.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WmiApSrv.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiApSrv.exeSection loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfos.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfdisk.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wmiclnt.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfos.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: perfdisk.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wmiclnt.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msisip.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wshext.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: appxsip.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: opcservices.dll
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: FACTURE NON PAYEE.pdfInitial sample: PDF keyword /JS count = 0
Source: FACTURE NON PAYEE.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: FACTURE NON PAYEE.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Bluetrait
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WmiApSrv.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1E67E2A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1E67E930000 memory reserve | memory write watch
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 9677
Source: C:\Windows\System32\svchost.exe TID: 3540Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7544Thread sleep count: 9677 > 30
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7660Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7660Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7544Thread sleep count: 133 > 30
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Bios
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 30000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: page read and write | page guard
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		3
Windows Management Instrumentation		1
Windows Service		1
Windows Service		12
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Browser Extensions		1
Process Injection		11
Disable or Modify Tools		LSASS Memory4
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		61
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		NTDS61
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials63
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    prd-level-downloads.b-cdn.net
    		169.150.236.104
    		truefalse
      		unknown
      sogetis.bluetrait.io
      		167.99.228.32
      		truefalse
        		unknown
        www.google.com
        		142.250.181.68
        		truefalse
          		high
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		high
            downloads.level.io
            		unknown
            		unknownfalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              1.1.1.1
              		unknownAustralia
              		13335CLOUDFLARENETUSfalse
              172.217.17.67
              		unknownUnited States
              		15169GOOGLEUSfalse
              172.217.17.78
              		unknownUnited States
              		15169GOOGLEUSfalse
              167.99.228.32
              		sogetis.bluetrait.ioUnited States
              		14061DIGITALOCEAN-ASNUSfalse
              2.18.109.164
              		unknownEuropean Union
              		20940AKAMAI-ASN1EUfalse
              104.21.234.214
              		unknownUnited States
              		13335CLOUDFLARENETUSfalse
              216.58.204.142
              		unknownUnited States
              		15169GOOGLEUSfalse
              50.16.47.176
              		unknownUnited States
              		14618AMAZON-AESUSfalse
              23.47.168.24
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              162.159.61.3
              		unknownUnited States
              		13335CLOUDFLARENETUSfalse
              74.125.205.84
              		unknownUnited States
              		15169GOOGLEUSfalse
              169.150.236.104
              		prd-level-downloads.b-cdn.netUnited States
              		2711SPIRITTEL-ASUSfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              142.250.181.68
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              23.195.39.65
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              142.250.201.3
              		unknownUnited States
              		15169GOOGLEUSfalse
              199.232.210.172
              		bg.microsoft.map.fastly.netUnited States
              		54113FASTLYUSfalse
              2.18.108.135
              		unknownEuropean Union
              		20940AKAMAI-ASN1EUfalse

              Private

              IP
              192.168.2.16
              192.168.2.4
              192.168.2.23
              127.0.0.1

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1564514
              Start date and time:2024-11-28 12:56:56 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:26
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:FACTURE NON PAYEE.pdf
              Detection:MAL
              Classification:mal56.evad.winPDF@44/46@11/171
              Cookbook Comments:
              • Found application associated with file extension: .pdf

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 2.18.108.135, 50.16.47.176, 18.213.11.84, 54.224.241.105, 34.237.241.83
              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
              • Report size getting too big, too many NtEnumerateKey calls found.
              • Report size getting too big, too many NtOpenKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • VT rate limit hit for: FACTURE NON PAYEE.pdf

              Created / dropped Files

              C:\Program Files (x86)\Bluetrait Agent\config.db

              Download File
              Process:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
              Category:modified
              Size (bytes):20480
              Entropy (8bit):0.7567158207016932
              Encrypted:false
              SSDEEP:
              MD5:D24A10B86F80238D3D5627438DE665EF
              SHA1:BE5A01C45E57F9F0A65B55947484DF7230FF7448
              SHA-256:4823F97FAE1AE6896DB36AA48567AEA8040DBF73305B4D03305574DF8A9AE25C
              SHA-512:38F7FFDB6BE6F18185DD85444BE9CDED34453A8B34AA0EA9FCEC66733F8EE594A2DF1F231204FE79B821CC1D2A63D3149DB111CF4C79DDD66AB66F27BE9B628D
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j..........y.'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files (x86)\Bluetrait Agent\config.db-journal

              Download File
              Process:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):1.5327186046210448
              Encrypted:false
              SSDEEP:
              MD5:65A23E95A71ECCE7323859FFF48A0BA9
              SHA1:F5E7DDE7D6DB010BCA9EFC1E9174FBAD3FE106F4
              SHA-256:FDBA6BA01FF2C8E7E6DA1009348016A5312B98488752B4397C9539807C5A5565
              SHA-512:5E887D896804CB12F8D273D2B5B8D252D48D3FA80A0D894E9316BA5A0AB6DC2516D5A2C6A21534A1C17F1D264D2273900AA9E4BE993E07F5F674AC884CAC2E9C
              Malicious:false
              Reputation:unknown
              Preview:.... .c......bc.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files (x86)\Bluetrait Agent\config.json

              Download File
              Process:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):158
              Entropy (8bit):4.8183801297301825
              Encrypted:false
              SSDEEP:
              MD5:6171503C0387B7906B5EEECA30285797
              SHA1:26061B75EE0ACDF4753186AEC6DFF3C75F920D16
              SHA-256:A861E4B3594512F357E84F28726A9A64E4310A301199F0EB0E6B45075328AD4B
              SHA-512:EC857FFF80520CDE814F376579EC660DF27FB2C6AC7B61CE0C5D62BDF2DEFA636F4C5D85830182DADD4A1FFF2FFD92F52653DF08F1CD2EBE30BD3DF34B57A7B2
              Malicious:false
              Reputation:unknown
              Preview:{"url":"https://sogetis.bluetrait.io/api/","uuid":"e7e0cb50-1935-4262-b4c2-54d13f4876dd","version":null,"id":"86","success":1,"message":"","proxy_address":""}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\17642193-2835-4f1f-9ddc-d18fc872a995.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):403
              Entropy (8bit):4.993681959235401
              Encrypted:false
              SSDEEP:
              MD5:DC00F9A577A19FBAF67FE15AE6430426
              SHA1:329A669E883B4E47114F40E5340B738EDEDBE852
              SHA-256:24D8EC4196E598FDE0E58B5AB0173D61413A8BB538593CE337FCB4C9239E2BAA
              SHA-512:30BE5DEB617D3CF0792E123BB0D072C54453DDA9891180838C0F7A37C814A94962B875E1DF08EED6CD23750CC8C0E2D32E25490728E9EC0B5981CB3835A9867B
              Malicious:false
              Reputation:unknown
              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377355058352190","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":694448},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:DC00F9A577A19FBAF67FE15AE6430426
              SHA1:329A669E883B4E47114F40E5340B738EDEDBE852
              SHA-256:24D8EC4196E598FDE0E58B5AB0173D61413A8BB538593CE337FCB4C9239E2BAA
              SHA-512:30BE5DEB617D3CF0792E123BB0D072C54453DDA9891180838C0F7A37C814A94962B875E1DF08EED6CD23750CC8C0E2D32E25490728E9EC0B5981CB3835A9867B
              Malicious:false
              Reputation:unknown
              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377355058352190","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":694448},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241128115728Z-165.bmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
              Category:dropped
              Size (bytes):65110
              Entropy (8bit):2.2511715687225027
              Encrypted:false
              SSDEEP:
              MD5:2841782ABBA853EC686EC1C61441A698
              SHA1:41FC994541EC548D0C099085C7E712FBF8BF83D8
              SHA-256:5923D229E9499A07EBBE0F45D899275F5F99634C51A6171E5EF4A2BCB0BDDF44
              SHA-512:8134A77D0C31C1F3D2187C47A3DC9855479E819E8B2320607B9F3F098EE563A1203517421AC1B7536E49053807AB8259D72726BD3ABADA12CB3F7DC7BD52FD84
              Malicious:false
              Reputation:unknown
              Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
              Category:dropped
              Size (bytes):57344
              Entropy (8bit):3.291927920232006
              Encrypted:false
              SSDEEP:
              MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
              SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
              SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
              SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):16928
              Entropy (8bit):1.2156217198413612
              Encrypted:false
              SSDEEP:
              MD5:B5E7E26D25BF94A0AE09AD34109D83DD
              SHA1:8A2C57EB3F8AE9C6E78927D0010B06F87F106EBF
              SHA-256:12ECDE555F4664290B664FC269AE942012415EC2685D1118677C68D6442AB92C
              SHA-512:DF8FCB4FDE28FBA6B0315CF91F66AD8B1267F1C1631C8A0D700928ED04DF604E14D8B7E7DAFF4E0C1A204E97C351472448D3A26E1C3A0DDF211DDF1C0D24BFD1
              Malicious:false
              Reputation:unknown
              Preview:.... .c.....:..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1391
              Entropy (8bit):7.705940075877404
              Encrypted:false
              SSDEEP:
              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
              Malicious:false
              Reputation:unknown
              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
              Category:dropped
              Size (bytes):71954
              Entropy (8bit):7.996617769952133
              Encrypted:true
              SSDEEP:
              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
              Malicious:false
              Reputation:unknown
              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):192
              Entropy (8bit):2.7790941963225158
              Encrypted:false
              SSDEEP:
              MD5:E8AE01C3C117BA27A2B88DB04161006D
              SHA1:E20701B73CA3B40FB6D25E4BE2A947F51C3A77A8
              SHA-256:BE81F8A4BE79260872202D95A88FD22CCD198D7AA09ECD9D692321BE07B09228
              SHA-512:0D738FA73763557DE184B5592135CB38067BAFB8FF3D8DB9264A10536815982B84B5FA4926AD43FB9DF8B6076F40F6600545D44B65870D330D7CFBA27E6E786B
              Malicious:false
              Reputation:unknown
              Preview:p...... .........l,..A..(....................................................... ..........W....I...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:modified
              Size (bytes):328
              Entropy (8bit):3.242990426783058
              Encrypted:false
              SSDEEP:
              MD5:46872FA348B83090C53632CCA7B69CE8
              SHA1:D1D803EA41C7FBEDF1F3E66828F495A9CA72D88C
              SHA-256:3F3F2CF5E0B75B6CE46BEBAC91B5245274A8A02267DFDA9FD2514CF6A1A0FDB2
              SHA-512:8EF3784C9E747AEB0EBD595BB1207A5A7D01607A4F91C45C832B3D1C6FC68D8598C8EA53F5174CE118309726294EE6C46749A462490C9BE7E4575B86A5C7B8EE
              Malicious:false
              Reputation:unknown
              Preview:p...... .........u..A..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.364282995357343
              Encrypted:false
              SSDEEP:
              MD5:7258B7445D7DE09F8B9482EA8CCD8297
              SHA1:EFFE84D53C67B317450B2DED74A3A593607C2F84
              SHA-256:6407577C8D3045EAA7C4EE1C8853CA87E79F73E9C5C24824F7A84F482BD7EBBC
              SHA-512:DBAECA093F64F82C0F6BB90632DF9506373A5421A95CDBCEFB5140A69AAED390247A6B264A267C02E58BE3AB8EB3527981F71139372D964F89669431B8887C55
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.312267646539254
              Encrypted:false
              SSDEEP:
              MD5:D187E444EADB7EA95F3C869BFA1B13E5
              SHA1:1BD739ACE4DB0CAFE538D1221F318515C273E860
              SHA-256:3550413E4CC87753510363FD686DDCB57B4496B7A945D2F2BFB8156AFDF49358
              SHA-512:EE05488A0D0BA6D878F7A74052FD451E784BC110CA946A9CB8A2F1B78816F36A7DBD4A35942A78656B70793658E2EA5E6B21B11A2DB7B0155B9D069D4B43D57F
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.290406561284522
              Encrypted:false
              SSDEEP:
              MD5:DBA412376A6620C08A8F6A06490D0ECB
              SHA1:C08031E680B118A63A8820DBC4577D0B1F88D1B0
              SHA-256:F9130B313EAE781653C2FE7B2DE258AE42A88F7AC104483872049B32DC89BD24
              SHA-512:CEDA19DBB60276C01BEEC382F567F2308C97D6884C32C97E8E74FC3219B4474EB209C285B95BAC9417253EC4D6ECE8411E11D871C08481286E609A478A7DF785
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):285
              Entropy (8bit):5.352695451082203
              Encrypted:false
              SSDEEP:
              MD5:85B28D75177DACC8846727A15397931D
              SHA1:CA73909B0CCB71FB6C585DF6D588288232285536
              SHA-256:F2FACE80A0D127DED443BD8897FD35D0F0E6AE9ED92E9DA15656121D5F2531A8
              SHA-512:37760CF1D76C756C041A9E3BF12A17CADDE7CF0F58DDE70710D7BFFC86A7C5ED309AFC20B0E330B564B6EEA3D699985FFED7C88D73D9E05586F811B98378ADE0
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1123
              Entropy (8bit):5.687361028403954
              Encrypted:false
              SSDEEP:
              MD5:B21D6DF07E5BB9A01D07C7FBA33EC682
              SHA1:73D6C44F272C811A77497D42C1FA868058D84AAF
              SHA-256:F52E171DD63CBC36918F88957E9A9DBDB238CBC8669F789B2093CC5644436695
              SHA-512:7034EC3B505CFEA95AF8738BD9C41E3F9364C5CCEC4B9DEDCD7CFFEDBC1924B36B0CD015CB0B869C631655294079C1DFEB5E08AA9BFB6F7A10AD29A5356BB707
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1122
              Entropy (8bit):5.6812257275573534
              Encrypted:false
              SSDEEP:
              MD5:AF2C31F210913608BB1C1D095F3AB62A
              SHA1:CCD5740BF2B637671CD2B0980D08AB4131FFD904
              SHA-256:AFFD843718329065FAB55EBDE5C8527F7988128E005517A993180F95CDB2FB28
              SHA-512:7111CA18F612C03D2FCE2CE180228FE70DF974049782BA819960DECEA86BF81EA363F76640F6A7693FFA7C043AFF3C568B59C772FEDAF72201D864BF5672493A
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.301877878233487
              Encrypted:false
              SSDEEP:
              MD5:119536B8BEA32D32A798B35F1B7CC4A3
              SHA1:A051FE9B2721DE177C23D6845EA3BEC25B9B7067
              SHA-256:6A3C222356B2A22B0202B3410B800586373C72E85069A38810586A47FB700F80
              SHA-512:F0A6A3DA2B21AA6F8A83B9449CF79B748156B82E706A1D4671CA92223109C0AEAFC7FEC2E397C19CA618D16CCE59048C2B2EB4A2126620EF63095BC0700844A6
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1102
              Entropy (8bit):5.669793936940832
              Encrypted:false
              SSDEEP:
              MD5:989910E5F11E7CA3616B9B904FF443DB
              SHA1:855EDD0CC0F564A1204F2ED3A1418092FB5470B4
              SHA-256:BEA585B9ACF5B6C0C53C0E9F44F7A8E67691CBF1690439E1F0D28AF5134DF913
              SHA-512:4F38DB8E3A1658550AAC5DBFBEE01D5FA4634647A9D306D245DC195309D7FAFABB8C7CDC2B7A7ED87D8EB81FD032D059F9DC6151A1E6686E13398DD4924F6F62
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1164
              Entropy (8bit):5.6975509186006565
              Encrypted:false
              SSDEEP:
              MD5:87F11D049449AC7E80946E51D6D40456
              SHA1:9CCEB5166267B89B28F1F6A128B6054EE1A6AEAC
              SHA-256:9FC2710C627D309F65E2BE08D0305C1ECF86A99CB0EFF01C4823A2BD86EB365F
              SHA-512:4DF4A01C06A40AEF801310125E5DB6C2FD634CB67C3181B0D63DB01EFCAFDCE8D2511326EFA4E12A83373D03C20BD510F557C047FFA061CA4B98D5256D19070E
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.30596271605027
              Encrypted:false
              SSDEEP:
              MD5:224633A6AC9B79E59CFB7C0744DFBB5B
              SHA1:F5937513B9D6CADC6ECF3BB576AC96A99D1FE24A
              SHA-256:CEA1683EDE75FBB5711A6A0DACB50DEB5F59469030E0CA614B12F0EE2E758DC4
              SHA-512:D7FA0A8F01925FBBCC040656239DA500B54222101BDDEC4F22963DC7BA189035C099219B68F884D4A462D79A6B74A8C05E0DE680B018D60F9FA801B3F5DCF276
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):284
              Entropy (8bit):5.292417057196037
              Encrypted:false
              SSDEEP:
              MD5:59E45346CA26532E304FA43127FCBB98
              SHA1:BC21CEDAD602FDD23814E6496FCFCB3BA5515861
              SHA-256:C2CFE50D4D9C4DD566E438023B26A91442D12AEAB98D01044BAD9743E3F0720B
              SHA-512:C78D7461FDB0F3C01CFA04AC1FF34CBB699760684EB172E41066B5E2AD929EA6D4C65A1EA9F497939A8E757F996E01416816119995277CB126971590F835498A
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):291
              Entropy (8bit):5.289468832857809
              Encrypted:false
              SSDEEP:
              MD5:09DA20F8D11D10825113A4F3D80748A0
              SHA1:D4B6B8B42AE7DECC68F42EED23CDBC49F32C6E1E
              SHA-256:139DFA311B9150C188A0E0CB064007F9D3E1CA4DEEDCB1B0A3FBC9FEEECEACF8
              SHA-512:C00B196FDA5B85B5EF82BB44A2440E1614F4E4304F485794232F2CAA336F18B27E7C76259884BBF10F4C26BF0A10CD419E54C64A8F0BD7F015669021E4F83F4B
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):287
              Entropy (8bit):5.292932686065933
              Encrypted:false
              SSDEEP:
              MD5:E97DEB1783C6EAEA553ED847DDDA8FCD
              SHA1:386850C1BA1ABD342331CB92D9F24A616EDC4913
              SHA-256:65EF42408F670971DA15EBDE86DFDAD86E1157221D72669A35DAC4DD46061947
              SHA-512:3FB59EDDE8BA28BB3C8BD7A4FA4DC71BAE690CC5908E512A344C2041CFDEA0E3E9E1B9FF3DF4D6F688077AA0A9EBF47A84F5C5BB9E25223F60A59B9CF641E558
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1090
              Entropy (8bit):5.6602063050287175
              Encrypted:false
              SSDEEP:
              MD5:76E271D6CBECE0C96EFFF681226DF83E
              SHA1:79AB977705261A757E2BD55DB81799EE139982AB
              SHA-256:7C2DB8082EDD6560BA639CF6955E31E20E7EA8CF36ED302A12BB2B53522C7939
              SHA-512:0578F9B0F22223501910BDE862FB640987D8D61E33E652066932FDC40A6F93E16A98E62AF9C0DF0DF68D687EADC6BA2420187543F4F615C645FE8698708F2AED
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):286
              Entropy (8bit):5.268590584968682
              Encrypted:false
              SSDEEP:
              MD5:BCBDE5E0FC0F93D021039640E9E39748
              SHA1:016D9866BE3317204FA995D451FCAF74D2A0FE5E
              SHA-256:9A8B7CDB9DFE5836E8D9F527763B54133395B1708E905B6EADA480373DE21EF4
              SHA-512:1FB49130E32EE107E4E80313918ED2797BCFAF66E87C2970BD5AC13CC455ECF5EFF3A0876278855C9BA36BD9D293F2A22F0810B8539F9C939746280C167C1A6B
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):282
              Entropy (8bit):5.272115673865228
              Encrypted:false
              SSDEEP:
              MD5:2DCB6A98D3F0B5F5078899BDB2D18611
              SHA1:D60C7DBAB5BDBB460D0D92C8EB89AED26A48B33C
              SHA-256:81C4C1A421D51143D74FBC0DE33D6F199B478CB7A0EFD6F10F5315272D6564EF
              SHA-512:CFF677CBF74409DBF156A3275935C6571641B3E1D8E9D340AF1EE385DD2B3D71F1F503ED42F3DB5AE84ABECCB84D5A022E1EF76CBF9E0B5C9E4C48762B613F18
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"8ad07996-3290-48f2-91e5-07ec6cad126c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732970914592,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):4
              Entropy (8bit):0.8112781244591328
              Encrypted:false
              SSDEEP:
              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
              Malicious:false
              Reputation:unknown
              Preview:....

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2817
              Entropy (8bit):5.134265634790744
              Encrypted:false
              SSDEEP:
              MD5:4F92703FA6A58D4A9E1B3F929B442040
              SHA1:7CBA19FF0E33AE3DEF837AE8BFEC612A70BF584C
              SHA-256:E14CFCE6B13522B7719EA0812CE4261FE49FD8EAF77ED1E11205810E66A5EFDA
              SHA-512:6873B80765EC985D59D87EC955E4C51B34885D2FC5B05D66D8FAE8DC532FB48605F9DF392EE5A798F7B9C072B018E187FABB8544556E45F59AC63FF34A1221CB
              Malicious:false
              Reputation:unknown
              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"c07ea6f6b94ac44e1afbba9c3dcfc015","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732795054000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"3434d450b513d89a7a1daf9c11953405","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732795053000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"20737c98f00ade3e55171612e095b664","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732795053000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"9eb0f083d95d7553b7c524ad6a1edf5a","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732795053000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"6a120f6ccc67b5ad006e4dec9c81a534","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732795053000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e2806138c5777d808b286ae3bff67020","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):0.9882292147771509
              Encrypted:false
              SSDEEP:
              MD5:D31E06C4D4883DB651F10C4E867CCFCF
              SHA1:56DDD8A3C99A1A84A248ABD81DF6301F0EABBDA0
              SHA-256:3C7A80C71309681D4858A5996DA6847F03CE83F5DCD3A3E2AD59C5440EF687B0
              SHA-512:4CE687F2AECCFD3744EC4721CD5BA8161A11AE1BBF1EC6E448FCCD8A05ADC23A67B832A618E224F08A9DBF6E719EFA9218D40F556DE64994C0940A3F232CC624
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):1.344594594844664
              Encrypted:false
              SSDEEP:
              MD5:ABE04AA348795F243F6BC3D79A2D1AA6
              SHA1:E95D27253A4F3DFA630055D96B0D87598DC06CC3
              SHA-256:A8A230618A5F95F56137EEED98AA2FBE8C694437FDF27F53906DCDC19AA5B08E
              SHA-512:EDF420D644EE662D998E553661635B0773AF28AA71AF06458B136CD34046E85C40D055ADD2541EAFAD9A98F81487439B6A16BD83B697D1409B80839145D861C7
              Malicious:false
              Reputation:unknown
              Preview:.... .c.......Dx......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):66726
              Entropy (8bit):5.392739213842091
              Encrypted:false
              SSDEEP:
              MD5:173EA1B2A298387E2E91E3A7308480AE
              SHA1:41DB07A54F0D23DC44BA27013C37FB96D61737BA
              SHA-256:A7F6988F929F170B6CB5CFA4CA1EBE489439A45951607B56127D7814864563AE
              SHA-512:D17777217FF91491D44487BD6F59064ACC43ECA0C648B716A6888A393157C08EDE20D29EF6863244A83FBE622D941F5EE74E00C280CA358BC2A3FA129F2FD048
              Malicious:false
              Reputation:unknown
              Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

              C:\Users\user\AppData\Local\Temp\MSI37f8e.LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):246
              Entropy (8bit):3.53559722477471
              Encrypted:false
              SSDEEP:
              MD5:0BF47A2B098FBE49E439733811328F6B
              SHA1:0DA5ED978F2B29E9DDC43B3E65028689C8D75D9D
              SHA-256:C1791F66C6FD49DFEBB583AC1175B88343BAFA397DB964CF22ED0DDC0CE5121B
              SHA-512:B2E69020D88E77E8A55CFAA48FE0F2093779353BFA90663681224B7C73CC96EFC1866EFAD5239DBA4890A7839E008739A7CF7AE22BC690FEEF0A8AC7E0EFE262
              Malicious:false
              Reputation:unknown
              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.1.1./.2.0.2.4. . .0.6.:.5.7.:.3.2. .=.=.=.....

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-28 06-57-26-802.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393)
              Category:dropped
              Size (bytes):16525
              Entropy (8bit):5.353642815103214
              Encrypted:false
              SSDEEP:
              MD5:91F06491552FC977E9E8AF47786EE7C1
              SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
              SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
              SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
              Malicious:false
              Reputation:unknown
              Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):29752
              Entropy (8bit):5.425244410261545
              Encrypted:false
              SSDEEP:
              MD5:47DB11C7DA897F7D78AF486F397F9F6E
              SHA1:D48C7DDD66B619C531D5265E6C6F275BF728C1DA
              SHA-256:EA740DDB210210997467F22A8E6538F599F0B04D617E3140A35529041E13B55B
              SHA-512:90C2AF1491A158E6E89BB01339133B7351B430E8016CDF0AF66F949F48A1114EAA03E7C196F2CECEA92992B2D27BE6812F23372B9AB82DFED6FD36F8AEEC6DEC
              Malicious:false
              Reputation:unknown
              Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 28 10:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2673
              Entropy (8bit):3.983436513421649
              Encrypted:false
              SSDEEP:
              MD5:4D4C4E6D4F23AD439C7E25F65D02606B
              SHA1:D1BAFD07633C75373211B65A7374AE77A642843F
              SHA-256:A39D1B87FF19449FD1AD204D724C778D3086CD85AACE3437DD6B905C78806568
              SHA-512:316EA4A2F909EDCD3CB88168595B5343EF34458F8901E8E7D92E7E9E05917F49E8BDE0B7C7D50FEA35E100B397A21383995C6696C83C45E6E4D2466099AED59B
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,........A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|Y$_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Y1_....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Y1_....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Y1_..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Y2_...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 28 10:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2675
              Entropy (8bit):3.9953248850128102
              Encrypted:false
              SSDEEP:
              MD5:4768BBC45411805AB1937792C232805A
              SHA1:974468C6DD2A1B98152439EB8E93D8E43AABCB1C
              SHA-256:ED5C0AED0DEA51528F3917621855D6A7526FADEE3FDF472F5E762F1F567BB415
              SHA-512:F56AA8594CAC0D0184D49A72593BDA451395986C934A4187C832B794DBB99F06AD3F5BC117081E87F4D480638687F4D01D2EAED412FE3EC499202ABDED358AEA
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.......A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|Y$_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Y1_....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Y1_....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Y1_..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Y2_...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2689
              Entropy (8bit):4.007518035296935
              Encrypted:false
              SSDEEP:
              MD5:C3D2C47ACF897EDE60FB260308490132
              SHA1:C90329A9170E581FA78F7BA4FB535798D7FEB20B
              SHA-256:59C3A87A6F68B0C512AA627043BCEF64C3BCED43DEE07D9F8AEFD1F52754C29E
              SHA-512:C762D1597375C49935FA5C0DEDC971C30C580684E7D85FEBD1BD6CF05734C9CB9E32DF43359C777CFE8A444AAB832DAD2141B733175833392BA2F0E06E3E08D3
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|Y$_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Y1_....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Y1_....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Y1_..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 28 10:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9968771239988614
              Encrypted:false
              SSDEEP:
              MD5:57ACDAA04790EB04FCE8033C52F30FF7
              SHA1:E646864BD608C9A85D902CF13193AB41B07B93D0
              SHA-256:E3E37AC307959BB1A0F21B51C98E20CC1D8F2FFE71032FB84126C5F9A86F0AD5
              SHA-512:11B73BBC5333611F8F9E9EAA14ADC20F161180835875C2DF5686176AC8FA77D79FB814816FBB8B989CD0329FC52B0FF048C609EE702927314856CE1A4C339581
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....{..A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|Y$_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Y1_....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Y1_....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Y1_..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Y2_...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 28 10:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.984187432549827
              Encrypted:false
              SSDEEP:
              MD5:7183E724CA2CD314F7363FA1E492BCCE
              SHA1:639991A1DA505A7BB3CF02E075171498755D8895
              SHA-256:F2BDF3F240FA5D7DA8AA4B818D01B56F6B385839BC550F11E04ED7F424673AF7
              SHA-512:47E77B8FD1E4750EF9F07FA53ECF7EBE7DF3855DA5C5BDF01DECCA41445823546F0F97397236FF45F8F015A963C161F6702C51D3DC13061787F180965017AF51
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....y...A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|Y$_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Y1_....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Y1_....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Y1_..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Y2_...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 28 10:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.9926150781951697
              Encrypted:false
              SSDEEP:
              MD5:DFBB138BAF9AD9D4B0808DDC057AFEA3
              SHA1:38C40A332AD577797F8C6384444D13E834A2650D
              SHA-256:D2FC2F442BAD9956605DCA27D73CFC365901BF751DC0735F38154CD0AC534D44
              SHA-512:152B830B80152330B5C4C8AA59762695756BDA4BE91B02533EFC3CF5D6FEFF55C91D64826CEC018F650BE3E31C22E51251EA4992D04A6CD42DD0B67DC977B952
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....c...A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I|Y$_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Y1_....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Y1_....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Y1_..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Y2_...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\Downloads\BluetraitAgent381.msi (copy)

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Bluetrait Agent, Author: Dalegroup Pty Ltd, Keywords: Installer, Comments: This installer database contains the logic and data required to install Bluetrait Agent., Template: Intel;1033, Revision Number: {515DB7F8-B177-4F15-9C63-948F5A7A4206}, Create Time/Date: Thu Nov 28 07:54:50 2024, Last Saved Time/Date: Thu Nov 28 07:54:50 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:1DA1EA66691B1D268FB563483BB65E77
              SHA1:88D937D431031BD8B4F56458CCC1CFD741F71ED4
              SHA-256:A7A544283691C593C9A094C70284F755EFE5B3E65D0F6449545EEA8CBC516DC8
              SHA-512:1A6460B51B505573FF00700A78507EFC2042EAAB27F05A438CD4BF9B12AE9FA8F9880DEA2E35BF4E026CBF14699D2114A2FE30EC953E57E7A5D9ED4AC9E9120B
              Malicious:false
              Reputation:unknown
              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Downloads\Unconfirmed 126916.crdownload

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Bluetrait Agent, Author: Dalegroup Pty Ltd, Keywords: Installer, Comments: This installer database contains the logic and data required to install Bluetrait Agent., Template: Intel;1033, Revision Number: {515DB7F8-B177-4F15-9C63-948F5A7A4206}, Create Time/Date: Thu Nov 28 07:54:50 2024, Last Saved Time/Date: Thu Nov 28 07:54:50 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
              Category:dropped
              Size (bytes):3723264
              Entropy (8bit):7.974604426256682
              Encrypted:false
              SSDEEP:
              MD5:1DA1EA66691B1D268FB563483BB65E77
              SHA1:88D937D431031BD8B4F56458CCC1CFD741F71ED4
              SHA-256:A7A544283691C593C9A094C70284F755EFE5B3E65D0F6449545EEA8CBC516DC8
              SHA-512:1A6460B51B505573FF00700A78507EFC2042EAAB27F05A438CD4BF9B12AE9FA8F9880DEA2E35BF4E026CBF14699D2114A2FE30EC953E57E7A5D9ED4AC9E9120B
              Malicious:false
              Reputation:unknown
              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

              Download File
              Process:C:\Program Files\Windows Defender\MpCmdRun.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:modified
              Size (bytes):4926
              Entropy (8bit):3.2491503639586705
              Encrypted:false
              SSDEEP:
              MD5:05AB46B88A80A971F59A7C4902DAD454
              SHA1:97DD47448983E6362A199451DA99F06A26652137
              SHA-256:5E77BE901FDD0C158BF487907453DAAE2AC8A394F3BB192B83EA4682B271A6BE
              SHA-512:82E8F8F7AC316B48126039C7F444666B96ADC88F2E41CA8A9993CE5AF5F6F0ED3859C73F65930C51F7532C1EA6AE5A2A7A8A6DC2A6B9CDDD11FBC8C065B8482C
              Malicious:false
              Reputation:unknown
              Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

              C:\Windows\Temp\__PSScriptPolicyTest_egexbfbn.jzr.ps1

              Download File
              Process:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Reputation:unknown
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              Static File Info

              General

              File type:PDF document, version 1.7, 2 pages
              Entropy (8bit):7.258016316342812
              TrID:
              • Adobe Portable Document Format (5005/1) 100.00%
              File name:FACTURE NON PAYEE.pdf
              File size:179'494 bytes
              MD5:73bb06673d213234b76df1f40ec3b838
              SHA1:3c55b846722f46d0e8a76c3f2f6304cfeec91d9d
              SHA256:390907e6794b5e411710cc087a73fb5dbe237038cb9c539d0ed8386ce5cff4c8
              SHA512:bcd76beb6fe59da858fc3377450f6bfc0ecf95d5e2e2cd89faf774f72dacd5ded703a6f23c725dd3f9005c7390f09109affc83b58e58fe2a607b166ec0d44c4b
              SSDEEP:3072:SqKajZzjrT3jjjjjjjjHOAtLjXEjqjLjKjl8i8OClSTXYjjjjjjjjmG++qxfD/DF:rHjZPrT3jjjjjjjjH7djXEjqjLjKjcji
              TLSH:B904CA03CD488A87A05587FC7E570DB92F1E265C99963BEE307A4ECB6F506224D4F06E
              File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(fr) /StructTreeRoot 35 0 R/MarkInfo<</Marked true>>/Metadata 82 0 R/ViewerPreferences 83 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 31 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent

              File Icon

              Icon Hash:62cc8caeb29e8ae0

              Static PDF Info

              General

              Header:%PDF-1.7
              Total Entropy:7.258016
              Total Bytes:179494
              Stream Entropy:7.225458
              Stream Bytes:170336
              Entropy outside Streams:5.311380
              Bytes outside Streams:9158
              Number of EOF found:2
              Bytes after EOF:

              Keywords Statistics

              NameCount
              obj48
              endobj48
              stream18
              endstream18
              xref2
              trailer2
              startxref2
              /Page2
              /Encrypt0
              /ObjStm1
              /URI2
              /JS0
              /JavaScript0
              /AA0
              /OpenAction0
              /AcroForm0
              /JBIG2Decode0
              /RichMedia0
              /Launch0
              /EmbeddedFile0

              Image Streams

              IDDHASHMD5Preview
              580a280d2c2a2a2a2d6ef2445a4274a03647387f85ad6591b
              680a280a2a2a2a2a2ae135d0d8f413beee3fca9a420a04333
              2586e8f4b2b2e88a829c0c5701bddea3810b1eb9d9251fde9c
              26a280a2a2a280a2a22a0ce5278140e17c3d9aec6948ea7b1a
              2800a29ab2968aa200af9514bc21e59b97843eccd43c1cdf06