Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Agent381.msi

Overview

General Information

Sample name:Agent381.msi
Analysis ID:1584761
MD5:6950b88d73f7a680167e46ad2cbfd6e0
SHA1:429ddbf500a4cff3bfd7d92c4acbb97041e77f9c
SHA256:6fd94d7c31b11fcd1a581d521faa61482d7543218fe33119b889f206ea11d334
Tags:msiXWormuser-lontze7
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 5632 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Agent381.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7160 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6000 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 322CE5DF7635FE178A41F44F6A441A46 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2352 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 90D15C1EC4D8609E3376A5CEB7FE08AC E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • Bluetrait MSP Agent.exe (PID: 6616 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 3552 cmdline: C:\Windows\system32\WerFault.exe -u -p 6616 -s 2136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 6104 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 1532 cmdline: C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • Bluetrait MSP Agent.exe (PID: 1436 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
        • WerFault.exe (PID: 2104 cmdline: C:\Windows\system32\WerFault.exe -u -p 1436 -s 2120 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 6020 cmdline: C:\Windows\system32\WerFault.exe -pss -s 456 -p 1120 -ip 1120 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 3640 cmdline: C:\Windows\system32\WerFault.exe -pss -s 608 -p 1524 -ip 1524 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 1504 cmdline: C:\Windows\system32\WerFault.exe -pss -s 568 -p 768 -ip 768 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 7080 cmdline: C:\Windows\system32\WerFault.exe -pss -s 572 -p 5696 -ip 5696 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 1532 cmdline: C:\Windows\system32\WerFault.exe -pss -s 568 -p 1436 -ip 1436 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 5036 cmdline: C:\Windows\system32\WerFault.exe -pss -s 508 -p 4404 -ip 4404 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 7072 cmdline: C:\Windows\system32\WerFault.exe -pss -s 512 -p 3040 -ip 3040 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 3496 cmdline: C:\Windows\system32\WerFault.exe -pss -s 596 -p 6612 -ip 6612 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • WerFault.exe (PID: 1640 cmdline: C:\Windows\system32\WerFault.exe -pss -s 480 -p 1364 -ip 1364 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 6980 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Bluetrait MSP Agent.exe (PID: 1120 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 1860 cmdline: C:\Windows\system32\WerFault.exe -u -p 1120 -s 2124 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Bluetrait MSP Agent.exe (PID: 1524 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 1708 cmdline: C:\Windows\system32\WerFault.exe -u -p 1524 -s 2116 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Bluetrait MSP Agent.exe (PID: 768 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 4912 cmdline: C:\Windows\system32\WerFault.exe -u -p 768 -s 2128 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Bluetrait MSP Agent.exe (PID: 5696 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 1860 cmdline: C:\Windows\system32\WerFault.exe -u -p 5696 -s 2116 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Bluetrait MSP Agent.exe (PID: 4404 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 2448 cmdline: C:\Windows\system32\WerFault.exe -u -p 4404 -s 2116 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Bluetrait MSP Agent.exe (PID: 3040 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 5444 cmdline: C:\Windows\system32\WerFault.exe -u -p 3040 -s 1408 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Bluetrait MSP Agent.exe (PID: 6612 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 5176 cmdline: C:\Windows\system32\WerFault.exe -u -p 6612 -s 2116 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Bluetrait MSP Agent.exe (PID: 1364 cmdline: "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe" MD5: 0BF209E4007D441249AE049C623F6544)
    • WerFault.exe (PID: 3308 cmdline: C:\Windows\system32\WerFault.exe -u -p 1364 -s 2128 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    5.0.Bluetrait MSP Agent.exe.1c0707a0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Sigma Signatures

      Sigma detected: Windows Processes Suspicious Parent Directory
      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 6104, ProcessName: svchost.exe

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 88.8% probability
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49706 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49846 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49855 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49992 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49993 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49996 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49997 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50000 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50002 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50003 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50005 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50009 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50011 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50012 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50015 version: TLS 1.2
      Source: Binary string: System.Data.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.pdb source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: System.pdbMZ@ source: WER92FF.tmp.dmp.35.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.Linq.2015\Release\System.Data.SQLite.Linq.pdb source: System.Data.SQLite.Linq.dll.1.dr
      Source: Binary string: System.Configuration.pdb\ source: WER1CC6.tmp.dmp.23.dr
      Source: Binary string: D:\a\LibreHardwareMonitor\LibreHardwareMonitor\LibreHardwareMonitorLib\obj\Release\net472\LibreHardwareMonitorLib.pdb source: LibreHardwareMonitorLib.dll.1.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbI. source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: cmu63tav.pdb|SharpSnmpLib.pdb source: MSIC1BA.tmp.1.dr
      Source: Binary string: System.Xml.pdbX source: WER92FF.tmp.dmp.35.dr
      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: &{E7D8576B-9982-5D2F-99F0-A7FE13D29C4E}7C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.pdb@ source: MSIC1BA.tmp.1.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Core.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.ServiceProcess.pdb` source: WER3493.tmp.dmp.26.dr, WER6368.tmp.dmp.13.dr
      Source: Binary string: System.Numerics.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: /_/src/Renci.SshNet/obj/Release/net462/Renci.SshNet.pdb source: Renci.SshNet.dll.1.dr
      Source: Binary string: System.ServiceProcess.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Numerics.pdbP source: WER7C99.tmp.dmp.32.dr
      Source: Binary string: mscorlib.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
      Source: Binary string: System.ServiceProcess.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Users\dalegroup\Source\Repos\windows-msp-agent\BluetraitUserAgent\obj\Debug\BluetraitUserAgent.pdbt source: BluetraitUserAgent.exe.1.dr
      Source: Binary string: C:\Users\lextm\source\repos\sharpsnmplib\SharpSnmpLib\obj\Release\net471\win\SharpSnmpLib.pdb source: SharpSnmpLib.dll.1.dr
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Code\src\oss\hidsharp\hid\HidSharp\obj\Release\HidSharp.pdb source: HidSharp.dll.1.dr
      Source: Binary string: C:\Users\lextm\source\repos\sharpsnmplib\SharpSnmpLib\obj\Release\net471\win\SharpSnmpLib.pdbSHA256YR^ source: SharpSnmpLib.dll.1.dr
      Source: Binary string: System.Runtime.Serialization.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Numerics.pdb`hP source: WERFA3A.tmp.dmp.20.dr
      Source: Binary string: D:\Git\PAExec\Release\PAExec.pdb source: paexec.exe.1.dr
      Source: Binary string: SharpSnmpLib.pdb@ source: MSIC1BA.tmp.1.dr
      Source: Binary string: System.Core.pdbP source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER4DD8.tmp.dmp.29.dr, WER1CC6.tmp.dmp.23.dr
      Source: Binary string: System.Xml.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Bluetrait MSP Agent.exe, 00000005.00000002.2251589619.000001C071202000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.1.dr
      Source: Binary string: Bluetrait MSP Agent.pdbNewtonsoft.Json.dll( source: WER3493.tmp.dmp.26.dr
      Source: Binary string: System.ni.pdbRSDS source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Users\dalegroup\Source\Repos\windows-msp-agent\BluetraitUserAgent\obj\Debug\BluetraitUserAgent.pdb source: BluetraitUserAgent.exe.1.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb` source: WERFA3A.tmp.dmp.20.dr, WER1CC6.tmp.dmp.23.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Bluetrait MSP Agent.exe, 00000005.00000002.2251589619.000001C071202000.00000002.00000001.01000000.00000007.sdmp, WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr, Newtonsoft.Json.dll.1.dr
      Source: Binary string: System.Configuration.pdb source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: System.Configuration.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.dr
      Source: Binary string: System.Runtime.Serialization.pdb` source: WER6368.tmp.dmp.13.dr
      Source: Binary string: mscorlib.pdb ? source: WER6368.tmp.dmp.13.dr
      Source: Binary string: 7C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.pdb source: 5cc044.rbs.1.dr
      Source: Binary string: System.Data.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Data.ni.pdbRSDSC source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Configuration.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: SharpSnmpLib.pdb source: Agent381.msi, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr
      Source: Binary string: System.Core.pdbH source: WER6368.tmp.dmp.13.dr
      Source: Binary string: System.Xml.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: D:\a\LibreHardwareMonitor\LibreHardwareMonitor\LibreHardwareMonitorLib\obj\Release\net472\LibreHardwareMonitorLib.pdbSHA256 source: LibreHardwareMonitorLib.dll.1.dr
      Source: Binary string: System.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Runtime.Serialization.pdbHP source: WERCA02.tmp.dmp.17.dr
      Source: Binary string: System.ServiceProcess.pdb source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Data.pdbH source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.ServiceProcess.ni.pdbRSDSwg source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Xml.pdbH source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Users\dalegroup\Source\Repos\windows-msp-agent\Bluetrait MSP Agent\obj\Debug\Bluetrait MSP Agent.pdb source: Bluetrait MSP Agent.exe, 00000005.00000000.2044580474.000001C0707A2000.00000002.00000001.01000000.00000003.sdmp, Bluetrait MSP Agent.exe.1.dr
      Source: Binary string: mscorlib.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Configuration.pdbMZ source: WERD590.tmp.dmp.8.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb@ source: WER92FF.tmp.dmp.35.dr
      Source: Binary string: /_/src/Renci.SshNet/obj/Release/net462/Renci.SshNet.pdbSHA2566 source: Renci.SshNet.dll.1.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll.1.dr
      Source: Binary string: System.Core.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Runtime.Serialization.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.pdb source: 5cc044.rbs.1.dr, MSIC1BA.tmp.1.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbha? source: WERD590.tmp.dmp.8.dr
      Source: Binary string: System.Runtime.Serialization.pdbMZ source: WER4DD8.tmp.dmp.29.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb. source: WERCA02.tmp.dmp.17.dr
      Source: Binary string: Bluetrait MSP Agent.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Numerics.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: SharpSnmpLib.pdb source: Agent381.msi, 5cc043.msi.1.dr
      Source: Binary string: System.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll0.1.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
      Source: C:\Windows\System32\WerFault.exeFile opened: c:Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 4x nop then jmp 00007FF848A92486h11_2_00007FF848A92373
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 4x nop then jmp 00007FF848A62486h15_2_00007FF848A62247
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 4x nop then jmp 00007FF848A632F9h15_2_00007FF848A62F96
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 4x nop then jmp 00007FF848A92486h24_2_00007FF848A92373
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 4x nop then jmp 00007FF848A832F9h30_2_00007FF848A82F96
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 4x nop then jmp 00007FF848A82486h30_2_00007FF848A82247

      Networking

      barindex
      Yara detected Generic Downloader
      Source: Yara matchFile source: 5.0.Bluetrait MSP Agent.exe.1c0707a0000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe, type: DROPPED
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
      Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/jsonHost: bluetrait.ioConnection: Keep-Alive
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00019E000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07134A000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src="https://www.facebook.com/tr?id=2793503584028423&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
      Source: global trafficDNS traffic detected: DNS query: eganarbonne.bluetrait.io
      Source: global trafficDNS traffic detected: DNS query: bluetrait.io
      Source: unknownHTTP traffic detected: POST /api/ HTTP/1.1Content-Type: application/jsonHost: eganarbonne.bluetrait.ioContent-Length: 70Expect: 100-continueConnection: Keep-Alive
      Source: svchost.exe, 00000009.00000002.3273087819.0000026818379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
      Source: svchost.exe, 00000009.00000003.2304202174.0000026818382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
      Source: svchost.exe, 00000009.00000002.3273258160.0000026818A13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272711528.0000026817AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
      Source: svchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tbA
      Source: svchost.exe, 00000009.00000002.3273285330.0000026818A3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
      Source: svchost.exe, 00000009.00000002.3273486171.0000026818AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tbpose
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C000143000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CEBD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA9D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F7D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F20013D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA9498D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E9D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.00000223245DD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13BAD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bluetrait.io
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
      Source: Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C0712DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273205101.0000026818A00000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.000001267554C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D5294000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D2F000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F27847C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACF63000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3062996313.0000025F36C5E000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3176699240.000002233CD0B000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3233197638.000001EF2C27D000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3275067092.0000014AB5268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: HidSharp.dll.1.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
      Source: HidSharp.dll.1.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
      Source: paexec.exe.1.drString found in binary or memory: http://crl.globalsign.com/gs/gscodesigng3.crl0
      Source: HidSharp.dll.1.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
      Source: HidSharp.dll.1.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
      Source: paexec.exe.1.drString found in binary or memory: http://crl.globalsign.com/root.crl0Y
      Source: HidSharp.dll.1.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
      Source: HidSharp.dll.1.drString found in binary or memory: http://crl.globalsign.net/root.crl0
      Source: Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACF7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07131C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACF7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
      Source: Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52B2000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
      Source: Bluetrait MSP Agent.exe, 00000024.00000002.3275067092.0000014AB5288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros-
      Source: Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
      Source: Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
      Source: paexec.exe.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: svchost.exe, 00000009.00000002.3272651675.0000026817ADB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
      Source: Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
      Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.9.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
      Source: BluetraitUserAgent.exe.1.drString found in binary or memory: http://dalegroup.support
      Source: svchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.o8
      Source: svchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461104273.000002681832F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221711696.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273136268.0000026818384000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461179462.0000026818382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2105904181.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221726161.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2464305973.0000026818383000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
      Source: svchost.exe, 00000009.00000003.2280665426.0000026818307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd$
      Source: svchost.exe, 00000009.00000003.2255122488.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294369094.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222675538.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222165610.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272937414.0000026818310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2281155934.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2241340792.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221711696.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222274234.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221763400.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461267074.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2280665426.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255140907.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221792281.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222571710.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294456046.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221820375.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221726161.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255033120.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2281045261.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222515500.000002681830E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
      Source: svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAA
      Source: svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAA
      Source: svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAA
      Source: svchost.exe, 00000009.00000003.2240782311.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
      Source: svchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
      Source: svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdp
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221711696.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273136268.0000026818384000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461267074.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461179462.0000026818382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221726161.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2464305973.0000026818383000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
      Source: svchost.exe, 00000009.00000003.2255122488.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294369094.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222675538.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222165610.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272937414.0000026818310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2281155934.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2241340792.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221711696.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222274234.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221763400.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461267074.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2280665426.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255140907.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221792281.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222571710.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294456046.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221820375.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221726161.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255033120.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2281045261.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222515500.000002681830E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAA
      Source: svchost.exe, 00000009.00000003.2240782311.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
      Source: svchost.exe, 00000009.00000003.2240782311.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJdR
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdP
      Source: svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdi7Ky
      Source: svchost.exe, 00000009.00000003.2105904181.0000026818352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdmlns:
      Source: svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsp
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C000103000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CE7D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA5D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F3D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F2000FD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA9494D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E5D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232459D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13B6D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://eganarbonne.bluetrait.io
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://james.newtonking.com/projects/json
      Source: Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co(
      Source: Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.dr, HidSharp.dll.1.drString found in binary or memory: http://ocsp.comodoca.com0
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
      Source: Agent381.msi, SQLite.Interop.dll0.1.dr, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, System.Data.SQLite.dll.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, System.Data.SQLite.Linq.dll.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0K
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0N
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
      Source: paexec.exe.1.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
      Source: BluetraitUserAgent.exe.1.drString found in binary or memory: http://ocsp.sectigo.com0
      Source: paexec.exe.1.drString found in binary or memory: http://ocsp.thawte.com0
      Source: paexec.exe.1.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesigng30V
      Source: HidSharp.dll.1.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
      Source: svchost.exe, 00000009.00000002.3273258160.0000026818A13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272711528.0000026817AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272012939.0000026817A83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
      Source: paexec.exe.1.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
      Source: paexec.exe.1.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
      Source: paexec.exe.1.drString found in binary or memory: http://s.symcd.com06
      Source: paexec.exe.1.drString found in binary or memory: http://s.symcd.com0_
      Source: svchost.exe, 00000009.00000003.2222165610.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222274234.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221763400.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221792281.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221820375.000002681830E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
      Source: svchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
      Source: svchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
      Source: svchost.exe, 00000009.00000003.2461267074.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461130991.0000026818379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
      Source: svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc1c=
      Source: svchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scerence
      Source: svchost.exe, 00000009.00000002.3272966095.0000026818313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scsione
      Source: svchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesue0
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00009A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CE14000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA05000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128EE5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F20009C000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA948F5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E05000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232453A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13B15000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: svchost.exe, 00000009.00000002.3272358518.0000026817AC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/20052/$
      Source: paexec.exe.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng3ocsp.crt04
      Source: HidSharp.dll.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
      Source: HidSharp.dll.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
      Source: paexec.exe.1.drString found in binary or memory: http://sw.symcb.com/sw.crl0
      Source: paexec.exe.1.drString found in binary or memory: http://sw.symcd.com0
      Source: paexec.exe.1.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
      Source: paexec.exe.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
      Source: paexec.exe.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: paexec.exe.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
      Source: paexec.exe.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: paexec.exe.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: paexec.exe.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
      Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: http://wixtoolset.org
      Source: Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.000001267556E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www..
      Source: SQLite.Interop.dll0.1.dr, System.Data.SQLite.dll.1.dr, System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
      Source: Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F27848F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
      Source: Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co7
      Source: Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CDBB000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BC99B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128E7B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F20003B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA9488B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36D9B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.00000223244DB000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13AAB000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CA9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
      Source: HidSharp.dll.1.drString found in binary or memory: http://www.zer7.com/software/hidsharp
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085751814.0000026818356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.000002681832C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=806011
      Source: svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085751814.0000026818356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085382892.0000026818357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00012B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CEA5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA85000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F65000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F200125000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA94975000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E85000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.00000223245C5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13B95000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluetrait.io
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C000127000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C000103000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00012B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CEA1000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CE7D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CEA5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA5D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA85000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA81000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F65000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F3D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F61000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F2000FD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F200125000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F200121000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA94971000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA9494D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA94975000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E85000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E81000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluetrait.io/
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00019E000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07134A000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF2A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.0000012675596000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF18000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCAF8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCB0A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52EA000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D8C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FD8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FEA000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F2784C3000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACFA8000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F9000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3062996313.0000025F36CD1000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.0000022324638000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3176699240.000002233CD3D000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232464A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3233197638.000001EF2C2CF000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13C38000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://btmsp.us4.list-manage.com/subscribe/post?u=4aa80e4d83961ef5b35c6f3fd&id=66e9b02826
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00019E000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07134A000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF2A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.0000012675596000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF18000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCAF8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCB0A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52EA000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D8C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FD8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FEA000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F2001A3000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F2784C3000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F3000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACFA8000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F9000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3062996313.0000025F36CD1000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36F03000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.0000022324638000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3176699240.000002233CD3D000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232464A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
      Source: paexec.exe.1.drString found in binary or memory: https://d.symcb.com/cps0%
      Source: paexec.exe.1.drString found in binary or memory: https://d.symcb.com/rpa0
      Source: paexec.exe.1.drString found in binary or memory: https://d.symcb.com/rpa0)
      Source: paexec.exe.1.drString found in binary or memory: https://d.symcb.com/rpa0.
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00009A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CE14000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA05000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128EE5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F20009C000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA948F5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E05000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232453A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13B15000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eganarbonne.bluetrait.io
      Source: Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CAF4000.00000004.00000800.00020000.00000000.sdmp, defaults.json.1.drString found in binary or memory: https://eganarbonne.bluetrait.io/api/
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2251589619.000001C071202000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.1.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
      Source: Newtonsoft.Json.xml.1.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/issues/652
      Source: LibreHardwareMonitorLib.dll.1.drString found in binary or memory: https://github.com/LibreHardwareMonitor/LibreHardwareMonitor
      Source: SharpSnmpLib.dll.1.drString found in binary or memory: https://github.com/lextudio/sharpsnmplib.git
      Source: Renci.SshNet.dll.1.drString found in binary or memory: https://github.com/sshnet/SSH.NET.git
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.ecur
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
      Source: svchost.exe, 00000009.00000002.3272711528.0000026817AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
      Source: svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srfh
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uif
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085751814.0000026818356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085751814.0000026818356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.000002681832C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
      Source: svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srfh
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
      Source: svchost.exe, 00000009.00000002.3272711528.0000026817AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srfice
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
      Source: svchost.exe, 00000009.00000003.2085579430.0000026818327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srff
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
      Source: svchost.exe, 00000009.00000003.2085579430.0000026818327000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
      Source: svchost.exe, 00000009.00000003.2085579430.0000026818327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfX
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.000002681832C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
      Source: svchost.exe, 00000009.00000003.2267359602.000002681835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-DtGU
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085751814.0000026818356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600UE
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
      Source: svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273285330.0000026818A3E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085542560.000002681836B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
      Source: svchost.exe, 00000009.00000003.2085061696.000002681832C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineL
      Source: svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=805024
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502R
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085751814.0000026818356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
      Source: svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085382892.0000026818357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085143324.000002681835A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.000002681832C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
      Source: svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
      Source: svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srfom
      Source: svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfLive
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
      Source: svchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
      Source: svchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srfo
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comageL
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
      Source: svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srfh
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
      Source: svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
      Source: svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
      Source: svchost.exe, 00000009.00000003.2085579430.0000026818327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
      Source: svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
      Source: svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE
      Source: SharpSnmpLib.pdb.1.drString found in binary or memory: https://raw.githubusercontent.com/lextudio/sharpsnmplib/15bb212bb89c2a33617e96c9e4be8aa97fed7479/
      Source: Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drString found in binary or memory: https://sectigo.com/CPS0
      Source: svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.000002681832C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
      Source: System.Data.SQLite.Linq.dll.1.dr, SQLite.Interop.dll.1.drString found in binary or memory: https://system.data.sqlite.org/
      Source: System.Data.SQLite.dll.1.drString found in binary or memory: https://system.data.sqlite.org/X
      Source: Renci.SshNet.dll.1.drString found in binary or memory: https://tools.ietf.org/html/rfc4253#section-4.2
      Source: System.Data.SQLite.dll.1.drString found in binary or memory: https://urn.to/r/sds_see12https://urn.to/r/sds_see2
      Source: System.Data.SQLite.dll.1.drString found in binary or memory: https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify
      Source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: paexec.exe.1.dr, HidSharp.dll.1.drString found in binary or memory: https://www.globalsign.com/repository/0
      Source: HidSharp.dll.1.drString found in binary or memory: https://www.globalsign.com/repository/03
      Source: HidSharp.dll.1.drString found in binary or memory: https://www.globalsign.com/repository/06
      Source: Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.co
      Source: Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.0000022324638000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CC03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00019E000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07134A000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF2A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.0000012675596000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF18000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCAF8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCB0A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52EA000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D8C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FD8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FEA000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F2001A3000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F2784C3000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACFA8000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F9000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3062996313.0000025F36CD1000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36F03000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3176699240.000002233CD3D000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232464A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3233197638.000001EF2C2CF000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-44483583-1
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.newtonsoft.com/json
      Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2251589619.000001C071202000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
      Source: paexec.exe.1.drString found in binary or memory: https://www.poweradmin.com0
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drString found in binary or memory: https://www.sqlite.org/copyright.html2
      Source: System.Data.SQLite.Linq.dll.1.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
      Source: System.Data.SQLite.Linq.dll.1.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49706 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49846 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49855 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49992 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49993 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49996 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49997 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50000 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50002 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50003 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50005 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50009 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50011 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50012 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 167.99.228.32:443 -> 192.168.2.5:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50015 version: TLS 1.2

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Reads the Security eventlog
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
      Reads the System eventlog
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\BluetraitAgentJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5cc043.msiJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}Jump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC1BA.tmpJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC1CA.tmpJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC297.tmpJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC2F5.tmpJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC846.tmpJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Installer\wix{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}.SchedServiceConfig.rmiJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC1CA.tmpJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A84AE85_2_00007FF848A84AE8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A92CF35_2_00007FF848A92CF3
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A875805_2_00007FF848A87580
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A876C05_2_00007FF848A876C0
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A968205_2_00007FF848A96820
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848AA2C9411_2_00007FF848AA2C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848AA9CB811_2_00007FF848AA9CB8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848AA4E9011_2_00007FF848AA4E90
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848A9475011_2_00007FF848A94750
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A72C9415_2_00007FF848A72C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A74E9015_2_00007FF848A74E90
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A6479015_2_00007FF848A64790
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A6483815_2_00007FF848A64838
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A92C9418_2_00007FF848A92C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A99CB818_2_00007FF848A99CB8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A94E9018_2_00007FF848A94E90
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A8475018_2_00007FF848A84750
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A82C9421_2_00007FF848A82C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A89CB821_2_00007FF848A89CB8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A84E9021_2_00007FF848A84E90
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A7479021_2_00007FF848A74790
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 24_2_00007FF848A9718024_2_00007FF848A97180
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 24_2_00007FF848AA85D924_2_00007FF848AA85D9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 24_2_00007FF848AA66D024_2_00007FF848AA66D0
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 24_2_00007FF848AA4E4D24_2_00007FF848AA4E4D
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 24_2_00007FF848AA2C9424_2_00007FF848AA2C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 24_2_00007FF848AA9CB824_2_00007FF848AA9CB8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 27_2_00007FF848A885D927_2_00007FF848A885D9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 27_2_00007FF848A866D027_2_00007FF848A866D0
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 27_2_00007FF848A84E4D27_2_00007FF848A84E4D
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 27_2_00007FF848A82C9427_2_00007FF848A82C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 27_2_00007FF848A89CB827_2_00007FF848A89CB8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 27_2_00007FF848A7718027_2_00007FF848A77180
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 30_2_00007FF848A985D930_2_00007FF848A985D9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 30_2_00007FF848A966D030_2_00007FF848A966D0
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 30_2_00007FF848A94E4D30_2_00007FF848A94E4D
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 30_2_00007FF848A92C9430_2_00007FF848A92C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 33_2_00007FF848A885D933_2_00007FF848A885D9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 33_2_00007FF848A866D033_2_00007FF848A866D0
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 33_2_00007FF848A84E4D33_2_00007FF848A84E4D
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 33_2_00007FF848A82C9433_2_00007FF848A82C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 33_2_00007FF848A89CB833_2_00007FF848A89CB8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 33_2_00007FF848A7718033_2_00007FF848A77180
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 36_2_00007FF848AA85D936_2_00007FF848AA85D9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 36_2_00007FF848AA66D036_2_00007FF848AA66D0
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 36_2_00007FF848AA4E4D36_2_00007FF848AA4E4D
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 36_2_00007FF848AA2C9436_2_00007FF848AA2C94
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 36_2_00007FF848AA9CB836_2_00007FF848AA9CB8
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 36_2_00007FF848A9718036_2_00007FF848A97180
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616
      Source: Agent381.msiBinary or memory string: OriginalFilenamewixca.dll\ vs Agent381.msi
      Source: SharpSnmpLib.dll.1.dr, AESPrivacyProviderBase.csCryptographic APIs: 'TransformFinalBlock'
      Source: SharpSnmpLib.dll.1.dr, AESPrivacyProviderBase.csCryptographic APIs: 'TransformFinalBlock'
      Source: SharpSnmpLib.dll.1.dr, TripleDESPrivacyProvider.csCryptographic APIs: 'TransformFinalBlock'
      Source: SharpSnmpLib.dll.1.dr, TripleDESPrivacyProvider.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
      Source: SharpSnmpLib.dll.1.dr, DESPrivacyProvider.csCryptographic APIs: 'TransformBlock'
      Source: SharpSnmpLib.dll.1.dr, DESPrivacyProvider.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
      Source: Bluetrait MSP Agent.exe.1.dr, ProcessUser.csSecurity API names: Bluetrait_MSP_Agent.ProcessUser.WindowsGrandAccess.GetAccessRules(Bluetrait_MSP_Agent.ProcessUser.WindowsGrandAccess.GenericSecurity)
      Source: Bluetrait MSP Agent.exe.1.dr, ProcessUser.csSecurity API names: Bluetrait_MSP_Agent.ProcessUser.WindowsGrandAccess.GenericSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
      Source: Bluetrait MSP Agent.exe.1.dr, ProcessUser.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.GetAccessRules(bool, bool, System.Type)
      Source: Bluetrait MSP Agent.exe.1.dr, ProcessUser.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
      Source: Bluetrait MSP Agent.exe.1.dr, ProcessUser.csSecurity API names: Bluetrait_MSP_Agent.ProcessUser.WindowsGrandAccess.GenericSecurity.GetAccessRules(bool, bool, System.Type)
      Source: classification engineClassification label: mal56.troj.evad.winMSI@66/89@2/2
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait AgentJump to behavior
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess768
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMutant created: NULL
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess6616
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess1524
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess1436
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess4404
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess6612
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess1364
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess5696
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess1120
      Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess3040
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIcc025.LOGJump to behavior
      Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
      Source: SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
      Source: Bluetrait MSP Agent.exe, 00000005.00000000.2044580474.000001C0707A2000.00000002.00000001.01000000.00000003.sdmp, Bluetrait MSP Agent.exe.1.dr, BluetraitUserAgent.exe.1.drBinary or memory string: SELECT name FROM sqlite_master WHERE type='table' AND name= @tableName;
      Source: Agent381.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
      Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Agent381.msi"
      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 322CE5DF7635FE178A41F44F6A441A46
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 90D15C1EC4D8609E3376A5CEB7FE08AC E Global\MSI0000
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6616 -s 2136
      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 456 -p 1120 -ip 1120
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1120 -s 2124
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 608 -p 1524 -ip 1524
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1524 -s 2116
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 568 -p 768 -ip 768
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 768 -s 2128
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 572 -p 5696 -ip 5696
      Source: C:\Windows\System32\WerFault.exeProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1436 -s 2120
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 508 -p 4404 -ip 4404
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4404 -s 2116
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 512 -p 3040 -ip 3040
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3040 -s 1408
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 596 -p 6612 -ip 6612
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6612 -s 2116
      Source: unknownProcess created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe "C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 480 -p 1364 -ip 1364
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1364 -s 2128
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 322CE5DF7635FE178A41F44F6A441A46Jump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 90D15C1EC4D8609E3376A5CEB7FE08AC E Global\MSI0000Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6616 -s 2136Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 456 -p 1120 -ip 1120Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1120 -s 2124Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 608 -p 1524 -ip 1524Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1524 -s 2116Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 568 -p 768 -ip 768Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 768 -s 2128Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 572 -p 5696 -ip 5696Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1120 -s 2124Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1436 -s 2120Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 508 -p 4404 -ip 4404Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4404 -s 2116Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 512 -p 3040 -ip 3040Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3040 -s 1408Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 596 -p 6612 -ip 6612Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6612 -s 2116Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 480 -p 1364 -ip 1364Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1364 -s 2128Jump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknownJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: version.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: version.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mscoree.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptsp.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rsaenh.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasapi32.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasman.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rtutils.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mswsock.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: dnsapi.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: winnsi.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: rasadhlp.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: fwpuclnt.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: secur32.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: sspicli.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: schannel.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mskeyprotect.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ntasn1.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncrypt.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ncryptsslp.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: gpapi.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: mscoree.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: Agent381.msiStatic file information: File size 3723264 > 1048576
      Source: Binary string: System.Data.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.pdb source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: System.pdbMZ@ source: WER92FF.tmp.dmp.35.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.Linq.2015\Release\System.Data.SQLite.Linq.pdb source: System.Data.SQLite.Linq.dll.1.dr
      Source: Binary string: System.Configuration.pdb\ source: WER1CC6.tmp.dmp.23.dr
      Source: Binary string: D:\a\LibreHardwareMonitor\LibreHardwareMonitor\LibreHardwareMonitorLib\obj\Release\net472\LibreHardwareMonitorLib.pdb source: LibreHardwareMonitorLib.dll.1.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbI. source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: cmu63tav.pdb|SharpSnmpLib.pdb source: MSIC1BA.tmp.1.dr
      Source: Binary string: System.Xml.pdbX source: WER92FF.tmp.dmp.35.dr
      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: &{E7D8576B-9982-5D2F-99F0-A7FE13D29C4E}7C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.pdb@ source: MSIC1BA.tmp.1.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Core.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.ServiceProcess.pdb` source: WER3493.tmp.dmp.26.dr, WER6368.tmp.dmp.13.dr
      Source: Binary string: System.Numerics.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: /_/src/Renci.SshNet/obj/Release/net462/Renci.SshNet.pdb source: Renci.SshNet.dll.1.dr
      Source: Binary string: System.ServiceProcess.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Numerics.pdbP source: WER7C99.tmp.dmp.32.dr
      Source: Binary string: mscorlib.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
      Source: Binary string: System.ServiceProcess.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Users\dalegroup\Source\Repos\windows-msp-agent\BluetraitUserAgent\obj\Debug\BluetraitUserAgent.pdbt source: BluetraitUserAgent.exe.1.dr
      Source: Binary string: C:\Users\lextm\source\repos\sharpsnmplib\SharpSnmpLib\obj\Release\net471\win\SharpSnmpLib.pdb source: SharpSnmpLib.dll.1.dr
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Code\src\oss\hidsharp\hid\HidSharp\obj\Release\HidSharp.pdb source: HidSharp.dll.1.dr
      Source: Binary string: C:\Users\lextm\source\repos\sharpsnmplib\SharpSnmpLib\obj\Release\net471\win\SharpSnmpLib.pdbSHA256YR^ source: SharpSnmpLib.dll.1.dr
      Source: Binary string: System.Runtime.Serialization.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Numerics.pdb`hP source: WERFA3A.tmp.dmp.20.dr
      Source: Binary string: D:\Git\PAExec\Release\PAExec.pdb source: paexec.exe.1.dr
      Source: Binary string: SharpSnmpLib.pdb@ source: MSIC1BA.tmp.1.dr
      Source: Binary string: System.Core.pdbP source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER4DD8.tmp.dmp.29.dr, WER1CC6.tmp.dmp.23.dr
      Source: Binary string: System.Xml.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Bluetrait MSP Agent.exe, 00000005.00000002.2251589619.000001C071202000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.1.dr
      Source: Binary string: Bluetrait MSP Agent.pdbNewtonsoft.Json.dll( source: WER3493.tmp.dmp.26.dr
      Source: Binary string: System.ni.pdbRSDS source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Users\dalegroup\Source\Repos\windows-msp-agent\BluetraitUserAgent\obj\Debug\BluetraitUserAgent.pdb source: BluetraitUserAgent.exe.1.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb` source: WERFA3A.tmp.dmp.20.dr, WER1CC6.tmp.dmp.23.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Bluetrait MSP Agent.exe, 00000005.00000002.2251589619.000001C071202000.00000002.00000001.01000000.00000007.sdmp, WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr, Newtonsoft.Json.dll.1.dr
      Source: Binary string: System.Configuration.pdb source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: System.Configuration.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Agent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.dr
      Source: Binary string: System.Runtime.Serialization.pdb` source: WER6368.tmp.dmp.13.dr
      Source: Binary string: mscorlib.pdb ? source: WER6368.tmp.dmp.13.dr
      Source: Binary string: 7C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.pdb source: 5cc044.rbs.1.dr
      Source: Binary string: System.Data.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Data.ni.pdbRSDSC source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Configuration.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: SharpSnmpLib.pdb source: Agent381.msi, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr
      Source: Binary string: System.Core.pdbH source: WER6368.tmp.dmp.13.dr
      Source: Binary string: System.Xml.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: D:\a\LibreHardwareMonitor\LibreHardwareMonitor\LibreHardwareMonitorLib\obj\Release\net472\LibreHardwareMonitorLib.pdbSHA256 source: LibreHardwareMonitorLib.dll.1.dr
      Source: Binary string: System.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Runtime.Serialization.pdbHP source: WERCA02.tmp.dmp.17.dr
      Source: Binary string: System.ServiceProcess.pdb source: WER4DD8.tmp.dmp.29.dr
      Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Data.pdbH source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.ServiceProcess.ni.pdbRSDSwg source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Xml.pdbH source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Users\dalegroup\Source\Repos\windows-msp-agent\Bluetrait MSP Agent\obj\Debug\Bluetrait MSP Agent.pdb source: Bluetrait MSP Agent.exe, 00000005.00000000.2044580474.000001C0707A2000.00000002.00000001.01000000.00000003.sdmp, Bluetrait MSP Agent.exe.1.dr
      Source: Binary string: mscorlib.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Configuration.pdbMZ source: WERD590.tmp.dmp.8.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb@ source: WER92FF.tmp.dmp.35.dr
      Source: Binary string: /_/src/Renci.SshNet/obj/Release/net462/Renci.SshNet.pdbSHA2566 source: Renci.SshNet.dll.1.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll.1.dr
      Source: Binary string: System.Core.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Runtime.Serialization.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.pdb source: 5cc044.rbs.1.dr, MSIC1BA.tmp.1.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbha? source: WERD590.tmp.dmp.8.dr
      Source: Binary string: System.Runtime.Serialization.pdbMZ source: WER4DD8.tmp.dmp.29.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb. source: WERCA02.tmp.dmp.17.dr
      Source: Binary string: Bluetrait MSP Agent.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: System.Numerics.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: SharpSnmpLib.pdb source: Agent381.msi, 5cc043.msi.1.dr
      Source: Binary string: System.ni.pdb source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll0.1.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER3493.tmp.dmp.26.dr, WERCA02.tmp.dmp.17.dr, WERFA3A.tmp.dmp.20.dr, WER92FF.tmp.dmp.35.dr, WERD590.tmp.dmp.8.dr, WER4DD8.tmp.dmp.29.dr, WER6368.tmp.dmp.13.dr, WER1CC6.tmp.dmp.23.dr, WER7C99.tmp.dmp.32.dr
      Source: LibreHardwareMonitorLib.dll.1.drStatic PE information: 0xAF9B498D [Sat May 12 10:01:49 2063 UTC]
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A8D16F push ecx; retf FFFFh5_2_00007FF848A8D494
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A882D7 pushad ; ret 5_2_00007FF848A8E929
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A88167 push ebx; ret 5_2_00007FF848A8816A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A882F0 push ds; retf 5F53h5_2_00007FF848A8D92F
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A80B58 push ecx; retn F8A7h5_2_00007FF848A80BFC
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A91599 push eax; ret 5_2_00007FF848A915B1
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A800BD pushad ; iretd 5_2_00007FF848A800C1
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 5_2_00007FF848A8105C push E8FFFFFFh; retf 5_2_00007FF848A81061
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848A9812B push ebx; ret 11_2_00007FF848A9816A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848A97958 push ebx; retf 11_2_00007FF848A9796A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848A9820F pushad ; ret 11_2_00007FF848A9E949
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848AA15B2 push eax; ret 11_2_00007FF848AA15C9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848A900BD pushad ; iretd 11_2_00007FF848A900C1
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 11_2_00007FF848A9105C push E8FFFFFFh; retf 11_2_00007FF848A91061
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A6812B push ebx; ret 15_2_00007FF848A6816A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A67958 push ebx; retf 15_2_00007FF848A6796A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A6820F pushad ; ret 15_2_00007FF848A6E949
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A715B2 push eax; ret 15_2_00007FF848A715C9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A7B6F0 pushad ; iretd 15_2_00007FF848A7B70D
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 15_2_00007FF848A600BD pushad ; iretd 15_2_00007FF848A600C1
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A8812B push ebx; ret 18_2_00007FF848A8816A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A87958 push ebx; retf 18_2_00007FF848A8796A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A8820F pushad ; ret 18_2_00007FF848A8E949
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A915B2 push eax; ret 18_2_00007FF848A915C9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A800BD pushad ; iretd 18_2_00007FF848A800C1
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 18_2_00007FF848A8105C push E8FFFFFFh; retf 18_2_00007FF848A81061
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A7812B push ebx; ret 21_2_00007FF848A7816A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A77958 push ebx; retf 21_2_00007FF848A7796A
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A7820F pushad ; ret 21_2_00007FF848A7E949
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A815B2 push eax; ret 21_2_00007FF848A815C9
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeCode function: 21_2_00007FF848A8B700 pushad ; iretd 21_2_00007FF848A8B70D
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\Microsoft.Management.Infrastructure.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC846.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC297.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\x86\SQLite.Interop.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\x64\SQLite.Interop.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC2F5.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\Renci.SshNet.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\BluetraitUserAgent.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\LibreHardwareMonitorLib.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\libraries\paexec.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.Linq.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\System.Management.Automation.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC1CA.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\HidSharp.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC846.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC297.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC2F5.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC1CA.tmpJump to dropped file
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\BluetraitJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1C070C80000 memory reserve | memory write watchJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1C0713F0000 memory reserve | memory write watchJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1265CB50000 memory reserve | memory write watchJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 12674D80000 memory reserve | memory write watchJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 210BC790000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 210D4960000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 251287E0000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 25140E40000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1F277450000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1F277B40000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1FA94070000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1FAAC850000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 25F36770000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 25F4ED60000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 22323D80000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 2233C4A0000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1EF13930000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 1EF2BA70000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 14A9C4B0000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: 14AB4A60000 memory reserve | memory write watch
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599760Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599649Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599546Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599437Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599322Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599109Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598995Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598890Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598780Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598400Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598294Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598187Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598078Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597969Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597859Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597749Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597640Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597531Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597420Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597305Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597187Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597051Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596889Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596774Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596479Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596375Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596265Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596156Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596047Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595937Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595828Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595718Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595609Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595499Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595390Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595281Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595172Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595062Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594953Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594843Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594734Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594625Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594515Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594406Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594296Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594187Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594004Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 593875Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 593758Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599343Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599234Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599124Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599016Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598899Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598596Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598469Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598359Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598250Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598141Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598031Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597922Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597811Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597561Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597266Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597140Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597031Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596921Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596812Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596703Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596594Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596469Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596359Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596250Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596140Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599343
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599234
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599122
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599015
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598625
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598344
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598017
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597561
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597452
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597343
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597233
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597125
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597015
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596906
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599344
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599109
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598719
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598609
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598500
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598390
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598281
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598171
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598061
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597953
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597841
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597700
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597592
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597360
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597249
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599765
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599547
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599437
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599328
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599109
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598882
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598638
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598520
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598391
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598266
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598156
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598011
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597904
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597789
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597630
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599766
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599641
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599531
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599422
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599313
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599188
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599063
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598938
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598640
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598516
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598397
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598281
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598172
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598060
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597953
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597844
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597719
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597610
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599763
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599547
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599437
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599328
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599089
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598969
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598408
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598088
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597982
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597874
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597764
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597546
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597437
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597328
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597218
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597109
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596891
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599766
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599657
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599532
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599407
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599282
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599157
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599030
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598918
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598652
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598531
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598154
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598044
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597929
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597813
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597688
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597563
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597344
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599343
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599221
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599084
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598920
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598694
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598578
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598469
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598206
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598078
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597969
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597844
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597734
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597625
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597515
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597405
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599765
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599547
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599438
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599321
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599203
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599094
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598984
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 2239Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 7607Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 2072Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 3990Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 1325
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 2903
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 2811
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 1860
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 591
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 3257
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 3504
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 925
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 3325
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 1080
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 2685
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 834
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 2974
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 421
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeWindow / User API: threadDelayed 1526
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\Microsoft.Management.Infrastructure.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC846.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC297.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\x86\SQLite.Interop.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\x64\SQLite.Interop.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC2F5.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\Renci.SshNet.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\BluetraitUserAgent.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\LibreHardwareMonitorLib.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.Linq.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\libraries\paexec.exeJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\System.Management.Automation.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC1CA.tmpJump to dropped file
      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Bluetrait Agent\HidSharp.dllJump to dropped file
      Source: C:\Windows\System32\msiexec.exe TID: 2296Thread sleep count: 596 > 30Jump to behavior
      Source: C:\Windows\System32\msiexec.exe TID: 2296Thread sleep time: -298000s >= -30000sJump to behavior
      Source: C:\Windows\System32\msiexec.exe TID: 2296Thread sleep time: -35000s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1436Thread sleep count: 2239 > 30Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1436Thread sleep count: 7607 > 30Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep count: 38 > 30Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -35048813740048126s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599875s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599760s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599649s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599546s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599437s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599322s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599219s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -599109s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -598995s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -598890s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -598780s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -598400s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -598294s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -598187s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -598078s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597969s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597859s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597749s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597640s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597531s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597420s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597305s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597187s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -597051s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -596889s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -596774s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -596479s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -596375s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -596265s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -596156s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -596047s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595937s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595828s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595718s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595609s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595499s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595390s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595281s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595172s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -595062s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594953s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594843s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594734s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594625s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594515s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594406s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594296s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594187s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -594004s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -593875s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6556Thread sleep time: -593758s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6804Thread sleep count: 2072 > 30Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -16602069666338586s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6804Thread sleep count: 3990 > 30Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599890s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599781s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599672s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599562s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599453s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599343s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599234s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599124s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -599016s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -598899s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -598596s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -598469s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -598359s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -598250s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -598141s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -598031s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -597922s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -597811s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -597561s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -597266s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -597140s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -597031s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596921s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596812s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596703s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596594s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596469s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596359s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596250s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 1888Thread sleep time: -596140s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6100Thread sleep count: 1325 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6100Thread sleep count: 2903 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -15679732462653109s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599890s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599781s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599672s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599562s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599453s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599343s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599234s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599122s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -599015s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -598625s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -598344s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -598017s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597890s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597781s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597672s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597561s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597452s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597343s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597233s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597125s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -597015s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6576Thread sleep time: -596906s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4204Thread sleep count: 2811 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -16602069666338586s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4204Thread sleep count: 1860 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599890s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599781s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599672s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599562s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599453s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599344s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599219s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599109s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -599000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -598719s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -598609s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -598500s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -598390s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -598281s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -598171s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -598061s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -597953s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -597841s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -597700s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -597592s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -597360s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6676Thread sleep time: -597249s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2820Thread sleep count: 591 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -12912720851596678s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599875s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2820Thread sleep count: 3257 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599765s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599656s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599547s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599437s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599328s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599219s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599109s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -599000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -598882s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -598638s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -598520s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -598391s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -598266s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -598156s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -598011s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -597904s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -597789s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4824Thread sleep time: -597630s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7064Thread sleep count: 3504 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7064Thread sleep count: 477 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -9223372036854770s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599875s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599766s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599641s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599531s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599422s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599313s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599188s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -599063s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -598938s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -598640s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -598516s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -598397s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -598281s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -598172s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -598060s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -597953s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -597844s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -597719s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2956Thread sleep time: -597610s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 5864Thread sleep count: 925 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 5864Thread sleep count: 3325 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -11990383647911201s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599875s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599763s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599656s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599547s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599437s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599328s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599219s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -599089s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -598969s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -598408s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -598088s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597982s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597874s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597764s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597656s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597546s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597437s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597328s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597218s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597109s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -597000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 2568Thread sleep time: -596891s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3948Thread sleep count: 1080 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -11068046444225724s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599875s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3948Thread sleep count: 2685 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599766s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599657s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599532s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599407s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599282s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599157s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -599030s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -598918s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -598652s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -598531s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -598154s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -598044s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -597929s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -597813s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -597688s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -597563s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -597453s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 7004Thread sleep time: -597344s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 5680Thread sleep count: 834 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -13835058055282155s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599890s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 5680Thread sleep count: 2974 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599781s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599672s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599562s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599453s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599343s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599221s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -599084s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -598920s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -598694s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -598578s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -598469s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -598206s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -598078s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -597969s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -597844s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -597734s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -597625s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -597515s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 6036Thread sleep time: -597405s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4844Thread sleep count: 421 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 4844Thread sleep count: 1526 > 30
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -8301034833169293s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -600000s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599875s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599765s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599656s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599547s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599438s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599321s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599203s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -599094s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe TID: 3588Thread sleep time: -598984s >= -30000s
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeLast function: Thread delayed
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599760Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599649Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599546Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599437Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599322Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599109Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598995Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598890Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598780Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598400Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598294Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598187Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598078Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597969Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597859Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597749Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597640Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597531Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597420Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597305Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597187Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597051Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596889Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596774Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596479Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596375Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596265Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596156Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596047Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595937Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595828Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595718Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595609Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595499Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595390Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595281Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595172Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 595062Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594953Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594843Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594734Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594625Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594515Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594406Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594296Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594187Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 594004Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 593875Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 593758Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599343Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599234Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599124Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599016Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598899Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598596Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598469Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598359Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598250Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598141Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598031Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597922Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597811Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597561Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597266Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597140Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597031Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596921Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596812Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596703Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596594Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596469Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596359Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596250Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596140Jump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599343
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599234
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599122
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599015
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598625
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598344
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598017
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597561
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597452
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597343
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597233
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597125
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597015
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596906
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599344
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599109
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598719
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598609
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598500
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598390
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598281
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598171
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598061
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597953
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597841
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597700
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597592
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597360
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597249
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599765
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599547
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599437
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599328
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599109
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598882
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598638
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598520
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598391
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598266
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598156
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598011
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597904
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597789
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597630
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599766
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599641
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599531
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599422
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599313
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599188
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599063
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598938
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598640
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598516
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598397
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598281
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598172
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598060
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597953
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597844
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597719
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597610
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599763
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599547
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599437
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599328
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599219
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599089
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598969
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598408
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598088
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597982
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597874
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597764
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597546
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597437
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597328
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597218
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597109
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 596891
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599766
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599657
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599532
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599407
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599282
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599157
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599030
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598918
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598652
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598531
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598154
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598044
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597929
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597813
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597688
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597563
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597344
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599890
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599781
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599672
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599562
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599453
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599343
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599221
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599084
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598920
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598694
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598578
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598469
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598206
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598078
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597969
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597844
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597734
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597625
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597515
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 597405
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 600000
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599875
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599765
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599656
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599547
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599438
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599321
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599203
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 599094
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeThread delayed: delay time: 598984
      Source: Amcache.hve.8.drBinary or memory string: VMware
      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
      Source: Bluetrait MSP Agent.exe, 00000021.00000002.3229700713.000001EF1338B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
      Source: svchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
      Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: svchost.exe, 00000009.00000002.3273258160.0000026818A13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTcpV6VMWare
      Source: svchost.exe, 00000009.00000002.3272651675.0000026817ADB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Bluetrait MSP Agent.exe, 0000001B.00000002.3062996313.0000025F36C30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
      Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C0712C0000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.0000012675502000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128CF8000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992686440.000001FAACF10000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3176699240.000002233CCE0000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3275067092.0000014AB5230000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: Amcache.hve.8.drBinary or memory string: vmci.sys
      Source: Amcache.hve.8.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D5250000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh_0
      Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.8.drBinary or memory string: VMware20,1
      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F278427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh
      Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6616 -s 2136Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 456 -p 1120 -ip 1120Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1120 -s 2124Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 608 -p 1524 -ip 1524Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1524 -s 2116Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 568 -p 768 -ip 768Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 768 -s 2128Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 572 -p 5696 -ip 5696Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1120 -s 2124Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1436 -s 2120Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 508 -p 4404 -ip 4404Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4404 -s 2116Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 512 -p 3040 -ip 3040Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3040 -s 1408Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 596 -p 6612 -ip 6612Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6612 -s 2116Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 480 -p 1364 -ip 1364Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1364 -s 2128Jump to behavior
      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe
      Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 BlobJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Replication Through Removable Media      		Windows Management Instrumentation1
      Windows Service      		1
      Windows Service      		21
      Masquerading      		OS Credential Dumping1
      Query Registry      		Remote Services11
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		11
      Process Injection      		11
      Disable or Modify Tools      		LSASS Memory11
      Security Software Discovery      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		31
      Virtualization/Sandbox Evasion      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS31
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture4
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets1
      Application Window Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information      		Cached Domain Credentials11
      Peripheral Device Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Timestomp      		DCSync13
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
      File Deletion      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584761 Sample: Agent381.msi Startdate: 06/01/2025 Architecture: WINDOWS Score: 56 50 eganarbonne.bluetrait.io 2->50 52 bluetrait.io 2->52 54 bg.microsoft.map.fastly.net 2->54 60 AI detected suspicious sample 2->60 62 Yara detected Generic Downloader 2->62 9 Bluetrait MSP Agent.exe 18 2 2->9         started        13 msiexec.exe 27 41 2->13         started        16 svchost.exe 25 58 2->16         started        18 10 other processes 2->18 signatures3 process4 dnsIp5 56 eganarbonne.bluetrait.io 167.99.228.32, 443, 49706, 49846 DIGITALOCEAN-ASNUS United States 9->56 58 bluetrait.io 188.114.96.3, 443, 49707, 49855 CLOUDFLARENETUS European Union 9->58 64 Reads the Security eventlog 9->64 66 Reads the System eventlog 9->66 20 WerFault.exe 19 16 9->20         started        42 C:\...\Bluetrait MSP Agent.exe, PE32 13->42 dropped 44 C:\Windows\Installer\MSIC846.tmp, PE32 13->44 dropped 46 C:\Windows\Installer\MSIC2F5.tmp, PE32 13->46 dropped 48 15 other files (none is malicious) 13->48 dropped 22 msiexec.exe 13->22         started        24 msiexec.exe 1 13->24         started        26 WerFault.exe 2 16->26         started        28 WerFault.exe 16->28         started        30 WerFault.exe 16->30         started        34 7 other processes 16->34 32 WerFault.exe 18->32         started        36 7 other processes 18->36 file6 signatures7 process8 process9 38 Bluetrait MSP Agent.exe 26->38         started        process10 40 WerFault.exe 38->40         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Agent381.msi2%VirustotalBrowse
      Agent381.msi5%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\BluetraitUserAgent.exe3%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\HidSharp.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\LibreHardwareMonitorLib.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\Microsoft.Management.Infrastructure.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\Renci.SshNet.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.Linq.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\System.Management.Automation.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\libraries\paexec.exe5%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\x64\SQLite.Interop.dll0%ReversingLabs
      C:\Program Files (x86)\Bluetrait Agent\x86\SQLite.Interop.dll0%ReversingLabs
      C:\Windows\Installer\MSIC1CA.tmp0%ReversingLabs
      C:\Windows\Installer\MSIC297.tmp0%ReversingLabs
      C:\Windows\Installer\MSIC2F5.tmp0%ReversingLabs
      C:\Windows\Installer\MSIC846.tmp0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://www.googletagmanager.co0%Avira URL Cloudsafe
      http://microsoft.co(0%Avira URL Cloudsafe
      https://www.poweradmin.com00%Avira URL Cloudsafe
      http://www..0%Avira URL Cloudsafe
      https://bluetrait.io0%Avira URL Cloudsafe
      https://btmsp.us4.list-manage.com/subscribe/post?u=4aa80e4d83961ef5b35c6f3fd&id=66e9b028260%Avira URL Cloudsafe
      https://eganarbonne.bluetrait.io/api/0%Avira URL Cloudsafe
      http://docs.oasis-open.o80%Avira URL Cloudsafe
      http://www.microsoft.co70%Avira URL Cloudsafe
      http://eganarbonne.bluetrait.io0%Avira URL Cloudsafe
      http://www.w3.0%Avira URL Cloudsafe
      http://bluetrait.io0%Avira URL Cloudsafe
      http://www.zer7.com/software/hidsharp0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bg.microsoft.map.fastly.net
      		199.232.210.172
      		truefalse
        		high
        eganarbonne.bluetrait.io
        		167.99.228.32
        		truefalse
          		unknown
          bluetrait.io
          		188.114.96.3
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://eganarbonne.bluetrait.io/api/false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJdRsvchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://www.googletagmanager.coBluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F3000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drfalse
                		high
                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdPsvchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2005/02/sc1c=svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://microsoft.co(Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52B2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://btmsp.us4.list-manage.com/subscribe/post?u=4aa80e4d83961ef5b35c6f3fd&id=66e9b02826Bluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00019E000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07134A000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF2A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.0000012675596000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF18000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCAF8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCB0A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52EA000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D8C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FD8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FEA000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F2784C3000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACFA8000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F9000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3062996313.0000025F36CD1000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.0000022324638000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3176699240.000002233CD3D000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232464A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3233197638.000001EF2C2CF000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13C38000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13C1A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.microsoft.coBluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F27848F000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://Passport.NET/tbAsvchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAsvchost.exe, 00000009.00000003.2255122488.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294369094.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222675538.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222165610.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272937414.0000026818310000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2281155934.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2241340792.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221711696.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222274234.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221763400.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461267074.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2280665426.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255140907.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221792281.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222571710.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294456046.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221820375.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221726161.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255033120.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2281045261.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222515500.000002681830E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://Passport.NET/tbposesvchost.exe, 00000009.00000002.3273486171.0000026818AAE000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://tools.ietf.org/html/rfc4253#section-4.2Renci.SshNet.dll.1.drfalse
                                  		high
                                  http://wixtoolset.orgAgent381.msi, 5cc044.rbs.1.dr, MSIC2F5.tmp.1.dr, MSIC846.tmp.1.dr, MSIC1CA.tmp.1.dr, 5cc043.msi.1.dr, MSIC1BA.tmp.1.dr, MSIC297.tmp.1.drfalse
                                    		high
                                    https://connect.facebook.net/en_US/fbevents.jsBluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00019E000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07134A000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF2A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.0000012675596000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CF18000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCAF8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCB0A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2719478057.00000210D52EA000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D8C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FD8000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128FEA000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F2001A3000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2932010486.000001F2784C3000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F3000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACFA8000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA949F9000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3062996313.0000025F36CD1000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36F03000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.0000022324638000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3176699240.000002233CD3D000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232464A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAsvchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://bluetrait.ioBluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00012B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CEA5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA85000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F65000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F200125000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA94975000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E85000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.00000223245C5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13B95000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB85000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAsvchost.exe, 00000009.00000003.2240782311.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdssvchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsvchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/JamesNK/Newtonsoft.Json/issues/652Newtonsoft.Json.xml.1.drfalse
                                                  		high
                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAsvchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.sqlite.org/lang_corefunc.htmlSystem.Data.SQLite.Linq.dll.1.drfalse
                                                        		high
                                                        http://www.microsoft.cBluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C00009A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CE14000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA05000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128EE5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F20009C000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA948F5000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E05000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232453A000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13B15000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB05000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://Passport.NET/tb_svchost.exe, 00000009.00000002.3273285330.0000026818A3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://eganarbonne.bluetrait.ioBluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C000103000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CE7D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA5D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F3D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F2000FD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA9494D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E5D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.000002232459D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13B6D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB5D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJsvchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://account.live.com/msangcwamsvchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085382892.0000026818357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdpsvchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.ver)svchost.exe, 00000009.00000002.3272651675.0000026817ADB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://passport.net/tbsvchost.exe, 00000009.00000002.3273258160.0000026818A13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272711528.0000026817AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3272012939.0000026817A83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.microBluetrait MSP Agent.exe, 00000005.00000002.2251705355.000001C07131C000.00000004.00000020.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2992875054.000001FAACF7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/lextudio/sharpsnmplib.gitSharpSnmpLib.dll.1.drfalse
                                                                              		high
                                                                              https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.1.drfalse
                                                                                		high
                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAsvchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271909786.0000026817A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdessvchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/scsionesvchost.exe, 00000009.00000002.3272966095.0000026818313000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://account.live.com/Wizard/Password/Change?id=806011svchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://login.ecursvchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://urn.to/r/sds_see12https://urn.to/r/sds_see2System.Data.SQLite.dll.1.drfalse
                                                                                              		high
                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdi7Kysvchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www..Bluetrait MSP Agent.exe, 0000000B.00000002.2470204109.000001267556E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://docs.oasis-open.o8svchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdmlns:svchost.exe, 00000009.00000003.2105904181.0000026818352000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://ocsp.sectigo.com0BluetraitUserAgent.exe.1.drfalse
                                                                                                    		high
                                                                                                    https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSIDsvchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAsvchost.exe, 00000009.00000003.2240782311.0000026818329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 00000009.00000003.2222165610.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2222274234.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221763400.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221792281.000002681830F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221820375.000002681830E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://system.data.sqlite.org/XSystem.Data.SQLite.dll.1.drfalse
                                                                                                                		high
                                                                                                                https://www.newtonsoft.com/jsonNewtonsoft.Json.dll.1.drfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/20052/$svchost.exe, 00000009.00000002.3272358518.0000026817AC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.microsoft.co7Bluetrait MSP Agent.exe, 00000012.00000002.2845232812.0000025128D5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drfalse
                                                                                                                        		high
                                                                                                                        https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000009.00000003.2085360511.000002681833B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085434116.0000026818363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.poweradmin.com0paexec.exe.1.drfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.w3.Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CDBB000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BC99B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128E7B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F20003B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA9488B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36D9B000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.00000223244DB000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13AAB000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CA9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0paexec.exe.1.drfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.orgsvchost.exe, 00000009.00000002.3273311840.0000026818A5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAsvchost.exe, 00000009.00000003.2255080054.0000026818378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://Passport.NET/tbsvchost.exe, 00000009.00000003.2304202174.0000026818382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.zer7.com/software/hidsharpHidSharp.dll.1.drfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000009.00000002.3271830222.0000026817A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221711696.0000026818307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273136268.0000026818384000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461267074.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461233031.0000026818376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2461179462.0000026818382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2221726161.000002681830E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2464305973.0000026818383000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2280881833.0000026818377000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000009.00000002.3273087819.0000026818379000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMMsvchost.exe, 00000009.00000003.2085579430.0000026818327000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/sshnet/SSH.NET.gitRenci.SshNet.dll.1.drfalse
                                                                                                                                              		high
                                                                                                                                              https://signup.live.com/signup.aspxsvchost.exe, 00000009.00000003.2085404011.0000026818340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.000002681832C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/LibreHardwareMonitor/LibreHardwareMonitorLibreHardwareMonitorLib.dll.1.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/JamesNK/Newtonsoft.JsonBluetrait MSP Agent.exe, 00000005.00000002.2251589619.000001C071202000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.1.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085751814.0000026818356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://sectigo.com/CPS0Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://bluetrait.ioBluetrait MSP Agent.exe, 00000005.00000002.2250493277.000001C000143000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000B.00000002.2469480416.000001265CEBD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000000F.00000002.2718472787.00000210BCA9D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000012.00000002.2845778390.0000025128F7D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000015.00000002.2929415456.000001F20013D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000018.00000002.2991411603.000001FA9498D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001B.00000002.3063631993.0000025F36E9D000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 0000001E.00000002.3175118461.00000223245DD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000021.00000002.3231275549.000001EF13BAD000.00000004.00000800.00020000.00000000.sdmp, Bluetrait MSP Agent.exe, 00000024.00000002.3273202475.0000014A9CB9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000009.00000002.3272999414.0000026818337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAAsvchost.exe, 00000009.00000003.2240782311.0000026818329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://raw.githubusercontent.com/lextudio/sharpsnmplib/15bb212bb89c2a33617e96c9e4be8aa97fed7479/SharpSnmpLib.pdb.1.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.sqlite.org/lang_aggfunc.htmlSystem.Data.SQLite.Linq.dll.1.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://ocsp.thawte.com0paexec.exe.1.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 00000009.00000003.2085160117.0000026818352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085061696.0000026818329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#Agent381.msi, Bluetrait MSP Agent.exe.1.dr, 5cc043.msi.1.dr, BluetraitUserAgent.exe.1.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 00000009.00000002.3271875762.0000026817A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2085123192.0000026818310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://upx.sf.netAmcache.hve.8.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesue0svchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.sqlite.org/copyright.html2SQLite.Interop.dll0.1.dr, SQLite.Interop.dll.1.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.1.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesvchost.exe, 00000009.00000003.2294477298.000002681836E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3273036554.000002681835F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.2294438314.000002681836D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high

                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                          Public IPs

                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                          188.114.96.3
                                                                                                                                                                                          		bluetrait.ioEuropean Union
                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                          167.99.228.32
                                                                                                                                                                                          		eganarbonne.bluetrait.ioUnited States
                                                                                                                                                                                          		14061DIGITALOCEAN-ASNUSfalse

                                                                                                                                                                                          General Information

                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                          Analysis ID:1584761
                                                                                                                                                                                          Start date and time:2025-01-06 12:58:11 +01:00
                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                          Overall analysis duration:0h 9m 29s
                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                          Report type:full
                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                          Number of analysed new started processes analysed:39
                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                          Technologies:
                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                          Sample name:Agent381.msi
                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                          Classification:mal56.troj.evad.winMSI@66/89@2/2
                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                          • Successful, ratio: 93%
                                                                                                                                                                                          • Number of executed functions: 324
                                                                                                                                                                                          • Number of non-executed functions: 7
                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                          • Found application associated with file extension: .msi

                                                                                                                                                                                          Warnings

                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 40.126.32.76, 40.126.32.68, 20.190.160.22, 40.126.32.72, 40.126.32.138, 40.126.32.134, 40.126.32.74, 20.190.160.20, 199.232.210.172, 52.168.117.173, 20.42.65.92, 20.189.173.22, 20.189.173.21, 104.208.16.94, 20.42.73.29, 172.202.163.200, 13.107.246.45
                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 1120 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 1364 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 1436 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 1524 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 3040 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 4404 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 5696 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 6612 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 6616 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target Bluetrait MSP Agent.exe, PID 768 because it is empty
                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                          Simulations

                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                          06:59:03API Interceptor347x Sleep call for process: Bluetrait MSP Agent.exe modified
                                                                                                                                                                                          06:59:21API Interceptor9x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                          06:59:39API Interceptor548x Sleep call for process: msiexec.exe modified

                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                          IPs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          188.114.96.3Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                          • unasnetds.ru/eternalPython_RequestUpdateprocessAuthSqlTrafficTemporary.php
                                                                                                                                                                                          QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                          • filetransfer.io/data-package/u7ghXEYp/download
                                                                                                                                                                                          CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • www.mffnow.info/1a34/
                                                                                                                                                                                          A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • www.mydreamdeal.click/1ag2/
                                                                                                                                                                                          SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • www.questmatch.pro/ipd6/
                                                                                                                                                                                          QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                          • filetransfer.io/data-package/I7fmQg9d/download
                                                                                                                                                                                          need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • www.rtpwslot888gol.sbs/jmkz/
                                                                                                                                                                                          QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                          • filetransfer.io/data-package/Bh1Kj4RD/download
                                                                                                                                                                                          http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                                                                                                          QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • filetransfer.io/data-package/XrlEIxYp/download
                                                                                                                                                                                          167.99.228.32Rappel de paiement.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            FACTURE NON PAYEE.pdfGet hashmaliciousUnknownBrowse

                                                                                                                                                                                              Domains

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              bluetrait.ioRappel de paiement.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              FACTURE NON PAYEE.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              bg.microsoft.map.fastly.netbuild.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              AZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              CKi4EZWZsC.ps1Get hashmaliciousDcRat, KeyLogger, StormKitty, Strela Stealer, VenomRATBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              LZUCldA1ro.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              4HbZBsYZ48.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              DUD6CqQ1Uj.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              ny9LDJr6pA.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              JP1KbvjWcM.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                              cZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                              jaTDEkWCbs.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • 199.232.210.172

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              DIGITALOCEAN-ASNUSHACK-GAMER.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                                                                                                                                                                              • 167.99.38.229
                                                                                                                                                                                              https://o365info.com/get-unlicensed-onedrive-accounts/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 167.99.229.36
                                                                                                                                                                                              1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 157.245.170.52
                                                                                                                                                                                              4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 157.230.180.192
                                                                                                                                                                                              i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 188.166.182.194
                                                                                                                                                                                              i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 188.166.182.194
                                                                                                                                                                                              cZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 68.183.196.133
                                                                                                                                                                                              momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 174.138.12.56
                                                                                                                                                                                              avaydna.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                              • 157.245.14.184
                                                                                                                                                                                              4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 157.230.180.162
                                                                                                                                                                                              CLOUDFLARENETUSSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 172.67.208.58
                                                                                                                                                                                              https://o365info.com/get-unlicensed-onedrive-accounts/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.18.27.193
                                                                                                                                                                                              AZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.16.117.116
                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.18.26.149
                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.18.26.149
                                                                                                                                                                                              https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                                              https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.18.66.57
                                                                                                                                                                                              yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                              ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 188.114.97.3

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              Ref#66001032.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              ny9LDJr6pA.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              jaTDEkWCbs.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • 167.99.228.32
                                                                                                                                                                                              • 188.114.96.3

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Program Files (x86)\Bluetrait Agent\HidSharp.dllhttps://cdn.discordapp.com/attachments/1103880362347728966/1173825851121471628/WuqueID_2.2.msi?ex=65e69083&is=65d41b83&hm=ca02fcdde083740db41bbb41c5713bf277b51639f2793ea4e9b12a6ef64137df&Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                https://cdn.discordapp.com/attachments/1103880362347728966/1194556396168036373/WuqueID_3.0.msi?ex=65e82756&is=65d5b256&hm=40d79cf272acf64079a5a6013970d8cde7a7166a610a5a4fd4897d1253e580bc&Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\Config.Msi\5cc044.rbs

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):220552
                                                                                                                                                                                                  Entropy (8bit):6.656522250919133
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:vJz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxa9:vt/kE1jOZy2KL4GBiwQtEa4L2so
                                                                                                                                                                                                  MD5:5E607E953FF5AC1BC39D60D792B6B16C
                                                                                                                                                                                                  SHA1:0FB5F6461D0C00E6DD61876C4E99745629E7B30B
                                                                                                                                                                                                  SHA-256:B9A01C5BB5831113B0A7D01953858EE42E2FA5EE81EC4406C06BBC3792AA9A56
                                                                                                                                                                                                  SHA-512:BB9B18BA403FEBF3C1D62310EBCAF728069095E699D0822AFF7E76C09D6168DC622E03BA6101D79198CDF83FB8EB060D2CF0B17C6EFC070670212900BB23C613
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...@IXOS.@.....@`7&Z.@.....@.....@.....@.....@.....@......&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}..Bluetrait Agent..Agent381.msi.@.....@.....@.....@........&.{063EFE97-9DBC-401F-8E25-6CBF58403238}.....@.....@.....@.....@.......@.....@.....@.......@......Bluetrait Agent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{5ABD732D-42E2-53B2-BBCF-CCB407241594}&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}.@......&.{EFAD1480-2B0D-5ECE-B9D8-17C2D4994CE5}&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}.@......&.{32B05DD9-D6A3-5BAF-8801-E7C99C28FA24}&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}.@......&.{EC0E2A98-E873-584E-A0F8-9FF7A28A3E41}&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}.@......&.{0F78D1CE-B5F2-53D1-91A1-55281F4FB12E}&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}.@......&.{6361C018-973E-5A71-9F13-621A2A0B2FB4}&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}.@......&.{6DDF7F1F-C185-56AB-9880-AD6C9E5CFE34}&.{B72D4FA1-F4

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):147848
                                                                                                                                                                                                  Entropy (8bit):5.941533379690953
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:urMSwhyIbg1sjDWW8Vo51fLfQ7bkHsgSViDUKjZSQB04bp8khrs6v:mMdkNsjSpVon2bkH9SGZbVhg6v
                                                                                                                                                                                                  MD5:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  SHA1:52C4D547190F60BA2F9A69764365A6F9BB1D78F1
                                                                                                                                                                                                  SHA-256:53313CD27BEFC363C5D49FF70DE54EF0DACE6E6470B9B53875F40B67980EA263
                                                                                                                                                                                                  SHA-512:AFC05675331082D8242CDFA187533B152DFDCD7ED78BCB3169F46C75A349E3688E89AE6C88194287F33AE1CD62AA95B6D96C53BD024A36B5EC3AD6E675D6EA7E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe, Author: Joe Security
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V(.f.........."...0.............&4... ...@....@.. ....................................`..................................3..O....@..d............,.......`.......2............................................... ............... ..H............text...,.... ...................... ..`.rsrc...d....@......................@..@.reloc.......`.......*..............@..B.................4......H............W..........,1..p.............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*".(.....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\BluetraitUserAgent.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):62856
                                                                                                                                                                                                  Entropy (8bit):6.299316443807413
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:tXfUmwckja3ZU9FVdt1o/uG5khEJUFsT7nS96s+:tPUmb64E3t1i5khKLS96h
                                                                                                                                                                                                  MD5:CA8DCB7C71FE31AF9F4A99667428702B
                                                                                                                                                                                                  SHA1:E52E873575F9AF2729688733058236CB7E87A768
                                                                                                                                                                                                  SHA-256:1A00E50CB1086CBE4C2F0E65A290FDA8FCFAC1A56C5DBFA2248E4D7BED44939F
                                                                                                                                                                                                  SHA-512:3000D7D9C243F0EF67A53D0D9E51BCBD150E7EAF7179BFA7AC820FB42E2564C82F4C75E45552116F69EDB0433893FD5D91A44DE671D1D1B988B9FE7E9EA0F446
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k&.f.........."...0.................. ........@.. .......................@............`.................................L...O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......0)...!...........J..`.............................................{....*"..}....*..{....*"..}....*..{....*"..}....*".(.....*.0..[.........r...p.(....}.....r!..p(......,9..(.....s......#....@w;Ao.............s....o......o......*&..(.....*....0............r/..p..{....s.......o.......s ......o!...r...p.s"...o#...&.o$...&.o%......o&.......,......7....,..o'.........,..o'.........,..o'........&.......+...*..4....J..`........$.Jn..........h|...................0............{.

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\HidSharp.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):242608
                                                                                                                                                                                                  Entropy (8bit):6.200533885683687
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:ct5N7ozr/ES/jKLCPuamzT/n3yJ/TLSIIeTnImstJr39ipdDnVnc0CK9MaCr6HGo:60zzZ/eLrJ/nkrIR3EpdnFp1MEGdZY
                                                                                                                                                                                                  MD5:8D3EB299F8447B633334D1C426A2F0F7
                                                                                                                                                                                                  SHA1:8497AE75F2DD9271D9158A27250288905E8CCA28
                                                                                                                                                                                                  SHA-256:8C58E5FBA22ACC751032DFE97CE633E4F8A4C96089749BF316D55283B36649C2
                                                                                                                                                                                                  SHA-512:E1B65393BC4C338A23E31DDEE7071129AA70597B651C51C07B90E6D93D5D67E45F7715E0FE034C3508DF4F2196F37360B2E07969036370B0A6170B0D8627CDFA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\...........!.....v..........N.... ........@.. ....................................@.....................................W........................3........................................................... ............... ..H............text...Tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............~..............@..B................0.......H........0...b..........................................................J....b`..b`.`(....*: ... ...(....*...0.....................(r....*...0.....................(m....*j~....~....~....~....(....*....0..[........~....(....-..(....(.......*.(....(.....H................(....}v.......i(....}w.....(.....*>~........(....*..0..7........~....(....,..(....(....3......(....-..........*.s....*r~.....o.....o....(....(....*.0..`........~....(....-..(....(.......*.(....(.....J...........

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\LibreHardwareMonitorLib.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):666624
                                                                                                                                                                                                  Entropy (8bit):6.606024248822696
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:Exihf3d5Djghw9lks9kFM9wgbrpb1MX8arZ/Gbh:plk6JfpunrZ/
                                                                                                                                                                                                  MD5:5B4FF376C0A64564DBDC149E686035E0
                                                                                                                                                                                                  SHA1:D9039B66C89D95A34C9E61AA27FC6B4530212B6E
                                                                                                                                                                                                  SHA-256:A24C7CBB3D6CA12950E570FBAD82778A87C87311CDE6218914A283A2C0A04E19
                                                                                                                                                                                                  SHA-512:0D69237B224CC661DFCB0FBE58C661A9406F670A8C0B39C2BF36E6F4581538E8FF501ABA713B28CFE5ECDFE3F59CE343332B44F9093EBA718C43CB3ACF7D748F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....I............" ..0.."..........2:... ...`....... ....................................`..................................9..O....`...............................8..T............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................:......H.......<................S................................................{*...*..{+...*V.(,.....}*.....}+...*...0..A........u........4.,/(-....{*....{*...o....,.(/....{+....{+...o0...*.*.*. .!.. )UU.Z(-....{*...o1...X )UU.Z(/....{+...o2...X*...0..b........r...p......%..{*......%q.........-.&.+.......o3....%..{+......%q.........-.&.+.......o3....(4...*..(5...*:.(5.....}....*....0..e.......(6...o7....(6...o8..........3...+.........(9...,.......(....- .o:....3..o;..../..o:.....

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\Microsoft.Management.Infrastructure.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32416
                                                                                                                                                                                                  Entropy (8bit):6.155218440941888
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:9njcPG2hiRK9a967CQ3NkdEyXyLs53hiz:VCG2hiRKE9DdEyXyLiw
                                                                                                                                                                                                  MD5:E1F8E4D9E8E73E8FCE878AC4E3BE2BEE
                                                                                                                                                                                                  SHA1:040094A3BB0FB6A2D54668E65F4C6C470F23078C
                                                                                                                                                                                                  SHA-256:730B8551397A9CAF96091A083419704F03DF9F0A7F6AEF6A3ACF99ADB82ACF99
                                                                                                                                                                                                  SHA-512:9A5FB02F0FEF6662D928930917BFA4D739C2EF63FAD5F04AE067BB7486C78A1E563228CC5FF13E0058E37FF9EC2E62DBBEEEC4DF8CD6263AEFE9A1F7EDE3D4D9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W.iV...........!.....`...........~... ........@.. ...............................I....@..................................~..O....................d............................................................... ............... ..H............text....^... ...`.................. ..`.reloc...............b..............@..B.........................................................~......H........#...[..................P .......................................................................................................................................................................*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                  Entropy (8bit):5.967185619483575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
                                                                                                                                                                                                  MD5:195FFB7167DB3219B217C4FD439EEDD6
                                                                                                                                                                                                  SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
                                                                                                                                                                                                  SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
                                                                                                                                                                                                  SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):713541
                                                                                                                                                                                                  Entropy (8bit):4.6324452440106905
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:XqqU+k/Rik5aG0rH3jGHdl0/IdHXpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DU1
                                                                                                                                                                                                  MD5:D398FFE9FDAC6A53A8D8BB26F29BBB3C
                                                                                                                                                                                                  SHA1:BFFCEEBB85CA40809E8BCF5941571858E0E0CB31
                                                                                                                                                                                                  SHA-256:79EE87D4EDE8783461DE05B93379D576F6E8575D4AB49359F15897A854B643C4
                                                                                                                                                                                                  SHA-512:7DB8AAC5FF9B7A202A00D8ACEBCE85DF14A7AF76B72480921C96B6E01707416596721AFA1FA1A9A0563BF528DF3436155ABC15687B1FEE282F30DDCC0DDB9DB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\Renci.SshNet.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):856064
                                                                                                                                                                                                  Entropy (8bit):6.324433643760603
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:vxIclF2E4y+U6nY8uRMy0m2Ffw5sjnRGnS1:x96Y8mMy0tu64S
                                                                                                                                                                                                  MD5:4DC334E7417598F0B52AEF1EF655AE76
                                                                                                                                                                                                  SHA1:52715A18A917F5053E262E614E8F8DB765E60DB9
                                                                                                                                                                                                  SHA-256:AA45F9CC2574E62456FDDE4E4C884167FE1DCE07F2BD779D0BEAA56E97FBC252
                                                                                                                                                                                                  SHA-512:8C1AE152DE3DEF7A5014715BEED144F267B43498356F52FD87524130E28A4475412AA6ED033F9F9C99029F54A8047B5A094A60492C5B6A565DDC4A0C31B2DC02
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^............." ..0..............6... ...@....... ..............................wf....`.................................W6..O....@..l....................`.......5..T............................................ ............... ..H............text........ ...................... ..`.rsrc...l....@......................@..@.reloc.......`......................@..B.................6......H........,..T....................5........................................{S...*..{T...*V.(U.....}S.....}T...*...0..A........uE.......4.,/(V....{S....{S...oW...,.(X....{T....{T...oY...*.*.*. G].$ )UU.Z(V....{S...oZ...X )UU.Z(X....{T...o[...X*...0..b........r...p......%..{S......%qH....H...-.&.+...H...o\....%..{T......%qI....I...-.&.+...I...o\....(]...*..{^...*..{_...*V.(U.....}^.....}_...*.0..A........uJ.......4.,/(V....{^....{^...oW...,.(X....{_....{_...oY...*.*.*. .p. )UU.

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):141312
                                                                                                                                                                                                  Entropy (8bit):5.88812297183601
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:iSEL6ivnxJ9NYvhqoMdBBBBB0BkOBBFBBuBBzBk+BkbBB5BBBB3BKJBBCBBnNOSz:vEtNNY5qPBBBBB0BkOBBFBBuBBzBk+BN
                                                                                                                                                                                                  MD5:5A4FD05ECFA2A09C2D5E206030945BDA
                                                                                                                                                                                                  SHA1:4199E2F22F55D61CBC1C2D720F82389515107EAC
                                                                                                                                                                                                  SHA-256:A509674F603613514575D3232241D0F9CF800C023ED12A68C1908151AB2528C6
                                                                                                                                                                                                  SHA-512:DCBB9B643F950DCF15B81554B4658F35E4F921CB73687584724B9DA5825B8DBBB2ECB9AB295609E95A74E9868D8EBB491D7BFF135C387B5F3D51D12D91B7C114
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3 ..........." ..0..............8... ...@....... ...............................Y....`.................................}8..O....@..@....................`.......7..T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`.......&..............@..B.................8......H...........h6...................7.......................................0..S........-.r...ps ...zs!.....o".....m...%.. .o#......+......($...,...o%.....X....i2..o&...*..0...........-.r...ps ...zs!.....s'.....~p...%-.&~o.........s(...%.p...(...+o*....+X.o+.....(,...-.r...pr...ps-...z..o....&.o/....3(.o0... ....(1.....(2...,....o%.....o3....o4...-....,..o5.....o/...,.rK..pr...ps-...z.o&...*.......F.d.......z.-.r...ps ...z.(6....-. o7...*..0..U........-.r...ps ...zs8........+ ..

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\SharpSnmpLib.pdb

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60832
                                                                                                                                                                                                  Entropy (8bit):5.2590304087687105
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:0zbKjVyUJ4YLwpDpf4UiWzOq3zmLQbPym44+M08M:0ChJ4U6dv3zX7ybt
                                                                                                                                                                                                  MD5:9CBDBFC7321CBF5C36EF1ED1409149FD
                                                                                                                                                                                                  SHA1:01F370CFA10F8949DA2009FD2541D9BAFA1285FE
                                                                                                                                                                                                  SHA-256:3739A833BF78CDD59B2245D0656CE45F86263B14BF76BF10F5EB26F5EBFC9FF4
                                                                                                                                                                                                  SHA-512:0EB0B0BE2458881CAF6C0A976010BBB6FEA530748E8F38AA22A9F715524D40625AB37508496333EFD43509D709EBFD911AF36F00F5E5A5BB24B8E5F8E7A38F3E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:BSJB............PDB v1.0........|.......#Pdb........@i..#~..@j......#Strings.....n......#US..n......#GUID....n......#Blob...YR^.\.fI../..2.1G......W..+................M.......$..._.......I...s...................F...........*...R...............".......;...........................`.......................$...C...M...{.......................*...5...c...n.......................!...W...b...........................@...K...y...........................'...T..._....................... ...P...]...........................J...W...................".../...e...r...................+...8...d...q...................(...5...i...v...................-...:...p...}...................7...D...v.......................,...7...`...k...................$.../...Z...e.......................)...Y...d.......................+...e...r...................(...5...h...u...................D...Q....................... ...^...k...................3...@.......................*...g...t....................... ...R...]...............

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.Linq.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):206520
                                                                                                                                                                                                  Entropy (8bit):6.121993662236361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:hNh7rnc2F+uwUJC9zIsdrgZ/6KP8c26LfxleLBQxp:hb7A20Xdp66KP8cn
                                                                                                                                                                                                  MD5:7EE67DEBCAA7A2B2088E395FA878C3CC
                                                                                                                                                                                                  SHA1:8C90DD1BB6172BF5EFD2BAC2A12379F43D39633D
                                                                                                                                                                                                  SHA-256:A409E2BF0B5C7C7507E4DBA46E6BBF0D1A01A75BDA68A81067D11C9DABEA42B9
                                                                                                                                                                                                  SHA-512:B21EE5B4F5FC983AD46198CB24E0A2874AA2903120BEE06A97CFA6A964FCEEC01DB5B7A63D4042183CDD7A778FEE98817A5596D1DA4C278CC6E49559B1AC27A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d.........." ..0.................. ........... .......................@......5.....`.....................................O........................T... ......P................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................`W..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\System.Data.SQLite.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):431792
                                                                                                                                                                                                  Entropy (8bit):6.171577035371485
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:35douWvsWkOfjL/MEd6/7vfA8SCW1nFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFX:3pjblhW13
                                                                                                                                                                                                  MD5:EDD007CF3FCB18CCEF985F58004B1AEE
                                                                                                                                                                                                  SHA1:C3A697E0552AB600132F8FD4635F78517D4CB4E4
                                                                                                                                                                                                  SHA-256:9B0581B003161D1605405AB4AE2A31E03BF3287673C148F4A1D90253AAAD2C30
                                                                                                                                                                                                  SHA-512:F848B4C4BA2F95AB9E8F90B5DE8D169013B6C0ED7465C24F378C3DF44D5BCC52E44C15E05973392E4D53C5B53007C8122CE4FD632D0AC203040FED10ABB0B75F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d.........." ..0..8...........T... ...`....... ..............................v.....`..................................T..O....`..p............B...T..........XS............................................... ............... ..H............text... 6... ...8.................. ..`.rsrc...p....`.......:..............@..@.reloc...............@..............@..B.................T......H........X..\V.................R......................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....(.....r)..p.(........(u.....~<...(=...,z.....s....}.......}.......}............{............%......(>....%...D....%...!....%...%.........%....%.........s....(B...*vra..p.(....,...}....*..}....*..{....*vr...p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(j

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\System.Management.Automation.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):310944
                                                                                                                                                                                                  Entropy (8bit):5.829210799613626
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:vz1TEMz+vAz9xRVqRrENcpIs8Lm649/m9bZ4LKhubWSTjgSVvqT/WqwCn5:5JzUGdNcys8LvbZ4LKh9SngSVvwWjC5
                                                                                                                                                                                                  MD5:ABCD646CB66D95CE0283AC6A888BEFB7
                                                                                                                                                                                                  SHA1:5F375E113DA40C0870D0027625E1FFB129A9727F
                                                                                                                                                                                                  SHA-256:40AECC98D1878C93ACAD8F41DB3C310C382BE92C3BCE396E3F6E6A03A37DF193
                                                                                                                                                                                                  SHA-512:F69F25E39264B5552B80B3500F917C202C1AB16D2F03CA42F7D30104F6492A427BC3280E68F813D01C1AE0B1D111CA7403DF4A040E5358CA0737C8E7A1A4410F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....iV...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.reloc..............................@..B...............................................................H........G...w..................P .......................................................................................................................................................................*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\defaults.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):136
                                                                                                                                                                                                  Entropy (8bit):4.319230624022648
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:YTyLS1rijHNKQ6pdLfhXHQ6pLgLjXl/F917Yn:YWLS1mj4Q6xHQ65OjXl/F91M
                                                                                                                                                                                                  MD5:4BB4AC672CA637C9EE4999C3E1FE8969
                                                                                                                                                                                                  SHA1:A3E1CC71EFCAE79FB4ADEF93C3A12706B208F7BE
                                                                                                                                                                                                  SHA-256:0F791D856565458C3C7C97249E79FA70329AC6B8BFF9ACC674DFAB7061F5F6F3
                                                                                                                                                                                                  SHA-512:C5EBE1158F2BDDF1A7B1D7F5AB433A8D269E296C04A95A1358EBEC42849515B58C0D88C2252EE3A5DE5C4BD63C5E3594FBAA24422CE3F19E083BE978F4C1AB5F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"version": "1.1", "url": "https://eganarbonne.bluetrait.io/api/", "domain": "eganarbonne.bluetrait.io", "endpoint": "api.bluetrait.io"}

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\libraries\paexec.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):199304
                                                                                                                                                                                                  Entropy (8bit):6.181955295238055
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:qiZ/LKw1g/LTsj59xUNG+JCPS/aHJ4xsmugd3Qmea5hcs6:qiZjKwODAj59xfad/axzP2hcs6
                                                                                                                                                                                                  MD5:A8283F82F258A5577FE39FE24650A880
                                                                                                                                                                                                  SHA1:1FB0E4EFAF0EE0DABC525FF37059A76486311642
                                                                                                                                                                                                  SHA-256:1398D653106A68E31DBB1DA06141A1809A65E92A45F021EDF6BE220265957225
                                                                                                                                                                                                  SHA-512:6CE8F9F0C9CF8B611528947D8D81F5C870D6F5ECC2A7DAB33AF782AA092C530FF97736F5122B3B2E802FD5F19880F05597E83965BCA3E64BBAAD0F96E9DA80FF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c.H..............!.......".......#......z..........@.....?.......%.......{....... .....Rich............PE..L...lA.].....................\......\.............@.......................... ...........@.................................,B...........%...............>..............8............................%..@............................................text...M........................... ..`.rdata..L...........................@..@.data....1...`.......D..............@....rsrc....%.......&...V..............@..@.reloc..^O.......P...|..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\x64\SQLite.Interop.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1829040
                                                                                                                                                                                                  Entropy (8bit):6.564424655402829
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:c9EeNSPwEW3cFSI4Tfm3hvbHsjAJcAMkP3:c9Nzm31PMo3
                                                                                                                                                                                                  MD5:65CCD6ECB99899083D43F7C24EB8F869
                                                                                                                                                                                                  SHA1:27037A9470CC5ED177C0B6688495F3A51996A023
                                                                                                                                                                                                  SHA-256:ABA67C7E6C01856838B8BC6B0BA95E864E1FDCB3750AA7CDC1BC73511CEA6FE4
                                                                                                                                                                                                  SHA-512:533900861FE36CF78B614D6A7CE741FF1172B41CBD5644B4A9542E6CA42702E6FBFB12F0FBAAE8F5992320870A15E90B4F7BF180705FC9839DB433413860BE6D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nN\.. ... ... .Q..... .Q...e. .Q..... ..Q#... ..Q%... ..Q$... .8..... ..].... ...!.~. .rQ(... .rQ ... .wQ.... .rQ"... .Rich.. .........................PE..d.....d.........." ................................................................6U....`.................................................P...x................!.......T...........@..p............................A...............................................text...0........................... ..`.rdata...1.......2..................@..@.data....`... ...J..................@....pdata...!......."...P..............@..@.gfids...............r..............@..@.rsrc................t..............@..@.reloc...............~..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\Bluetrait Agent\x86\SQLite.Interop.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1447600
                                                                                                                                                                                                  Entropy (8bit):6.795591838161502
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:ns5ThI+vIjDEzn7tcBGtYnxLbdVlRdouD5RawYkGq78Yr4i9YE1tOvhefHXCvEsL:qlI+vIjE7mjOuKa8Riy+gvhaIn2+0c
                                                                                                                                                                                                  MD5:6F2FDECC48E7D72CA1EB7F17A97E59AD
                                                                                                                                                                                                  SHA1:FCBC8C4403E5C8194EE69158D7E70EE7DBD4C056
                                                                                                                                                                                                  SHA-256:70E48EF5C14766F3601C97451B47859FDDCBE7F237E1C5200CEA8E7A7609D809
                                                                                                                                                                                                  SHA-512:FEA98A3D6FFF1497551DC6583DD92798DCAC764070A350FD381E856105A6411C94EFFD4B189B7A32608FF610422B8DBD6D93393C5DA99EE66D4569D45191DC8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..{2..(2..(2..(.*W(...(.*U(...(.*T(...(..)%..(..)'..(..)=..(.Im(:..(,.5(1..(2..(...(..)3..(..)3..(..Y(3..(..)3..(Rich2..(........PE..L.....d...........!.....f...X............................................................@.........................P...t.......x....`...................T...p..X...@...p...............................@...............H............................text....d.......f.................. ..`.rdata..............j..............@..@.data....8.......,..................@....gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..X....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_305d0e80-65b6-4a15-9e0a-78cb1ccd79ae\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.2612007084641566
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:5LN2fIbOyYDhfbIS2vWR+WWahkGBEHqzuiFczY4lO8LlWQ:WTZbIS2na1uKzuiFczY4lO8
                                                                                                                                                                                                  MD5:109024A59E1B1DA97C2CA4EC6F25DC07
                                                                                                                                                                                                  SHA1:AA23CF5EF0A383EB2343CF908FC823B46EB0E795
                                                                                                                                                                                                  SHA-256:BFB6C6E030E5B04E890E3829F02BA26045178D930539DF8795D1B6F791CFE0A4
                                                                                                                                                                                                  SHA-512:DC8E34CEFC0A0771D86B1ED219B9FB09166068B74EACF5E559E77C6AA3389C94A35DC936FC2D0FA233B2E5FE2565F7B3CE9FC3957F01F36DC7950FEAA04489AF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.3.4.4.5.6.2.7.0.6.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.3.4.5.2.1.8.9.4.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.0.5.d.0.e.8.0.-.6.5.b.6.-.4.a.1.5.-.9.e.0.a.-.7.8.c.b.1.c.c.d.7.9.a.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.3.d.7.d.5.f.c.-.3.9.d.1.-.4.7.7.3.-.8.7.0.8.-.7.9.4.0.4.1.9.3.1.c.2.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.d.8.-.0.0.0.0.-.0.0.1.4.-.2.8.a.c.-.0.1.6.0.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_34b693b7-ae49-4c1d-a71c-f5cb7fad0b72\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.261029588842452
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:v72fVbOSYDhfbIS2vWR+WWaZkGBEHqzuiFcYY4lO8LlWQ:yUZbIS2na9uKzuiFcYY4lO8
                                                                                                                                                                                                  MD5:54B29AA8B215942EB948C3FA0EE3CC18
                                                                                                                                                                                                  SHA1:F876E506AEB5B6F4F447D7B4C1A1265492236E1A
                                                                                                                                                                                                  SHA-256:1C3DFC2749C3E96D337648BECBEF33C8D411463EDD998A7E9A05054105CE6D01
                                                                                                                                                                                                  SHA-512:2ED58152DDD7812CE31B878F4EBBA0AD31C2E227655FE4533261FBF9A76436E7D91C3A5127D1AE684E850D46882DD159679B6F9866C39F70E7C4A0C5CE34B640
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.4.5.8.5.9.1.4.5.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.4.5.9.0.2.8.9.6.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.4.b.6.9.3.b.7.-.a.e.4.9.-.4.c.1.d.-.a.7.1.c.-.f.5.c.b.7.f.a.d.0.b.7.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.5.8.3.f.c.e.b.-.3.b.e.0.-.4.1.b.1.-.8.f.5.e.-.9.b.f.e.3.b.2.0.d.e.f.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.d.4.-.0.0.0.0.-.0.0.1.4.-.c.2.5.3.-.5.9.a.4.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_3588a860-6274-423c-b4ff-422db6d360d2\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.2607184972138812
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:R2fnbOEYDhfbIS2vWR+WWaZkGBEHqzuiFcYY4lO8LlWQ9:s4ZbIS2na9uKzuiFcYY4lO8
                                                                                                                                                                                                  MD5:A4F088F7C0013085C138794BE0BF9A29
                                                                                                                                                                                                  SHA1:5E056D826B06AD47BEE7575D19CE7DB299411BAF
                                                                                                                                                                                                  SHA-256:16DCC080C239E58FD3734260EA90D09A4A28D29BBF28DF13D0643FE081C624FA
                                                                                                                                                                                                  SHA-512:09AD7AE01947D26EF21D27B773FBAD1E3D5E07E5447793C3653655B256F6050C2F2DA577A09387F6B2A1931AAAAB28CADC6D2788BBA0225F8EC6F89F7C4C2ACD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.4.2.8.3.3.5.7.2.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.4.2.8.8.2.0.0.9.8.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.5.8.8.a.8.6.0.-.6.2.7.4.-.4.2.3.c.-.b.4.f.f.-.4.2.2.d.b.6.d.3.6.0.d.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.2.d.8.6.1.9.c.-.7.1.e.e.-.4.3.3.7.-.b.2.9.3.-.d.3.1.9.9.7.1.6.4.2.d.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.4.0.-.0.0.0.0.-.0.0.1.4.-.0.0.c.a.-.2.d.9.2.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_440b92c7-dcf4-481e-9078-5ae394a935f0\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.2608764854360528
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Gil2fTbO+YDhfbIS2vWR+WWaJkGBEHqzuiFczY4lO8LlWQ:dQiZbIS2naNuKzuiFczY4lO8
                                                                                                                                                                                                  MD5:0EB2426AE1A773392265A4C289BD2D0B
                                                                                                                                                                                                  SHA1:71D25E22D2805F752E428EE26C0F2BC339534ADB
                                                                                                                                                                                                  SHA-256:5057C6058230F9669796A3547368716F31CA822F732136E93F9C372753FA6203
                                                                                                                                                                                                  SHA-512:E36975247D48CB0A939C18788FE88C5E89CE29A3783BF446E00638BB29C6DEC96D7E9066F3C41D3BFBCD0B63BA5FCDC906BC6C6B8A14C3050F6ACC19909E4AA7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.3.8.0.8.8.3.9.6.9.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.3.8.1.3.6.8.3.4.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.4.0.b.9.2.c.7.-.d.c.f.4.-.4.8.1.e.-.9.0.7.8.-.5.a.e.3.9.4.a.9.3.5.f.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.6.4.d.a.9.b.-.5.3.1.3.-.4.8.f.2.-.a.7.2.a.-.d.8.6.d.5.a.2.e.b.3.d.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.6.0.-.0.0.0.0.-.0.0.1.4.-.5.0.d.e.-.2.e.7.6.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_5861a4fc-a710-484e-a8a4-5c82e5b1bf21\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.261221408162881
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:K2fwbO1YDhfbIS2vWR+WWaRkGBEHqzuiFczY4lO8LlWQ:NaZbIS2naFuKzuiFczY4lO8
                                                                                                                                                                                                  MD5:A733AC5CD20561CC960B53DABBC5507A
                                                                                                                                                                                                  SHA1:C88F56D8C93C691C41304A767A92B1628C28C236
                                                                                                                                                                                                  SHA-256:0C07D6C537C657CC9AB13EE86E33D303CF2328A7BB5DD409A422451F61EA935A
                                                                                                                                                                                                  SHA-512:D031C9763B90FD82B98D12CE662A2E05BE1F4F115A17DF7CE742ABC0373191325817A51B07AA6542C1C8BED057FF82BB67536A019CE33CB8C0172DBAA894E064
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.4.0.7.1.2.8.5.6.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.4.0.7.5.9.7.3.1.7.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.8.6.1.a.4.f.c.-.a.7.1.0.-.4.8.4.e.-.a.8.a.4.-.5.c.8.2.e.5.b.1.b.f.2.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.8.5.1.c.d.7.6.-.2.e.e.0.-.4.7.b.9.-.8.9.3.c.-.e.5.b.5.d.1.9.f.7.9.5.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.f.4.-.0.0.0.0.-.0.0.1.4.-.b.e.5.9.-.3.9.8.5.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_64204042-1bc8-4dad-bafe-7425d6b2968f\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.2607384913573276
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:P2fnNbODYDhfbIS2vWR+WWaZkGBEHqzuiFcYY4lO8LlWQ:+fZbIS2na9uKzuiFcYY4lO8
                                                                                                                                                                                                  MD5:4D11E55CD665BD5FE28058E50851716A
                                                                                                                                                                                                  SHA1:5C82A0D042172DC3EEA59CB8EE2A0CD5D702CDBB
                                                                                                                                                                                                  SHA-256:2B32A56D0853FF10A4779BA2D6647F20D61E59BDA96C96AF853544857EBE6E74
                                                                                                                                                                                                  SHA-512:28239C5022F6651EA39385A61D1691198A4C2A74C930E358E62E1ACB108A6B92AEC8454149D519C2966CA24F5E6EAFEEF9536D9235F962C6FA95DF431890738D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.4.5.2.8.6.4.5.2.1.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.4.5.3.4.1.1.4.0.2.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.2.0.4.0.4.2.-.1.b.c.8.-.4.d.a.d.-.b.a.f.e.-.7.4.2.5.d.6.b.2.9.6.8.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.7.1.3.8.a.e.2.-.1.6.8.7.-.4.7.6.3.-.a.1.1.9.-.b.0.1.6.1.3.3.a.8.2.b.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.e.0.-.0.0.0.0.-.0.0.1.4.-.5.d.0.e.-.e.9.a.0.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_85fbb43b-934c-4a4a-b808-2f2e6a67ebfa\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.261158771630877
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:N2f3bObYDhfbIS2vWR+WWaJkGBEHqzuiFcYY4lO8LlWQ:YFZbIS2naNuKzuiFcYY4lO8
                                                                                                                                                                                                  MD5:5B02F93C0A3ECD1FA51F094B39F10E0C
                                                                                                                                                                                                  SHA1:C2723E362B0BD0304C473C7934DDC5EB20248662
                                                                                                                                                                                                  SHA-256:82A63CB9D1EE7BB117FF927ED192879CB4D845055CACE32676ED463D44C32ACD
                                                                                                                                                                                                  SHA-512:81BD43909575E26E67B97821338274B6090F5D4FC9F9900CED4AD4163D8CF2E924E048D1651F1C05D2387B5F7A90F928583020CBA47054C51EDE91C6F70A96EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.4.3.4.4.2.4.6.0.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.4.3.4.9.0.8.9.7.1.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.5.f.b.b.4.3.b.-.9.3.4.c.-.4.a.4.a.-.b.8.0.8.-.2.f.2.e.6.a.6.7.e.b.f.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.1.c.b.0.c.9.6.-.c.a.e.7.-.4.7.0.9.-.9.c.0.d.-.c.b.5.8.0.1.b.c.3.a.0.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.9.c.-.0.0.0.0.-.0.0.1.4.-.f.8.a.8.-.3.8.9.6.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_b0f5ae10-35cc-474e-b22f-dcda67f62dad\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.2610292491045196
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:T2fLbOAYDhfbIS2vWR+WWaRkGBEHqzuiFcYY4lO8LlWQ:SAZbIS2naFuKzuiFcYY4lO8
                                                                                                                                                                                                  MD5:E7CCC71DEBEE75D1A82A0F5F1EF1CF42
                                                                                                                                                                                                  SHA1:AAB3D9EDE7F28650399250AD2C95AA423EA04DB1
                                                                                                                                                                                                  SHA-256:761B5FCC13ECB5A2998E2D74520D38A63A7B19D7530DA7916CB5AEB207C3722A
                                                                                                                                                                                                  SHA-512:5FE492A3DCEB155A55200AE02E15BEEB3A179D7B303CCF4F3A4AD04E84BF5D4A70F78AAA921048E47E0322BB6C638E51B76960C6E4A53A3F1A3A92F724C12B23
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.4.1.9.4.7.2.6.0.0.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.4.1.9.9.4.1.3.5.0.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.0.f.5.a.e.1.0.-.3.5.c.c.-.4.7.4.e.-.b.2.2.f.-.d.c.d.a.6.7.f.6.2.d.a.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.7.a.2.6.7.7.0.-.e.5.7.9.-.4.a.6.4.-.8.f.1.7.-.f.2.5.4.a.6.c.3.a.a.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.0.0.-.0.0.0.0.-.0.0.1.4.-.2.a.c.c.-.2.f.8.d.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bluetrait MSP Ag_3079b467b39c625bca8bc792a3a3ee7c35c1616a_15c427e3_b9f22c2b-7500-4f52-b44b-b0deffff9375\Report.wer

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                  Entropy (8bit):1.261020715401392
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Eu2fxbOfYDhfbIS2vWR+WWaRkGBEHqzuiFcYY4lO8LlWQ:ePZbIS2naFuKzuiFcYY4lO8
                                                                                                                                                                                                  MD5:368A2C4AC53A5299133C17B81F701C90
                                                                                                                                                                                                  SHA1:106C4DAAD44DFAAB8BEC533F16B4B3CC9100C292
                                                                                                                                                                                                  SHA-256:36E14B44068D42FE41E3B6E1E2186F2F5C19E542727662BD6631DD58FF73DFBA
                                                                                                                                                                                                  SHA-512:AC14C415279C9252B85E325B84C258620C0D0DBD64E8B67677CA5FF495A6C69118F3C3B9DECB901410E8950E2B36D1EAB73CBE22AD11B33E334EA23B615E6EF3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.6.3.8.4.4.0.8.9.7.3.3.5.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.6.3.8.4.4.2.0.0.6.7.0.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.9.f.2.2.c.2.b.-.7.5.0.0.-.4.f.5.2.-.b.4.4.b.-.b.0.d.e.f.f.f.f.9.3.7.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.b.3.c.2.8.8.e.-.7.1.f.3.-.4.f.6.5.-.a.5.e.b.-.b.e.6.6.d.2.5.d.4.8.0.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.l.u.e.t.r.a.i.t. .M.S.P. .A.g.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.1.3.4.-.0.0.0.0.-.0.0.1.4.-.1.b.e.3.-.d.d.9.9.3.2.6.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.a.a.0.2.5.5.6.9.f.d.9.0.e.8.8.5.8.0.a.d.c.4.b.e.d.0.b.a.6.4.9.0.0.0.0.0.0.0.0.!.0.0.0.0.5.2.c.4.d.5.4.7.1.9.0.f.6.0.b.a.2.f.9.a.6.9.7.6.4.3.6.5.a.6.f.9.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CC6.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 12:00:28 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):593120
                                                                                                                                                                                                  Entropy (8bit):3.308198439717428
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:sXuTFd/L9TYlaLn/eF4ldaARrRMR9cSZdPDz+oQze1CCqJva5PX3+vEw2c:sXuTBYlceMdtgzLSookq1MX3Q9
                                                                                                                                                                                                  MD5:C749378E61C33BA889EB6CF000D4443F
                                                                                                                                                                                                  SHA1:4CC5ECC8BAC7CCD727EFEABF6587A8AA3BA591B3
                                                                                                                                                                                                  SHA-256:2CB4411D42C454089346969EC2685082B75F57DEC133580AB5F8A837C5B0A0E9
                                                                                                                                                                                                  SHA-512:35D23A485A83C674CB515767C0806F53076C4A76252A159F9F70F00953AF76A911EDAED93DBC28411D67CE68BD9057033010DC7B47D032ABA422B1CC70D8246D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......\..............l.......8...........T............R...............C...........E..............................................................................eJ......lF......Lw......................T.......@.....{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DE0.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6786
                                                                                                                                                                                                  Entropy (8bit):3.7126373214304422
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:RSIU6o7wVetbavbRuYZnvAvInJik5aMQUB89bxKDDkf07m:R6l7wVeJazRuYZnogdpDB89bxK0f07m
                                                                                                                                                                                                  MD5:7EF14422FD841EF96BBB554366A59FE4
                                                                                                                                                                                                  SHA1:D5B8B9299ACB577836460345B99104DC1664A9C9
                                                                                                                                                                                                  SHA-256:531906AF7E245FAEBD2371131BA79CB85B43BD33A99AEFF3039423EAF87736BA
                                                                                                                                                                                                  SHA-512:342592C9822A694D114CCEBB337254F26971973B1559CE569FD6ACA6973336E17248569E48A0799E764E82774888710AFA4DE5271305CC0904FE61FD016EF01C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.9.6.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E1F.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.457635358154553
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsNJg771I9SNWpW8VY7Ym8M4JIAPF/yq8vrAgSUMfK6NF2zd:uIjfnI7h87VrJBWqUGNF2zd
                                                                                                                                                                                                  MD5:77D13775EF622DA396E2B0CF27CF52EF
                                                                                                                                                                                                  SHA1:C61CC8C3ADEF1CEC4644B4F76686C1314EF9EB9E
                                                                                                                                                                                                  SHA-256:AB25EFA5565335C79F1DEAC7126FD7A92824E58A5999956CB3A5A5673830F921
                                                                                                                                                                                                  SHA-512:9B38497342A6C2A96524BA4DD1A273BB3D10F99A176C9E8B6875E715A6E34FFC1B0FE5C698FA613088A41D02F408391479CB46E1F2BC66C82108A9FDCC13BE59
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664023" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E54.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80490
                                                                                                                                                                                                  Entropy (8bit):3.0845235574706242
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:5Gw0YIdvaM0QFOaSody9gXatv6Sd4+s+nSp+2+7B+1+D+PwT+m+P+n+:5Gw0YIdvaM0QFOaSody9gXatv5d4+s+a
                                                                                                                                                                                                  MD5:E56637EABED378C8B306938E7CD59596
                                                                                                                                                                                                  SHA1:F43B9363EF95A82A316CF583827DC6937FA9A1E0
                                                                                                                                                                                                  SHA-256:7AAF1A4C432AD867EB344120829DA911A68F58749A2B3917BFD0ED9CEBBBF5DC
                                                                                                                                                                                                  SHA-512:83981855B8FA0588BC22960608C36DFB930E33B318D9C47A86CFF56A5B3C7745C00A88601C969B57703A939EB494369872B921664D753432370E3FE720CA9870
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E94.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.68482712442391
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWG1+evAYCY1WorGH1YEZ7FtriP34Kq1wktBBYYawl+Mz5ZI6y3:2ZDFF4qVTBJawl+Mz5G6y3
                                                                                                                                                                                                  MD5:31C43E03D03A3BA66220F7C48143346F
                                                                                                                                                                                                  SHA1:1C4DD40C906DC722EFEBD00D85AC998A26DE276A
                                                                                                                                                                                                  SHA-256:61FC17508B56E0EDAD964BE3B03FB540F19E275FF58DCA2F1691EFD65F79B315
                                                                                                                                                                                                  SHA-512:AB0D8108D57A7B49A3A24DF03C243C4372A5458382E021E0006FD22764202AEE307B028331A8EC33C7DC3164ABE5DBDCAD9C0FBAA7505FD81B4255E646E967FA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3493.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 12:00:34 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):593112
                                                                                                                                                                                                  Entropy (8bit):3.315502175223763
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:1ZdK4N4KTopCo+rwJuIU5Eb60VkN/3mSG5q2zvmH3Q09C:1+SM/HJuIU5P0VW/3/QqeUQ0s
                                                                                                                                                                                                  MD5:FD59FEB2834F79CB29240065AEC5FC69
                                                                                                                                                                                                  SHA1:C605BBAF8C46B46219FD264E3EF7CB2A6E89C377
                                                                                                                                                                                                  SHA-256:E404B654424F70C854FA265333DD727E90310F0BC11286FBB1CD46116B4DE1C6
                                                                                                                                                                                                  SHA-512:18AC285213BDFD2D5DE82DE80914BD35C0A43C52083E36C70DA43A00855CC966ECF4C0F8C964C2B59F9397429EF97EA08DCA86D0D276B97AE123160264EFE3D7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......[..............l.......8...........T............R...............C...........E..............................................................................eJ......lF......Lw......................T.............{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER35BD.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6788
                                                                                                                                                                                                  Entropy (8bit):3.7119270448229353
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:RSIU6o7wVetb2vbWvLYZnvAvInJik5aMQUB89bsJDYkfvJGm:R6l7wVeJ2zWzYZnogdpDB89bsJ1fvkm
                                                                                                                                                                                                  MD5:BFC3A14F71AB2B82F661696E7ACD97FD
                                                                                                                                                                                                  SHA1:5DB90C06816C7E36E410D396CCA32F0A7A32F90C
                                                                                                                                                                                                  SHA-256:19D83FF0810836E2DB3A29FDB1BF588782C4BE0DE67EA0683E4F16D18692124C
                                                                                                                                                                                                  SHA-512:97976E85EF9E781C761BA6562EE9B3047AE51FDA9E1E9F4235F91FCD0F2FE4E9DD8E5F3A98083544104057ED06AB03FBD31CF8690760B0EC43DA165C7FEAD5A8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.4.3.6.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER35ED.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.45707533421402
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsNJg771I9SNWpW8VY1/Ym8M4JIAPFGiyq8vrAaVsUMfK6NFNTd:uIjfnI7h87VQiJ5WDVsUGNFNTd
                                                                                                                                                                                                  MD5:82CA5CD1DA723270BC104B5E8512354A
                                                                                                                                                                                                  SHA1:939A23B192AE72450851E04B044BC4C3B05A4DCB
                                                                                                                                                                                                  SHA-256:1E4BF5F05E4B0729900DDBE1D88673902E0A4BD75348F840A462EF5BFA6F94C4
                                                                                                                                                                                                  SHA-512:76CDD77AE790F382F1B2E8C0D40BBD40374B7B243429DA1DBD19E486122749B9C5B669BCEE377A9978ECDB38C23C8820A18238DC3AB14A0A3514C64BE279CBDD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664023" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3605.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80490
                                                                                                                                                                                                  Entropy (8bit):3.0843975506239367
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:rGaIydY0ilfP9dA9ZkeORtvhSd4+s+nSp+2+7B+1+D+PwT+m+P+NRB:rGaIydY0ilfP9dA9ZkeORtvkd4+s+nSC
                                                                                                                                                                                                  MD5:0B40EC1B6E034B6FE97BC54CD52F5E31
                                                                                                                                                                                                  SHA1:A48C1A4EE6EC582A4E399AB5D7269FC3D6B697A4
                                                                                                                                                                                                  SHA-256:C6F0AF7B81302C99584BAB74CF7B8FA00C8F910CEDCA6431B81E808326309B86
                                                                                                                                                                                                  SHA-512:3A81C0DEE3D1265C2AD6F008C4C7A5C6760F3F9F088DD3F97BE4696B3E14CEF9C99CE0D59F3D1EF5A82F22CFF2866D3CEF3996CC0368F9A9BC62C35F38EC204C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3673.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.685419168520674
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWPp2wqIeIwYvsYjuWbHGYEZk9triE3aKi1waoiaijaYloMQ5bIgy3:2ZDPprFwTqIVTaYloMQ5Ugy3
                                                                                                                                                                                                  MD5:F71B2134B453184C5B4B7FEF5883999F
                                                                                                                                                                                                  SHA1:96A7EF6040B8123D25607079592715D998190CD3
                                                                                                                                                                                                  SHA-256:35A957A3BBC4F77C54C4CD8B291B248F246A32561B1D9DC2A64A7E03D2C588AE
                                                                                                                                                                                                  SHA-512:8415C72AC5EC2ACDCFDB6E5E205E5599397C259D5EEEF0AE2A20676E33B99F1B70C539496E56A7184623EF1C35199890B170193B094C0EC4F9A41850F03E005E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DD8.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 12:00:41 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):591768
                                                                                                                                                                                                  Entropy (8bit):3.3166673372198585
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:YnHZ5layZho4rdLhz3vbOboTHnYH+UVfm6yFMbeSmFRPRcsa6cSGdPq4RUZha31M:W5lVESdEA3aCsUH8yqr3RX3QH
                                                                                                                                                                                                  MD5:34D7C97E551C80A1C72472753FFCB395
                                                                                                                                                                                                  SHA1:AD7B0D17DEE3C935A8FCE853677F733B7341816C
                                                                                                                                                                                                  SHA-256:EC8D010D1244A2F3D29A20B68C32B3A82F6FDA08193055F4125EC099CEF4F46C
                                                                                                                                                                                                  SHA-512:004DE58FF7751A568F0B367DC0BCB5EE122F8F70499FE9EA43C1B14CAAEF72F054D853C9C75907B1FE0F7E6586AD43586CDF4E439014A795C01BFA0B53BF1067
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......[..............l.......8...........T............R...............C...........E..............................................................................eJ......lF......Lw......................T.......4.....{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER5134.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6790
                                                                                                                                                                                                  Entropy (8bit):3.7138677274994056
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJqXz80FrYZnogdpDB89bWRcfpSm:R6lXJSIaYpogGWaft
                                                                                                                                                                                                  MD5:1E3DC277091C4ACCE96130D445582EB8
                                                                                                                                                                                                  SHA1:AFFBBB8FB46844AF5AFFCF0F1BDA1E493979CF24
                                                                                                                                                                                                  SHA-256:6B636E2E423DC6DEF2E612ED5997ADFAAEBB1FE070D0B56E67743B5695200FCB
                                                                                                                                                                                                  SHA-512:75757F1C9E9330C422461F7E0D7EBA561A6253BE7089F52D19ADD659870DB344557A0E95388E0BF203DF7F9D6F1668EB2D1584D819DACE01B3457AFC0CEE5EF5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.4.0.4.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER5174.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.458475138949628
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsNJg771I9SNWpW8VYYYm8M4JIAPF+tyq8vrAy4UMfK6NF5d:uIjfnI7h87VMJyWSUGNF5d
                                                                                                                                                                                                  MD5:343BDBE5907C8A71D8EFDA5B3D7E64A1
                                                                                                                                                                                                  SHA1:0B734D8C90907774D8CA2F0FA9774AC1F78536F8
                                                                                                                                                                                                  SHA-256:AE017A549B0C70EBA3EC9218F6D3B2501AFBF68D8548755C6B92E375DAB51153
                                                                                                                                                                                                  SHA-512:717849E2C8CAB39A8D6193A806333280289DCD1C20C9B9467FA1977E47C38B5E16379C09C116AA028F04752E8AD5094F78DE5F5E0852F0A0EB23CBF1A3919656
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664023" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER51AD.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80502
                                                                                                                                                                                                  Entropy (8bit):3.0847364156423693
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:tpWVu5en0ElH+1dE9gitESd4+s+nSp+2+7B+1+D+PwT+m+P+7hgb:tpWVu5en0ElH+1dE9git7d4+s+nSp+2Z
                                                                                                                                                                                                  MD5:FC1A7BEE9CA1E73BD357A637091A4EB7
                                                                                                                                                                                                  SHA1:7609089EBC929B1256F42D55DB070E0B8A01EEA0
                                                                                                                                                                                                  SHA-256:942EE9D70B49FCD3F91608C06765D75DCC1FA0E17D0392C43680630FA6E3B28F
                                                                                                                                                                                                  SHA-512:8BCCC980E7CF9078C9DFE933216961E78DC37668F03CCD0872B320861213E9F9D999C7449183F36D11C619B64B74E3F4C9B39BABE372548AF825ECE00DDAF8A9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER520C.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.6853628681574953
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWRGsOTl3YxYLWrQrHlYEZuntriI3fKW1wxCmaVfljTMq5EIRy3:2ZDRGTmWKb+laFl/Mq5zRy3
                                                                                                                                                                                                  MD5:C5E986E5CF335440B1A6451311434CA0
                                                                                                                                                                                                  SHA1:9C19C08DA738F21A06F69A0E37172D3F4E32CB96
                                                                                                                                                                                                  SHA-256:DB89C3FE7DD44DDC2603EF6974980B67248F6D8991EC485DDFE572D719C65B15
                                                                                                                                                                                                  SHA-512:BD15EBC408DD10BE8D59EA8FF956EFD0814C913C88E8DC1A4AE1B6DA9750F510BCA78724DF75927B53CC44D58414A946370067FE4BF6848495ABF5B662B84C42
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER6368.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 11:59:41 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):591752
                                                                                                                                                                                                  Entropy (8bit):3.306009336976505
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:V14pEWG1CPzEcuI7pbrsLiN1WufatCalvqHzvOuk3Qs2:2b4cuI7pbdylqD8Qf
                                                                                                                                                                                                  MD5:A19375DFF8935613DC29595A4C1F2451
                                                                                                                                                                                                  SHA1:C9F015B9EE037D379A9EAFA62FABE793B471A899
                                                                                                                                                                                                  SHA-256:D26051598920E9296549269C0265BB018FCE39357765326D075E67B18E08A92C
                                                                                                                                                                                                  SHA-512:EC2934FD6CEB4EF8C6539C95F909EBEC867E96582724F714BC6A6334F63E06C56A00622C814AA3E61A414D6D055EF1FA1836BA3CC1DDC37B8B1AD6461D906E3B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......[..............l.......8...........T............R...............C...........E..............................................................................eJ......lF......Lw......................T.......`.....{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER64B2.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6790
                                                                                                                                                                                                  Entropy (8bit):3.713523024150406
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:RSIU6o7wVetb8vbsSiYZnvAvInJik5aMQUB89bJ+DY1fwjm:R6l7wVeJ8zs3YZnogdpDB89bJ+cfwjm
                                                                                                                                                                                                  MD5:F287C44EE8140AEFC188E340B2F2406C
                                                                                                                                                                                                  SHA1:2D86D7EFBBA4F150EA2611C91952BC1E1C038424
                                                                                                                                                                                                  SHA-256:7587AFC111961C7F1C3462A1DB263C53CE5BEC14FD361CBA6F79C3A2DE648B22
                                                                                                                                                                                                  SHA-512:A3E5CEB165A037D8AC8F24E99D5B745A0C3718657E6DD168307A4B240F81A3D105938E0A4330B96D5587293618FC2BCB5F7C086DE70E1D029225AADFDDD56B3F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.1.2.0.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER64D2.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.455956794388603
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsWJg771I9SNWpW8VYgYm8M4JIAPFh+yq8vrAxXUMfK6NFe1d:uIjfsI7h87VYJOWIUGNFUd
                                                                                                                                                                                                  MD5:BB8509B1F416FB8F43419C05E8A92FEE
                                                                                                                                                                                                  SHA1:C22957CCEF290F9177E0B6BB6C9AC593E4DAD3DC
                                                                                                                                                                                                  SHA-256:956BA788D303430449729B0A466CB3D558C5C0317DB647C41094AEC601A0083F
                                                                                                                                                                                                  SHA-512:5DE6787FFD218DC0A04E4D00233BF9891114372234F80AF02319A6EB804B05C52C2ABB6420F6CF93A5898BB0C6FE4F31737D99FC46BF46679652625574331891
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664022" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER64E1.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):81798
                                                                                                                                                                                                  Entropy (8bit):3.0845340323194494
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:7Mf+g4qiW0Icp8pKllMoyZTrfgM/B+I+e+PpG:7Mf+g4qiW0Icp8pKllMoyZTrf5/B+I+8
                                                                                                                                                                                                  MD5:F6AF5DF92D41D87A92B1FD3E9F7C1A96
                                                                                                                                                                                                  SHA1:35127AF56F5BCA9FE3BC5280AE64B7980366FF2F
                                                                                                                                                                                                  SHA-256:AD9A6A19833688C28172A71B0A7620DC67F701A2A35D5CC7F1CE87C874050446
                                                                                                                                                                                                  SHA-512:FF689E2BE28CA0A5521C5B1AC59D2D7191F6E4EEE038D5F7EDAFAFE8EC3565B01A5556F19988E4FD30811A50AB730B4F4013906299101F72E737F308F6891319
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER6521.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.6847120912673117
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWdjnudgtv/QyY1YoWgiIHQYEZiVstris3Pb11wlviTkazlFMd5F4Ihy3:2ZDdiyyhVVSKbazlFMd5Ffhy3
                                                                                                                                                                                                  MD5:EB3167CA331801DA143861BD9544D81A
                                                                                                                                                                                                  SHA1:470C55CD1425F20CAA046C51CCE2C881E3032EE3
                                                                                                                                                                                                  SHA-256:1279EBD34EE3570EC519069E170FF0D2C9727AA6CDB34D0B57AA7F86067D759E
                                                                                                                                                                                                  SHA-512:0707DDC35786F7BA2A08655886B87C72738B9991ACDE0F22955D63523960BDD182D511BA94ECA2CCCA245A40806D897C7CED85544F6CA9A9C1ED8BFA00F07FB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C99.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 12:00:53 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):591104
                                                                                                                                                                                                  Entropy (8bit):3.313764663536239
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:xvJzo5y4mgl9AwQ+xyZBdYWcSsRT1dPrgYgJJTNoeA90a1CCqtRnxavaZlX3+vlI:xvZBzglOawxmjjgBJnI04qTnwcX3Qu
                                                                                                                                                                                                  MD5:AD75D7D3C7223D909D06D9495E0F4C1D
                                                                                                                                                                                                  SHA1:0C924F962EC9337E5EAE58B530380CEAAD8BA57F
                                                                                                                                                                                                  SHA-256:FDCD74C3C85AE0491A30F8B3361E823CD4F47C97C9B3D3C536F4504F18DF1DF9
                                                                                                                                                                                                  SHA-512:2E5374A81ABEFE58E0B41078C070261CA04A7F8E1D77687BCFF75893DAC0CF04F49217C382B39E0BF65C0D2481B2D11211D7861DD56A49AB73FD35FB943450FB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......[..............l.......8...........T............R.. ............C...........E..............................................................................eJ......lF......Lw......................T.............{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E11.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6786
                                                                                                                                                                                                  Entropy (8bit):3.7119536701967926
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:RSIU6o7wVetbBvbFyMBYZnvAvInJik5aMQUB89bFeDDkfD3m:R6l7wVeJBzF9YZnogdpDB89bFe0fD3m
                                                                                                                                                                                                  MD5:30640A859B9EEE8F960728B9FAFF5D49
                                                                                                                                                                                                  SHA1:DF230897E7C5815C5C0F611578BAFC412EA21BFA
                                                                                                                                                                                                  SHA-256:B5304C186603DC6BA22A0FEC224A5E42CDE2E60E2B30A6794AE8FFE382BD2032
                                                                                                                                                                                                  SHA-512:C3BF2E1EF939B8E89FB86B4CE8BCF6200E7A4FC1E680BE45794E542E28FE9073856BB933803473B774AD69C4ED620C94085C67D4299F8D1B75E727BFEBBB3C5E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.0.4.0.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E50.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.456239458669372
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsNJg771I9SNWpW8VYlYm8M4JIAPFGPyq8vrAOUUMfK6NFKed:uIjfnI7h87V1JkPW+UGNFKed
                                                                                                                                                                                                  MD5:6982712F6AD0D6285D7BEDD6CEB46D2D
                                                                                                                                                                                                  SHA1:1BC2329DC5CB424973E4B840C2C5C31EFC79F45A
                                                                                                                                                                                                  SHA-256:6E02C2A712894E016940A52C624BA475196CB845DFAD72C35AE7E969A2B3F885
                                                                                                                                                                                                  SHA-512:0C5EB31BF097AC54593BAAB80E3FB6C7ACDCDC1EE86A0BB19DFFE064A938FC8971C38713D428B4DD94D3BF05B14148831F6467BDE44D863B143BB46D870B7921
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664023" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E6C.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80532
                                                                                                                                                                                                  Entropy (8bit):3.083938165659133
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:QSicSPDricqZKcI1gmm49240Ygd4+s+nSp+2+7B+1+D+PwT+m+P+xjt:QSicSPDricqZKcI1gmm49240dd4+s+nL
                                                                                                                                                                                                  MD5:E1BD9F93E0685559D3089A37536B770D
                                                                                                                                                                                                  SHA1:07570972D85F54DFDD7DC24EDE4DEB0E723C0025
                                                                                                                                                                                                  SHA-256:EC4A582EE64CE0A289191CDBFFB4302C5283DF741C40102DE91832347E7A468E
                                                                                                                                                                                                  SHA-512:F8D983A624F747B742D5809C3F2C15843F8D96218F56B395454893C32E504A6B848129F43E957FF80747A8D5A5AC62A14874749B545ABE8CF04BB6F2B93C2B5F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7EBB.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.6850066875008536
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWgtmhMyLY0YFWBHlUYEZGW2atri6ERKf1w/7SToaPlGiMv7oJIvy3:2ZDgtsDTsMnaPlGiMv7o2vy3
                                                                                                                                                                                                  MD5:D32A6593D23BE41CF455A47D8117CAE5
                                                                                                                                                                                                  SHA1:573D9B84318322EEC04D8B05532A60ED541BA3DF
                                                                                                                                                                                                  SHA-256:A7F101813F585820CD460926F42328C477C14F1A3F42B7BD061AEBB7C31ABF71
                                                                                                                                                                                                  SHA-512:898A022FE6D36D9427FD1EDFEEA8E7DB4AB12C7D970E46043457BB6A4985F0A53B23E47FDFE6059F989E5D893B03EAAEF5CFC3EA249BABBC627AA72AF5D9EF9E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER92FF.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 12:00:58 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):587456
                                                                                                                                                                                                  Entropy (8bit):3.339200306065447
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:jQaVdT1la9Ch+4zzh4RNbdZcS6RVddPXSblBlwh1CCqKvaqPg3+vmm8wy:jQcl1la/Cz+0dKbNwBqyXg3Qg
                                                                                                                                                                                                  MD5:66DC91D77352ED82D57E59DE55109A51
                                                                                                                                                                                                  SHA1:D0C7E4459A3BAC92CADFAC4E7A8DB1381A603458
                                                                                                                                                                                                  SHA-256:0C98F6C7FBF99DF00B975A0B3DE0B0A9B684FE1180E965207C6352917280585B
                                                                                                                                                                                                  SHA-512:397C34CCEFE3807A9D6B5C1AE657CBEFC99DDC296C985A37593B938E5CBA2027231A089CEEFF49978D8408E28025512C871C1044F2D51A7C3B7AE58ECF717D4C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......[..............l.......8...........T............R..............C...........E..............................................................................eJ......lF......Lw......................T.............{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9429.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6790
                                                                                                                                                                                                  Entropy (8bit):3.713318416163275
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:RSIU6o7wVetb1vbmCYZnvAvInJik5aMQUB89b2DDY1fBym:R6l7wVeJ1zmCYZnogdpDB89b2DcfBym
                                                                                                                                                                                                  MD5:4758CC7252079109AA411CD668CF2E49
                                                                                                                                                                                                  SHA1:652161FACA05945B70E0904D51CA1256C97678BC
                                                                                                                                                                                                  SHA-256:8DAF47EFAFE77D5AC1519EB614F365BD4076196E7E1D716EC4601D5D0ED2FF2B
                                                                                                                                                                                                  SHA-512:C32AAA95A8BB09420EFA5144BC56A08BA5E79CA6C541C4F546D24090125F80528D214D477F646F8B0DFE5EFC7808BDB0FF1DF74DB958120EFF5DEE735FBFC51B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.1.2.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9449.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.458325466857106
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsNJg771I9SNWpW8VYZYm8M4JIAPFdyq8vrANJUMfK6NFmd:uIjfnI7h87VFJ7W+UGNFmd
                                                                                                                                                                                                  MD5:DEC841CB93588B6E31B0BD2858942149
                                                                                                                                                                                                  SHA1:27A1823F2C201EE9EE108405B6417E13EAC7B4CE
                                                                                                                                                                                                  SHA-256:F89C3E2D95D08F78E8BC135E7E293C09D6FDEBF09267BB67A46AF5033BA3E270
                                                                                                                                                                                                  SHA-512:2AA28A28A5BF21118739E8D0D593A39992B601E43ED297DB82658587F00542FD51E136A6AEAFE22311211E0985334625F4057FBB3CD83092DD5DCCA88CDAB7E3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664023" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9477.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80530
                                                                                                                                                                                                  Entropy (8bit):3.0845074979338705
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:fnVNnqvkvivYKMHO4ks5m4aBxKLMid4+s+nSp+2+7B+1+D+PwT+m+P+dJ:fnVNnqvkvivYKMHO4ks5m4aBxKLjd4+9
                                                                                                                                                                                                  MD5:9494E6604FFBDE6F4C8C059943B4EFC6
                                                                                                                                                                                                  SHA1:09859CD66C8C0FCF1A416B2F02799C199A5D1E37
                                                                                                                                                                                                  SHA-256:9196D2D34C2A71D22632EA743A17804C0D2BA3F9ECFCEC3F410E243D4BE47DC7
                                                                                                                                                                                                  SHA-512:676CE328FCB1993886095EA7623C9F5BADFF88EB269AB861DF01AE10519B0D7833B6EC046F08FF0751255F278201C537A93E0F05C382C1EF95BB52E83CF52EFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER94A6.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.6851522358973807
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWO6+sBR5YTEYbMW2H2YEZyltriaEFKk1wxR4aPlFHMUHo6ILy3:2ZDHfHou+aPltMUHotLy3
                                                                                                                                                                                                  MD5:FAF92AFFE02655995170E676E9F3EFE9
                                                                                                                                                                                                  SHA1:5714234EC3377C3C965B2250443940A232B762AE
                                                                                                                                                                                                  SHA-256:22BFA373C2F95471FA951C4CFE0EC435FB30EBA130F76FEE0300E4F5FC071A17
                                                                                                                                                                                                  SHA-512:F46BA94FFF4B1DFE7B2B33F4FFC5D5C9AB31B81BF310B990DC398D299794C6733F90C5CD04626071DCCCAF38BB474F6E8C02DC781DD0DE7687DB8B7AD974B1F6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA02.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 12:00:07 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):592288
                                                                                                                                                                                                  Entropy (8bit):3.305330482752308
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:vgwVFFJr/J4BQQkZ4PRqjDtHi8ccSWdPGY1nRUp3Lw1CCqSvaRpPX3+vEO51:vJVFHrx4gZw78IquMniJuq66X3QF
                                                                                                                                                                                                  MD5:8039ADAB99B93C0B5C40DA3483E987E2
                                                                                                                                                                                                  SHA1:CE8F87DF8A5CC08471D9E30DCC0B15C7AF129793
                                                                                                                                                                                                  SHA-256:5DE1E5A8D3E57C048EF46D6764E1456A70F959913AD2071E157DE5003BBC6392
                                                                                                                                                                                                  SHA-512:6EA6091E5D34BDBA626F21FAD35F375C06DA90EDD2A5BA08B8915D46BD948D38E6B13F34E69759FE22C07E003ACDEA6B57450D61FC2AFA199C6BCE6F93DD0BB9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......[..............l.......8...........T............R...............C...........E..............................................................................eJ......lF......Lw......................T.............{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB2C.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6786
                                                                                                                                                                                                  Entropy (8bit):3.712862116022522
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ8zIUQYZnogdpDB89bubl0f3ojm:R6lXJ8cUQYpogGubmf46
                                                                                                                                                                                                  MD5:FB65A19969BE5AF82D7EC3E9504B5235
                                                                                                                                                                                                  SHA1:ABAC50FB6CAC438B605E908D7C6C62D6A09FC0C5
                                                                                                                                                                                                  SHA-256:13F07184B919A8B4DA738FB8B3FFB136129F241A3BAD984A4F6D377DDC8CC5CF
                                                                                                                                                                                                  SHA-512:7F331D2C111F0DFD15578DC1E10264B1128D8EACE972D8EB553A567B9AD085499D14F0D40E3B639C6B7094039B78F7F1F6EE8796771CC8EC62338B6BD64CAD5E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.5.2.4.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB4C.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.459702582753714
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsWJg771I9SNWpW8VYXYm8M4JIAPFY6yq8vrAWUMfK6NFPd:uIjfsI7h87V/JxWLUGNFPd
                                                                                                                                                                                                  MD5:5C8365A2D10A413216FDDDFA587F837F
                                                                                                                                                                                                  SHA1:4EFC3BCDD372B788B14DBFB2FF8078F8146991D2
                                                                                                                                                                                                  SHA-256:1472A72FC66732AA9D6E584362D9BA1A991318D660D6DDEBA8119DEEC2ED2DA9
                                                                                                                                                                                                  SHA-512:3EA7ACB7A1F209FACEA5BFC3B392C2317F2981451A97F3A46A99329D6DE2E089EC9E63FC7361BAA4C173033FFEAC3D663DCC5D00623A8C3CBE37FC37FB3BE716
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664022" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB6D.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):81342
                                                                                                                                                                                                  Entropy (8bit):3.0840147554711033
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:YAxkZleTFQvyqNwylsYPSv5ZJ6m8iSd4+s+nSp+2+7B+1+D+PwT+m+P+IrtRI:YAxkZleTFQvyqNwylsYPSv5ZJ6m8xd4Y
                                                                                                                                                                                                  MD5:C5A78BE079283D7C496B129A3E69CE04
                                                                                                                                                                                                  SHA1:A86C713CB4516165625476DD70A1803A8DDFCAB6
                                                                                                                                                                                                  SHA-256:DCECFDC7BB2D3A3C2935E9ADAF65D8C2B4825C904D1F7FB8BA5B4D7916CC0B19
                                                                                                                                                                                                  SHA-512:7A16A8B4E65E86260513C86D4996FF310D777184E08913A9F5773D0929B28D8E466A16BF6CF233C2258AA1BBFC6B945E3EC222745B82FF68316AFCECC8919E71
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERCBAD.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.6848710974904475
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWJbqjvdYaNYLfWWiqHsYEZV3tri23cKR1wSUe8ja9l8Ma5RIry3:2ZD2dNEREJA5ja9l8Ma5Ory3
                                                                                                                                                                                                  MD5:C364DD98CBE37803013EFF125DA2265B
                                                                                                                                                                                                  SHA1:BACC48D1133D2E5E4AEEA44387D03857A3F7BDF0
                                                                                                                                                                                                  SHA-256:90075597B0572F393A9AD8B2AC488A76105FBAFC3739801B3E12AD8C67D3A54F
                                                                                                                                                                                                  SHA-512:57B5555523841BBA4F591C9B7A9E79C1293F72649F11D5A3140418CC6722F99D1A8198CA5B1C3D611690C927812F4D7369A595844C38CDD74E754193398E8474
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD590.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 11:59:04 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):589428
                                                                                                                                                                                                  Entropy (8bit):3.325571224571607
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:OGHB6CiS4PZDy92El5tw52hzqOkABK3QH:O2B6C4RDy9bTtWuzqOQQH
                                                                                                                                                                                                  MD5:DA12C12053EAEE594C2C38F7B7C3CA7F
                                                                                                                                                                                                  SHA1:EFA1695FDD257EE4CC81F7CFD2AA28E5E8D6469E
                                                                                                                                                                                                  SHA-256:EEA7BD84B82EE0CF0E603AAAD382AAABFE9710EEBDCD873A46B4BA138B890612
                                                                                                                                                                                                  SHA-512:6CCFCD3B65A773B1409D132C4505F7E7BAE62757F79726B8A03D8F8A7A86D96745D707F6AA080C7CAD77BC0BE6C8C84FF0F779F97D23712B7B22676EB3CD5684
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(......4\..............l.......8...........T............R..............`D..........LF..............................................................................eJ.......F......Lw......................T.............{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD746.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6788
                                                                                                                                                                                                  Entropy (8bit):3.71244210767357
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJRzI0d+YZnogdpDB89bpv1fuZDm:R6lXJRcnYpogGptfuA
                                                                                                                                                                                                  MD5:C7528B7DCBFC1DC0C92E2619D04B03C1
                                                                                                                                                                                                  SHA1:F00C0A0CA15FD24DA4B1C4FE5EA573E058F181CA
                                                                                                                                                                                                  SHA-256:294FAF1234C15B80C8C302858BB785CBD3DA5A7974814296D06F84A0C433434C
                                                                                                                                                                                                  SHA-512:8E30EF765294DC5F50466B267EE1DEC634F099FA35A4D7BA90C6343629A232FE406935A483E43078DF0279D06E41FFAAF86A877289BF63EF8298AEAE4F5553EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.1.6.<./.P.i.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD796.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.459575638054052
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsrJg771I9SNWpW8VYcYm8M4JIAPFqyq8vrAnoUMfK6NFed:uIjfFI7h87V8J4WUoUGNFed
                                                                                                                                                                                                  MD5:59D007752EEE2F9279C99AE3F7991B1B
                                                                                                                                                                                                  SHA1:C0DBF4CF74CC245D21C18E764105989B5FA449C1
                                                                                                                                                                                                  SHA-256:7E3884C5ECB5E82C83F2F1097733F5DF93AD7A44BE8470BA49B9060A717C3511
                                                                                                                                                                                                  SHA-512:CBC3EDDE463AC93FE1CA76FE913EE2D0F057D903208120849B5A05B4AAE6FE849180DE45A36F57DB43CDA6B08351576703138EFF8E6B5BB07C0B0ED1B1125BF2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664021" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD7A3.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):82074
                                                                                                                                                                                                  Entropy (8bit):3.0830823441493536
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:aT3QHQ4PXUcWzSFmwTV1RGSOn+B26rUMJ//E7vJrS/sOoK4yr/QILR:aTAHQ4/dWuFmE5OuNrFJ/M5S54Q/LR
                                                                                                                                                                                                  MD5:49CFC15C5867B4421B9E741B438980DF
                                                                                                                                                                                                  SHA1:CB8D153BFA5EDD662DE3E79A4ABAFD95A58DA5EA
                                                                                                                                                                                                  SHA-256:1BBE427D470DE33904DA315DF96F80197BD9263FFF30629FB206589BE4C80576
                                                                                                                                                                                                  SHA-512:D1217DD4D9AF6909AB0373CF626D15E0126A3F4E771029E2E07CA81A046039DD58E7CB8564DD752F123BDA9D50452A33EC3E50C181429FBDD9094CACDE8D548B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD7F2.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.6843524826524088
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWUF1OM/yYoY7WEHpYEZf7t8i1LNbjt6wA7qtMraqclDMs5qIfy3:2ZDT/OFO71raqclDMs5dfy3
                                                                                                                                                                                                  MD5:3C89359457333BBE59513C5B0A24D7A8
                                                                                                                                                                                                  SHA1:A6C19370F324986E49DFB2E5D38115AAC8D4B301
                                                                                                                                                                                                  SHA-256:0C45AAB0B29F695F40043D5A331170FE626D0A0CE6BE57E29667D491131931E5
                                                                                                                                                                                                  SHA-512:5224C1C7A686240CD523D077EAD0FC8CE4D00C0E3E0FCC5818D2DF26B1C030DFE650939E7B586FBDFF100837623661387D16C846279E092A19EE7B70D38AF7DE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA3A.tmp.dmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:Mini DuMP crash report, 16 streams, Mon Jan 6 12:00:19 2025, 0x1205a4 type
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):591472
                                                                                                                                                                                                  Entropy (8bit):3.310752307975137
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:6nG24pSqEp4Ogl94LN3RtRZrdkcSmdPo9ylapc+4sLO021CCqQHvaLUzg3+vr0Q9:QG24pynglGR5Y6g4l2c+ZO08qsFg3Qrf
                                                                                                                                                                                                  MD5:06B6AD094230AEACEE89A12AB64F275C
                                                                                                                                                                                                  SHA1:0073EBCE0A017FD3994503CC6276DA301A88BA83
                                                                                                                                                                                                  SHA-256:A6268EC4F8B6CEE129BA0D11EB76D955B6B58F86A63DAECE3EB39CACCCB4E0CC
                                                                                                                                                                                                  SHA-512:EA6CFC9FCC1F96A592A2F21C28F15DF682BB1958E71D87BE49CF606EC413F53658BC349DC3EC2ECEC8DCE998BF69DE39DC40AA5F3ECE39D20423D66A7FC8AF5A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MDMP..a..... .........{g............................$.......<....(..........X(.......[..............l.......8...........T............R...............C...........E..............................................................................eJ......lF......Lw......................T.............{g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB54.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6782
                                                                                                                                                                                                  Entropy (8bit):3.712182709272625
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:RSIU6o7wVetb/vbkkFYZnvAvInJik5aMQUB89b7DDDkft1Jm:R6l7wVeJ/zkeYZnogdpDB89b7D0fnJm
                                                                                                                                                                                                  MD5:E3A169C7AC812D24BB5F66DD937D52B0
                                                                                                                                                                                                  SHA1:E2B85D6B0432ECAB5A835A41EC1B6D444C1C06DB
                                                                                                                                                                                                  SHA-256:37B8984A56AFBD9A6CD885F4C1D149495160D1CFF43654BDB5B5E6B203C60BFF
                                                                                                                                                                                                  SHA-512:C40CE4A0DF030477B1EAFCFDF955EF605D1CF0DB6301B79C7053A3ECC7A1B4D998A0BC8514E1E54FFAEE63F8F57A729C58B35E8B73F19FAF4C6A558EA70D6936
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.8.<./.P.i.d.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB74.tmp.xml

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4841
                                                                                                                                                                                                  Entropy (8bit):4.4563079705652235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsNJg771I9SNWpW8VYqYm8M4JIAPFlyq8vrAtUMfK6NF0d:uIjfnI7h87ViJfWkUGNF0d
                                                                                                                                                                                                  MD5:4951792C7F21CED9DAC103403B2DBA1B
                                                                                                                                                                                                  SHA1:1EB01D42E7E1FEA860CD8A15F7D22A94A46AF927
                                                                                                                                                                                                  SHA-256:6509FA021BA84705CE6ACBB2D50DA5023E471F73333369C63604D1108B701F00
                                                                                                                                                                                                  SHA-512:281845659F95D4694FA030626D795428FC55557BA59B4941828F453C73110EE95A2F8D679AD0F8DC46B6A4D4B9B01FE3A5D2A2C921BC0059E9FFC91C1077608C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="664023" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB98.tmp.csv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80482
                                                                                                                                                                                                  Entropy (8bit):3.0843312440198685
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:rbAqMjB0gX8pMRdYK5uQmVjSd4+s+nSp+2+7B+1+D+PwT+m+P+4N:rbAqMjB0gX8pMRdYK5uQmVud4+s+nSp9
                                                                                                                                                                                                  MD5:1036CB40B022F278C598DBBB67B4997E
                                                                                                                                                                                                  SHA1:BBFECED28B72E299A76D6145CB9F6090D4DBCB23
                                                                                                                                                                                                  SHA-256:66FC247C8F1E640F02F4E4905A6F7CA0313AAEEB4877B0B199A394A7472B3499
                                                                                                                                                                                                  SHA-512:E4588ED4C18081FD8EFCF226DF06D7E31A19225B0FCA2F607D32214A0B46870313B975643BB3F0393FE723F105856C4F1B34388C96499C2619A3E389C20941CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBE7.tmp.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                  Entropy (8bit):2.6851285303333836
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TiZYWNnbbvyKYNYOW80KHxYEZT0triwB3uK01wm5RyQbascl3IMW5wIoQy3:2ZDkKab0iPZLba3l3IMW5HoQy3
                                                                                                                                                                                                  MD5:8D0F73A53AB5E13AEFA464CCF75CEDE2
                                                                                                                                                                                                  SHA1:67B70CAF219609BCA3BC82A551E2CC8C3D2BC288
                                                                                                                                                                                                  SHA-256:AA0EC183B081A7254CC1C2FFD124138D0B6D51C85EF4D15079C579807B79AD68
                                                                                                                                                                                                  SHA-512:BEF9CB6A943DB35383362FFDC0CE6E2CE67FA8E17C4F6711774A27C2433B384666D631C6BD3F4D0AB4B68932077C38A7D672DC552E910C6B70D5B3507F8785B0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIcc025.LOG

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):288
                                                                                                                                                                                                  Entropy (8bit):3.2606384265535264
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:Qgl5lK3RZaoN+aRCHmxOfWwE3D8Ky/WsWx6aldwE3D+JBtOv:Qw5mRZ9RCGxeWwi2WloagiylOv
                                                                                                                                                                                                  MD5:11E717ADDE0F01722AE14D0075CF6765
                                                                                                                                                                                                  SHA1:821B1DEBA608A25D21C275C5AE7C1AA58F2D9493
                                                                                                                                                                                                  SHA-256:F7A9429BA77221899FE20AE9FE3457B34059151C4B3DDCA3D91FD29A3515302B
                                                                                                                                                                                                  SHA-512:84104B3E50FE01A662EB2D037E2EE10D1D5F34D9EE9CA0321C6F5BA67E12BD4371AC706F2C410862ECC6DC4A409C7B3EDC9D58483A0867E06B0CA89263C62DAE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..E.r.r.o.r. .1.9.2.0... .S.e.r.v.i.c.e. .'.B.l.u.e.t.r.a.i.t. .A.g.e.n.t.'. .(.B.l.u.e.t.r.a.i.t.A.g.e.n.t.). .f.a.i.l.e.d. .t.o. .s.t.a.r.t... . .V.e.r.i.f.y. .t.h.a.t. .y.o.u. .h.a.v.e. .s.u.f.f.i.c.i.e.n.t. .p.r.i.v.i.l.e.g.e.s. .t.o. .s.t.a.r.t. .s.y.s.t.e.m. .s.e.r.v.i.c.e.s.......

                                                                                                                                                                                                  C:\Windows\Installer\5cc043.msi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Bluetrait Agent, Author: Dalegroup Pty Ltd, Keywords: Installer, Comments: This installer database contains the logic and data required to install Bluetrait Agent., Template: Intel;1033, Revision Number: {063EFE97-9DBC-401F-8E25-6CBF58403238}, Create Time/Date: Mon Nov 25 22:43:06 2024, Last Saved Time/Date: Mon Nov 25 22:43:06 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3723264
                                                                                                                                                                                                  Entropy (8bit):7.974596775981027
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:cAy4RjMoVIDOW/mBbvWpsc6s7kYogbsW:c/4i4ICWeJW2ykY9bs
                                                                                                                                                                                                  MD5:6950B88D73F7A680167E46AD2CBFD6E0
                                                                                                                                                                                                  SHA1:429DDBF500A4CFF3BFD7D92C4ACBB97041E77F9C
                                                                                                                                                                                                  SHA-256:6FD94D7C31B11FCD1A581D521FAA61482D7543218FE33119B889F206EA11D334
                                                                                                                                                                                                  SHA-512:4802E4F5B7CA43463C75E5B51F0E97A7D4D6D1975D93AF8E82942A286E8F41216BE70B53382CAB50822154869F8D81DD5EE4DC97408602780AF8812A7EFBABB1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Installer\MSIC1BA.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):657482
                                                                                                                                                                                                  Entropy (8bit):6.646874494415562
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:Vt3jOZy2KsGU6a4KsVt3jOZy2KsGU6a4KsCt3jOZy2KsGU6a4KsG:7zOE2Z34KUzOE2Z34KvzOE2Z34KN
                                                                                                                                                                                                  MD5:EDB1EB284CB5D86DB1F80D6A970EB970
                                                                                                                                                                                                  SHA1:D682F2A30F4FD4400B11BF5B2A0458042FF1DF3A
                                                                                                                                                                                                  SHA-256:80F81153F9DAC851CC8CC69F3F326C6E39EEEE6FC461E18461714D7C93D1E993
                                                                                                                                                                                                  SHA-512:1DAC7DB0FF969909A0392AB14A8118B6261861068B660E296845AEFE40773E1C723BB9F10EA86ED990E0E691993FECDD17461DFCAD40BD338362ED482196DB7C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...@IXOS.@.....@`7&Z.@.....@.....@.....@.....@.....@......&.{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}..Bluetrait Agent..Agent381.msi.@.....@.....@.....@........&.{063EFE97-9DBC-401F-8E25-6CBF58403238}.....@.....@.....@.....@.......@.....@.....@.......@......Bluetrait Agent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{5ABD732D-42E2-53B2-BBCF-CCB407241594}>.C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe.@.......@.....@.....@......&.{EFAD1480-2B0D-5ECE-B9D8-17C2D4994CE5}:.C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.dll.@.......@.....@.....@......&.{32B05DD9-D6A3-5BAF-8801-E7C99C28FA24}:.C:\Program Files (x86)\Bluetrait Agent\Newtonsoft.Json.xml.@.......@.....@.....@......&.{EC0E2A98-E873-584E-A0F8-9FF7A28A3E41}4.C:\Program Files (x86)\Bluetrait Agent\defaults.json.@.......@.....@.....@......&.{0F78D1CE-B5F2-53D1-91A1-55281F4

                                                                                                                                                                                                  C:\Windows\Installer\MSIC1CA.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Installer\MSIC297.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Installer\MSIC2F5.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Installer\MSIC846.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{B72D4FA1-F4B6-4960-A2B0-EAA69E014575}

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                  Entropy (8bit):0.7686314776507468
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:JSbX72FjiAGiLIlHVRpfh/7777777777777777777777777vDHFEX3tpwl0i8Q:JsQI5bK1F
                                                                                                                                                                                                  MD5:0F78B5675E668485ECB28FE50BCC0EE3
                                                                                                                                                                                                  SHA1:3BD1BFC072F91E2021EE6DEBA71890FC3BC04A80
                                                                                                                                                                                                  SHA-256:0E8B8D7411FBFCC4B7F70A82EE85A1D64B25BCF1B46F184832984439C0094CED
                                                                                                                                                                                                  SHA-512:341EBE5BE5D737DEF882414162E6693241DA0C224BAECD752F82A84387B47D831F5673A3769DAEE1D52E6D9B3346A944AE5B3E8B3316B8DD84B3E0F0BA08826A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                  Entropy (8bit):1.247179666862744
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cJiu6bPveFXJLT5j5l5dQvQdQvEJS5erydQvQdQvEJSIATSSvv:siWzTV5GvtvwZvtvw2vv
                                                                                                                                                                                                  MD5:72A5D4124E6F8B004FB55F8B2A836F34
                                                                                                                                                                                                  SHA1:55A1F8FDA3E15E058D5E8AC2503203EFC647D083
                                                                                                                                                                                                  SHA-256:3076951F5311B61FFA1A8651E416101C2490C8F1780847EBE2C5A8450924CBEA
                                                                                                                                                                                                  SHA-512:4E376558E93E9000BA305EB58580431B95C873A1E95BB417D2F9BF964F70F4AA19382B0D07DA3DF5ACEB59E0DAF9C9E0F41FD2A774B681B3B4CDCA9876E50473
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):364484
                                                                                                                                                                                                  Entropy (8bit):5.365492781103588
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauy:zTtbmkExhMJCIpEp
                                                                                                                                                                                                  MD5:229D993780227DCA68D579E95E135A00
                                                                                                                                                                                                  SHA1:0DEB8D9167B7AEA0F4E0AAD470F6794E400177B2
                                                                                                                                                                                                  SHA-256:D70DFDF083728D8158D16D0150948EDBC649B7A4EE820BD067D98353C0C30932
                                                                                                                                                                                                  SHA-512:B689972B5CD8B67361985CC44DD9DE757267BEE06CDDFE349A2D29E9C9A63588AFA832DF3FA598ABEAFB0F63F373D631B7609CCAFCB3ED4C71870A3E2D3773AA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4761 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4761
                                                                                                                                                                                                  Entropy (8bit):7.945585251880973
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:6ZUpZsm0HwZ8FLSeXs+aiL9qcZ7KtlAD1GlNHgdkVI5F11AcNmwkVFzGz6ENhZC7:62T0QOLl8vAqcZ7K3AUNAdx5FAx9VEOj
                                                                                                                                                                                                  MD5:77B20B5CD41BC6BB475CCA3F91AE6E3C
                                                                                                                                                                                                  SHA1:9E98ACE72BD2AB931341427A856EF4CEA6FAF806
                                                                                                                                                                                                  SHA-256:5511A9B9F9144ED7BDE4CCB074733B7C564D918D2A8B10D391AFC6BE5B3B1509
                                                                                                                                                                                                  SHA-512:3537DA5E7F3ABA3DAFE6A86E9511ABA20B7A3D34F30AEA6CC11FEEF7768BD63C0C85679C49E99C3291BD1B552DED2C6973B6C2F7F6D731BCFACECAB218E72FD4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MSCF............,...................O..................YWP .disallowedcert.stl.lJ..B...CK.wTS.....{.&Uz.I."E".HS@. .P.!.....*E. .DQ..... EDA.H. E..""/.s<.s.9.....&#.{~k.VV..7@......b.R....MdT..B.L..%.C......" ....%.4%..%*.B..T.d...S.....pem..$....&.q.`.+...E..C.....$.|.A.!~d.H>w%S$...QC't..;..<..R@....2. .l..?..c..A....Ew...l..K$.. ~...'......Mt^c..s.Y%..}......h......m....h.......~d...,...=ge3.....2%..(...T..!].....!C~.X..MHU.o[.z].Y...&lXG;uW.:...2!..][\/.G..]6#.I...S..#F.X.k.j.....)Nc.].t^.-l.Y...4?.b...rY....A......7.D.H\.R...s.L,.6.*|.....VQ....<.*.......... [Z....].N0LU.X........6..C\....F.....KbZ..^=.@.B..MyH...%.2.>...]..E.....sZ.f..3z.].Y.t.d$.....P...,. .~..mNZ[PL.<....d..+...l.-...b.^....6F..z.&.;D.._..c."...d..... k9....60?&..Y.v.dgu...{.....{..d=..$......@^..qA..*uJ..@W.V..eC..AV.e+21...N.{.]..]..f]..`Z.....]2.....x..f..K...t. ...e.V.U.$PV..@6W\_nsm.n.........A<.......d....@f..Z... >R..k.....8..Y....E>..2o7..........c..K7n....

                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):340
                                                                                                                                                                                                  Entropy (8bit):3.249149200763665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:kKX+Mq5+7DNfUN+SkQlPlEGYRMY9z+s3Ql2DUeXJlOW1:GuLkPlE99SCQl2DUeXJlOA
                                                                                                                                                                                                  MD5:381C4749D5BB203F24F3B722CE0734F1
                                                                                                                                                                                                  SHA1:009442EAC1153A83D9A11433CBE1D5DE7E272BF3
                                                                                                                                                                                                  SHA-256:F7D715A737D81CA1B538ABEA4677FB7598F6E048FAD25BE51D09B146AC6ABB81
                                                                                                                                                                                                  SHA-512:0B7E4786FFC4A0E29961EADEE875F8F65860AA724CF7C11EA74E521BCA1D17602D8AE58912C0E7333B600D9B5F9B21D8987A649DF98367789F11CAC27F4CD65A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:p...... ........-.Zc2`..(....................................................... ........~..MG......&.....6.........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...

                                                                                                                                                                                                  C:\Windows\Temp\~DF2B06BCEA7C5E345B.TMP

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                  Entropy (8bit):0.07064174330854785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO82dV0oYXZt4Vky6lw:2F0i8n0itFzDHFEX/w
                                                                                                                                                                                                  MD5:68AD4B4F528ED5D2CFAAE49B19DACA83
                                                                                                                                                                                                  SHA1:988B04B64302F62C76A33A7E8734DFDF215E23F0
                                                                                                                                                                                                  SHA-256:0748E075A7D77D82D33A8DFCDAC9D5967E2A78F722A5E7BFF75987049000EFB1
                                                                                                                                                                                                  SHA-512:55D8261660BDFA185CB803C2A88FEBB1E38C16542B86880D4B712619783EFBDD3AC2283694F834ECB1120DBCDE611DDA5143E3E28B8C08B0F2444F62D9F0C21B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Temp\~DF62B912DDC28C5FED.TMP

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                  Entropy (8bit):0.12165700032998816
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:2cvFATSJdQvQdQvEJScdQvQdQvEJS5ernJi:2cvuvtvwqvtvwPi
                                                                                                                                                                                                  MD5:3D084D691E5DA148C188F3825B069234
                                                                                                                                                                                                  SHA1:54967031731A61CF7BCD3D775AF3E1F63373A12D
                                                                                                                                                                                                  SHA-256:06CCDA88F59A591B24926ACF58EF93E900FA897C58550D2CF54D7297803A0593
                                                                                                                                                                                                  SHA-512:82E626289208ED2E68C7663A9D404A1B244A89FC2DBE76D5A06C78440909CEC021A57D979A9D9760EF98DBC7BAF8982F8B2AB3EE788C6D401B0338F7191D318D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Temp\~DFCBF3352E166C01ED.TMP

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\Temp\~DFE4F3F41BB660034C.TMP

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                  Entropy (8bit):1.247179666862744
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cJiu6bPveFXJLT5j5l5dQvQdQvEJS5erydQvQdQvEJSIATSSvv:siWzTV5GvtvwZvtvw2vv
                                                                                                                                                                                                  MD5:72A5D4124E6F8B004FB55F8B2A836F34
                                                                                                                                                                                                  SHA1:55A1F8FDA3E15E058D5E8AC2503203EFC647D083
                                                                                                                                                                                                  SHA-256:3076951F5311B61FFA1A8651E416101C2490C8F1780847EBE2C5A8450924CBEA
                                                                                                                                                                                                  SHA-512:4E376558E93E9000BA305EB58580431B95C873A1E95BB417D2F9BF964F70F4AA19382B0D07DA3DF5ACEB59E0DAF9C9E0F41FD2A774B681B3B4CDCA9876E50473
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                  Entropy (8bit):4.421923063858164
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:lSvfpi6ceLP/9skLmb0OThWSPHaJG8nAgeMZMMhA2fX4WABlEnNc0uhiTw:svloThW+EZMM6DFyy03w
                                                                                                                                                                                                  MD5:B598443E873ED6A3AA30F49BBAA59FD7
                                                                                                                                                                                                  SHA1:0AAEF9D4392C0618B97096701D907D6C16638D7B
                                                                                                                                                                                                  SHA-256:E4319D64F047EDBBD3F8DD9A614F11173659F65C450A2ADF33CD3127E74BC6CF
                                                                                                                                                                                                  SHA-512:C10D0BB2FD2FD7C8DBAFC2830C2D058026ED7970EA00E324BA5F98CC0468AD1C3C76623783F9D6CDB6BDE30912FAD494DC5186241B5886462C45B8B7C232D444
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:regfF...F....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.:.a2`.................................................................................................................................................................................................................................................................................................................................................U........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Bluetrait Agent, Author: Dalegroup Pty Ltd, Keywords: Installer, Comments: This installer database contains the logic and data required to install Bluetrait Agent., Template: Intel;1033, Revision Number: {063EFE97-9DBC-401F-8E25-6CBF58403238}, Create Time/Date: Mon Nov 25 22:43:06 2024, Last Saved Time/Date: Mon Nov 25 22:43:06 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                  Entropy (8bit):7.974596775981027
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                  • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                  File name:Agent381.msi
                                                                                                                                                                                                  File size:3'723'264 bytes
                                                                                                                                                                                                  MD5:6950b88d73f7a680167e46ad2cbfd6e0
                                                                                                                                                                                                  SHA1:429ddbf500a4cff3bfd7d92c4acbb97041e77f9c
                                                                                                                                                                                                  SHA256:6fd94d7c31b11fcd1a581d521faa61482d7543218fe33119b889f206ea11d334
                                                                                                                                                                                                  SHA512:4802e4f5b7ca43463c75e5b51f0e97a7d4d6d1975d93af8e82942a286e8f41216be70b53382cab50822154869f8d81dd5ee4dc97408602780af8812a7efbabb1
                                                                                                                                                                                                  SSDEEP:98304:cAy4RjMoVIDOW/mBbvWpsc6s7kYogbsW:c/4i4ICWeJW2ykY9bs
                                                                                                                                                                                                  TLSH:9A0633237191807EDAE91431893DD6226F3D7D680BB8C8DD83857A2D2DB00C57777BAA
                                                                                                                                                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.724910975 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.724931002 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.729062080 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.742944002 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.742954016 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.208686113 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.208873987 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.212805986 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.212811947 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.213016987 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.261190891 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.303339958 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.426368952 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.439438105 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.439445019 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.537162066 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.537209988 CET44349706167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.537256002 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.553270102 CET49706443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.567114115 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.567141056 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.567217112 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.567490101 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.567501068 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.030700922 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.030770063 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.082566023 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.082578897 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.082792044 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.084886074 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.131326914 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315321922 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315448999 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315579891 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315603018 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315810919 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315846920 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315905094 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315915108 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.315957069 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.316123009 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.320955038 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.320998907 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.321006060 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.321014881 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.321058035 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.321063995 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.321261883 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.321306944 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.321311951 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.373831987 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403023958 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403158903 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403191090 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403203964 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403225899 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403291941 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403331041 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403539896 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403584003 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403590918 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403631926 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:05.403961897 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:39.950156927 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:39.950185061 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:39.950256109 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:39.954128027 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:39.954144955 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.458559990 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.458766937 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.485774994 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.485790014 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.486031055 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.530122995 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.740921974 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.783334970 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.834989071 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.837146997 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.837157965 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.933501959 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.933554888 CET44349846167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.933621883 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.941330910 CET49846443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.943412066 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.943428040 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.943490028 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.943763018 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:40.943773031 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.415388107 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.415483952 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.417190075 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.417196035 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.417423010 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.418504953 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.459340096 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706326008 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706453085 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706485987 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706520081 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706526041 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706536055 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706583977 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706593990 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706938028 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.706974030 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.707029104 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.707066059 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.707112074 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.707120895 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.707155943 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.707779884 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.711031914 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.711186886 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.711193085 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.764450073 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796051979 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796224117 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796317101 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796324968 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796416998 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796453953 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796468019 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796473980 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796533108 CET44349855188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796576977 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 12:59:41.796915054 CET49855443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:05.768136978 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:05.768189907 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:05.768270969 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:05.772020102 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:05.772034883 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.266915083 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.266999006 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.268385887 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.268400908 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.268646002 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.311332941 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.315221071 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.355343103 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.497629881 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.498106956 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.498137951 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.604881048 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.604974031 CET44349992167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.605038881 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.611217976 CET49992443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.613202095 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.613238096 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.613317013 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.613579988 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:06.613594055 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.069089890 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.069188118 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.070473909 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.070485115 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.070756912 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.071954966 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.119328976 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377033949 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377094030 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377126932 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377150059 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377161026 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377203941 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377211094 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377259970 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377301931 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377311945 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377880096 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377912998 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377929926 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.377938986 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.378026009 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.378031969 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.381721973 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.381774902 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.381782055 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.436357975 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463601112 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463699102 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463737011 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463738918 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463756084 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463792086 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463821888 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463887930 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463927031 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463936090 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463958025 CET44349993188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.463999987 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:07.464345932 CET49993443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.517904043 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.517934084 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.518002987 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.521897078 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.521914005 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.979370117 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.979476929 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.986649990 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.986665010 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:18.986907959 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.032967091 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.379091978 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.419336081 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.473732948 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.476758957 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.476777077 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.573780060 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.573867083 CET44349996167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.573916912 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.592434883 CET49996443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.594733953 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.594774961 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.594841957 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.595141888 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:19.595153093 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.051085949 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.051198959 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.052860975 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.052870989 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.053116083 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.054333925 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.095335960 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346447945 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346488953 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346517086 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346529007 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346538067 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346548080 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346595049 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346602917 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.346646070 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.347029924 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.347080946 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.347110033 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.347136021 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.347142935 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.347187042 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.351126909 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.405075073 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.405096054 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433202982 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433237076 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433264971 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433281898 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433295965 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433326960 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433530092 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433577061 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433602095 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433607101 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433645010 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433650017 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433676004 CET44349997188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.433716059 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:20.434060097 CET49997443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:26.915002108 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:26.915043116 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:26.915128946 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:26.918946981 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:26.918963909 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.072839975 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.072911978 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.074528933 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.074539900 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.074774027 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.123835087 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.211410999 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.259325027 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.307688951 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.308183908 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.308203936 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.407015085 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.407108068 CET44349999167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.407157898 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.415266991 CET49999443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.417373896 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.417412996 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.417479992 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.417814970 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.417831898 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.894593954 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.894699097 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.896054983 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.896061897 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.896327972 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.897555113 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:28.943322897 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297274113 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297308922 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297328949 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297353983 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297377110 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297386885 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297395945 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297431946 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297449112 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297485113 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297574997 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297612906 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297616959 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297624111 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.297656059 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.301779985 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.301851034 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.301882982 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.301903963 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.301911116 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302336931 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302371025 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302387953 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302396059 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302408934 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302432060 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302517891 CET44350000188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302567005 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:29.302880049 CET50000443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:33.742865086 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:33.742902994 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:33.742973089 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:33.748600006 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:33.748609066 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.204327106 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.204458952 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.205923080 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.205926895 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.206162930 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.248832941 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.250813007 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.295331001 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.425787926 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.426332951 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.426345110 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.523080111 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.523175955 CET44350002167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.523241043 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.529160976 CET50002443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.531147003 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.531173944 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.531264067 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.531482935 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:34.531497002 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.012198925 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.012274027 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.014096022 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.014103889 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.014348984 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.015439987 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.059331894 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274046898 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274233103 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274285078 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274296045 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274310112 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274348974 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274353981 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274365902 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274415016 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.274452925 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.275163889 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.275222063 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.275229931 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.278769016 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.278819084 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.278825998 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.278832912 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.278871059 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.278877974 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.326937914 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365381002 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365547895 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365605116 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365612984 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365684986 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365722895 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365726948 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365735054 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365776062 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365782022 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365855932 CET44350003188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.365900040 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:35.366168022 CET50003443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.179826021 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.179842949 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.179935932 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.183785915 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.183795929 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.661637068 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.661773920 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.663470030 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.663475037 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.663813114 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.709489107 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.755321026 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.889550924 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.890094995 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.890101910 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.990789890 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.990880966 CET44350005167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.991309881 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.997167110 CET50005443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.999217987 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.999233961 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.999419928 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.999845028 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:40.999856949 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.474214077 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.474284887 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.475661993 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.475667953 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.475920916 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.476969957 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.523333073 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743330956 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743417978 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743472099 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743489981 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743498087 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743537903 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743551016 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743640900 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743798018 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743808031 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743814945 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743875980 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743922949 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743930101 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.743976116 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.744432926 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.795685053 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.795690060 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833343983 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833389997 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833395958 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833549976 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833589077 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833637953 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833645105 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833697081 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.833976030 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.834060907 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.834110022 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.834115982 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.834127903 CET44350006188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.834167957 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:41.834419012 CET50006443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:51.739995003 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:51.740041971 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:51.740153074 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:51.744141102 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:51.744158030 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.201772928 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.201853037 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.203382015 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.203392982 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.203624964 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.248874903 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.250271082 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.295336962 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.439112902 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.439548969 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.439573050 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.536691904 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.536773920 CET44350008167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.537024975 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.542666912 CET50008443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.544565916 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.544603109 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.544703007 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.544903994 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:52.544914007 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.040618896 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.040695906 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.042047977 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.042061090 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.042285919 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.043473005 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.091330051 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.308927059 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.308974981 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309012890 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309034109 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309032917 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309046030 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309097052 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309106112 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309123993 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309139013 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309165955 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309211969 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309247971 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309253931 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309305906 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.309720039 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.315363884 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.316142082 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.316169024 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.358316898 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.401957989 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402018070 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402106047 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402122974 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402313948 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402344942 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402359962 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402369022 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402462006 CET44350009188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402519941 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:53.402867079 CET50009443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.441432953 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.441479921 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.441551924 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.445204973 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.445219040 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.902271032 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.902484894 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.903894901 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.903904915 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.904153109 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.951961040 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.957406044 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:57.999339104 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.129885912 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.130379915 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.130403996 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.229155064 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.229237080 CET44350011167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.229326010 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.236013889 CET50011443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.237760067 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.237813950 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.237890005 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.238240957 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.238255024 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.697976112 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.698076963 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.699361086 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.699376106 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.699593067 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.700735092 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.747320890 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.967847109 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.967892885 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.967919111 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.967942953 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.967957020 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.967967033 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.967986107 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.968128920 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.968244076 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.968255043 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972373009 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972409010 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972421885 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972433090 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972441912 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972481012 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972487926 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972522974 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:58.972750902 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.014442921 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054552078 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054632902 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054670095 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054699898 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054699898 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054722071 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054750919 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054804087 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054881096 CET44350012188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.054928064 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:00:59.100361109 CET50012443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:02.846709967 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:02.846765041 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:02.846831083 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:02.989413977 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:02.989439011 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.478040934 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.478143930 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.493351936 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.493376970 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.493659019 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.539472103 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.587325096 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.711458921 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.711940050 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.711956024 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.833704948 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.833791971 CET44350014167.99.228.32192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.833882093 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.839536905 CET50014443192.168.2.5167.99.228.32
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.841418982 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.841456890 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.841547966 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.841984034 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:03.841993093 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.328237057 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.328402042 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.329730034 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.329741001 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.329972029 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.330981016 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.375335932 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614012003 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614097118 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614131927 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614165068 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614165068 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614173889 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614212990 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614223003 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614285946 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614660025 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614734888 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614765882 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614808083 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614816904 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.614862919 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.618669987 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.618716955 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.618788958 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.618794918 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.670677900 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706089020 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706279039 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706305027 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706324100 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706331968 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706370115 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706530094 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706651926 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706695080 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706698895 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706722975 CET44350015188.114.96.3192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706759930 CET50015443192.168.2.5188.114.96.3
                                                                                                                                                                                                  Jan 6, 2025 13:01:04.706994057 CET50015443192.168.2.5188.114.96.3

                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.688903093 CET5169553192.168.2.51.1.1.1
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.717058897 CET53516951.1.1.1192.168.2.5
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.555588007 CET6044053192.168.2.51.1.1.1
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.566210032 CET53604401.1.1.1192.168.2.5

                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.688903093 CET192.168.2.51.1.1.10x7dbcStandard query (0)eganarbonne.bluetrait.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.555588007 CET192.168.2.51.1.1.10x65f9Standard query (0)bluetrait.ioA (IP address)IN (0x0001)false

                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                  Jan 6, 2025 12:59:03.717058897 CET1.1.1.1192.168.2.50x7dbcNo error (0)eganarbonne.bluetrait.io167.99.228.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.566210032 CET1.1.1.1192.168.2.50x65f9No error (0)bluetrait.io188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 6, 2025 12:59:04.566210032 CET1.1.1.1192.168.2.50x65f9No error (0)bluetrait.io188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 6, 2025 12:59:07.520117998 CET1.1.1.1192.168.2.50xe602No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 6, 2025 12:59:07.520117998 CET1.1.1.1192.168.2.50xe602No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 6, 2025 13:00:08.490995884 CET1.1.1.1192.168.2.50x5305No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 6, 2025 13:00:08.490995884 CET1.1.1.1192.168.2.50x5305No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                  • eganarbonne.bluetrait.io
                                                                                                                                                                                                  • bluetrait.io

                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.2.549706167.99.228.324436616C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 11:59:04 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 11:59:04 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 11:59:04 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 11:59:04 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 11:59:04 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  1192.168.2.549707188.114.96.34436616C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1024INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 11:59:05 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=nu64gqshbdrsonf2lqmcp0q644; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QlZikVKKmjOu5iqoUcRQA5O4D5M46WeNnuWIoati12SCfN9ESAgsUBw9WWQkDdk3MbGWlziGpqydev3%2Fxp4xUz7ZG2c1CT55S43V3hQ9AbtdTIe0Klzi7wjYI7VDixA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8a391fa08c23-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1936&min_rtt=1928&rtt_var=739&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=708&delivery_rate=1465863&cwnd=227&unsent_bytes=0&cid=982eadc1fc97548c&ts=293&x=0"
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC345INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a
                                                                                                                                                                                                  Data Ascii: <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script type="text/j
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65 20 22 73 65 74 43 75 73 74 6f 6d 44
                                                                                                                                                                                                  Data Ascii: base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like "setCustomD
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end"> <a
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d 69 6e 66 6f 20 68 61 73 2d 6e 61 76
                                                                                                                                                                                                  Data Ascii: luetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-info has-nav
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72
                                                                                                                                                                                                  Data Ascii: re-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="background-image: ur
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: r up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 11:59:05 UTC1369INData Raw: 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 74 69 63 6b 65 74 73 5f 6c
                                                                                                                                                                                                  Data Ascii: info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" id="tickets_l


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  2192.168.2.549846167.99.228.324431120C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 11:59:40 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 11:59:40 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 11:59:40 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 11:59:40 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 11:59:40 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  3192.168.2.549855188.114.96.34431120C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1028INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 11:59:41 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=8699ueib0mvth46hhm6s8lq3ki; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lQt0lZkNcjmIlrNK4kUIGAgZMknUcPAH6Inp0qn38WyPrbElvXipiwuF3wxmRhjscD9c2h5Q%2BxKRgbEW1YnYTtW1ezodVoQEVXhvKjBjFanwC1i23%2FEx8e%2FMX75BbAY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8b1c689e422f-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2192&min_rtt=2184&rtt_var=835&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=708&delivery_rate=1298932&cwnd=137&unsent_bytes=0&cid=26e44afa34ae8231&ts=297&x=0"
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC341INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                  Data Ascii: <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script type="te
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65 20 22 73 65 74 43 75 73
                                                                                                                                                                                                  Data Ascii: sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like "setCus
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: n> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d 69 6e 66 6f 20 68 61 73
                                                                                                                                                                                                  Data Ascii: "//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-info has
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65
                                                                                                                                                                                                  Data Ascii: eature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="background-image
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e 0a 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: p;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 11:59:41 UTC1369INData Raw: 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 74 69 63 6b 65
                                                                                                                                                                                                  Data Ascii: is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" id="ticke


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  4192.168.2.549992167.99.228.324431524C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:06 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:06 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:00:06 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:00:06 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:06 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  5192.168.2.549993188.114.96.34431524C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1028INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:07 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=ak42g68th3smvef0m8s23pceo0; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gjkE8DPJEb%2Fafs8%2F7cQGqbOWLo%2BtKzrMfdcwOqKtvWtIRik4mCgB35TRrCzpcXhKnxF6TTvBpz1ZNPmVk9LoQKwjb9ZEe5uchORxlmoinLCNoEHjbTAXsJGEVlpBVuI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8bbcba1042c3-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1769&min_rtt=1756&rtt_var=685&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=708&delivery_rate=1568206&cwnd=203&unsent_bytes=0&cid=5dd67d5e89b7ad57&ts=314&x=0"
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC341INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                  Data Ascii: <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script type="te
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65 20 22 73 65 74 43 75 73
                                                                                                                                                                                                  Data Ascii: sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like "setCus
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: n> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d 69 6e 66 6f 20 68 61 73
                                                                                                                                                                                                  Data Ascii: "//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-info has
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65
                                                                                                                                                                                                  Data Ascii: eature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="background-image
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e 0a 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: p;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 12:00:07 UTC1369INData Raw: 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 74 69 63 6b 65
                                                                                                                                                                                                  Data Ascii: is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" id="ticke


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  6192.168.2.549996167.99.228.32443768C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:19 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:19 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:00:19 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:00:19 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:19 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  7192.168.2.549997188.114.96.3443768C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1032INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:20 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=keoecsnfsbsd31nt2a49na88mv; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VqVfE0i4YU7x6u8%2BQSBJpoxwT%2Bkocd8nISYpT25v%2BjOzj4FUecdVK7dV%2F1L3JmRlMgr6yxNV%2F39dkjUQKGJmuAY8sVSkdB6DPJgnsSsM24SqJ7VcnhlfaGfGRmmOwPI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8c0def847c84-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1975&min_rtt=1969&rtt_var=752&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=708&delivery_rate=1443400&cwnd=246&unsent_bytes=0&cid=94287300aea06f5b&ts=301&x=0"
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC337INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65
                                                                                                                                                                                                  Data Ascii: "> <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script type
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 76 61 72 20 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65 20 22 73 65
                                                                                                                                                                                                  Data Ascii: var sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like "se
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: /span> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d 69 6e 66 6f
                                                                                                                                                                                                  Data Ascii: ref="//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-info
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 73 3d 22 66 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69
                                                                                                                                                                                                  Data Ascii: s="feature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="background-i
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 26 6e 62 73 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e 0a 20 20 20
                                                                                                                                                                                                  Data Ascii: &nbsp;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 12:00:20 UTC1369INData Raw: 74 74 6f 6e 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 74
                                                                                                                                                                                                  Data Ascii: tton is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" id="t


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  8192.168.2.549999167.99.228.324435696C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:28 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:28 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:00:28 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:00:28 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:28 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  9192.168.2.550000188.114.96.34435696C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:28 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1028INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:29 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=l600hlhciihfsun1dhassbvcfo; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zuwlYSWYX7wkPw7ZFhifyI2nWchFpxGTDA03OfzQk0RQdqwMn0Iox%2F1hK600F0hQGri3kxapSUhHZMLTMO5okXkSUXnWX%2FR6Ug2IoChZG1fntNEeMvjU2SeoML%2FLbB8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8c450e8dc42a-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1597&rtt_var=613&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=708&delivery_rate=1766485&cwnd=200&unsent_bytes=0&cid=596652335cfe12de&ts=298&x=0"
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC341INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                  Data Ascii: <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script type="te
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65 20 22 73 65 74 43 75 73
                                                                                                                                                                                                  Data Ascii: sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like "setCus
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: n> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d 69 6e 66 6f 20 68 61 73
                                                                                                                                                                                                  Data Ascii: "//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-info has
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65
                                                                                                                                                                                                  Data Ascii: eature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="background-image
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e 0a 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: p;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 12:00:29 UTC1369INData Raw: 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 74 69 63 6b 65
                                                                                                                                                                                                  Data Ascii: is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" id="ticke


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  10192.168.2.550002167.99.228.324431436C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:34 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:34 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:00:34 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:00:34 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:34 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  11192.168.2.550003188.114.96.34431436C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1038INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:35 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=nkl0qbj24jh4iqduib67hou0un; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5cVRIOg5oatFwhF99%2FAwW1qFokm%2BkfbwtC1MHVmz9NoeV%2BqQ5GOCikoI3EEgjZpXBoPMH1xuvMaQcUprA%2ByQ%2BYauxnHRTQ6bRof%2F%2F1Tmjqwztz%2FjnTN99OEaHjnJ4FA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8c6b58a943e2-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2198&min_rtt=2101&rtt_var=857&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=708&delivery_rate=1389814&cwnd=216&unsent_bytes=0&cid=78eeeb97111826c7&ts=268&x=0"
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC331INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70
                                                                                                                                                                                                  Data Ascii: esheet"> <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <scrip
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69
                                                                                                                                                                                                  Data Ascii: var sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods li
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: span></span> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 65 6d 20 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69
                                                                                                                                                                                                  Data Ascii: em " href="//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero i
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 76 20 63 6c 61 73 73 3d 22 66 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72
                                                                                                                                                                                                  Data Ascii: v class="feature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="backgr
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 26 6e 62 73 70 3b 26 6e 62 73 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35
                                                                                                                                                                                                  Data Ascii: &nbsp;&nbsp;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5
                                                                                                                                                                                                  2025-01-06 12:00:35 UTC1369INData Raw: 73 73 3d 22 62 75 74 74 6f 6e 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22
                                                                                                                                                                                                  Data Ascii: ss="button is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox"


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  12192.168.2.550005167.99.228.324434404C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:40 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:40 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:00:40 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:00:40 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:40 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  13192.168.2.550006188.114.96.34434404C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1032INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:41 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=rboroca10n4c0v0m3aicbavtaq; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bRpr5IpmC9Dmwzt1bDCWgB8quOR80nM4LgsPnEPchaCt5J%2BEJGJfa%2BHC5JH7zeG%2BR%2BC0usQpG9sr4Xj3xtOI70d0dB2Vc3qiWTj1jxmr360OjlQcPw4Ywb8ECj%2FUKLE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8c93ace8c340-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1506&min_rtt=1463&rtt_var=635&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=708&delivery_rate=1614151&cwnd=146&unsent_bytes=0&cid=2f7d415385823941&ts=275&x=0"
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC337INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65
                                                                                                                                                                                                  Data Ascii: "> <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script type
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 76 61 72 20 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65 20 22 73 65
                                                                                                                                                                                                  Data Ascii: var sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like "se
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: /span> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d 69 6e 66 6f
                                                                                                                                                                                                  Data Ascii: ref="//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-info
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 73 3d 22 66 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69
                                                                                                                                                                                                  Data Ascii: s="feature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="background-i
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 26 6e 62 73 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e 0a 20 20 20
                                                                                                                                                                                                  Data Ascii: &nbsp;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 12:00:41 UTC1369INData Raw: 74 74 6f 6e 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 74
                                                                                                                                                                                                  Data Ascii: tton is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" id="t


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  14192.168.2.550008167.99.228.324433040C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:52 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:52 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:00:52 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:00:52 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:52 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  15192.168.2.550009188.114.96.34433040C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1036INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:53 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=8olsl6irohpm7t15itv65eol8b; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=455tko6kCc95B7GPrEH3qE8%2B%2FhVnB1DW8RrQTdC353eO13fa%2Ff8CG14ug%2BehNGqckIifclV%2F7hhCRF%2FfAjz8r2yvF1dnsBix5pUeTf%2FW5RSTYvVKh2BYXFLiYMhFdwA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8cdc0d0142e7-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1727&rtt_var=656&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=708&delivery_rate=1656267&cwnd=242&unsent_bytes=0&cid=d3370faab7f3eb9f&ts=273&x=0"
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC333INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20
                                                                                                                                                                                                  Data Ascii: heet"> <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 20 20 20 20 76 61 72 20 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65
                                                                                                                                                                                                  Data Ascii: var sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: an></span> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 20 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d
                                                                                                                                                                                                  Data Ascii: " href="//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 63 6c 61 73 73 3d 22 66 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75
                                                                                                                                                                                                  Data Ascii: class="feature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="backgrou
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 62 73 70 3b 26 6e 62 73 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e
                                                                                                                                                                                                  Data Ascii: bsp;&nbsp;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 12:00:53 UTC1369INData Raw: 3d 22 62 75 74 74 6f 6e 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69
                                                                                                                                                                                                  Data Ascii: ="button is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" i


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  16192.168.2.550011167.99.228.324436612C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:57 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:58 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  17192.168.2.550012188.114.96.34436612C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1030INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:00:58 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=pb1buvbucuv32lubdne3ljat0r; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HGi42ubno5MZWPKdk4mbcleWE5cg6vm0nElT1RTPw9l8ECfvSgl54y3BQ%2BG%2BlhLikfQ1BZccuITCc7ufVKHKEgxM6xllDFWiBm2lDZTFhD9LxhDqLjnjS78K%2B5%2BU35c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8cff7fac8cad-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1995&min_rtt=1988&rtt_var=759&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=708&delivery_rate=1427872&cwnd=246&unsent_bytes=0&cid=d88b224c6f4bce72&ts=275&x=0"
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC339INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22
                                                                                                                                                                                                  Data Ascii: <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script type="
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 72 20 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65 20 22 73 65 74 43
                                                                                                                                                                                                  Data Ascii: r sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like "setC
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: pan> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d 69 6e 66 6f 20 68
                                                                                                                                                                                                  Data Ascii: f="//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-info h
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 22 66 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61
                                                                                                                                                                                                  Data Ascii: "feature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="background-ima
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 62 73 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e 0a 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: bsp;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 12:00:58 UTC1369INData Raw: 6f 6e 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 74 69 63
                                                                                                                                                                                                  Data Ascii: on is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" id="tic


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  18192.168.2.550014167.99.228.324431364C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:01:03 UTC153OUTPOST /api/ HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: eganarbonne.bluetrait.io
                                                                                                                                                                                                  Content-Length: 70
                                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:01:03 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                  2025-01-06 12:01:03 UTC70OUTData Raw: 7b 22 61 70 69 5f 61 63 74 69 6f 6e 22 3a 22 6d 73 70 22 2c 22 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 74 61 73 6b 22 3a 22 63 72 65 61 74 65 22 2c 22 6e 61 6d 65 22 3a 22 39 33 32 39 32 33 22 7d
                                                                                                                                                                                                  Data Ascii: {"api_action":"msp","api_version":"1","task":"create","name":"932923"}
                                                                                                                                                                                                  2025-01-06 12:01:03 UTC202INHTTP/1.1 302 Found
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:01:03 GMT
                                                                                                                                                                                                  Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                  Location: https://bluetrait.io/
                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  19192.168.2.550015188.114.96.34431364C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC94OUTGET / HTTP/1.1
                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                  Host: bluetrait.io
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1036INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Mon, 06 Jan 2025 12:01:04 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Set-Cookie: bluetrait_sid=sbghmi3nanomi134530m77fjup; path=/; domain=bluetrait.io
                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rqw4bOW%2BsGQgz03x3C4OcWIL2VB%2FH%2B7pTJ6Hlar%2F3tjaqaIWNaWJhODQiimqw6g%2BgN7594CYXWcHCCXEvyECs%2BiFAj5BPWDGrkMJ3ROj8fGG165hJ6z%2B3YsLuzTCJlI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 8fdb8d22aea1427c-EWR
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1682&rtt_var=647&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=708&delivery_rate=1736028&cwnd=246&unsent_bytes=0&cid=7befd01d3d5680ab&ts=292&x=0"
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC333INData Raw: 35 63 33 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 63 6f 6d 70 6c 65 74 65 20 63 6c 6f 75 64 2d 62 61 73 65 64 20 4d 53 50 20 70 6c 61 74 66 6f 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 6d 65 20 2d 20 62 6c 75 65 74 72 61 69 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74
                                                                                                                                                                                                  Data Ascii: 5c38<html><head> <meta name="description" content="The complete cloud-based MSP platform"> <title>Home - bluetrait.io</title> <link type="text
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20
                                                                                                                                                                                                  Data Ascii: heet"> <link type="text/css" href="//bluetrait.io/resources/stylesheets/font-awesome.min.css" rel="stylesheet"> <script type="text/javascript" src="//bluetrait.io/resources/scripts/jquery.min.js?v=1"></script> <script
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 20 20 20 20 76 61 72 20 73 74 73 5f 62 61 73 65 5f 75 72 6c 20 3d 20 27 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 74 73 5f 73 61 61 73 5f 64 65 66 61 75 6c 74 5f 64 6f 6d 61 69 6e 20 3d 20 27 62 6c 75 65 74 72 61 69 74 2e 69 6f 27 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 4d 61 74 6f 6d 6f 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 70 61 71 20 3d 20 77 69 6e 64 6f 77 2e 5f 70 61 71 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 2f 2a 20 74 72 61 63 6b 65 72 20 6d 65 74 68 6f 64 73 20 6c 69 6b 65
                                                                                                                                                                                                  Data Ascii: var sts_base_url = '//bluetrait.io'; var sts_saas_default_domain = 'bluetrait.io'; </script> ... Matomo --> <script type="text/javascript"> var _paq = window._paq || []; /* tracker methods like
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 6d 65 6e 75 22 20 69 64 3d 22 6e 61 76 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 73 74 61 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: an></span> <span></span> </div> </div> <div class="navbar-menu" id="nav-menu"> <div class="navbar-start">
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 69 74 65 6d 20 20 22 20 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 63 72 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 52 4d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: <a class="navbar-item " href="//bluetrait.io/crm"> CRM </a>
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 65 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                  Data Ascii: </div> <div class="navbar-end">
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 20 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 61 63 63 6f 75 6e 74 2f 6c 6f 67 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 67 69 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 6e 61 76 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 20 68 6f 6d 65 20 68 65 72 6f 20 69 73 2d
                                                                                                                                                                                                  Data Ascii: " href="//bluetrait.io/account/login"> Login </a> </div> </div> </nav> <div class="wrapper home hero is-
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 63 6c 61 73 73 3d 22 66 65 61 74 75 72 65 2d 69 6d 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 6d 73 70 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69 64 3d 22 5f 6c 69 67 68 74 62 6f 78 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 69 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75
                                                                                                                                                                                                  Data Ascii: class="feature-image"> <a class="lightbox-trigger" href="#_lightbox"><img src="//bluetrait.io//resources/img/features/msp.png"></a><a href="#_" class="lightbox" id="_lightbox"> <div class="lightbox-image" style="backgrou
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 62 73 70 3b 26 6e 62 73 70 3b 66 6f 72 20 75 70 20 74 6f 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 20 41 67 65 6e 74 73 20 28 4d 61 6e 61 67 65 64 20 63 6f 6d 70 75 74 65 72 73 20 2f 20 73 65 72 76 65 72 73 29 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 20 69 73 2d 73 69 7a 65 2d 35 22 3e
                                                                                                                                                                                                  Data Ascii: bsp;&nbsp;for up to<br /> 100 Agents (Managed computers / servers)<br /> </span> </div> <div class="content is-size-5">
                                                                                                                                                                                                  2025-01-06 12:01:04 UTC1369INData Raw: 3d 22 62 75 74 74 6f 6e 20 69 73 2d 69 6e 66 6f 20 69 73 2d 69 6e 76 65 72 74 65 64 20 69 73 2d 22 3e 52 65 61 64 20 6d 6f 72 65 3c 2f 61 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 3c 61 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 2d 74 72 69 67 67 65 72 22 20 68 72 65 66 3d 22 23 74 69 63 6b 65 74 73 5f 6c 69 67 68 74 62 6f 78 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 62 6c 75 65 74 72 61 69 74 2e 69 6f 2f 72 65 73 6f 75 72 63 65 73 2f 69 6d 67 2f 66 65 61 74 75 72 65 73 2f 74 69 63 6b 65 74 73 2e 70 6e 67 22 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 5f 22 20 63 6c 61 73 73 3d 22 6c 69 67 68 74 62 6f 78 22 20 69
                                                                                                                                                                                                  Data Ascii: ="button is-info is-inverted is-">Read more</a> </div> <a class="lightbox-trigger" href="#tickets_lightbox"><img src="//bluetrait.io/resources/img/features/tickets.png"></a><a href="#_" class="lightbox" i


                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:06:58:58
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Agent381.msi"
                                                                                                                                                                                                  Imagebase:0x7ff6eaa30000
                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                  Start time:06:58:58
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                  Imagebase:0x7ff6eaa30000
                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                  Start time:06:58:59
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 322CE5DF7635FE178A41F44F6A441A46
                                                                                                                                                                                                  Imagebase:0x7d0000
                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                  Start time:06:58:59
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 90D15C1EC4D8609E3376A5CEB7FE08AC E Global\MSI0000
                                                                                                                                                                                                  Imagebase:0x7d0000
                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                  Start time:06:59:01
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x1c0707a0000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe, Author: Joe Security
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                  Start time:06:59:04
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                  Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                  Start time:06:59:04
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 468 -p 6616 -ip 6616
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                  Start time:06:59:04
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 6616 -s 2136
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                  Start time:06:59:05
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                  Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                  Start time:06:59:38
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x1265c380000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                  Start time:06:59:40
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 456 -p 1120 -ip 1120
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                  Start time:06:59:40
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 1120 -s 2124
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                  Start time:07:00:03
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x210bbfc0000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                  Start time:07:00:06
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 608 -p 1524 -ip 1524
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                  Start time:07:00:06
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 1524 -s 2116
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                  Start time:07:00:17
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x25128480000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                  Start time:07:00:19
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 568 -p 768 -ip 768
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                  Start time:07:00:19
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 768 -s 2128
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                  Start time:07:00:25
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x1f2771f0000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                  Start time:07:00:28
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 572 -p 5696 -ip 5696
                                                                                                                                                                                                  Imagebase:0x7ff757150000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                  Start time:07:00:28
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 5696 -s 2116
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                  Start time:07:00:32
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x1fa93c40000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                  Start time:07:00:34
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 568 -p 1436 -ip 1436
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                  Start time:07:00:34
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 1436 -s 2120
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                  Start time:07:00:38
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x25f36410000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                  Start time:07:00:40
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 508 -p 4404 -ip 4404
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                  Start time:07:00:40
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 4404 -s 2116
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                  Start time:07:00:50
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x22323a30000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                  Start time:07:00:52
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 512 -p 3040 -ip 3040
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                  Start time:07:00:52
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 3040 -s 1408
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                  Start time:07:00:55
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x1ef13160000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                  Start time:07:00:58
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 596 -p 6612 -ip 6612
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                  Start time:07:00:58
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 6612 -s 2116
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                  Start time:07:01:01
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Bluetrait Agent\Bluetrait MSP Agent.exe"
                                                                                                                                                                                                  Imagebase:0x14a9c160000
                                                                                                                                                                                                  File size:147'848 bytes
                                                                                                                                                                                                  MD5 hash:0BF209E4007D441249AE049C623F6544
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                  Start time:07:01:03
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 480 -p 1364 -ip 1364
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                  Start time:07:01:03
                                                                                                                                                                                                  Start date:06/01/2025
                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 1364 -s 2128
                                                                                                                                                                                                  Imagebase:0x7ff7c6770000
                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00007FF848A84AE8 Relevance: 2.1, Strings: 1, Instructions: 888COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: \
                                                                                                                                                                                                    • API String ID: 0-2967466578
                                                                                                                                                                                                    • Opcode ID: d64c97b28eb559340fad3aebf574dbac5885f335408aa74bc198c5954d32aa9a
                                                                                                                                                                                                    • Instruction ID: 172ef9306104e7a92d9d417cce0184c3b2223ae8d470dda15b074fa66b13f929
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d64c97b28eb559340fad3aebf574dbac5885f335408aa74bc198c5954d32aa9a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED523630A1EA458FE759EB28844667977D1EF89344F1448BEC48FC3293DF78A8428767
                                                                                                                                                                                                    Function 00007FF848A96820 Relevance: 1.1, Instructions: 1085COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b6488e39a7d2673055e067b4f15e854a82c0e0cd51aa97ca67e07f5d5a793259
                                                                                                                                                                                                    • Instruction ID: 1cf284e04056aeb02f5099778103242218ad9f1f81509bab818715eb73cd26dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6488e39a7d2673055e067b4f15e854a82c0e0cd51aa97ca67e07f5d5a793259
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1727D30A0EA494FD759FB2898566B577E1EF96350F0405BED04EC72D3DF68AC028366
                                                                                                                                                                                                    Function 00007FF848A876C0 Relevance: .7, Instructions: 728COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b85f4aa37bdec52ed1d304cc31f838981b7ead16a635ae890b465b6d89fbc26b
                                                                                                                                                                                                    • Instruction ID: 21478c7f13a4ca9ef1fc163c521b213e436876b6f208756164ef2241bc9797b2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b85f4aa37bdec52ed1d304cc31f838981b7ead16a635ae890b465b6d89fbc26b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B221730A0EA494FE759EB2CD4556B9BBE1FF95310F04427ED48AC3292DF64E842C792
                                                                                                                                                                                                    Function 00007FF848A92CF3 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 977f8971760936a2d0cdc79f6b1410a8edce20396296154974e7485945e723d1
                                                                                                                                                                                                    • Instruction ID: 1fe91fa388f895eef9046d0281a3538fa286f00f7c87a8c37f9aba42836e3979
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 977f8971760936a2d0cdc79f6b1410a8edce20396296154974e7485945e723d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53E1D53050DB858FD359EF38C0456A6BBE1FF65304F048AAED49A872A2DF74E445CB92
                                                                                                                                                                                                    Function 00007FF848A87580 Relevance: .4, Instructions: 373COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b9224f5739583e0af40e42ed01f0a9b1f582f6d4d8a4cb977fa762cd58cc85f1
                                                                                                                                                                                                    • Instruction ID: cfc52696efbf2954ec53321a56e7da2385e229330868b1920df8af873054b6e5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9224f5739583e0af40e42ed01f0a9b1f582f6d4d8a4cb977fa762cd58cc85f1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15C19430A1DA4D8FDB94EF2CD446AAA3BE1FF69380F04017AE449D3292DF64E841C752
                                                                                                                                                                                                    Function 00007FF848A884D3 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: ^$^
                                                                                                                                                                                                    • API String ID: 0-3830990845
                                                                                                                                                                                                    • Opcode ID: 2d90a9fb5cd26cd0e9fc97b237bbc0486dc2df2f2a6ed10fbafbe31b48e7133c
                                                                                                                                                                                                    • Instruction ID: c8f92b26763aa38a8eb8f7325ed9c43594c62687bd820ba6c6befa1dfbf7645a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d90a9fb5cd26cd0e9fc97b237bbc0486dc2df2f2a6ed10fbafbe31b48e7133c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6412522A0E99D4FDB45FF2CA8562F93BA0EF15391F04017BD088C7093DF689801C366
                                                                                                                                                                                                    Function 00007FF848A84AFD Relevance: 1.8, Strings: 1, Instructions: 582COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: nL_H
                                                                                                                                                                                                    • API String ID: 0-3323569073
                                                                                                                                                                                                    • Opcode ID: 428cb8865e47cc08bd5f53fa49b33049136c393c93886b5d6f581746b00ae236
                                                                                                                                                                                                    • Instruction ID: ab00bd41d2426aba2d44fd3110598660f5c0cbc02695ca420ec98dedb07bac2a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 428cb8865e47cc08bd5f53fa49b33049136c393c93886b5d6f581746b00ae236
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF16A71A0DF894FE754EB2CA8466B87BD0EF59354F0405BFD04AC3192DF68AC418396
                                                                                                                                                                                                    Function 00007FF848A99958 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                    • Opcode ID: 72570f0ad33945f2e57fe3b226549cf65cd966791b4a8299a679118908144220
                                                                                                                                                                                                    • Instruction ID: 047465056e780197bc6f08ee86978e74f55e00ed3700d0901cec50cb777d039a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72570f0ad33945f2e57fe3b226549cf65cd966791b4a8299a679118908144220
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87D13130A1DB554FD728EB1CD4825B9B3E0EF99398F14497ED08A83692DA35F843C786
                                                                                                                                                                                                    Function 00007FF848A8F3F2 Relevance: 1.7, Strings: 1, Instructions: 420COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: HM_H
                                                                                                                                                                                                    • API String ID: 0-1115830628
                                                                                                                                                                                                    • Opcode ID: ed142452c23f8dfb31338aaf01b0b5a0d0ad0f4ed76ed9ccfdf25bf6408da2e5
                                                                                                                                                                                                    • Instruction ID: 49e18b24191c99052deb3c2131b5a37924e30f299a9b21b7ce9986aebde9d17e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed142452c23f8dfb31338aaf01b0b5a0d0ad0f4ed76ed9ccfdf25bf6408da2e5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB510921D0EECB9FE754F628A81A375B7D0FFA5750F4802BAC44DC71D2DE68A8424366
                                                                                                                                                                                                    Function 00007FF848A8F3CF Relevance: 1.6, Strings: 1, Instructions: 397COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: HM_H
                                                                                                                                                                                                    • API String ID: 0-1115830628
                                                                                                                                                                                                    • Opcode ID: e60bbcd82cd196cc54c2e1ec8a1a21694a6b05b9d42bd71abb1e507cfa58efcf
                                                                                                                                                                                                    • Instruction ID: ed0b46724c82e8fa88c6b09443729e5f9e9f8f9073721c39e29ded0751da765d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e60bbcd82cd196cc54c2e1ec8a1a21694a6b05b9d42bd71abb1e507cfa58efcf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9151D131D0EECB9FE754F628A45A379B7D0FFA5790F0402BAC449C7196DE68E8428352
                                                                                                                                                                                                    Function 00007FF848A89398 Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                    • Opcode ID: fb0955687775d5e76b5f36547d0113a7c90908572b31402d44905eeb64756e3c
                                                                                                                                                                                                    • Instruction ID: cdb8627dc62b5dccb8e1852fd4f505408fee75148b58c94d53a21aeff9e2841a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb0955687775d5e76b5f36547d0113a7c90908572b31402d44905eeb64756e3c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7C1EF30A1DB068FE728EB18E482535B7E1FF98340F14457DD08A83696DB75F8478BA6
                                                                                                                                                                                                    Function 00007FF848A89D35 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: S3
                                                                                                                                                                                                    • API String ID: 0-3396860701
                                                                                                                                                                                                    • Opcode ID: 0c940eddd8b786386f17601c72832f988f540f288a1a303b54ba57bf829c2579
                                                                                                                                                                                                    • Instruction ID: 668f35b4b10e3660a4ef80159d469d08a18e2e4a07eec2059bbf989b64950cb1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c940eddd8b786386f17601c72832f988f540f288a1a303b54ba57bf829c2579
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A814531B0EA8A0FF799F62C78427B97BD0EF46394F5400BED449C3193EE5998468366
                                                                                                                                                                                                    Function 00007FF848A851C0 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: HM_H
                                                                                                                                                                                                    • API String ID: 0-1115830628
                                                                                                                                                                                                    • Opcode ID: c7310e09fd3dd77e17218f23761d67b7787816f1089ffded4221fe520dc21e44
                                                                                                                                                                                                    • Instruction ID: 698e23b6c6fcec005fa9ef3cc6a9e34effe9631b877053f9277c858e03420c07
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7310e09fd3dd77e17218f23761d67b7787816f1089ffded4221fe520dc21e44
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC91F131D0DE8B9FE754FA28A40A779B7D0FFA5780F4806B9C449C3096DF68E8428352
                                                                                                                                                                                                    Function 00007FF848A81108 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: -N_H
                                                                                                                                                                                                    • API String ID: 0-1279033356
                                                                                                                                                                                                    • Opcode ID: 1bee43624ff0ae67d1a6932fdd58eabf74e95f651aab3f5910bfe6fb428a3a5d
                                                                                                                                                                                                    • Instruction ID: 3e32aafbaf1c55094914863291b8c6b039e3c467643bf7edffda4cb443494f59
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bee43624ff0ae67d1a6932fdd58eabf74e95f651aab3f5910bfe6fb428a3a5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06A1C330A0AA8E8FDB85EF28D8597E9B7B1FF55340F1401B9C40DD7296DB749845CB50
                                                                                                                                                                                                    Function 00007FF848A8C726 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: KE
                                                                                                                                                                                                    • API String ID: 0-4044011341
                                                                                                                                                                                                    • Opcode ID: 5e45c79b3fe00eb31d5771c4120c044f7dfbe6983e7818bdc6ee3e0ac68054f4
                                                                                                                                                                                                    • Instruction ID: 4b5db558b624fc6bc4481ca4a77fd501bc71274c8a997e1a7a80f655a3c5ea5b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e45c79b3fe00eb31d5771c4120c044f7dfbe6983e7818bdc6ee3e0ac68054f4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95514331B1D9190FE7D4EB2CA41A7BA37D1EF98390F0401BBE44DC7292DF58984687A6
                                                                                                                                                                                                    Function 00007FF848A851CD Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: HM_H
                                                                                                                                                                                                    • API String ID: 0-1115830628
                                                                                                                                                                                                    • Opcode ID: ed0282f9d8150d88d3084c6e3b6410b1c2cedbed6e283fa0eca84e6b9a2bd075
                                                                                                                                                                                                    • Instruction ID: ab56566a763578ed3c1165d5438cb9960e2e382b5d67393344be0b2eb7625b8b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed0282f9d8150d88d3084c6e3b6410b1c2cedbed6e283fa0eca84e6b9a2bd075
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB610632D0DECA5FE750FA28A4567B9B7D0FFA5750F0402BAC44DC7192DE68A8464352
                                                                                                                                                                                                    Function 00007FF848A8BF95 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: S3
                                                                                                                                                                                                    • API String ID: 0-3396860701
                                                                                                                                                                                                    • Opcode ID: 6395cb13ee9bac805f3944685718a3c478851270c0221826eb129c1820d0750f
                                                                                                                                                                                                    • Instruction ID: 3022ea5d9a7adbe8d2fd33fc763af8ed7f997787614acb4fe4e8d4b231c72c3c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6395cb13ee9bac805f3944685718a3c478851270c0221826eb129c1820d0750f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD412C31E0EA8A4FEB95FA6CB4026B877E0EF553E0F1401BAD008C7197DE9998468765
                                                                                                                                                                                                    Function 00007FF848A8CAFD Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: XX_H
                                                                                                                                                                                                    • API String ID: 0-141954912
                                                                                                                                                                                                    • Opcode ID: 7530c49ba7d8e59dcf231006d9959ab1596e85f09016a54443a7cf08dbb60b3b
                                                                                                                                                                                                    • Instruction ID: 97017dddd4155aed86a1da2670bb117cd5af50df201c936993813fccb3ab1111
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7530c49ba7d8e59dcf231006d9959ab1596e85f09016a54443a7cf08dbb60b3b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C13103B0A0D9895FEBD1FB2CA4597683BE1EF59384F5900FAD44CC71A7EA288C418711
                                                                                                                                                                                                    Function 00007FF848A85AFF Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: M_^
                                                                                                                                                                                                    • API String ID: 0-3807191693
                                                                                                                                                                                                    • Opcode ID: 462da3e0e024c4c15d2715225e4bb2082c9c5ecb1adf4d38dd95247654ecc5b4
                                                                                                                                                                                                    • Instruction ID: 9087385ddca0726ad398dee15283564b50cab7d4f714e694c0822b4b497ceeb7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 462da3e0e024c4c15d2715225e4bb2082c9c5ecb1adf4d38dd95247654ecc5b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F312B62E0FAC61FE357AB7868561B47FE0EF6355070902F7C448CB197ED49480A8362
                                                                                                                                                                                                    Function 00007FF848A8C03D Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: S3
                                                                                                                                                                                                    • API String ID: 0-3396860701
                                                                                                                                                                                                    • Opcode ID: 6b3d79a0cac947704de84bfdb91d9f88d9390fffbc71dbaf88845acfa2b4fcd2
                                                                                                                                                                                                    • Instruction ID: b0e64cf1df43e27e121d2fbef0e97deecd7644e588375e978389820a1af15e2f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b3d79a0cac947704de84bfdb91d9f88d9390fffbc71dbaf88845acfa2b4fcd2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2215731A0EA894FE788E62CB805BB57BE0EF95391F1401BAD00CC3193DB6D9806C762
                                                                                                                                                                                                    Function 00007FF848A8A9DD Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: zX_H
                                                                                                                                                                                                    • API String ID: 0-38627541
                                                                                                                                                                                                    • Opcode ID: 2fcc80d9e06811c8f0aec8e846248020dd970280bf0614e7adbe82a4113877a6
                                                                                                                                                                                                    • Instruction ID: 67131df385250b6012401c191320a0766f3b02e014d5a86a08f6d9f79e74265a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fcc80d9e06811c8f0aec8e846248020dd970280bf0614e7adbe82a4113877a6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E014C71D199599FEBA9EB2898993A8B7E0FF88780F0001F5D01DD2192DE346AC18A11
                                                                                                                                                                                                    Function 00007FF848A95065 Relevance: .6, Instructions: 590COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cbecdc661315a1d0e8ff8160cccfe74bca0b786008e49a663314d589a6fde18f
                                                                                                                                                                                                    • Instruction ID: aa6c6a1fa30d84d2a8ea8c05b5a0d06299c62d75cce168903254a72e07eeb62a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbecdc661315a1d0e8ff8160cccfe74bca0b786008e49a663314d589a6fde18f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D12F82090EB864FE369E63454632B97FE1EF46354F1549BAC08AC71D3DFAC68428367
                                                                                                                                                                                                    Function 00007FF848A90DF6 Relevance: .5, Instructions: 515COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5d70c3b6cd9c9e81bb8a45b4763db73f14ecf73ccbeb20d7cdda9be2b1124ba0
                                                                                                                                                                                                    • Instruction ID: f9734b317e410c1afb042f3d4ff3728287ed128b8e4da7e7a1566a2cbeb85824
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d70c3b6cd9c9e81bb8a45b4763db73f14ecf73ccbeb20d7cdda9be2b1124ba0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F12861E0EACA5FE795FB3C985A6B83BD1EF5A384F0804FDD448C7197DE6858068312
                                                                                                                                                                                                    Function 00007FF848A883E0 Relevance: .5, Instructions: 470COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 463a3de8c5bc88993fa204fb08cc3a32897554009e5229b06461e3b9733e4c8b
                                                                                                                                                                                                    • Instruction ID: 165aeadbbd9b1206d970c56a8c47fad304c02495395b11816b9c20b61a0cca25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 463a3de8c5bc88993fa204fb08cc3a32897554009e5229b06461e3b9733e4c8b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABD15931A1D9494FEB98FA2C9847AB937D1FF54784F0001B9D81EC7297DE68EC428792
                                                                                                                                                                                                    Function 00007FF848A851D0 Relevance: .4, Instructions: 445COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 104b6e74516e1f7a78476a8dce950a34619c9b4d2e6cdb65effa35d6612a76d2
                                                                                                                                                                                                    • Instruction ID: 274bf85078d2c0c54f0bac8799c56561e4470ecf54924c7e7d4ff1c16288a913
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 104b6e74516e1f7a78476a8dce950a34619c9b4d2e6cdb65effa35d6612a76d2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3E1D530A1DB8A8FE798FB28944A67AB7D1FF94380F10457DD48DC3292DF74A8418756
                                                                                                                                                                                                    Function 00007FF848A89EFB Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c0ef38c75f2a7c646916d940eb560994663b7ba77b6d037aa77f919a1c98af05
                                                                                                                                                                                                    • Instruction ID: b3f28265ee48ab338bde14a5a2a58d8c3b97314d026f44f2a41b6bf32220f836
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0ef38c75f2a7c646916d940eb560994663b7ba77b6d037aa77f919a1c98af05
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2E15F71D19A598FEBA9EB28E8597EC77B1FF59340F0001BAD00DD3292DF3469818B25
                                                                                                                                                                                                    Function 00007FF848A8C300 Relevance: .4, Instructions: 419COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c967343cf558264c0e06e1e70447d92d8466ff932a1b7d081474cee898bb43c1
                                                                                                                                                                                                    • Instruction ID: 685b28e07d4f5c5964397db8be961667f3592ba69daee236792be239a12a014d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c967343cf558264c0e06e1e70447d92d8466ff932a1b7d081474cee898bb43c1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11B13422F1ED1A4FE7E9E52C741A27563C0EBA8691F2001BBC44DC32D5EE589C4B4776
                                                                                                                                                                                                    Function 00007FF848A85CA8 Relevance: .4, Instructions: 393COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 319e115a5e1a5230cd522ed7b99e482b996f6da7d78b5d5da9adf1536d09b92f
                                                                                                                                                                                                    • Instruction ID: a7f009311701fc54fbc95257d4d7d6bc139fcb638becc1287034ea95b683d14d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 319e115a5e1a5230cd522ed7b99e482b996f6da7d78b5d5da9adf1536d09b92f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DB1F520E0EA8A4FE795FB2C645D6787BD1FF59680F0804FAD40DCB293EE54AC458366
                                                                                                                                                                                                    Function 00007FF848A89715 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4505a9552177bf423233915e7f76d63e9866e1c88ac47135055c9c08bd0217a0
                                                                                                                                                                                                    • Instruction ID: fa8b3043d4eecd18544520f9a7b6ba2b2fb5062539b6d5836b1b224b5696260a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4505a9552177bf423233915e7f76d63e9866e1c88ac47135055c9c08bd0217a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAA1B031B0DD0A8FEBE4EA1CA495B7473D2FF58360B1805FAD40DC72A6DA69DC418761
                                                                                                                                                                                                    Function 00007FF848A8D16F Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f77bedf0b3d2aed1a57a7b80e4ce3375009366ef8f53e1868b53d50ce27d0850
                                                                                                                                                                                                    • Instruction ID: 139a7cd25296fd5cfc5367e886c84b7daa41e24bd74af9c397986a55f1fc29e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f77bedf0b3d2aed1a57a7b80e4ce3375009366ef8f53e1868b53d50ce27d0850
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48B1C431A1D9494FEB98FF289445BB437D1EF54780F0440B9D80ECB29BDE68EC4587A2
                                                                                                                                                                                                    Function 00007FF848A91692 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1947fdd7131ea4f4fec95327e48904f7010d69b46a6a8809176b3b28914a2b7b
                                                                                                                                                                                                    • Instruction ID: 014df56d50503f16ea938390dc0d1d47765b6df7e9e3704d317706851bfa1b9d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1947fdd7131ea4f4fec95327e48904f7010d69b46a6a8809176b3b28914a2b7b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49B12A62E0EDCA4FE355EA3C585E2B43BD1EF56698F0806FAC048C71D3EE5818068756
                                                                                                                                                                                                    Function 00007FF848A85E22 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 53b0503b1e7bd9dd4c72a7149270b70d3b35745758c0430fe78ca148623fd261
                                                                                                                                                                                                    • Instruction ID: c966ef86fdf07fd264d83f05194345cd0444037de114a96d0cf1250dee4fa697
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53b0503b1e7bd9dd4c72a7149270b70d3b35745758c0430fe78ca148623fd261
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C910663A0E59A1FE351FBBCB8571F977A0DF822B5B0843B7D48CCA043ED18554A83A5
                                                                                                                                                                                                    Function 00007FF848A93A50 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 19d7c594aa23edcd6686a20d9778f955e65da3b34d745c32968ed56419392a0b
                                                                                                                                                                                                    • Instruction ID: 77db07a4669ef37366e1df90dbf16d98bd794d421e4f781c4fbe985e5025a880
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19d7c594aa23edcd6686a20d9778f955e65da3b34d745c32968ed56419392a0b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D815A21F1DD4E4FE798FA3C585A37977C2EFA86A4F4005BAC00DC3296DE58AC828355
                                                                                                                                                                                                    Function 00007FF848A90B28 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a92001e3262e91073c9ecc27dc68140343e1f3f4c8c8ab30bc160313e5ef617a
                                                                                                                                                                                                    • Instruction ID: c75e8ebc3f93fb58f529fc9ae3788807df4c14b93de492658de39f02ff7b2829
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a92001e3262e91073c9ecc27dc68140343e1f3f4c8c8ab30bc160313e5ef617a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A911371E0DA8E4FDB89FF6C88456AD7BE0FF59344F0405B9D009C7296CF68A8068741
                                                                                                                                                                                                    Function 00007FF848A8C870 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7b1cb5572525271704724a228f07c0f2898b9ad9fcfdb6b5f9713321119b2d63
                                                                                                                                                                                                    • Instruction ID: 2c51f0ddc0ba6bfe7063626bcc6423a6630f956ac142d75617ed35ac160266f4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b1cb5572525271704724a228f07c0f2898b9ad9fcfdb6b5f9713321119b2d63
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2717B31B0ED194FE6D4FB2CA45A77877C2EF893A0F0501BAD40DC3296DE599C468356
                                                                                                                                                                                                    Function 00007FF848A876B5 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a435e9c986ddfdde0eccac9bddf6ed0a7a3899b2d0de862903968052f5b519c3
                                                                                                                                                                                                    • Instruction ID: 18ecb2587ef9f3e91659941566bfbf1e242fe4b759323c95a8c765d7eef871c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a435e9c986ddfdde0eccac9bddf6ed0a7a3899b2d0de862903968052f5b519c3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9671E731A1DA488FDB59EB5CE8965ADBBE1FF98701F14017ED44AD3251DF20E802CB92
                                                                                                                                                                                                    Function 00007FF848A8B2BA Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 185807ec7bb57c108ebb9f40ed6aa5ee0d8d9ea47e474dc47126baa775ef7e97
                                                                                                                                                                                                    • Instruction ID: a4d1c613110cc62597ad280c5f84797e333582ac722a4e81b0626995fa2afd98
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 185807ec7bb57c108ebb9f40ed6aa5ee0d8d9ea47e474dc47126baa775ef7e97
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40714C31D1EF864FE759EB2898566753BE0FF56780F1801BEC049C7193DA68E80787A2
                                                                                                                                                                                                    Function 00007FF848A84BF0 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d1633f55e911a79d74c64b075dec36fc993f558aae245fc1a0f042a048c51b5b
                                                                                                                                                                                                    • Instruction ID: 1d6e3bba41e377e27c501383f93054cc2373432e39448aa8144a31b79bb42605
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1633f55e911a79d74c64b075dec36fc993f558aae245fc1a0f042a048c51b5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18811520E0E74A8FF764FA2494522BB7791EF46384F14487AC08E871C3EFE968558367
                                                                                                                                                                                                    Function 00007FF848A876D8 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 316f94125a1ec4a6a19d2eb18d8f5f8b8cef9d069691d02a8746a015974bff26
                                                                                                                                                                                                    • Instruction ID: b91f9f4b6ec43adf0be26b8097ad136013dfb18dd7e159faa7fed9be05389fcf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 316f94125a1ec4a6a19d2eb18d8f5f8b8cef9d069691d02a8746a015974bff26
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF71C731A1DA588FDB59EB5CA8965BD7BE1FF58700F14017ED44AD3251DF20AC02C792
                                                                                                                                                                                                    Function 00007FF848A8D995 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 82c894e20abc089b587900e6d17b4741e6db47fda5ee7326d42d54e7a77f00da
                                                                                                                                                                                                    • Instruction ID: ba9d20c826d40f7020f20d24b91619d10bd4c94e0bdb2995ded08892ac2ce116
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82c894e20abc089b587900e6d17b4741e6db47fda5ee7326d42d54e7a77f00da
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78713331A1EE898FEB95EB3CD455A757BE1EF55340F0841BAC04AC7297DE28E801C761
                                                                                                                                                                                                    Function 00007FF848A87119 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0c1c46b748d86f4deab7c237a7b118b781681d57fa90b13fd694b561dc6c8f51
                                                                                                                                                                                                    • Instruction ID: 04d9ffbdf76b4959e0fe01edec91e95f87c92f25a80c90042234caa3dfcae7b0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c1c46b748d86f4deab7c237a7b118b781681d57fa90b13fd694b561dc6c8f51
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D51066295F7CA4FD3579B345C265A07FB0AF53580B5E41EBC088CB5E7EB48980A8322
                                                                                                                                                                                                    Function 00007FF848A84AD8 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e33035aaa1345a3156d774e0de3a14662b0fa0f2ddd58224acb6e52d61b44418
                                                                                                                                                                                                    • Instruction ID: 0ada9f6126244f5dcb4f4e8011ebd8804709217ede9047a6b925e2ecff1434b7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e33035aaa1345a3156d774e0de3a14662b0fa0f2ddd58224acb6e52d61b44418
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3861457060DF848FD718EB28C4966B5B7E1EF95344F1049BEC04AC7292DFA8E846C796
                                                                                                                                                                                                    Function 00007FF848A88388 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a42786227f63efe4ae9f42b76f6e76eb5b7afac471977c5cc8dfb92e6d56b0a8
                                                                                                                                                                                                    • Instruction ID: 5bb3d5aeed40ae65cce757238a720b360b2644a43ad61cb8a838d62b8bf29fd4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a42786227f63efe4ae9f42b76f6e76eb5b7afac471977c5cc8dfb92e6d56b0a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7612931F0ED894FE794EA3C945A7783BD2EF59794F0905BAD00CC7196DE685C028396
                                                                                                                                                                                                    Function 00007FF848A85868 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 236593a20613f97a8ebc81b127e0add559ac8315d1c46a44f8a6ad526a5e06fb
                                                                                                                                                                                                    • Instruction ID: c730e1dedbbc7424774279b4875c5e3b52b204c46507bd3840362a2e57b85d17
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 236593a20613f97a8ebc81b127e0add559ac8315d1c46a44f8a6ad526a5e06fb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5511861E1DD8A4FF65CF92C644B2B973D1FBA8780F140439D45EC3183EE64A84342A6
                                                                                                                                                                                                    Function 00007FF848A8CF71 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a3666eba4854f6d7d7c50a8f7ff37b335bc89892d471de394686fd92762a7173
                                                                                                                                                                                                    • Instruction ID: 3339ecd20e4a9f149626825764120cac4a49d9d5df72ef27b8a14e32a37a9890
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3666eba4854f6d7d7c50a8f7ff37b335bc89892d471de394686fd92762a7173
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B51E563E0E5994FE751FA2CB8961F537B0EF916A1B0800B7C489CB197DF48684B8376
                                                                                                                                                                                                    Function 00007FF848A926F9 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3eb9cb40c78681227205670334f13cde3301e13e68388a3c1e737d79d5563c14
                                                                                                                                                                                                    • Instruction ID: 85179b6371bb8fdde779d9cef0f69f16d83abda57bfdd61d833c037f3fd338e3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb9cb40c78681227205670334f13cde3301e13e68388a3c1e737d79d5563c14
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C512920B1DA994FDB99EB2C94156B93BD1EF58790F0001BBE44AC3297CE28EC4183D7
                                                                                                                                                                                                    Function 00007FF848A91FA1 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 60938b254edcc7b8efc93484a1062abcc388a621e57072714757955baca8497c
                                                                                                                                                                                                    • Instruction ID: 9b2e6055aa993efa0c9c90f9b06107bdc7f0e7b1f38ed5f8c8b5ce925a06f945
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60938b254edcc7b8efc93484a1062abcc388a621e57072714757955baca8497c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B051033060E9494FEB95FB2C8856A7537D2EF85388F1400B9D45EC7297DE68EC42C396
                                                                                                                                                                                                    Function 00007FF848A85398 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e4cef11994708454f823efadb110b2bf8a302e80be2640ca67041893ef303ebe
                                                                                                                                                                                                    • Instruction ID: 3810a1c24fa26f28a5f16fd4ac0a66ad5af60b53441de3f819116ff623dc3c8e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4cef11994708454f823efadb110b2bf8a302e80be2640ca67041893ef303ebe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B251E652E0F9D91FE316E73C78261F87B90FF535A1B4802F7C4888A09BEE55590982A6
                                                                                                                                                                                                    Function 00007FF848A8FDFE Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 002962da7b5c3380643056cc0b83c3dbea3c3b0d11222b7293a24063c23a307a
                                                                                                                                                                                                    • Instruction ID: d9fd2213483dde2acb2ff2621c1f36afed7935e9adc0f2194bc537df1adfa3fc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 002962da7b5c3380643056cc0b83c3dbea3c3b0d11222b7293a24063c23a307a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA51D330A1DE8A8FEB54FA2C9416279B7D2FF95740F1441BDD84CC3287EE68A8418757
                                                                                                                                                                                                    Function 00007FF848A8EE31 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9314a6c07b78646b4d99fe99ee56fb7c5b1166f2aee6c56b50597679fdc06d16
                                                                                                                                                                                                    • Instruction ID: 60a15c8fad2ce4c342ae632c73ec67fdcff608b0c160b9c229b97e2cf7f438ce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9314a6c07b78646b4d99fe99ee56fb7c5b1166f2aee6c56b50597679fdc06d16
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B412420A0EA894FE789E72CA81A7797BD1EF99750F0441BED04DC72D3DE9C9C428361
                                                                                                                                                                                                    Function 00007FF848A80E88 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1bd881ecfe864a5497147c8031569e480e8b3419694d00b1a3c02d097134bbbf
                                                                                                                                                                                                    • Instruction ID: 7ae6e562b762b80eab115679b149c428f494ad0331c630dcd7edff2de53ea1ff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bd881ecfe864a5497147c8031569e480e8b3419694d00b1a3c02d097134bbbf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4451B071D0EA8D8FEB95FB6C98596ADBBE0FF28340F0401BAD048D7156DB74A805C761
                                                                                                                                                                                                    Function 00007FF848A8B9E0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 53383ab1563bbf87c0baf2fb9ce8943ec2a1ea003a74e0cd571705be5a1e3b4b
                                                                                                                                                                                                    • Instruction ID: 5e6ad23320a909099280e11d787cb56167a1ac880754563aa2d620a0a8bebba1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53383ab1563bbf87c0baf2fb9ce8943ec2a1ea003a74e0cd571705be5a1e3b4b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19413831B0D9094FE794EB2CE8097B9B7C1EF98351F4442BAD44CC72A6DE6A9846C352
                                                                                                                                                                                                    Function 00007FF848A883D0 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 701b7079e8ad74ec2bbfb2649b0aa710c9b12e92f026400b39d5c7618b3e824e
                                                                                                                                                                                                    • Instruction ID: 346be69a4b3e3780a2dfde0258f2c4d8d52cbde5db697158ae4f4fba19ec53a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 701b7079e8ad74ec2bbfb2649b0aa710c9b12e92f026400b39d5c7618b3e824e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93312A22F0ED4A0FE3A9E22C545E2756BD0DF9A6A5F1406B7D04DC7292DD589C03836A
                                                                                                                                                                                                    Function 00007FF848A8D05A Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 027c0e3bf9194b6ed34ab5b1bca53bd2cfb0e2fe4261ab53d09834c4359ac11a
                                                                                                                                                                                                    • Instruction ID: 396cb1c15d96defec743aefcf0c0644d0e73c0c94c8b5d0cde904547688028f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 027c0e3bf9194b6ed34ab5b1bca53bd2cfb0e2fe4261ab53d09834c4359ac11a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0411662E0D9864FE755FA2C78A62F137B0EF55B90F0840B2C449CB29BDF486C068372
                                                                                                                                                                                                    Function 00007FF848A83259 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0854b54dc4c370d6144349501c12b4c82b1e9d967caf9890527833ea6f7b271b
                                                                                                                                                                                                    • Instruction ID: ca0d3f54b1232f8327e90fecac61370392cec052b24673764b2106afc4880836
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0854b54dc4c370d6144349501c12b4c82b1e9d967caf9890527833ea6f7b271b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD413A70A0891C8FDBA4EB5CD899AA8B7F1FF69341F1111A9900DE7262DA70AD81CF50
                                                                                                                                                                                                    Function 00007FF848A86CD8 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d14bc071f798b0a5bb10cc47ba6c2059146cbbd6b2959b0903a4d7b299d6f659
                                                                                                                                                                                                    • Instruction ID: 2625cd6eb00d90b5403f9f027b7adeae8d572cd8c8371cad38166d326cea0d0c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d14bc071f798b0a5bb10cc47ba6c2059146cbbd6b2959b0903a4d7b299d6f659
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8841D6A1D0E9CDAFF346F738A8167E97FA0EF56680F4805BAD44997183DE5C14058622
                                                                                                                                                                                                    Function 00007FF848A8CF20 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: abab4ee9f702951f4d6a4f6ee456d2532832a60438955ef33384668092497862
                                                                                                                                                                                                    • Instruction ID: 795bbd2cba68327da42753cec8ba6d045a484900c53b0b892a9c1c3430874684
                                                                                                                                                                                                    • Opcode Fuzzy Hash: abab4ee9f702951f4d6a4f6ee456d2532832a60438955ef33384668092497862
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00316B62A0E9894FE740FA2CB8971F93BA0EF42294B0841B7C48DCB197DE0858468376
                                                                                                                                                                                                    Function 00007FF848A84BFD Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 171bc55ef6f6b9b70428d43208af8810c3730abbe925b53f332754d592d2475a
                                                                                                                                                                                                    • Instruction ID: 5a811ae6e089d20ea357c2806acb4c630469cb34b688b0b66035c838349e23ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 171bc55ef6f6b9b70428d43208af8810c3730abbe925b53f332754d592d2475a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C31A030A1DA098FD758EA18C0866B573D1FF98348F51897DD05FC3291CFA5B882C7AA
                                                                                                                                                                                                    Function 00007FF848A89D70 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8c62e9ce58da49c3009105cff1a9bde3936583ea10066b334a736f329d18cd97
                                                                                                                                                                                                    • Instruction ID: c24d4ae6f23000df9f1730c0ebb770ae3d3b4fa16dfb0e4bdb559c271929968d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c62e9ce58da49c3009105cff1a9bde3936583ea10066b334a736f329d18cd97
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3821E222B1EC0E0FEAE8E51C746637A63C2EB987A1F50117AD40DC3299DE29EC065765
                                                                                                                                                                                                    Function 00007FF848A89428 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 50e4718a9f0c25d6677fc43bdfd6e703ba16c2d590220a8895ed0056ea197791
                                                                                                                                                                                                    • Instruction ID: f9b72665f890f2676672071cc512bf08751414a4c8cc3c1e6269f09b10856622
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50e4718a9f0c25d6677fc43bdfd6e703ba16c2d590220a8895ed0056ea197791
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7621493090ED0A4FE364EB28A84AA7277D4EF59390F040579D44CC3256DB68F84B8776
                                                                                                                                                                                                    Function 00007FF848A95930 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4086441efb1b1143c4c7e8c35d426c96640a827c4a923e8127b446538cc9b449
                                                                                                                                                                                                    • Instruction ID: b2f50dc0f08661f7bb3e8a12196374be9e48ba8ac0ccec933fc0dcd638ad7e85
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4086441efb1b1143c4c7e8c35d426c96640a827c4a923e8127b446538cc9b449
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1312530A2DE464FE758E638C486AA17BD1EF54354F14487CC48EC3295EF68F882C39A
                                                                                                                                                                                                    Function 00007FF848A883D8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 372b895f9fc1ca75fbeb78e0f0b97d9a8a09c3260ae85024384f11fdae0bfcae
                                                                                                                                                                                                    • Instruction ID: 631f62d4163e4ca7445741b5c9bcf9f8e75e290f501feae39443ee3a9e0c717d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 372b895f9fc1ca75fbeb78e0f0b97d9a8a09c3260ae85024384f11fdae0bfcae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54213621A0E98A0FF365E62C980D7756BC4EF562D8F1909F9D089C3197DA9C9C028356
                                                                                                                                                                                                    Function 00007FF848A8EB0D Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3a37ebfb9a672dbe5eabffcc7927400b065cee59d12cc635eefa43b69632e4ae
                                                                                                                                                                                                    • Instruction ID: cdc6eb069ea12169541e214468b23c31585c55d514c4893046e4e89b456b6d80
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a37ebfb9a672dbe5eabffcc7927400b065cee59d12cc635eefa43b69632e4ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A621D671C0E6CD9FE752EB345C2A1F97FA0EF56281F0440EBD859C7093DB6815188722
                                                                                                                                                                                                    Function 00007FF848A87600 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b9a9d9dba9d8b562845e92c1ad4a32027e2701465a154d1ed61d336ccbe6877e
                                                                                                                                                                                                    • Instruction ID: 469ed6f97dbd05017b0bacabb7a730f22bb2af0bf992a2d6c7ea35e580b69c78
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9a9d9dba9d8b562845e92c1ad4a32027e2701465a154d1ed61d336ccbe6877e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C21817191CB489FDB14EE08DC4A5E9B7E4FB99710F00012BE84AD3150EB61F94587C3
                                                                                                                                                                                                    Function 00007FF848A86E4A Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9005bbf7d7d89deac59c7b063f87d847bc1aa6d33cb3ca39dbf27beeaf6f743c
                                                                                                                                                                                                    • Instruction ID: 85ce1fa2b08a44bc36472615f955a70a032774a6427401f459fe292865efd228
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9005bbf7d7d89deac59c7b063f87d847bc1aa6d33cb3ca39dbf27beeaf6f743c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88312070E1996EAFEB84FB98E8567ECB3B2FF58740F540575D00997282DE6868018722
                                                                                                                                                                                                    Function 00007FF848A85F90 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d75e81aa75e29bbc4a10b56d778508817ef3bda2324eab3df1de000e43464061
                                                                                                                                                                                                    • Instruction ID: 18b83debde1ec6336a2ce755aa992cf654af5fa540c736659fb0531eb2a9e101
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d75e81aa75e29bbc4a10b56d778508817ef3bda2324eab3df1de000e43464061
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6321FB22A1EE8E0FE755FA2C78561F877A0EF91264B0843B7C449C7187ED5C984683A6
                                                                                                                                                                                                    Function 00007FF848A8D621 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 03e85a10b24a27fb3e42c4a09b768fe7785652ea6d0463bbb61c75495d3fe110
                                                                                                                                                                                                    • Instruction ID: 5c1f911c9a4bc127ea684929de0874e43d9141b82df40717ed0ff00f2d8249b5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03e85a10b24a27fb3e42c4a09b768fe7785652ea6d0463bbb61c75495d3fe110
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7921F83150EE894FD34AE738C054AE17BE1FF56244F1881EAD04DCB697DE25E406C761
                                                                                                                                                                                                    Function 00007FF848A8312D Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 677fd4290d57b1e064cdae555c0c08e7548da1f3bc8e3ce046e4371972fd8be5
                                                                                                                                                                                                    • Instruction ID: b80f812e0bc72011eccd7b0cf65b3d1aa3e2f43879cca7d567ecaa7f0a5bb2bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 677fd4290d57b1e064cdae555c0c08e7548da1f3bc8e3ce046e4371972fd8be5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED312670D0892D8FDB98EF68D4897A8B7B1FF19301F0011A9D00EE7291DB749881DF24
                                                                                                                                                                                                    Function 00007FF848A85F98 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d49b0612c6aa2582cc5cef7f3923770894f8bda810a288e2ca4e86d32b7a6c18
                                                                                                                                                                                                    • Instruction ID: 4dedf73c3965dd8bc46c8d181ab9ba508863ea6feef4d4ab6b314b5afac70982
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d49b0612c6aa2582cc5cef7f3923770894f8bda810a288e2ca4e86d32b7a6c18
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C421FC21A0EECA0FE755FB3C78561F877A0EF91254B0842B7C449C7187DD5C9C4683A6
                                                                                                                                                                                                    Function 00007FF848A88861 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6469f5253c4e18dfc41ce61722e9b23c44c3b4c5f09d3f38118d14f801fb4148
                                                                                                                                                                                                    • Instruction ID: 526f50a91a9f17f2bf98a434f80b69296fd7263491ef3873fae8e31e202f2861
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6469f5253c4e18dfc41ce61722e9b23c44c3b4c5f09d3f38118d14f801fb4148
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A411B122A0EBC54FD757A63C68661647FA0EF93680B5901E7C044CB1D3DE5D984BC363
                                                                                                                                                                                                    Function 00007FF848A8304D Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5ef5ff980413405978897a1060dbfd666fb13ea5812a2f531f7daa9166e47721
                                                                                                                                                                                                    • Instruction ID: 6337652f6f04092013260d0bde5e815c62a890a428b0d60097c458f48b7b9bd6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ef5ff980413405978897a1060dbfd666fb13ea5812a2f531f7daa9166e47721
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD318FB090998C9FDB95EB68C819BA8BBF1FF1A341F4441E9C00DE7262CB749C81CB10
                                                                                                                                                                                                    Function 00007FF848A882D7 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e49e6eef68caaad1afc1ca9107eb126c7bc55b97aff8caf35ea4209c20d2635a
                                                                                                                                                                                                    • Instruction ID: 35dc086d5f945c781f5b6faf16550296d701864c33385fcb2eedfd0d8340e573
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e49e6eef68caaad1afc1ca9107eb126c7bc55b97aff8caf35ea4209c20d2635a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50113821E0ED558FD668E72CA4167B837C1DFC52A0F8441B5D44DC7286DE5C5C4243A6
                                                                                                                                                                                                    Function 00007FF848A85FA0 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d7a55e26539532ccdd65329bb3e9b7a49970daf989d3b1aa0e6890ca6c79dab3
                                                                                                                                                                                                    • Instruction ID: 83a9fcfd461ffd8218421f90ad2ca6a2825498f9ef69dc0b0f7c887ea0c89c38
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7a55e26539532ccdd65329bb3e9b7a49970daf989d3b1aa0e6890ca6c79dab3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7210821A0EECA0FE795FB3868561B877A0EF91250B0842B7C448C7187EE5C9C4683A6
                                                                                                                                                                                                    Function 00007FF848A8E0F1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 21f9e28134295b59e42fe47445855cab24b6ed27e508ff862ea2fa9ec3c5a9da
                                                                                                                                                                                                    • Instruction ID: f6fd2197898eb8fae937d51065ea125a2dee80e8f9432baf317bef8f0f58d9cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21f9e28134295b59e42fe47445855cab24b6ed27e508ff862ea2fa9ec3c5a9da
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF112332F1EE8A8FE3D5E52D3C5B1742AC1EF69654B4900BBD448C72A6DF588C118366
                                                                                                                                                                                                    Function 00007FF848A86FC6 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3f545a8e932333b534094a0837264bdf50e5f77c57e2c97993de3a2bcc6ab991
                                                                                                                                                                                                    • Instruction ID: 3dbaefed1e5f24f560f3c904f3a1a1c46b55eecb83e131570932f1aeb8e221de
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f545a8e932333b534094a0837264bdf50e5f77c57e2c97993de3a2bcc6ab991
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B21F362D1EECA1FE395E63864596B42BE1EF65790B0800BAC009C7193DE9C9C0683A1
                                                                                                                                                                                                    Function 00007FF848A8E110 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 048073705c0a09bfac0f1e9e1e9b648bfa108107b8b12cd1c10c94147cc7c26a
                                                                                                                                                                                                    • Instruction ID: e3f77ffec9995366aa8365d8cfc509408bcce42cb19838d7e78fc62d11f20767
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 048073705c0a09bfac0f1e9e1e9b648bfa108107b8b12cd1c10c94147cc7c26a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E114832F1ED4E9FE3D4E42D3C5617426C1EFA9665F4401BBD40CC3295DE598C518366
                                                                                                                                                                                                    Function 00007FF848A8C19D Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8feaa1715890d608ea8cf3e5523e395e77af987dc1f4c64fb73bf7fa67da642c
                                                                                                                                                                                                    • Instruction ID: 3fb37699b9250998c30d071e315922561c0542e83025a9c3cb551c0b5157011e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8feaa1715890d608ea8cf3e5523e395e77af987dc1f4c64fb73bf7fa67da642c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B211036150E6C51FE392F278AC526B13FD4EF56294F0900FBD488C70A3D8485C468376
                                                                                                                                                                                                    Function 00007FF848A92C4D Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b19a1ccbe41e2256bd6b46a8ce0e76c4f1d7a6bba89219106f06471908e3afac
                                                                                                                                                                                                    • Instruction ID: 3ceffdcdb91dde8e75fd06cf972011dd5cb0d674c0bcb97773ec3f445871f5f5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b19a1ccbe41e2256bd6b46a8ce0e76c4f1d7a6bba89219106f06471908e3afac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D2175B092DB498FE328DF1C944A235BBD1FB98B49F504A3ED545832A0DFB4E841C647
                                                                                                                                                                                                    Function 00007FF848A8C639 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b4b5a7e81cf3e0f0e9030f36489a6aeb4946614e4aed1fcc3885dc30d2fe4e61
                                                                                                                                                                                                    • Instruction ID: 842910201b7b199f6591bb9fec107ee90678327984e8468b382c0ff3ef3b3867
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4b5a7e81cf3e0f0e9030f36489a6aeb4946614e4aed1fcc3885dc30d2fe4e61
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA114C31B0D80E0FE7D4E62C645A7B537C1EF99395F05117AD40CC32D2DE29A8464761
                                                                                                                                                                                                    Function 00007FF848A81364 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f74652cc31b3d4beee3c9136207c12ad6e2f3cba3964ab4e3efb27f215d0b55d
                                                                                                                                                                                                    • Instruction ID: 4a728e647c84e5ef90ffe11c1a147287e7fc1ef43bf6d6371a3ac81895e20fb8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f74652cc31b3d4beee3c9136207c12ad6e2f3cba3964ab4e3efb27f215d0b55d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F212431A0960E8FCB88EE14D485BE9B7B1FF99304F501578D00AA7281CB75E942CBA1
                                                                                                                                                                                                    Function 00007FF848A8EA79 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cd2a9233d603553a607ad394ea9c8b075f43b4cbf8426eb2424a369ff5d027ee
                                                                                                                                                                                                    • Instruction ID: 039273efbecba6ebf58fd3fd35065216bc2866ada73ba2027c2c7c70068e8883
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd2a9233d603553a607ad394ea9c8b075f43b4cbf8426eb2424a369ff5d027ee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5114822D0E98B4FC764E63CA8449A07BD1EF567A071902EAC418CB1E6CE185C9BC362
                                                                                                                                                                                                    Function 00007FF848A827C3 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c32b310881a4e208e6f812e5ad7f476414609758833a34f01361c610d299e3b5
                                                                                                                                                                                                    • Instruction ID: b2725c5753b58f13a1cd387537566843aba414be5d622a3d9bb26486f289c444
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c32b310881a4e208e6f812e5ad7f476414609758833a34f01361c610d299e3b5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22212930A0AA0D8FDB84EF28D495BA9B7B1FF59300F5041A9D40DD7296CF35A842CB11
                                                                                                                                                                                                    Function 00007FF848A85828 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fac87d7ce6d6062a56d2f2dbf57d92b1dacbad96dc0ef24f8e5980d675396809
                                                                                                                                                                                                    • Instruction ID: 32a1042cc29818675d88a21f4fd2a50cb13ad9fb02f221e7d10b51c76e1485f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fac87d7ce6d6062a56d2f2dbf57d92b1dacbad96dc0ef24f8e5980d675396809
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A01A230A0E80D0FE6D4EA6CA44676637D0FF98790F84027AE94DC3256DE69A80187A6
                                                                                                                                                                                                    Function 00007FF848A85FE0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c185af7d7118615f8d270415eb09900b6dca5a4fcd6431f0cc666c176fb2ac60
                                                                                                                                                                                                    • Instruction ID: bcc91f53a0085383f12955fe86631b69856c51cbd5f095b82466f26e3286b8d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c185af7d7118615f8d270415eb09900b6dca5a4fcd6431f0cc666c176fb2ac60
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8201D621A29D4B0FEAD8FB2CA0456BA63E1FFE4340B54553AD44DC3249DE68EC425395
                                                                                                                                                                                                    Function 00007FF848A842D5 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4c7af103686c62aa7f91e409e33a2f2e8161fbe54c595494f9e2eec2352f0f67
                                                                                                                                                                                                    • Instruction ID: 7e1563c82870195e99dce2ea82e5fb41ada316adcfb10698aade4c01c37beb52
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c7af103686c62aa7f91e409e33a2f2e8161fbe54c595494f9e2eec2352f0f67
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B701D63061E9440FE784EB1CA4997B4B7D1EF98359F5401BAD408C72A6DF196C808355
                                                                                                                                                                                                    Function 00007FF848A8B9C9 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0b2712389076540ab4467e29b03c23222bda6ecbaeb219b64a2e32b2c3fe0205
                                                                                                                                                                                                    • Instruction ID: 0ec79b45adc0c99233a3bc1c48e567bd54b2a870a8c510dae99b9f9feb5519b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b2712389076540ab4467e29b03c23222bda6ecbaeb219b64a2e32b2c3fe0205
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C01DB3250EBC94FD347D638A8113A57FD0EF47215F4901EBD484CB2A3DA5A4816C362
                                                                                                                                                                                                    Function 00007FF848A87130 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b177be70b25e3480408a730bd62d9996cbbe9dae7d32055ec4732ddeb23d281a
                                                                                                                                                                                                    • Instruction ID: 2eaae792747ba1785deca3b705c14ba84b32f258cb25ae44cd7f6b173a8fb9dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b177be70b25e3480408a730bd62d9996cbbe9dae7d32055ec4732ddeb23d281a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AF0D130A29D4F4F9AA8EB2CA441A76B3D1FF94340B44467AC40DC3658EF64E8424381
                                                                                                                                                                                                    Function 00007FF848A8D5AD Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2220f37302cbaae33d12f4c937a15af210f1c83c9f5293ec162d4ac4a1b4c699
                                                                                                                                                                                                    • Instruction ID: 54469cec9d89ec44dceb910a9d25864d106ca27c2b565da13393f5088c1456ef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2220f37302cbaae33d12f4c937a15af210f1c83c9f5293ec162d4ac4a1b4c699
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9F0783190EA894FE76AF73C70562B567E0EF86350F4400BBC089C328ADF582842C3A6
                                                                                                                                                                                                    Function 00007FF848A8392A Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a210c382d01ec52994dde03f9a64a10410d1bc33bf42326feb6c7ff3602fefcb
                                                                                                                                                                                                    • Instruction ID: 6a9ecce74c8204afe11df686805de7d74f5d2269eca6567b9c745e5a1347b021
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a210c382d01ec52994dde03f9a64a10410d1bc33bf42326feb6c7ff3602fefcb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F201D8B0509B5D8FD7A5EF28C859B9ABBA5FF4A304F5001EEC05DC72A2CB354541CB01
                                                                                                                                                                                                    Function 00007FF848A93142 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 10e774aa5ffa7cbbc956d4d024604e23dd994f4b9794770758e17d6bccda6d11
                                                                                                                                                                                                    • Instruction ID: cf737c01dee883c6f4c86cf848bbce4b4d02c46b5e851de4c211ed4c8a6c69c9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10e774aa5ffa7cbbc956d4d024604e23dd994f4b9794770758e17d6bccda6d11
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3F02D15D5EA170FE969E11C205717521E2DFD46C4F341979C04FC72F6FE9CA40611A7
                                                                                                                                                                                                    Function 00007FF848A82518 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f37e023d507c8f81bd2af27eca6b05c109ba55a49ef8b8e92b25ad46b08f7504
                                                                                                                                                                                                    • Instruction ID: 4d6180153a21ae85a3952edbac20ff5b4594a6a8727760bf4bf3995938494ae4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f37e023d507c8f81bd2af27eca6b05c109ba55a49ef8b8e92b25ad46b08f7504
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBF09630A1E8090FE7D4E61CA4997B5B3D1EF98395F540079D40DC72A5DF566C418365
                                                                                                                                                                                                    Function 00007FF848A85005 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 214552b7809238831a67cd32f827159a24d66e7d99eda288be4f490e9070d33b
                                                                                                                                                                                                    • Instruction ID: cd358d97b2bc5406944f05239044d9c40ba5b44a31153c9df691739eecff3aab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 214552b7809238831a67cd32f827159a24d66e7d99eda288be4f490e9070d33b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9F08202E4FEDA0FD296A22C38661B81B91EB955A0B4902F7C848C7297DD4C4D4343F6
                                                                                                                                                                                                    Function 00007FF848A86149 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ead718c100fadfe78890ac67ae3177e6a51b71da358d5f67f7802907f0a42512
                                                                                                                                                                                                    • Instruction ID: 5b99616e26251de0a19491f8cff2389bc6546a5ce6c2c754411052191e23fcd6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ead718c100fadfe78890ac67ae3177e6a51b71da358d5f67f7802907f0a42512
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8016970C2DBCE4FDB46EF6888682A97FB0FF59200F0504ABD858C72A3DAB459148751
                                                                                                                                                                                                    Function 00007FF848A89170 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: efb916b9fe032dd1109cbb2f953e3895a4c348153161797ea6a2955bb180011f
                                                                                                                                                                                                    • Instruction ID: 62e72cfe8e0fd321179d495c0edceeca56aefc8250bc61c67c39aaf127816a8d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: efb916b9fe032dd1109cbb2f953e3895a4c348153161797ea6a2955bb180011f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADF0E03151E98D1FE755E12CA4067B677C5DB85355F5401FED448D73A0CE5B58028391
                                                                                                                                                                                                    Function 00007FF848A8BB22 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c712fe3818c2f32e2151f8a9c633ac5bc188aa244d836161b064db03ce1a6a26
                                                                                                                                                                                                    • Instruction ID: f769043f20c2f9cd9acebe79ff62b7068481dae0e3ef40e40147b475ff843487
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c712fe3818c2f32e2151f8a9c633ac5bc188aa244d836161b064db03ce1a6a26
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05F0CD3140EA8A0FD316E73CA4595A07BE0EF45350F0D01F7D448C7297DB58A855C776
                                                                                                                                                                                                    Function 00007FF848A84D9E Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 07eb34d9fb06bec70b37016a54389b67696b4871338524767b8f43a568287ac1
                                                                                                                                                                                                    • Instruction ID: d2038d4f6f2c4bbc09f02d45a792ca7f8a682f87dbf035b9410b1cb0e710120f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07eb34d9fb06bec70b37016a54389b67696b4871338524767b8f43a568287ac1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDF0F831B0D92C8FDF94EA8CF485AECB7E1EB58361F0402A6E40DE3255DA2198018795
                                                                                                                                                                                                    Function 00007FF848A82FE3 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 457fb95362a26c35426241578970c0f1518efe1b9a44fe04832ca172f3ab5880
                                                                                                                                                                                                    • Instruction ID: 7654af11e54dab820b1855eefa6846121138035c89020f89a5280e9418141fa3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 457fb95362a26c35426241578970c0f1518efe1b9a44fe04832ca172f3ab5880
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22F01970D0AA9A9FE795EB28DC59BA4B7A1FB55A40F0002EAD00CD7296CB741D41CB10
                                                                                                                                                                                                    Function 00007FF848A8C6DB Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fca1d6cb5d17eb91e4b956957d096f6bd9c79613356fb3666bea319c1d7e93fe
                                                                                                                                                                                                    • Instruction ID: 8a393da0d2b3a891eb31e83eeb78f55f3368042da6fc26a7492d5e8b70809fce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fca1d6cb5d17eb91e4b956957d096f6bd9c79613356fb3666bea319c1d7e93fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BE03052F1EC0E4EA5E4E51C345527953D2EBD8BE1B2585B7C04CC3299EE24980A47A1
                                                                                                                                                                                                    Function 00007FF848A84E21 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 10ffc0e65846c1f131404c5913e6b6f803fd5243efeb7e1ea9e9097bc1bc10e4
                                                                                                                                                                                                    • Instruction ID: f873daa748225621384a4d53a0882d10cb6a2dc8664fbc13e12ebce9dc43fc6f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10ffc0e65846c1f131404c5913e6b6f803fd5243efeb7e1ea9e9097bc1bc10e4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47E0D87291DE4C5F9644AA597C068E6BB94FA45268F00015AE44DC3191D6155412C365
                                                                                                                                                                                                    Function 00007FF848A89AB5 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: be1a3851344bd4eb934d9bd4af184b3dc163f728f0b91b2a5230a5563377e7a6
                                                                                                                                                                                                    • Instruction ID: b9aad5ad78416f7f26860cc2feaac1463fa1e7490edb30f64038ebed3c8845ad
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be1a3851344bd4eb934d9bd4af184b3dc163f728f0b91b2a5230a5563377e7a6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FE02BA280E3C10FD352E625484B1957F90BF55240F4C41FAC048CB092E75C854A8363
                                                                                                                                                                                                    Function 00007FF848A95189 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ea94edfb29e0532bf4c4b2fe817117e93606e3341880efe0089d556f87bbe9fe
                                                                                                                                                                                                    • Instruction ID: 67a894885d4a6b8922322536a6799ac1722bfb01dc3c8af25f05321a645b536d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea94edfb29e0532bf4c4b2fe817117e93606e3341880efe0089d556f87bbe9fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58E0D831B0D4054FE718F644E4926F43352DB95350F10463AC809C72D4DFA8A4418385
                                                                                                                                                                                                    Function 00007FF848A808D9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: df3a9b7ef81dd54c91b45a66b47171226af45288351afb726a264b0a86a79416
                                                                                                                                                                                                    • Instruction ID: 96d5a391f2c67e24e3dfe918f1c38c05d7dd07c949fc057da909bea667400731
                                                                                                                                                                                                    • Opcode Fuzzy Hash: df3a9b7ef81dd54c91b45a66b47171226af45288351afb726a264b0a86a79416
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1E0AE31E2991E9EDF84EFA8D846AFDB7B1FF89201F404065D009E3291CB3469008B60
                                                                                                                                                                                                    Function 00007FF848A8D3FA Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b1508b08c46610298b78327538698f861286b4ad15d29f4c1b577892fed04059
                                                                                                                                                                                                    • Instruction ID: 9ed479e98a49a2aadf5a3c9ef2029d4bc759f9cff5c433070d7b7a2b9b579ee7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1508b08c46610298b78327538698f861286b4ad15d29f4c1b577892fed04059
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29E01A20A0E9491FEBC5F77854167795682EF99680F9440B9C80EC729ACE6C680257A6
                                                                                                                                                                                                    Function 00007FF848A85238 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6cacb521569ff974153db3eaa7163d7de9560bacb5aaee792d00e6219f983cf5
                                                                                                                                                                                                    • Instruction ID: dbbd61801d466c664a6909f88285a9fb6bac69fb279cd1ea6fecc05eb3d4cef8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cacb521569ff974153db3eaa7163d7de9560bacb5aaee792d00e6219f983cf5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDE0C22081EA460BE705FA324C8A07AB1D1FB88241F884A36D88DC0150FFACC3C5C267
                                                                                                                                                                                                    Function 00007FF848A94EBD Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9b3670588b2421da1c8a934468e96144ad3ab62adbd98b3ea5e50c32128bbd5e
                                                                                                                                                                                                    • Instruction ID: d809b260e699f55ae24959c9bf1b9b2a93c93d1b32927805f6af3491a95de1de
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b3670588b2421da1c8a934468e96144ad3ab62adbd98b3ea5e50c32128bbd5e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9D05E20B1EC254FEAA0FA1CB446BBC23C0EF44795F4008B6E04DCB292DA4D989143A6
                                                                                                                                                                                                    Function 00007FF848A88830 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 01bb9e847330560a4a73d612df51bcb3c7dde53123eb813ea34c772bb8f3aba1
                                                                                                                                                                                                    • Instruction ID: b1944f6020fd63e6624b9cc9bde943489fc70616c05f2db6ab60ea53f3d2bd7b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01bb9e847330560a4a73d612df51bcb3c7dde53123eb813ea34c772bb8f3aba1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91D05E25E1EE4A4ADA8DEA2958625603692FFA8388BA5009CC008C6182EE69D842C316
                                                                                                                                                                                                    Function 00007FF848A8EC30 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 62e74ff68a4f2cbaac23760732cc7219e0bdaa3248ee2627fe4a6a69b938b385
                                                                                                                                                                                                    • Instruction ID: d406887c8b571be01114a3ef67127c63d9f80e2a04e0e1424a7d27781674c3e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62e74ff68a4f2cbaac23760732cc7219e0bdaa3248ee2627fe4a6a69b938b385
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FE0469190FAC85FEB42F63C89063983F905F47288F8880EA84888F0E3EA1D040D9313
                                                                                                                                                                                                    Function 00007FF848A975A0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ebb37a5d2398b6a88bdc6f4a48439aa3473429e7d016e790c2254828d2ffa182
                                                                                                                                                                                                    • Instruction ID: 5c03006661a07e7e23632f2e6b07535d47841bbe814d07462ea241504595be2b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebb37a5d2398b6a88bdc6f4a48439aa3473429e7d016e790c2254828d2ffa182
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83D0C930A188284FDAB8EB5CA449AA477D1FF0821470501D6A458D72A5D6559C8187D2
                                                                                                                                                                                                    Function 00007FF848A839B1 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e0eaad08b37836c8b318e05230944e63d63213d6b097ca6676aa49bc396dcff9
                                                                                                                                                                                                    • Instruction ID: 6f3ebb5649c2331b94ab5284a5d9e5d460fea153d876285c897697c658d9d4da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0eaad08b37836c8b318e05230944e63d63213d6b097ca6676aa49bc396dcff9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03C08C32EC041C8AC700A948E8411F8F3A4D781231F001A72C11CE20E0E99599A18688

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 00007FF848A805FA Relevance: 7.7, Strings: 6, Instructions: 189COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: N_^F$N_^J$N_^L$N_^Z$N_^\$N_^^
                                                                                                                                                                                                    • API String ID: 0-1953114876
                                                                                                                                                                                                    • Opcode ID: 807fe34ab3f1e3d4641601bed13d858caecb768594a528907c1fe6afa8d672bc
                                                                                                                                                                                                    • Instruction ID: 3eee4262612effd8adb6ddc3a6fceda6b7245c1939e330f0b941aa72578cf021
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 807fe34ab3f1e3d4641601bed13d858caecb768594a528907c1fe6afa8d672bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F5183A390E1E229D312BBFC78671FD2F65DF422B971855B7D5CC89083EC1822859396
                                                                                                                                                                                                    Function 00007FF848A889FA Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: M_^$M_^#$M_^$$M_^&$M_^L
                                                                                                                                                                                                    • API String ID: 0-1497503606
                                                                                                                                                                                                    • Opcode ID: cf3dfab723436660f4c8f5d4f8d73b057dce6bfd42d025da1b0aef54042a5400
                                                                                                                                                                                                    • Instruction ID: 4b97862e1404b378285d392f9625b3298371bfc44dd337d389c3f5f372f5ffea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf3dfab723436660f4c8f5d4f8d73b057dce6bfd42d025da1b0aef54042a5400
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C31E7B2A0E156CED607EA5964420B8F7A0BF51394F9547F3C45CDA0D2BE38A84192AA
                                                                                                                                                                                                    Function 00007FF848A88910 Relevance: 6.3, Strings: 5, Instructions: 79COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: M_^!$M_^#$M_^%$M_^)$M_^8
                                                                                                                                                                                                    • API String ID: 0-1819662559
                                                                                                                                                                                                    • Opcode ID: 37c320d412ff87cde78720ceaa044fa67ee865674825d5ddd935831be48ca32d
                                                                                                                                                                                                    • Instruction ID: 4a838abd6cafc3f9d9aa8e73d5b5b8661927d650e1ede1083df2f709478f760e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37c320d412ff87cde78720ceaa044fa67ee865674825d5ddd935831be48ca32d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E212BB76091519AD702BEBCA8D24EC33A4EF5426478A43B3D9DCCF583FC24628B8594
                                                                                                                                                                                                    Function 00007FF848A88AD3 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000005.00000002.2252220844.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff848a80000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: M_^#$M_^$$M_^&$M_^2
                                                                                                                                                                                                    • API String ID: 0-1609772558
                                                                                                                                                                                                    • Opcode ID: 9b0aced264bd54bdc7ded28db08c478debc99f5f6550e544cc4e306c926c286f
                                                                                                                                                                                                    • Instruction ID: db68b8d5e5345d8376d62f578109323f7dae6d665e1c4818a1f58c8e8c3000dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b0aced264bd54bdc7ded28db08c478debc99f5f6550e544cc4e306c926c286f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F501BC62A0E5AA8A8201BE7D75565FCF710EF82275B044BF7D19C8A0D3FE24624196D8

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00007FF848AA2C94 Relevance: 3.1, Strings: 2, Instructions: 602COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: $H
                                                                                                                                                                                                    • API String ID: 0-1323546614
                                                                                                                                                                                                    • Opcode ID: fa2619ed0fe812e1c4091087668632caadb537a3bd37a267d2232fb757a3e171
                                                                                                                                                                                                    • Instruction ID: 72acfcf516f81d5d58f60fe4766d0a09e5a1316684f0b42fa7337d128aad2d59
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa2619ed0fe812e1c4091087668632caadb537a3bd37a267d2232fb757a3e171
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1220530A1DB868FE359DF2C80456A2BBD1FFA5340F04867ED48A87692DFB4E445CB52
                                                                                                                                                                                                    Function 00007FF848A94750 Relevance: 2.5, Strings: 1, Instructions: 1272COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: \
                                                                                                                                                                                                    • API String ID: 0-2967466578
                                                                                                                                                                                                    • Opcode ID: b086669bccdf9f0bb9c111a3ce7e2ba7839d6129fa3480acb51aaae42846c553
                                                                                                                                                                                                    • Instruction ID: 6eef710452f34bd0688c3c3f55f5cf62d03e812d0b414638b9f70734fb8b0026
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b086669bccdf9f0bb9c111a3ce7e2ba7839d6129fa3480acb51aaae42846c553
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C825730A1EB454FE759EB28844667577E1EF89380F0445BEC08FC7293DF68B8468766
                                                                                                                                                                                                    Function 00007FF848AA9CB8 Relevance: .8, Instructions: 844COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f4ac425c1530faa216e0f41491ac8882cb0c572bc40af35da8bfc2b52b70769c
                                                                                                                                                                                                    • Instruction ID: 032d08fc0def8cf5f513fbeb80c58881114fe5aed89e31cd1119ca8e4a8fb8f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4ac425c1530faa216e0f41491ac8882cb0c572bc40af35da8bfc2b52b70769c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B152C130A0DA499FDB98EF18C856AA937E1FF59384F0401B9E44DC7292DB78EC41CB56
                                                                                                                                                                                                    Function 00007FF848AA4E90 Relevance: .7, Instructions: 687COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 24ff25463b657206f0fe1bc61c7cb81eac141fb02b294e322b20af773d531f15
                                                                                                                                                                                                    • Instruction ID: a33fb6fef4504efc77fec09bb5c01e0118f2c24c239c8493b8a384312ec1f530
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24ff25463b657206f0fe1bc61c7cb81eac141fb02b294e322b20af773d531f15
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D224820A0EB864FE765E77484522B97BE1FF46380F1545BAC08BC75D3DF6C6842836A
                                                                                                                                                                                                    Function 00007FF848A94C78 Relevance: 2.9, Strings: 2, Instructions: 368COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 2%#$GL_H
                                                                                                                                                                                                    • API String ID: 0-2517650865
                                                                                                                                                                                                    • Opcode ID: b934aff2a3093437d57433021d798614ae9ea60523eb540d4b44012b7b04134f
                                                                                                                                                                                                    • Instruction ID: ec39153b8bdcc52e917f09a08c83dc11a743a2aa3b20bbd2648b69ce72123121
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b934aff2a3093437d57433021d798614ae9ea60523eb540d4b44012b7b04134f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BD1253190DF829FE252EA28E4472F677E0FF55394F04097AD849D30B6DB38A856C782
                                                                                                                                                                                                    Function 00007FF848AA9148 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: T$V
                                                                                                                                                                                                    • API String ID: 0-3876866585
                                                                                                                                                                                                    • Opcode ID: ecfb8ae7ed56cc2f0040cbc342d5d9707571b8034a7bed529a21bf08a2adacb3
                                                                                                                                                                                                    • Instruction ID: 8de22bcb5ac73a49128cc5502e5f7407f09ae6f4b76c266d19d16a71344914f6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecfb8ae7ed56cc2f0040cbc342d5d9707571b8034a7bed529a21bf08a2adacb3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4815761E0E7C64FD356D67C68062757FE0FF42690F0941FFC048CB69BDA68984A8366
                                                                                                                                                                                                    Function 00007FF848A9CF67 Relevance: 1.8, Strings: 1, Instructions: 583COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: RL_H
                                                                                                                                                                                                    • API String ID: 0-2095375528
                                                                                                                                                                                                    • Opcode ID: fd7d60c684800c6b62bd5881a6ef493f7bca0930f67050fc5289bc8c3d476229
                                                                                                                                                                                                    • Instruction ID: 5c6d441eac562b1facff269b209104bf98904dc44026221991ff504a60b60d79
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd7d60c684800c6b62bd5881a6ef493f7bca0930f67050fc5289bc8c3d476229
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30024871A0DA494FEB94FF2C94866F537D0EF65784F0404BAC40DCB297DE28AC868796
                                                                                                                                                                                                    Function 00007FF848AA16CA Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: &L_H
                                                                                                                                                                                                    • API String ID: 0-2562315107
                                                                                                                                                                                                    • Opcode ID: c40da09cc5630632a44fbd64471ff231eaf3205dfced0eb3ce95d9f55c4efd92
                                                                                                                                                                                                    • Instruction ID: c6f15d7a23c1fa2961c554f6647e77d418cf11ffcc8b3de75663f00f5e28c29b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c40da09cc5630632a44fbd64471ff231eaf3205dfced0eb3ce95d9f55c4efd92
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72D14A72E0EF865FE795EB38A85A2B83BD1EF557C4F0800B6C049CB193DE685806C756
                                                                                                                                                                                                    Function 00007FF848A9B2F0 Relevance: 1.7, Strings: 1, Instructions: 414COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                    • Opcode ID: f1a7feb1a73448d54996624dd714fa5db6ad70a7c4d13ab78345dfc1589157b5
                                                                                                                                                                                                    • Instruction ID: 49663e3f4d350eeeaf192b0abe3255b99038aa5b121658683f36783d68cf91b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1a7feb1a73448d54996624dd714fa5db6ad70a7c4d13ab78345dfc1589157b5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BC12230A1DB598FE768EB18844263573E1FF95384F1449BEC04AC7296DE75F8078792
                                                                                                                                                                                                    Function 00007FF848A98F78 Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                    • Opcode ID: b5d42e1d6cc280ce24ca5c87c729572c6611fd3cc65d874c1a31fc4c0f36315b
                                                                                                                                                                                                    • Instruction ID: 6bdb730664245cff512da64a190498df5cb600210b779936a0cc15533bf0a42e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5d42e1d6cc280ce24ca5c87c729572c6611fd3cc65d874c1a31fc4c0f36315b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FC1E030A1DB198FD768EA18D482535B3E1FF98344F144A7DD08BC3696DA75F8438B86
                                                                                                                                                                                                    Function 00007FF848A982C0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: &L_H
                                                                                                                                                                                                    • API String ID: 0-2562315107
                                                                                                                                                                                                    • Opcode ID: 44e790271fbbe4f8a17e594ffa774e39a7cf12ad4a336fccc0d5c3f24757da6e
                                                                                                                                                                                                    • Instruction ID: 7882e6d7293856ac78ec53d0873dbc606c8255e3e312d47f8bae5a0b85a2bd5e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44e790271fbbe4f8a17e594ffa774e39a7cf12ad4a336fccc0d5c3f24757da6e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52C16D31E0DE8A5FEB94EB28A4566B977D2FF59790F0400B9C04EC7297DE689C02C752
                                                                                                                                                                                                    Function 00007FF848AA1808 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: &L_H
                                                                                                                                                                                                    • API String ID: 0-2562315107
                                                                                                                                                                                                    • Opcode ID: 47a7654478ca4592245fb934b43029fbc6e2c28cbb1f244cb4321f261b83ee1a
                                                                                                                                                                                                    • Instruction ID: 7993b6395ed54096c98093090870060355877cea623958b78967ae783044e09e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47a7654478ca4592245fb934b43029fbc6e2c28cbb1f244cb4321f261b83ee1a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94A14E31E0DE455FEB94EB28A45B6B877D1FF59790F0800BAC04ED7296DE685C01C752
                                                                                                                                                                                                    Function 00007FF848A9B3D8 Relevance: 1.6, Strings: 1, Instructions: 300COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                    • Opcode ID: 096f433e6587ee5775c3c0253311ed1c40db9f4b25e1dc0b82da56c31a3e36eb
                                                                                                                                                                                                    • Instruction ID: a62f9968dce66b207ec19945353a81116255531abf3755ae3bff80a0669ed845
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 096f433e6587ee5775c3c0253311ed1c40db9f4b25e1dc0b82da56c31a3e36eb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F191CF30A1DB198FD768EA08D486535B3E1FB98394F144A7DD08AC3296DA75F8438B86
                                                                                                                                                                                                    Function 00007FF848A9D0E0 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: RL_H
                                                                                                                                                                                                    • API String ID: 0-2095375528
                                                                                                                                                                                                    • Opcode ID: 9caf1a7aad5704ff48d50982e8dab29e8d3c7299c171b25a096baca9b880a4e8
                                                                                                                                                                                                    • Instruction ID: c3fc9545e6cd1ff49f8a65c96eeb13f2fa95ae91b798d8f49844dcef536a9c71
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9caf1a7aad5704ff48d50982e8dab29e8d3c7299c171b25a096baca9b880a4e8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA813631A0DA894FEB99FF2884556B437E0EF64744F0441BAC80DCB297DE28EC85C792
                                                                                                                                                                                                    Function 00007FF848A9C746 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 3F
                                                                                                                                                                                                    • API String ID: 0-2414155017
                                                                                                                                                                                                    • Opcode ID: b49ad233b11c2f48eff7d6dc5771b895dc9cf3331cfa4bf627f464e0304104ef
                                                                                                                                                                                                    • Instruction ID: 810ae6af94c59bba637f3bb1b0437a5de9d0fab7d1e06d0e3e1aa3317eb10c4a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b49ad233b11c2f48eff7d6dc5771b895dc9cf3331cfa4bf627f464e0304104ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65514161B1DD590FE794EB2CA41A7BA37D1EF893A4F0505BBE40DC3292DF588C428396
                                                                                                                                                                                                    Function 00007FF848A9A94B Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: yW_H
                                                                                                                                                                                                    • API String ID: 0-463765510
                                                                                                                                                                                                    • Opcode ID: f4bed405f30fffaf77815c9592f62c01044f66bd0bb785cb25b8cf21fdc8c0b3
                                                                                                                                                                                                    • Instruction ID: ec59b60604f29273c31fc891084a13703dac67243598fa3f91f315162c716dfc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4bed405f30fffaf77815c9592f62c01044f66bd0bb785cb25b8cf21fdc8c0b3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67515270D199598FEBA9EB2898997A873F1FF58790F0005FAC00DD3292CE746EC18B55
                                                                                                                                                                                                    Function 00007FF848A9A9DB Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: yW_H
                                                                                                                                                                                                    • API String ID: 0-463765510
                                                                                                                                                                                                    • Opcode ID: 2e57e192383c6f6f6d0bd72c1c5e7635228bf7454a04035bf25f6a25a15ca733
                                                                                                                                                                                                    • Instruction ID: 84ebaa6d81b487b80346161372705e1cb53946edbf4613d4bcd5624f50743983
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e57e192383c6f6f6d0bd72c1c5e7635228bf7454a04035bf25f6a25a15ca733
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5415E71D199598FE7A9EA2898993B8B3B1FF58790F0005FAC00CD3182CE346AC18B55
                                                                                                                                                                                                    Function 00007FF848AA66F0 Relevance: .6, Instructions: 619COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f48ee2389bda53a5d97a5c54cc1dc75c031f6cfb72c872710b33e4e0999d02b7
                                                                                                                                                                                                    • Instruction ID: 136dd94528365c353753bd70c5db0aa1c96e5e3f7902525cd703f4cefe2a88e7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f48ee2389bda53a5d97a5c54cc1dc75c031f6cfb72c872710b33e4e0999d02b7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E026A31A0DB894FD755FB6CA8565F97BE1EF863A0B0402BBD049C7193EE24DC068392
                                                                                                                                                                                                    Function 00007FF848A972D8 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bcc1652e53e6aeebc0427a7adaa437945430a219f6a0a585ee5c17c551559392
                                                                                                                                                                                                    • Instruction ID: a68620a56f7e02969433ee452f1f95ebcf62898224ecbdb2451bf19ff28b7d7d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcc1652e53e6aeebc0427a7adaa437945430a219f6a0a585ee5c17c551559392
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE021530A0DA498FD799EB2C84566B97BE1FF95304F04467ED48EC7292DF24A842C792
                                                                                                                                                                                                    Function 00007FF848A94DD0 Relevance: .6, Instructions: 557COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 72d3b64eaff44cda2742fb0febf806149f62bfa8c8428d5909a83843647703d7
                                                                                                                                                                                                    • Instruction ID: 3980eaa5494397293eff71fdf559ab69e5bb0003da0168165085ba0a289e2c96
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72d3b64eaff44cda2742fb0febf806149f62bfa8c8428d5909a83843647703d7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F102D470A1DB898FE758EB28C4566BAB7D1FF98344F04497DD48DC3292DF34A8418B46
                                                                                                                                                                                                    Function 00007FF848A9F886 Relevance: .5, Instructions: 547COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 499881d7b61ade02cc9483e38605a694f66a598fbfeead89faafbf4875046658
                                                                                                                                                                                                    • Instruction ID: 0687a1992b29aeb8341be13321d9d7fc8bcfa4169c4afacda33442312e7376ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 499881d7b61ade02cc9483e38605a694f66a598fbfeead89faafbf4875046658
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C302C370A1DB898FE758EB28C45667AB7E1FF98344F04497DD48DC3292DF34A8418B42
                                                                                                                                                                                                    Function 00007FF848AA0E26 Relevance: .5, Instructions: 530COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6f7ba61d4c9effda92f7e75b004bab5ddecdb7a93caac8cc62b14b2dea12a881
                                                                                                                                                                                                    • Instruction ID: 74a51ccde87b2c01ca59b1922cc2cea2e11c87a337d549b7c2ca0043b773d193
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f7ba61d4c9effda92f7e75b004bab5ddecdb7a93caac8cc62b14b2dea12a881
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F13B61E0EBCA5FEB95EB38A45A6B83BD1EF553C0F0500BDD449C7293DE689806C312
                                                                                                                                                                                                    Function 00007FF848AA704D Relevance: .5, Instructions: 505COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3acff3e96b0acf29efd0a2eff08caa664447b5e10ef5ae3efeaf85bcba4fa64b
                                                                                                                                                                                                    • Instruction ID: 06e4700871f5fb69757440e8e77053e1eebb2cb6fed6770f3e7d728ca2bdd9ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3acff3e96b0acf29efd0a2eff08caa664447b5e10ef5ae3efeaf85bcba4fa64b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFE12421F1DB4A4FEB99EB38541627977D1EF99790F0401BAC04DC3287DF68AC468396
                                                                                                                                                                                                    Function 00007FF848A98318 Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c0bb4f6cfe05f73b91d567d627daeb721b679dce0c4df0f5beabaf94f2ac106c
                                                                                                                                                                                                    • Instruction ID: 09f4c9dec53892c43f35e35dcd0b2c85656b5a8de09e900487fe31a19af86f94
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0bb4f6cfe05f73b91d567d627daeb721b679dce0c4df0f5beabaf94f2ac106c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1D13A31B1DA495FEB98FA2C98466B537D1EF54784F0000B9D80EC72A7DE64EC468792
                                                                                                                                                                                                    Function 00007FF848A95898 Relevance: .4, Instructions: 395COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bffd07a8407ef3920e83639e8377970f52087e8fa2b483c49590e4f5e339194d
                                                                                                                                                                                                    • Instruction ID: 503c642763e2f7a7469e2bd99218933469aefbc5eb51c980e3af3b3ea0d347e0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bffd07a8407ef3920e83639e8377970f52087e8fa2b483c49590e4f5e339194d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63B12721A0EA8E4FEB95FB2C849A6747BD1EF59384F0804BAD40DC7193EE58AC458356
                                                                                                                                                                                                    Function 00007FF848A99008 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ccb968a86529fb37693ac44bda12cebf10f48506d1be73f4a8883f2fd527c53e
                                                                                                                                                                                                    • Instruction ID: 77dfea74ead0d2e0c29c3809cfe2712c292de7fb3ae23e62af637028652e75b3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccb968a86529fb37693ac44bda12cebf10f48506d1be73f4a8883f2fd527c53e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8A1BD31A0EE594FE369EB2C984667037E0EF59354F0409BAD04DC71A6DF29AC4BC396
                                                                                                                                                                                                    Function 00007FF848A97200 Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3260eb116e6ecbfd8db59b7bbaf2a746a166dbbbf20975d25fd95ca68a91b188
                                                                                                                                                                                                    • Instruction ID: 5313b9ec63bdcc6ba5aa08ef133136bf95d803ff3e75b16679eb36f8d2a9322a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3260eb116e6ecbfd8db59b7bbaf2a746a166dbbbf20975d25fd95ca68a91b188
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1A1E931A1CF484FEB58EB1CA8466B977E1FB98750F04017EE04AD3691DB64FC418786
                                                                                                                                                                                                    Function 00007FF848A9F3FF Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6f19508e1ab00e37476afab679e99103573bfd75e66efa6f837bbbfb919357a8
                                                                                                                                                                                                    • Instruction ID: 16b07f9ae4424c723b83a4630825ab9632ec5ed1f3f24aa385fbc9841fa75802
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f19508e1ab00e37476afab679e99103573bfd75e66efa6f837bbbfb919357a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66313732A0DF858FE750F628980B5B977D0EFA5365F04097BC849C30A2DE24A9468397
                                                                                                                                                                                                    Function 00007FF848A9C320 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 166a9ccbc8b8d50788796ccc24111115f9cf3a16a67c244f375b8d9d1493119c
                                                                                                                                                                                                    • Instruction ID: 4bd06366c639ecfb9767bb3066837f29d2c5aa7da57e51594da61b45be40298a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 166a9ccbc8b8d50788796ccc24111115f9cf3a16a67c244f375b8d9d1493119c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E8169A2F1ED568FF3A5E12C242E27967C0EFA9AD8F1004B6C44DC72D6DE589C064366
                                                                                                                                                                                                    Function 00007FF848A9F085 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 05c6df4b50cb04b796abe6dba27fde78d30f687b8076e22411108ad033442a12
                                                                                                                                                                                                    • Instruction ID: 0280154a6981d85abaf17ae3bc83243ba522de27d52b45123c50db38d7669ef3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05c6df4b50cb04b796abe6dba27fde78d30f687b8076e22411108ad033442a12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5A15B31A0EA464FE795EB2CD4026A477D1FF99394F0409FAC44CCB696DBAC9C4683D2
                                                                                                                                                                                                    Function 00007FF848A99F6B Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2ddbf55c910b1e2f1d772a484bf36527ced6f47d0a8a530fe924212873e99080
                                                                                                                                                                                                    • Instruction ID: ff6607b1a8031b3a1ecdcf24660c6213e456abb71cd4346e52a255ba005cf76b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ddbf55c910b1e2f1d772a484bf36527ced6f47d0a8a530fe924212873e99080
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AC15C70D19A49CFEB99EB28D8897ACB7B1FF54344F1001BAD00DD3292CF7869818B59
                                                                                                                                                                                                    Function 00007FF848A972D2 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e4e1f7226425bc02d6bc31eca9385519c04abd0c239352b5b7bbc827374ee316
                                                                                                                                                                                                    • Instruction ID: eb555e7407094d74cdbb63fda5d9a4f257790910c34966cf331f892417b31bf3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4e1f7226425bc02d6bc31eca9385519c04abd0c239352b5b7bbc827374ee316
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40A12930A1DA488FDB55EB6C98565B97BE0FF98744F0400BED44AC7292DF24AC42C792
                                                                                                                                                                                                    Function 00007FF848A97C38 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 08c1c697ef55011103fedac9a87fe888eb01e932047c1dd475c5cc2ed57ddfc8
                                                                                                                                                                                                    • Instruction ID: e9d57fa2b18fa45224835e55a8d938a76494cfe4720aa50711ddfce37d175bab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08c1c697ef55011103fedac9a87fe888eb01e932047c1dd475c5cc2ed57ddfc8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBA10231A0DA498FDB80FF2C9496AF93BE0EF59355F04007AE04DC71A2DF24A84587A5
                                                                                                                                                                                                    Function 00007FF848AAAED1 Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5823c53a29796e7d2e5ec26a865d31cfcb520f532b4d38dc96f828676404dbd9
                                                                                                                                                                                                    • Instruction ID: aa50b275edea3dcb54983237ad22adb86948e835948d7fce83d4c3021d989cc7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5823c53a29796e7d2e5ec26a865d31cfcb520f532b4d38dc96f828676404dbd9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88B15370E196598FEBA9EB68D8553ACB7B1FF58380F1001BAD00DE3292DF345986CB15
                                                                                                                                                                                                    Function 00007FF848A9C890 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9714cc374c3d8d2d19ab06c99f126b7bed2f4d557e432c5fd1b19d937056c198
                                                                                                                                                                                                    • Instruction ID: ca840088c637dd68994df41f834eca2412987ed548eb535853eac573069e33c5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9714cc374c3d8d2d19ab06c99f126b7bed2f4d557e432c5fd1b19d937056c198
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35815A71B1DD194FE694FB2CA45A7B837C2EF893A0F0505BAD40DC7296DF199C428386
                                                                                                                                                                                                    Function 00007FF848AA0B39 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4e18dcac9245d8949e2a28ead0a1a8fb1e881d7f0f6cae9b1acee172f8206e5e
                                                                                                                                                                                                    • Instruction ID: e7dea091ed2b87bee7c93787e4f398f008bd512a9f324b309b56d58f4415b19a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e18dcac9245d8949e2a28ead0a1a8fb1e881d7f0f6cae9b1acee172f8206e5e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FA1F331E0DA8D9FDB99FF6C84566A97BE1FF59390F0401BAD009C7296DB78A801C741
                                                                                                                                                                                                    Function 00007FF848AA7362 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4c80a575ae8686ccee93c38823dd1958a28d4e73ffb1f52820f02430d0eb6db3
                                                                                                                                                                                                    • Instruction ID: 705604a2581a09fac7634d1796a107e95fc77c27aa2ca48d04421d1b7a0756c8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c80a575ae8686ccee93c38823dd1958a28d4e73ffb1f52820f02430d0eb6db3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89811721B1DB894FE795FB7C581A17A3BD2EF8A65070501FAC04DC72D7EE689C064362
                                                                                                                                                                                                    Function 00007FF848A947F0 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 48075f295b5f1f9291bd0fe9458a6c4e021dec3c9f3ed9dd6158ee7ad5b3cfe8
                                                                                                                                                                                                    • Instruction ID: 26241c54456a387c256580e4d5196757bdc28ccf8574d6d99906e6083bdd2de3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48075f295b5f1f9291bd0fe9458a6c4e021dec3c9f3ed9dd6158ee7ad5b3cfe8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7912520E0E74A8FFB64FA2494962B97791EF453D0F04417AC04EC39C2DFAD6859836A
                                                                                                                                                                                                    Function 00007FF848A91108 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 619363fedf52fbc110a8f06c15bc0d7b639eac2bb2b54a3e63f45619ab6eeaef
                                                                                                                                                                                                    • Instruction ID: a4b1b9195dd7668d2acea720e5446141ad249119102c6012af9c2adef7aba4a3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 619363fedf52fbc110a8f06c15bc0d7b639eac2bb2b54a3e63f45619ab6eeaef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42A1AE30A0AA8E8FDB84EF28C8597E977B1FF55344F1446B9C00DD7296DE78A842CB40
                                                                                                                                                                                                    Function 00007FF848A99855 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bc5a52cd271909e15aac9f04f8e329c964d429ad3c383f6094a63e4a32f5d3cb
                                                                                                                                                                                                    • Instruction ID: 5efb1713e4206cc693985be8e4802686f87ba440e0b8fcb101ade93fb6084c17
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc5a52cd271909e15aac9f04f8e329c964d429ad3c383f6094a63e4a32f5d3cb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D713F72A0FA860FE746F66CA8531F537E0DF423A4F0905BBD489C7193EE19E845835A
                                                                                                                                                                                                    Function 00007FF848AA6F5C Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 11388e411867299a3a67e12c2984981315569023e3a02019901e5b8f216f0952
                                                                                                                                                                                                    • Instruction ID: 3e0e72144b590e214ade9d88ca72e7c3de6ca922d240fca852458154c265fcaf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11388e411867299a3a67e12c2984981315569023e3a02019901e5b8f216f0952
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2710630B0DB494FDB95EB2C94566793BE1EF8A750B0901FAD089C72A3DF64EC418752
                                                                                                                                                                                                    Function 00007FF848AA85D9 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cd0a2354b6b9b05d8bd68518b7601cf9709b172e51622d9891ec1694b7f5d1ee
                                                                                                                                                                                                    • Instruction ID: 4162ace09b8584d4ce649e50b2c2c6dd27df35dfa332f19870cd3384a6144546
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd0a2354b6b9b05d8bd68518b7601cf9709b172e51622d9891ec1694b7f5d1ee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04717B2191E7464FE729F62898421B17790EF453D1F2445BEC48B83986EF59BC8383A7
                                                                                                                                                                                                    Function 00007FF848AA9F53 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a640eabac41a595e4b9b70e3873f815d973e4c35371f0a19d5524551c5e9a8ef
                                                                                                                                                                                                    • Instruction ID: d0da0c6679ff9116439ac2ac7de78a8166914f254f6f25bc2c79de09037910df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a640eabac41a595e4b9b70e3873f815d973e4c35371f0a19d5524551c5e9a8ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4918030A1DA498FDB99EF18C496BA877E1FF58384F0401B9E44DC7292DB78E841CB56
                                                                                                                                                                                                    Function 00007FF848A97180 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f6d80ff2d70f59d5a34da6cc568472390e3fdddd38cbcf980fac56edbed7dcf7
                                                                                                                                                                                                    • Instruction ID: bd3b3d8e689c43c9c51cf8c0ecbbe1f131393997815c47a1d7faa72e47a65199
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6d80ff2d70f59d5a34da6cc568472390e3fdddd38cbcf980fac56edbed7dcf7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D710D30A1D94E8FDF94EF2CC486AA937E1FF69345F400579E40AD32A1DF64E8418BA5
                                                                                                                                                                                                    Function 00007FF848AA9F8F Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0d6e366a30912d06e42fa4746b2bd24ca25b2df8a8fb0ca1e18f9e675da9a515
                                                                                                                                                                                                    • Instruction ID: 272b53a3cd2f931162f2b51a6eae284d009dea82b640cd78d409b2cf6436ffc9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d6e366a30912d06e42fa4746b2bd24ca25b2df8a8fb0ca1e18f9e675da9a515
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B81B230A1DA4A8FDB98FF28C496BA877E1FF58384F0401B9D44DC7692DB68E841C756
                                                                                                                                                                                                    Function 00007FF848A96DC1 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 94df00e59507e97ca6fb78528639b3b90cd62ed6e9dcc701fd1fe369c8d6578e
                                                                                                                                                                                                    • Instruction ID: c378a40218bbe4e41f1a657b18850d911469e69f6e1cec07cc15b8182892154e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94df00e59507e97ca6fb78528639b3b90cd62ed6e9dcc701fd1fe369c8d6578e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D651BFA284F7C54FD747AB789C361A07FB0AE17644B0E85EBC488CF1A7D65C580AC366
                                                                                                                                                                                                    Function 00007FF848AA51C9 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cac5ce5b17061fe04ff044bfd66101b1c746a5a42811d484705e0f27b5e8b6f0
                                                                                                                                                                                                    • Instruction ID: 6e772e5be8f4738d137a7bf2b1c356e2dce9af33fa829c73f3b4196a3589d7cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cac5ce5b17061fe04ff044bfd66101b1c746a5a42811d484705e0f27b5e8b6f0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F614620A1EB864FE359EB7484562B577E2EF86380F1141BEC04AC75C7DF6C6C868366
                                                                                                                                                                                                    Function 00007FF848A97C60 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 22d9e1e5f4583fdb3c42357cd20e2509a521c3f77c9479cfb94b7cf59e2e5d97
                                                                                                                                                                                                    • Instruction ID: 9f589c77c9772f4c24f215282e713f15958fc15c1068d66db7aa4d60144df41a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22d9e1e5f4583fdb3c42357cd20e2509a521c3f77c9479cfb94b7cf59e2e5d97
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F261496290E6C95FD742FF3898165F93FE0DF562A4F0841BBE48CCB193DA1895468392
                                                                                                                                                                                                    Function 00007FF848A946D8 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ce28debd31fc6228c9032a4f5e1f34f1c179624d7fa5c4dd33bfa2b7f18db2fe
                                                                                                                                                                                                    • Instruction ID: 56917bfe31e8e715f15fd976c93c01118ad092efe300663a33f75224f1212d1d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce28debd31fc6228c9032a4f5e1f34f1c179624d7fa5c4dd33bfa2b7f18db2fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B61263060DB458FE758EB28C4969B5B7E1FF95380F10457EC04AC7692DF68E846C786
                                                                                                                                                                                                    Function 00007FF848A9EE1A Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a2f51edc0d34022aec10521316d866fc9cd517121f7333d58dc94c70daf97274
                                                                                                                                                                                                    • Instruction ID: c11cc92a9d99a135b4a8ed2c5c97f2e01e339f8850fddbae1bbc254e3ff17806
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2f51edc0d34022aec10521316d866fc9cd517121f7333d58dc94c70daf97274
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30615B21A0EA8A4FD749EB2C88156B57BE1EF5A264F0441FED08DCB2D3DE9D9C41C361
                                                                                                                                                                                                    Function 00007FF848A98308 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cad2e5fe346e1231f041b3167f60465fd4e877bfdbb796b1f63a750ed3980f26
                                                                                                                                                                                                    • Instruction ID: fde08f2594b036b622918ece481b72899c77a84488f5934c27b9a5dbf1635a5a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cad2e5fe346e1231f041b3167f60465fd4e877bfdbb796b1f63a750ed3980f26
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3517C21F0EB8A1FE399EA3C645E2757BD1EF596D0B0400BAC04EC72A7DE548C068356
                                                                                                                                                                                                    Function 00007FF848A95708 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 902b00656ea05fbb5b52cb3b7a4dc252a10b238044185d46006ab950fe413828
                                                                                                                                                                                                    • Instruction ID: 90908bb9eb415f724e8f9e8491e03d0f0df22cea766b7ab8ef3d1b268e40ce2f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 902b00656ea05fbb5b52cb3b7a4dc252a10b238044185d46006ab950fe413828
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F513802E0F9C24FF356A67C78172782F90EF52A94B0945FBC048871DBED988D469397
                                                                                                                                                                                                    Function 00007FF848AA6B63 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 84055e3f1c51985d282b25d2e2386f93bd91f0dc956939cf9b19ab3a6bd996c4
                                                                                                                                                                                                    • Instruction ID: 50d89e14fd7a363b815ebc327707f07e5f850f3a617eeabd8a1ebaf2286a6e82
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84055e3f1c51985d282b25d2e2386f93bd91f0dc956939cf9b19ab3a6bd996c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE512B3160DB884FD755E738881A6B53FE1EF96260F1401FFD44AC72A3DE199C028752
                                                                                                                                                                                                    Function 00007FF848A9212A Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c2e5ef0969b9ecfeba45b5684c0b511953bd30f115c59c89c6cff91059de2845
                                                                                                                                                                                                    • Instruction ID: 700eb4e328901a2390b3920dd1ef96a4f5d8032467806f7a91ae490ff8967a9a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2e5ef0969b9ecfeba45b5684c0b511953bd30f115c59c89c6cff91059de2845
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97617A30A0EA9E8FDB95EF28C8457A9B7F1FF59300F5045AAC04CD7296CB74A885CB41
                                                                                                                                                                                                    Function 00007FF848AA9D94 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0552e07ad8a9395b368a27ca54b8eea4253426d7f7b45b7be52b11ad066280c2
                                                                                                                                                                                                    • Instruction ID: 21798931a511ea204621626d5b75bb5887d209cc2ee2adbff2e7cb25cf83306c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0552e07ad8a9395b368a27ca54b8eea4253426d7f7b45b7be52b11ad066280c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9251E73090EB8A4FDB96EF6C84456A87BE1FF55394F0801F9D049CB196DB68DC44C752
                                                                                                                                                                                                    Function 00007FF848A9BF59 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 163fc2bea636c145d4d11b2f23a07c275c922e3d53131b987f548984138194a4
                                                                                                                                                                                                    • Instruction ID: 002ba99afc11960828fb7b4ba2388baef1840336beba0b3015c537022bf7f651
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 163fc2bea636c145d4d11b2f23a07c275c922e3d53131b987f548984138194a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94518D72D0DE8A8FEB99EB2C94125ED77E1FF45394F0404B9C008C7192EE6C98068755
                                                                                                                                                                                                    Function 00007FF848A90E68 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fd17c27047254a54b6c68d2a5f8cbea89dd87069ce57870bf36419a83e5f5f67
                                                                                                                                                                                                    • Instruction ID: d391425dd54d267887ae1b902a4dd15aa7899017aa1b493488377f526b7b39d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd17c27047254a54b6c68d2a5f8cbea89dd87069ce57870bf36419a83e5f5f67
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6051CF72D0EA8D8FEB80FF6CD8556A8BBE0FF29344F0405BAD048D7256DA74A841C751
                                                                                                                                                                                                    Function 00007FF848A95BB0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4128d51c57b6ab53bac35910f593dffb3c6ad39d085533d22d4e3555a294b7e9
                                                                                                                                                                                                    • Instruction ID: 8a51dd21c73fc72360c4c25bb3cdaef28290f4f6287b0833558717233e38c553
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4128d51c57b6ab53bac35910f593dffb3c6ad39d085533d22d4e3555a294b7e9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7412721E1D98A4FE798FB3C94526B57BE1FF95384F0401BAD04DC7286EE68E8028752
                                                                                                                                                                                                    Function 00007FF848AA75D0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 461ccd1540b2cc806f2d3412060a33e019a10f02a82ba5a2522c1f1be4b6b35d
                                                                                                                                                                                                    • Instruction ID: 06a780103d469aa4ddb7654a68ef5d98aa1774a6ac1314fa482f976bf9674b21
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 461ccd1540b2cc806f2d3412060a33e019a10f02a82ba5a2522c1f1be4b6b35d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09512721A1EB0A4FE368F62898523B673D1FF453D0F54457AC48EC39C1DFADA8468366
                                                                                                                                                                                                    Function 00007FF848A99325 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 52747fcfefad050cd324827a9aa0ce99df8ba2cc55c546bb29462b5cfcd62bbf
                                                                                                                                                                                                    • Instruction ID: 3d5c317f06d281b0b1f7790b276344aa6632e72d113ab2e33c18b711446e9f0c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52747fcfefad050cd324827a9aa0ce99df8ba2cc55c546bb29462b5cfcd62bbf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F641E221B0ED4A5FEBE9EA2C9491A7433D1FF5839474805FAC40DCB2A7DE58DC818352
                                                                                                                                                                                                    Function 00007FF848A92B25 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e67fa8c3589d5f1daa8a294564dddfcdaaf9d66fc7360806bc48407d94392b60
                                                                                                                                                                                                    • Instruction ID: 6a09909254886be3d8914a41fad7c38e85121925d76ed320a7223f920269f58e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e67fa8c3589d5f1daa8a294564dddfcdaaf9d66fc7360806bc48407d94392b60
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7851CF7084E6898FDB95EF2888567E57BF1FF56354F0401AAD00CC7292CB789986CB62
                                                                                                                                                                                                    Function 00007FF848AA1FD1 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a46dac32786dcb52b03c3b46bd836fa422cde51874840079d31ff783df7ec506
                                                                                                                                                                                                    • Instruction ID: 6e1c0d1362e28f1d5e5c6c63f89358bf8436c9fe9c304839c2059ab0a21709f6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a46dac32786dcb52b03c3b46bd836fa422cde51874840079d31ff783df7ec506
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D41F43060EA895FDB95FB2C8859A753BD2EF95384F0400B9D44EC7297CE68AC41C396
                                                                                                                                                                                                    Function 00007FF848AA2764 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3dc14b8ee3c647cfe3135b7cd32d473d72e96be896612a0e4789e82c5803fae5
                                                                                                                                                                                                    • Instruction ID: 99aab55024344053e5878f14225a84a4fa2eeac3720107c093188d4600000fdf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dc14b8ee3c647cfe3135b7cd32d473d72e96be896612a0e4789e82c5803fae5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F041D620B1DA594FDB94EB2C90566BD37D1EF58784F00017AF44AC3296CE68ED4187C6
                                                                                                                                                                                                    Function 00007FF848A97C68 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: be7d95bc032c15a07b5575993c3e6ed98af477665fcbba6b7b4e13aafb782f97
                                                                                                                                                                                                    • Instruction ID: 52350d09b626eb089792d113fa54c342425b00ea773c4174777fb7946d507bb4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be7d95bc032c15a07b5575993c3e6ed98af477665fcbba6b7b4e13aafb782f97
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F441F56290D69A4EDB41FF78A4166FD3BE0EF16399F08417BD48CC6093EE149544C3A9
                                                                                                                                                                                                    Function 00007FF848AA773D Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a8508d3dee888e667ef9f8cc33ee4924eb416890c109a8a03fa405e044418a99
                                                                                                                                                                                                    • Instruction ID: c85c256dfa338a12b7729e4dd390afb09deac42e8d4d86ffbe6658a8a72baa24
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8508d3dee888e667ef9f8cc33ee4924eb416890c109a8a03fa405e044418a99
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251E130A0EB458FD75AEB2884556B277E1EF59380F1444BEC08EC7292DF78B842C766
                                                                                                                                                                                                    Function 00007FF848AA6B02 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6f2a12de97a995ec7db781decc37d80f9371db4c54b875c8b6eddeb8767225f6
                                                                                                                                                                                                    • Instruction ID: d55e45e602fc5581635ef89b2d6582c41fa141f23780ce6866b4b6eb42777d33
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f2a12de97a995ec7db781decc37d80f9371db4c54b875c8b6eddeb8767225f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3841183150D7894FD756DB2888256A43FF1EF47260F1901FFD48AC71A3DA59A8028762
                                                                                                                                                                                                    Function 00007FF848A9C1BD Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 52d64960c85a1c7b290a7e6148f1a787a7af21863be12c31c52a4c60c6a283cf
                                                                                                                                                                                                    • Instruction ID: cf480ef05864821c7205ea5f7d6ae825bdf60f9ce85bbb1eb73d753757327b92
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52d64960c85a1c7b290a7e6148f1a787a7af21863be12c31c52a4c60c6a283cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D415961A0FB865FE396F77C58122B47FD0EF462A4B0904FFD049CB1A3D9589C428366
                                                                                                                                                                                                    Function 00007FF848AA6CEA Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1b0cd5f6b4608264282fe68fb250237aae549ced4d1aae4f867ca92ac011a018
                                                                                                                                                                                                    • Instruction ID: 2c923531fd83d33c4b1e6c1710a1b27dcf01fa68ceafc71b505659df5295d3cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b0cd5f6b4608264282fe68fb250237aae549ced4d1aae4f867ca92ac011a018
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D41B430A1DB494FEB98FE2894425B977E1EF98394F04017EE84EC3587DF64E805479A
                                                                                                                                                                                                    Function 00007FF848A9FE40 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 57187f5d53c514ca5b7578bf9d6d6f81b0c72c0fb750339fca10094e8ccf9467
                                                                                                                                                                                                    • Instruction ID: aa325e457242ad037da138b20d341e93e3c00986c662d87d31e955a0e2e46b22
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57187f5d53c514ca5b7578bf9d6d6f81b0c72c0fb750339fca10094e8ccf9467
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A316A21B0EC494FEBA5F72CE4166B477D1EF99750F0404FAD84CCB296EA5C8C828392
                                                                                                                                                                                                    Function 00007FF848A9CF90 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3c299f67dc9dd1f16cdd4f2481d17ac628ef5842c5f1f417bf0e231bbb599dfa
                                                                                                                                                                                                    • Instruction ID: 4c31e7892d03c5b7130cd297b8bff1a9b8d791e5973a75657bb04c1292d6b49a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c299f67dc9dd1f16cdd4f2481d17ac628ef5842c5f1f417bf0e231bbb599dfa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7431F430B0EA094FDBA4FB1CC445A7837E1EFA9391B0500B6E04DC76A2CEA8DC418791
                                                                                                                                                                                                    Function 00007FF848A99945 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ca7f8795dcfee6e546486aa785786419445120a9fea0938f7474dcf6af85acf8
                                                                                                                                                                                                    • Instruction ID: a2da7eb57300c925cf9049ace6e46c96234b39405d12bef2b02d41849c3b0569
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7f8795dcfee6e546486aa785786419445120a9fea0938f7474dcf6af85acf8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541C46180EBC55FD713FB3854AA1E63FE0DF12298B0901EBD4D8CB093EE186545C76A
                                                                                                                                                                                                    Function 00007FF848A947FD Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 09e4619351bded4efd1eb0245ddfbd7eb1476d1993701731fb9e807ac4a5ae69
                                                                                                                                                                                                    • Instruction ID: 50df72b6ea71e1af3e1c785e98972e6f8cf31c6dbff2bd8ec1c88d3ee3d40acf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09e4619351bded4efd1eb0245ddfbd7eb1476d1993701731fb9e807ac4a5ae69
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C319F3061DA098FD758FA18C08667673E1FB58384F50457DD09FC3691DF65B842C7AA
                                                                                                                                                                                                    Function 00007FF848A99960 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 630fb6840ffae8af8b551961f21648b70b87853e973a55bd7ba0da8eb88564bd
                                                                                                                                                                                                    • Instruction ID: 09ca67048871fbdd31b1c073914c225e41dc4662ff783c5cc02535f7cb926a3b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 630fb6840ffae8af8b551961f21648b70b87853e973a55bd7ba0da8eb88564bd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9212371B0ED0E0FEAD8E61C546637A73C2EB98399F54187AD40DC3295EF29EC028315
                                                                                                                                                                                                    Function 00007FF848A98D58 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 471b93131f39bdd44d6b26408ff533d552d0a5de7478287e7dcb024f3ffadc3a
                                                                                                                                                                                                    • Instruction ID: 89c11c0fc843fdb0089727662c6aa59bf73134a50e01f9246dc3d04c7325cd0b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 471b93131f39bdd44d6b26408ff533d552d0a5de7478287e7dcb024f3ffadc3a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB313230B0EA1D4FE798EB2C840A7B977C1EF98354F0405BAD04DC72A2DE699C0AC742
                                                                                                                                                                                                    Function 00007FF848A968D3 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 25ba2a5c4063ced75df9bc4645d3187066f37732f7193e727106dd76e20042e6
                                                                                                                                                                                                    • Instruction ID: 78d0ffc31032b95968d78542d8ae1639ece58369f4f4f093291327b5e001b353
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25ba2a5c4063ced75df9bc4645d3187066f37732f7193e727106dd76e20042e6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E317C62D0E6CA6FD341BB7898175E87BE0EF423A4F0505FED0498B193ED1C19058752
                                                                                                                                                                                                    Function 00007FF848A94FD8 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1fa7eacf63ca29a2c52b94447c13c2506aad995943faf3204d026104e3569479
                                                                                                                                                                                                    • Instruction ID: 17c42a6e16d361ba113b969f1e9b2c47805a47e38679b865a83286548014b010
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fa7eacf63ca29a2c52b94447c13c2506aad995943faf3204d026104e3569479
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86310862D0E6C25FE306EB7C68170F93FA0FF01A54F4804F7D448470ABEA68994682C6
                                                                                                                                                                                                    Function 00007FF848AA6E91 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ddde47435cfe01c422c99a9e0798050da7cdc92834bc38e1102d488045afff5d
                                                                                                                                                                                                    • Instruction ID: 489a4b01bde52f7fd2a8008689f5cf55e8fd3ba2c59645f7f415d95f30beb759
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddde47435cfe01c422c99a9e0798050da7cdc92834bc38e1102d488045afff5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46214D30A1DB0D8FDF98EA1894566BD77E1FB98794F08027ED04ED3681DF64A801879A
                                                                                                                                                                                                    Function 00007FF848A92E52 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4e30d28cc5c4d86dd6c67562e05fbd59a2abc38355f01d68f00dca19f2573942
                                                                                                                                                                                                    • Instruction ID: 5b195eab753e34fb6381fc2e7d150857ba6a5d374927cfa543e02716b84e29c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e30d28cc5c4d86dd6c67562e05fbd59a2abc38355f01d68f00dca19f2573942
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91314F30A0891C8FDB98EF5CC495EA8BBF1FF69345F150599E01DE7262DA60ED81CB44
                                                                                                                                                                                                    Function 00007FF848A96315 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 733ce7a136c49e99362a3345e3fca26cdbda1e82b69cba4aeac71b925fff4887
                                                                                                                                                                                                    • Instruction ID: 6ecafa7fe974d82570a06e48166d58e809564b598b04c0c3aa98925ba8df9290
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 733ce7a136c49e99362a3345e3fca26cdbda1e82b69cba4aeac71b925fff4887
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94219431A2DE8A4FAB48FE2CA4424B973D1EF68754B44017EE80EC3187EE34F5424745
                                                                                                                                                                                                    Function 00007FF848A96A4A Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ca31b9c2745127cf556e26443793bc4977f776fb93709953b3e6902a041078df
                                                                                                                                                                                                    • Instruction ID: bedff088418cf57582af1ad6e900e3d247aa20bc5b9a89ad6304c77774f96fd6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca31b9c2745127cf556e26443793bc4977f776fb93709953b3e6902a041078df
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E312B70E1D95AAFEA44FB98D8567BCB7B2FF58B80F540174D009A7286DE6868028712
                                                                                                                                                                                                    Function 00007FF848A9D641 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 607ba773d127e6fde9c693cc75502991d94111f29e0242775bcc57ef15275aec
                                                                                                                                                                                                    • Instruction ID: a18388b387c1b12a10beb21144f826cea1da5a06fc2eaa37a9291e3dfea608eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 607ba773d127e6fde9c693cc75502991d94111f29e0242775bcc57ef15275aec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D21B63160DF894FC34AD738C054AE17BE1FFAA344B1881EAD44DCB2A6DE25E545C791
                                                                                                                                                                                                    Function 00007FF848A95B80 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 304459776fc993a11e28c9e97782145942a575595d48556b01ff0ec0d8550eed
                                                                                                                                                                                                    • Instruction ID: 20830ceee534ec93e380e7f82275911007193ccd5950a2c8431eccc18809a27c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 304459776fc993a11e28c9e97782145942a575595d48556b01ff0ec0d8550eed
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96212722E0DACA0FD755FB3C94A31F93BE0EF51358B0804BBC448CB187EE58A8428341
                                                                                                                                                                                                    Function 00007FF848A9EFAA Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 52ac512539235948c5d8490b5d7f661811f1a502fc762b5baa6a14afaac5749b
                                                                                                                                                                                                    • Instruction ID: 9b935bc36d06a98ff2e5652dd2497eab1a25357afc0415fcf98fd81823347db6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52ac512539235948c5d8490b5d7f661811f1a502fc762b5baa6a14afaac5749b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5411E732B1DD184FE658EA1CB81A27977D1FB9CB64F0005BFE40DC3296DE965C414285
                                                                                                                                                                                                    Function 00007FF848A97D09 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 50660188839107f71e9a21d16ff3e342aa6cd082f2de1a635aa734184c713c1e
                                                                                                                                                                                                    • Instruction ID: 53d5b69f88aba48f3bd63e38b34269b93b7019c1f3166f4980a067e008abd574
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50660188839107f71e9a21d16ff3e342aa6cd082f2de1a635aa734184c713c1e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF217C3090CA4E8FDF88EF188446AFA77E5FF68349F00053AE40AE3191CB749851CBA5
                                                                                                                                                                                                    Function 00007FF848A92C46 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 62d609d382357d84e4d641045330177e775a3112ffef83fab9aacad7fb580274
                                                                                                                                                                                                    • Instruction ID: 4ea38e891a7484f26da700297ccc8c3d05a8a4db9dd99706b9d68cad2ebe1e6b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62d609d382357d84e4d641045330177e775a3112ffef83fab9aacad7fb580274
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C315070909A5D9FDB84EB68C859BA87BF1FF59345F0001E9D00DEB261DB749C81CB10
                                                                                                                                                                                                    Function 00007FF848A9E111 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 21d3a8bef1cd5703e80ee1a6bc1464f91a28c65ff0afe4ad854590f6908eaf43
                                                                                                                                                                                                    • Instruction ID: 1021d094de28f0d056a51dc45eaa7c6d0a40b14b18eeae0a8f0946c7c97cb63d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21d3a8bef1cd5703e80ee1a6bc1464f91a28c65ff0afe4ad854590f6908eaf43
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD110432F0EE494FE3E5A52C2C5A1712AC0EF68618B2900BBD44CC32A7FB889C148346
                                                                                                                                                                                                    Function 00007FF848A98061 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 33451c93c1c50b74cf02f0faa0718cce6c0a0baa7eb285b3ca1eaafcc6082899
                                                                                                                                                                                                    • Instruction ID: 75a46e2c21a9396aa91a574617ec7c8e18f8a249f15be8eff69a8224c804aed5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33451c93c1c50b74cf02f0faa0718cce6c0a0baa7eb285b3ca1eaafcc6082899
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A611EF21A0EB860FD75BA63C98662647FB0EF52240B9940E7C048CB1D7DA1D984B8353
                                                                                                                                                                                                    Function 00007FF848A9DA90 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8d63d2078db93cd9b097561de55074f5bbe8604293b0e87e790489e8b73752c6
                                                                                                                                                                                                    • Instruction ID: f904a4b6393fe7697471082bf64721a153e1c30e7f4a0628fad03c10eede2698
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d63d2078db93cd9b097561de55074f5bbe8604293b0e87e790489e8b73752c6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7721063050EF868FD756EB3CC054D62BBE0EF56344B1445EDC04ACB6A3DA65E881CB51
                                                                                                                                                                                                    Function 00007FF848A9E130 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fd0fea2849b77cbfe10d51ec2a5bd398b6a5e7737f20f6d82fa9d5b53180ef60
                                                                                                                                                                                                    • Instruction ID: 161366c14482e67fff9f3104e7e0fdce281bc7415400528997011e54046a3712
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd0fea2849b77cbfe10d51ec2a5bd398b6a5e7737f20f6d82fa9d5b53180ef60
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8110632F0ED094FE7D4A46D3C5A17226C0EBA8668B5400BBD40CC32A6EE898C518346
                                                                                                                                                                                                    Function 00007FF848A9C5D0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b8c4cd56979205405a7c532da2876e53bc246850d41a23f921c079945dcbf3d4
                                                                                                                                                                                                    • Instruction ID: 3a4f658b28ee58ee00f3384b317fc9aa9e6e55fc597eab49019991f0bdc2bd16
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8c4cd56979205405a7c532da2876e53bc246850d41a23f921c079945dcbf3d4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E110821B1DD0E0FEBD8E61C609927663D2EBE83A9B14187AD40DC3295EE65DC434345
                                                                                                                                                                                                    Function 00007FF848A9DB2D Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f323519192610e43d945ffd9be21f50451adc596153938da39ab69e221108278
                                                                                                                                                                                                    • Instruction ID: 08bda1d879fc0d71549ef51fbb8eb22d79c1f3045c5e9056ce7f3e2dfa4efa3f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f323519192610e43d945ffd9be21f50451adc596153938da39ab69e221108278
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D218130A1EA458FEBA4FB2CC081BB573D2FF58384F4448B9D08AC7696CE68F8418751
                                                                                                                                                                                                    Function 00007FF848A96D19 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ef8a8a4cc20578365c3a38cc262bab88962224921a71694f1c1ff59857c82863
                                                                                                                                                                                                    • Instruction ID: 266b0daff019ab23d81a46e4be896773be1522f215420c503c566aea827a6ee0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef8a8a4cc20578365c3a38cc262bab88962224921a71694f1c1ff59857c82863
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4110A21D1EE8A4FD7D9EB38945117577E1FF54244B4844BAC04DC72CAEF68EC054346
                                                                                                                                                                                                    Function 00007FF848A96BC6 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ed77530b53ed8edc1b9a0d87e79494921d309b543a43100d03bf778635da9df8
                                                                                                                                                                                                    • Instruction ID: 969240edf37f414a16e6387da83aa0d23974bffc02853015aac173c4428ab4a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed77530b53ed8edc1b9a0d87e79494921d309b543a43100d03bf778635da9df8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B112961D0DFC75FE359EA3448666B47BE1FF55A44B0C04AEC149C71D3DF98680683A1
                                                                                                                                                                                                    Function 00007FF848A9C659 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 76e1fd0edd9be36e9a5084e8afdb81c8e4840f52d935375fc9c7c43de5525001
                                                                                                                                                                                                    • Instruction ID: 6cfe546ae7d6f70c9307202e4f00038eca8ff8c90613d57b3ca6e07bb45c6199
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76e1fd0edd9be36e9a5084e8afdb81c8e4840f52d935375fc9c7c43de5525001
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17114C31A0DD4D0FEB98E62C585A7B637D1EF98299F44147AD40CC7192DE69EC428315
                                                                                                                                                                                                    Function 00007FF848A91364 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 971a99e250b2d5d7ac4c1256cf7c780cb867776d14b0c7616128b48660f04d1a
                                                                                                                                                                                                    • Instruction ID: 6ae629afeec1da8b77acc2db8ca152cdf405d80c52ee43dedd8c109174a8cf1f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 971a99e250b2d5d7ac4c1256cf7c780cb867776d14b0c7616128b48660f04d1a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E212431A0960D8FDB88EF14C491BEEB3B1FF59344F601578D00DA3281CB75A941CB91
                                                                                                                                                                                                    Function 00007FF848A9352A Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2292383753e9ceb116927442c6bc6a5654dc63207563bb8255f5116abd1ba443
                                                                                                                                                                                                    • Instruction ID: 477360f28e0145b204a57b0afa47d3437bd717272b138c0bdb9dc37539383724
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2292383753e9ceb116927442c6bc6a5654dc63207563bb8255f5116abd1ba443
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B118C30949A1C8FCB94EF18D848BA9B7B1FB56314F1002EAC01DDB2A2DB759981CB41
                                                                                                                                                                                                    Function 00007FF848A9C062 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8303036c5d0932110c72176c9c9a6a6897aa81085bd19b287d2fdf9000cab061
                                                                                                                                                                                                    • Instruction ID: 22abba139b0857badf3f9b2a8248529eeea1667f48faf251347f99070ef125a6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8303036c5d0932110c72176c9c9a6a6897aa81085bd19b287d2fdf9000cab061
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9301F53050EF8A4FD79AE6298869A213BE4EF6A344B1500FED048C71A7DA68DC02C325
                                                                                                                                                                                                    Function 00007FF848A92D2C Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b904f9285fc03ecaf4e98f60d32e392acc45bc8b2b1a3d7c20ae301cf332b9c5
                                                                                                                                                                                                    • Instruction ID: 723728f667cc77b8216b23033b2367b7d4ae1a006b6e76f83d7140ddfcfe024b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b904f9285fc03ecaf4e98f60d32e392acc45bc8b2b1a3d7c20ae301cf332b9c5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97113771C0D619CFDBA5EB68D4897B8B7F1FF14345F4004AAE009E7291DBB49881CB19
                                                                                                                                                                                                    Function 00007FF848AA69B1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5aa099c531385ff81699e03090b88df239e26945b5cde4d699010d1a6b002708
                                                                                                                                                                                                    • Instruction ID: aecdb2f69063c308c5385e277e7ab0aefa18d71e63afa7161c9e081ed59a3873
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aa099c531385ff81699e03090b88df239e26945b5cde4d699010d1a6b002708
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1F08C72B0D7084FA758EA48B4430F977D0EB86275F14027FD18AC2562EB16A4174A9A
                                                                                                                                                                                                    Function 00007FF848A95BE0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 012052f258de496d73341f3c5695825a04c07a1ce535ccbf733cc14ed86a52c2
                                                                                                                                                                                                    • Instruction ID: 5409d4c4e650037df7553e42f7b3742d4867cbc8945e0fd9d9d16dc39913b356
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 012052f258de496d73341f3c5695825a04c07a1ce535ccbf733cc14ed86a52c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E501A220A2DD4A4FDAD8FB2880926BA73E1FF94344B544539D40AC3189DE68EC428341
                                                                                                                                                                                                    Function 00007FF848A93ED5 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 00e48fcda73d009b83ef405b33022c003083b0e85d74a3b5e63fd4d3a0d10d1e
                                                                                                                                                                                                    • Instruction ID: 408323071edd33ff5ef73a40b251a2b03186976d5a94faf385e5448f15a7e1c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00e48fcda73d009b83ef405b33022c003083b0e85d74a3b5e63fd4d3a0d10d1e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2401D63061D9444FE784EB1C94993B5B7E1EF88399F5400FAD40CCB2A6DF5A5C408355
                                                                                                                                                                                                    Function 00007FF848A9B9E9 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 11922cc14547e0bd30b085143807aa3e45108105a1d0ed4d3aaf016c7c0f423e
                                                                                                                                                                                                    • Instruction ID: bd1cb3471082efad333c867615978184e1c8d0ab88886ac181ba86905db91efc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11922cc14547e0bd30b085143807aa3e45108105a1d0ed4d3aaf016c7c0f423e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB01A73150E7D94FD746D66898222A17FE0EF47225F0905FBD484CB2A2D65A8815C356
                                                                                                                                                                                                    Function 00007FF848A96D30 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1c286470b802b3225076144af8c1a4aefecbeb777da47602895324051568fc24
                                                                                                                                                                                                    • Instruction ID: b72d58fb537ad9daf68ace15643214ee566212bbb68edfd13c639d790bf0a89d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c286470b802b3225076144af8c1a4aefecbeb777da47602895324051568fc24
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7301D630E2DD4B4FDBA8FB28844557A73E5FF94344B48053AC40DC3249EE68EC414741
                                                                                                                                                                                                    Function 00007FF848A9EB2D Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f69d0a44e7d6923fbccb26c6856f549809d6cc7508bb8f1dabc23d57bbb6a958
                                                                                                                                                                                                    • Instruction ID: 15a815b3e1a1f9eff80f5fae0e2855ac3f4231c247dddec7f9d3b3b9137316bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f69d0a44e7d6923fbccb26c6856f549809d6cc7508bb8f1dabc23d57bbb6a958
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAF0F472C0E58D6FD745EF38881A5EA7FE0EF52244F0444EAD44AC7163EAA815148752
                                                                                                                                                                                                    Function 00007FF848A9D5CD Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7600443b092b827075f603f867065395b27536628ee122443aac2b1449974e71
                                                                                                                                                                                                    • Instruction ID: fa10423d4fa1aea34196c07993ca637fb2bb52adae3284d5f921d1a7be170741
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7600443b092b827075f603f867065395b27536628ee122443aac2b1449974e71
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF0783190EAC95FE7AAF73C14552B567E0EF85324F4404BBC08DC2286DE4928438396
                                                                                                                                                                                                    Function 00007FF848AAAE71 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d541e6d8da3edd185814c1f04f1c3b6662554566c1bd6f5bed6b70d9d3410eaa
                                                                                                                                                                                                    • Instruction ID: 4d7956f038ca191b489227f56327b388f49ebf12a088df1a6c7238185d5ccc5e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d541e6d8da3edd185814c1f04f1c3b6662554566c1bd6f5bed6b70d9d3410eaa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF0F652A0FA891FD3A6D27D28962B46FC1DB9A17170941FBD049C7693DC884C8A83A7
                                                                                                                                                                                                    Function 00007FF848A92D9E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f382713f9de514175ffb7802aeab3fb0ace8bc36b945b345d8c5d337cffc0987
                                                                                                                                                                                                    • Instruction ID: bd89fb8d247a44b90c42f209509ef98d6061c1860abb35156500025806770c8d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f382713f9de514175ffb7802aeab3fb0ace8bc36b945b345d8c5d337cffc0987
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72018474A0891D8FCB94EF58C889BA8B7F1FF6A300F111199900EE7262DA70EC819F44
                                                                                                                                                                                                    Function 00007FF848A920E7 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6f12276a05075916cae9afce5fbcae4c68cbf3efc31ed41f82bb585edc388888
                                                                                                                                                                                                    • Instruction ID: 12f4377a720f3138b5187524466366b096dc0b39511a07c5c5e3ef8ade7be8b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f12276a05075916cae9afce5fbcae4c68cbf3efc31ed41f82bb585edc388888
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6F0C830A1D8494FE7C8E61C94997B6B3E1DF88399F5404B9D40CC72B5DF5A6C818315
                                                                                                                                                                                                    Function 00007FF848A94150 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a875fc20bab9bfd53218a2c2db5ff8595253f13b9e848183813ba0dfe73439c0
                                                                                                                                                                                                    • Instruction ID: 46f8a9f5ef5983a040643703fe658aa7cbaf1111e69dd53792a855c059782fde
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a875fc20bab9bfd53218a2c2db5ff8595253f13b9e848183813ba0dfe73439c0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE019EB181E6859FDB48EF3854961597FE0FF09340B0800FEE809CF35BC6689801CB49
                                                                                                                                                                                                    Function 00007FF848A98310 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 370c8570a1174c77fe84079f6418018c1552aa08eeb5e82216b9b6a1da296f20
                                                                                                                                                                                                    • Instruction ID: 7f30aba671dd62ae88b4a40171b1cfe1fdbf419387287bf8185287832d5e52f4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 370c8570a1174c77fe84079f6418018c1552aa08eeb5e82216b9b6a1da296f20
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9F0E23150EA0B2FE678E10CB40E77166D4EF993F4F21007AE44FC25A2DA896C42826A
                                                                                                                                                                                                    Function 00007FF848A94C05 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2cc94b15b3a13820b48eba544c0e77db7f469c2c0758a4c135f28c2556ea2c89
                                                                                                                                                                                                    • Instruction ID: 0be8b20dba054eda5fdc3ff5cbd4d7911c810c28fba06f5e87665e7a85a00e43
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cc94b15b3a13820b48eba544c0e77db7f469c2c0758a4c135f28c2556ea2c89
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68F02E11E0FDDB0FD256A22C18661B41B81FB95664B4D05F7C448C72ABDE4C5C9343E6
                                                                                                                                                                                                    Function 00007FF848A95D49 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5ef3c7090edd291e69ef877ff7d6a2db51341f9e71252c836b4f72d36beceae1
                                                                                                                                                                                                    • Instruction ID: 68517353e994957c48b2fa27ab21d83f4e2c1b89bbb0e6a7e45965564440e6b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ef3c7090edd291e69ef877ff7d6a2db51341f9e71252c836b4f72d36beceae1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF016970C1DBCE4FDB46EF2888691A97FB0FF69200F0508ABD859C72A3DAB459148741
                                                                                                                                                                                                    Function 00007FF848A9BB42 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d8ebd1f287b396219ba4f98fb134f9719e891c1850d0f031aad10ba60591a9c2
                                                                                                                                                                                                    • Instruction ID: bb5ae4161d5cca06808d13806f52e26bcc29a843a3aad9e457cbf67d1b93b187
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8ebd1f287b396219ba4f98fb134f9719e891c1850d0f031aad10ba60591a9c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48F0283140EA9A0FE316EB3C94155A0BBE0FF45350F0805F7D448CB2DBDB58A889C766
                                                                                                                                                                                                    Function 00007FF848AA68C3 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 27490f08734ff153966ad07d7cddb89d675899cf51ba7d5c185436567708ef78
                                                                                                                                                                                                    • Instruction ID: 0f315afb74dce024f26c038b756fc3ecb9e2fcef23bd9c248e24dffbd9ae17e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27490f08734ff153966ad07d7cddb89d675899cf51ba7d5c185436567708ef78
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F0DA71A2CB489B9B14AE4CAC434A977D0EB88B60F10116BF94943251D721B8928AC7
                                                                                                                                                                                                    Function 00007FF848A9499F Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 40e5ab967dfd0444777ea4bfb5d294e972c09aff77cc5fc00b3be25e0e9d1d44
                                                                                                                                                                                                    • Instruction ID: cb1a0d7ec9232a8cc8e45997cc9b74ed21f213013e2e033aa7dacb5e4e45d981
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40e5ab967dfd0444777ea4bfb5d294e972c09aff77cc5fc00b3be25e0e9d1d44
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39F0F831B1D82C8FDF94EA8CE446AECB3E1EB58361F0402A6E40DD3255CA24980187C5
                                                                                                                                                                                                    Function 00007FF848A92F30 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 801c8149c58ffe117878c0011ee03f74fe025c3baf188bdc3f71e2de2eb766dc
                                                                                                                                                                                                    • Instruction ID: 87e53ada34041f9f1afacad17eb7760f1a9e71953b3f1fd577cd975ec2f14db5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 801c8149c58ffe117878c0011ee03f74fe025c3baf188bdc3f71e2de2eb766dc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96F05F74E0992D8FDFA4EB18C896B98B3F1FB69344F1041E5900DE3256DA74AE85CF41
                                                                                                                                                                                                    Function 00007FF848A94A21 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fabaa363bc94dab3ee66e516d9ee87a0c3d9eeaa18b6b57c15ba8b417ae6325d
                                                                                                                                                                                                    • Instruction ID: 9016340cb0f207571f15663fd18683f03f539ffe94558d884625b63fe260ccdf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fabaa363bc94dab3ee66e516d9ee87a0c3d9eeaa18b6b57c15ba8b417ae6325d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71E0207290DA4C5F9744FA9D7C078F6BF94FA49378F00015EE45DC3192D2155412C35A
                                                                                                                                                                                                    Function 00007FF848A9FED1 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3ab8513be22502f9c41c295a10d8e0d68ad878016d0e9a320d43001aa17ff4d4
                                                                                                                                                                                                    • Instruction ID: 1c2bd9510bc8bacde679271e834fa7ab5485b783599755371daa57ad60cefe61
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ab8513be22502f9c41c295a10d8e0d68ad878016d0e9a320d43001aa17ff4d4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5E0DF1280F5900FE726F32898627F02FD09F42280F0D44FAE8488B5D3EA8D584983A6
                                                                                                                                                                                                    Function 00007FF848A996C5 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c4791b39424b0e2baf056a745babd9e0e8bb0bf165c97e6530c4a24e704d89c1
                                                                                                                                                                                                    • Instruction ID: bed41313d1327581f13342b6015e5faca58a16f291a82962a109a0fa552de77f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4791b39424b0e2baf056a745babd9e0e8bb0bf165c97e6530c4a24e704d89c1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4E02BA280D3C00FE351E525484B2957FD0BF55250F4849FBC048CB0A2E76C85494253
                                                                                                                                                                                                    Function 00007FF848AA51B9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7ca0cb507355e70652966233fc64c8d978bb7590e85629e8d631f936ff6a3426
                                                                                                                                                                                                    • Instruction ID: cd7bbdd5d9ecc28f92f094408a9331e1bd26b1e4045619c903a99578ceb5cf76
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ca0cb507355e70652966233fc64c8d978bb7590e85629e8d631f936ff6a3426
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8E0D83170D6054FE718F684E4916F43392DB95390F14463AC805C66D4CF98A8858349
                                                                                                                                                                                                    Function 00007FF848A908D9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4b5e990fe772acf9dfcda47f307b930b11c53f35670bed3f6c74cc800b1c5421
                                                                                                                                                                                                    • Instruction ID: 2005193db599983a2b580517a34bdeb1adf23b7c5b8a9a53f87049928104a967
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b5e990fe772acf9dfcda47f307b930b11c53f35670bed3f6c74cc800b1c5421
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80E0AE31E1991E9EDF84EFA8D846AFDB7B1FF88245F404175D009E3291CB3869008B50
                                                                                                                                                                                                    Function 00007FF848A94E38 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 76c812622d3b8bde81fe9ad3ac751c30fb312cabe227f38641a563eb72e97115
                                                                                                                                                                                                    • Instruction ID: 3b009be32d2f7c2031886e104832f851a2efe1859503902088821bf86cf8494e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76c812622d3b8bde81fe9ad3ac751c30fb312cabe227f38641a563eb72e97115
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BE0C22091DA460BE704FE324C4607A71D1BF88289F884E36E88CC0060EF7CC3D49657
                                                                                                                                                                                                    Function 00007FF848AA4EED Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0ecd04aabf5365dde091841ab99b3478835cc96e828d89a0df6577b276410f90
                                                                                                                                                                                                    • Instruction ID: 06f35b341574b20b77bbba0b5b2225661ec2ddea073dfea68d118fef29f4e93d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ecd04aabf5365dde091841ab99b3478835cc96e828d89a0df6577b276410f90
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADD05E2070E9254FE9E0FB1CA44AB7C27C0EFC4795F4008B6E04DC7696DA8D9C4143A6
                                                                                                                                                                                                    Function 00007FF848A98030 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e6cdf68d27f10ce578067d95bb8ac02d7f01d2a0ae9c2f5c0ba32568659c08d6
                                                                                                                                                                                                    • Instruction ID: 8d38a009277f54ebe85edac7405b4d68766bd6552d0289872d35d99a841daa99
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6cdf68d27f10ce578067d95bb8ac02d7f01d2a0ae9c2f5c0ba32568659c08d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2ED05E24D4EE0A4AEA8CE629486252036A3FFA8308BA504D8D018C62C6EA5DD852D70A
                                                                                                                                                                                                    Function 00007FF848A9EC50 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e1f67342067ae8bfab046ed90f5dd19b424d9ea8fb2d596284a11350b9a707ae
                                                                                                                                                                                                    • Instruction ID: 88ce6a9c8634117c0c497dc44f6a4135710fd3ff7df5c2a25cc752107d726fd1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1f67342067ae8bfab046ed90f5dd19b424d9ea8fb2d596284a11350b9a707ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BE0ECA180F78A6FCE82FB7D855708A7BE06E46694B0944E9D088CF1A2F25D480DC313
                                                                                                                                                                                                    Function 00007FF848A969FA Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1e9e9f347a8c7fbab5f80d827cec56deff3f0b8a6ca5f8300bee7efd223c2af5
                                                                                                                                                                                                    • Instruction ID: 447881078877681d30c03e84f9bfefab1d5d1d70baed9cd1913ed61ba309a6c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e9e9f347a8c7fbab5f80d827cec56deff3f0b8a6ca5f8300bee7efd223c2af5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAD02B50D0DC489ECB45E6B844415E877E2EF49A50744026CC00553181DC1C74019201
                                                                                                                                                                                                    Function 00007FF848A94DE8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b8169e84d08b733edcadff4256f0c43c65b8e1d5e7caad8adf5bbfb67abe638d
                                                                                                                                                                                                    • Instruction ID: 541ca38de59f2ef19279fbae5c8a0f1579bf901477ab6e017653aa8621a9a1b2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8169e84d08b733edcadff4256f0c43c65b8e1d5e7caad8adf5bbfb67abe638d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96C0121092E8260AEA78B25C60027F40181CF05358F0504F5FC18D66C5DECD1D9182DA
                                                                                                                                                                                                    Function 00007FF848AA2C7D Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e8d13d452357b789f82f83883c6836780332831861fdc60c477b07cff799070f
                                                                                                                                                                                                    • Instruction ID: c22f05a13e6bf24aa6f721ba61ddef732eb2b0bc435d16e5869326b47e82c384
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8d13d452357b789f82f83883c6836780332831861fdc60c477b07cff799070f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DC092B1F4DF4F4FA2D8DA2D140A27622E2E7989C4F1846BEE55AC36C5DF6488424351

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 00007FF848A92373 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9400955ed758ede182340630934620a7d01176a33ccaf705a5d825ce7fedac77
                                                                                                                                                                                                    • Instruction ID: a4ec4f0b71ecc01bd9014b661c3cb76f285db36b45d8d374fb3972985b9b98c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9400955ed758ede182340630934620a7d01176a33ccaf705a5d825ce7fedac77
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9601F731D1E68E4FD789EE24C846BB877A0FF42388F4019B9C01DCB092DF38A8468756
                                                                                                                                                                                                    Function 00007FF848A905FA Relevance: 7.7, Strings: 6, Instructions: 189COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: M_^F$M_^J$M_^L$M_^Z$M_^\$M_^^
                                                                                                                                                                                                    • API String ID: 0-2104744161
                                                                                                                                                                                                    • Opcode ID: 477b88eee24bb5aebdfcfe0591482652dddebfc7293ca884fdb5d3419190d7d9
                                                                                                                                                                                                    • Instruction ID: 9d23a5adf147e52f1b6eef50a8df0800f415cba6c4f30296690db5973454e4d8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 477b88eee24bb5aebdfcfe0591482652dddebfc7293ca884fdb5d3419190d7d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C51A2A390E1E279D302BBBC78571FD3BA4DF432BD71856B7D48C89083FC0822859699
                                                                                                                                                                                                    Function 00007FF848A98518 Relevance: 6.3, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.2470899260.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_7ff848a90000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: L_^!$L_^#$L_^)$L_^6$L_^8
                                                                                                                                                                                                    • API String ID: 0-4041248121
                                                                                                                                                                                                    • Opcode ID: 446356ef18eaabe6d2f902eb5b57fff747e31ff9ea18cffaa139a932a0577c87
                                                                                                                                                                                                    • Instruction ID: 79f9549e12cfe11b47865ff6bf332a119a869349ee86d5b9c872274690f5eeb7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 446356ef18eaabe6d2f902eb5b57fff747e31ff9ea18cffaa139a932a0577c87
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0821D5B760D4556AD201BEBDB4420EC3760EF9527470DA2B3D6DC8B243EF2472868AC5

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00007FF848A72C94 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                                                    • Opcode ID: 653bf018225af7ebe75319243d6c1cd21123af1a55e9896d31ccb7764c9049ca
                                                                                                                                                                                                    • Instruction ID: f4d4aff55c715dd5061feaef65216a3a29d85afd12c6ad871c35ceb608b7a03f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 653bf018225af7ebe75319243d6c1cd21123af1a55e9896d31ccb7764c9049ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F522F431A1DB868FE359DB2C80416A2BBE1FFA5340F14867ED48AC7292DFB4E445C752
                                                                                                                                                                                                    Function 00007FF848A74E90 Relevance: .7, Instructions: 699COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 54e4c90e8f850c4d8306d04fbc164129839bd53e64ad978064b4f6bbee5d208a
                                                                                                                                                                                                    • Instruction ID: 173c289188d53022f7647328b94d365a7bdda515593d7ecb589027091a028bfe
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54e4c90e8f850c4d8306d04fbc164129839bd53e64ad978064b4f6bbee5d208a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52223820A0EB864FE769E73484562B977E2FF46340F1541BAC08EC71D7DF68A8429367
                                                                                                                                                                                                    Function 00007FF848A61AFB Relevance: 3.4, Strings: 2, Instructions: 875COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: #P_^$)P_^
                                                                                                                                                                                                    • API String ID: 0-3749565311
                                                                                                                                                                                                    • Opcode ID: 5621a8d657ef47e11b06e5f53463b40bf2dc7bdaaba57a772e0514e49b273e4e
                                                                                                                                                                                                    • Instruction ID: b0fb3fbc686464d055e5cdafd58a61dbfa557acad2eb91913c79dbbff23045e3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5621a8d657ef47e11b06e5f53463b40bf2dc7bdaaba57a772e0514e49b273e4e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C42F47690E1A65EE311FB7CA8575FD3BA0EF423A4F0841B7D4CCCA093EE14658683A5
                                                                                                                                                                                                    Function 00007FF848A80925 Relevance: 1.8, Strings: 1, Instructions: 535COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 9N_^
                                                                                                                                                                                                    • API String ID: 0-1737749909
                                                                                                                                                                                                    • Opcode ID: d949e7304b8dd4470e9ab7fc39c04be92ab56fd718184310345b0d2b1f6b23f7
                                                                                                                                                                                                    • Instruction ID: f5b983368765b3a963a07035a12679e3d1054edeae215c3485008cd9d68ea329
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d949e7304b8dd4470e9ab7fc39c04be92ab56fd718184310345b0d2b1f6b23f7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE17E21A0DA865FE755FB3C78162F97BE0EF563A4F0801BBD48DC7183ED14A84583A6
                                                                                                                                                                                                    Function 00007FF848A6B2F0 Relevance: 1.7, Strings: 1, Instructions: 414COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                    • Opcode ID: fdbd21034044995137654200565da7663727b820f84b46370da916ac2fd601a7
                                                                                                                                                                                                    • Instruction ID: 2b66908b874e2b3be3a163055fc22b6e6bf3b3aef1dcb8e0d4bd0e142dec0b67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdbd21034044995137654200565da7663727b820f84b46370da916ac2fd601a7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11C12130A1DB4A8FE768EB18844667573E1FF94380F1445BED08AC729ADE75F8078792
                                                                                                                                                                                                    Function 00007FF848A6B3D8 Relevance: 1.6, Strings: 1, Instructions: 300COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                    • Opcode ID: e5b8980cd696384b9fe9934a05f90eaf16663aea652bd6c09aad6d326d418b98
                                                                                                                                                                                                    • Instruction ID: 110f00b28bfe2246437bd2a65ee0b5270dc68669b6530954cd7d7010d67d8263
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5b8980cd696384b9fe9934a05f90eaf16663aea652bd6c09aad6d326d418b98
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B091CF30A1CB058FD768EA08D446676B3E1FF98740F144A7DD48AC329ADB75F8438B96
                                                                                                                                                                                                    Function 00007FF848A6A936 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: yZ_H
                                                                                                                                                                                                    • API String ID: 0-326898517
                                                                                                                                                                                                    • Opcode ID: 4a1a58a4d55cdc0b089b84740295f1e19e195b0dbba48835e08932c69f7960ed
                                                                                                                                                                                                    • Instruction ID: 6246f04e5364479123989b48ecc31dae9d71daf6356206e549ee55cd1d8c0633
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a1a58a4d55cdc0b089b84740295f1e19e195b0dbba48835e08932c69f7960ed
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F719171D1D9598FEBA9EB2898993E8B7B1EF54780F0001FAC04DE3196CE746EC18B15
                                                                                                                                                                                                    Function 00007FF848A79CB8 Relevance: 1.0, Instructions: 981COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cb1456f5ad9e591ef28b8590de0987c22be069f203b8d7161f851614f3231c79
                                                                                                                                                                                                    • Instruction ID: a67e5260959012f92962035bd563840ae7bb91ce9e76e71934b679fd9f283211
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb1456f5ad9e591ef28b8590de0987c22be069f203b8d7161f851614f3231c79
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0762D330A1DA499FEB88EF18C856AA937E2FF59344F0401B9E44DD7292DF68EC41C746
                                                                                                                                                                                                    Function 00007FF848A766F0 Relevance: .6, Instructions: 631COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 04ec36f0bebdc7b6d1024eab4d5a6bdd953e87cd4c8b455ad646f5bfa0c225ec
                                                                                                                                                                                                    • Instruction ID: f8053edd1e3ed054faa2613da5887e8952c53f03b648cb0af22e1b85293f1fae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04ec36f0bebdc7b6d1024eab4d5a6bdd953e87cd4c8b455ad646f5bfa0c225ec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C025A32A0DB894FD755FB6CA8166F97BE1EF86360B0801BBD049C7197DE64EC058392
                                                                                                                                                                                                    Function 00007FF848A672D8 Relevance: .6, Instructions: 587COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 14de4e2814f9f203e665f2fd8ad53f318587728310c423bd963710cef976998b
                                                                                                                                                                                                    • Instruction ID: c3da3c4163a81ea0df9a9c57e3a33223d3ab02ebac5192eca170d46bab6be347
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14de4e2814f9f203e665f2fd8ad53f318587728310c423bd963710cef976998b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03020530A1DA498FD759EB2CC4557B97BE1FF95310F04427AD48AD7296CF24A842C782
                                                                                                                                                                                                    Function 00007FF848A64DD0 Relevance: .6, Instructions: 565COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bc3f69fbe3d0b82d25278526ba36fc18ea30427cec0aa8ce0cbd393268cea191
                                                                                                                                                                                                    • Instruction ID: 5558abc679b5485147b19deb043cd9f5428b04807349a146564d7b901f3b2627
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc3f69fbe3d0b82d25278526ba36fc18ea30427cec0aa8ce0cbd393268cea191
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD02B430A1DB898FE758EB28845667AB7D2FF99340F04457ED48DC7296DF34E8418B42
                                                                                                                                                                                                    Function 00007FF848A68318 Relevance: .5, Instructions: 464COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cd8a8927403b6114c609107e1a7dd3321e5b7414e129015a592c89de042960b4
                                                                                                                                                                                                    • Instruction ID: 53339dea8ea4aac200632ba0e073f69ec499147769f8b0aa1dd77edba1cffbd3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd8a8927403b6114c609107e1a7dd3321e5b7414e129015a592c89de042960b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69D11731A1D9495FEB98FA2C8846AB437D1FF58744F0000B9D84FC7297DE64EC429796
                                                                                                                                                                                                    Function 00007FF848A682C0 Relevance: .4, Instructions: 395COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f0fcc383bbdf86ed8c83cb5c2d833d6cb793f0a489ca33297dbea45741c2c3af
                                                                                                                                                                                                    • Instruction ID: 0fa2de86a144c498c256c7f0938ec1c79ec43242e3bb59c3b2d3afa4b9d85334
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0fcc383bbdf86ed8c83cb5c2d833d6cb793f0a489ca33297dbea45741c2c3af
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0C11831E1DD8A4FEB94EB28D8566B877E2FF99780F0500BAD04DD7286CE64EC428751
                                                                                                                                                                                                    Function 00007FF848A68308 Relevance: .4, Instructions: 385COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 14c3f66012846ef77268f1c6c863cbff19a388ab0c7a67c8e6cb8103fe8900a1
                                                                                                                                                                                                    • Instruction ID: 1d404602e8a5945d31dc82ca114d2622f8b489989d5fd56c02922fc2b2a67524
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14c3f66012846ef77268f1c6c863cbff19a388ab0c7a67c8e6cb8103fe8900a1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AA17931F0EA4A4FE7A9EB6C645A2B477E1EF59790B0401BBC04DC3297DE54DC068356
                                                                                                                                                                                                    Function 00007FF848A67200 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fdabcc495682d43aa19a8b1820500cdd13bbf0207035c768a51671bcbda70976
                                                                                                                                                                                                    • Instruction ID: c12499e7d4668e728eb391e0939ca9a356ce0ff811a2ab152dbd7baeaa4e58b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdabcc495682d43aa19a8b1820500cdd13bbf0207035c768a51671bcbda70976
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9A1C531A1CF484FEB58EB1CA8466B977E1FB99750F04017EE44AD3292DB64F8428786
                                                                                                                                                                                                    Function 00007FF848A7EA75 Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 93ef6f22eff64a8b07518bc9516c0decd4eb3f9f545b9e3158b706b49e563bb4
                                                                                                                                                                                                    • Instruction ID: f9dc0598dd4b7a03377da51873de28f2bf354b6fe146085072d4deffe738ce28
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93ef6f22eff64a8b07518bc9516c0decd4eb3f9f545b9e3158b706b49e563bb4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2B15B21E0EA854FE756EB389856671BFE1EF46750F0841FBC049CB197DA68EC05C3A2
                                                                                                                                                                                                    Function 00007FF848A7BD95 Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c94876a72438edda310b7af03ba454ba8210a282c47f0f31e8e5d3c54bca828a
                                                                                                                                                                                                    • Instruction ID: 93a68c91ee25369ad24fbde7096621aa940b9737f41bfd76fbcbb8340c519f3e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c94876a72438edda310b7af03ba454ba8210a282c47f0f31e8e5d3c54bca828a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAA1577150EA498FE315EB28D8456B177E0FF55350F0801BED08AC72A3DB69E847C796
                                                                                                                                                                                                    Function 00007FF848A6C320 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 015876fd91b2a749c23aa821dd398904d2b25080b3d16b3acf3eeeb504fa68e7
                                                                                                                                                                                                    • Instruction ID: b6470b4c60cc9645cabd383bf5f9c954f67af80de9b39d6051dd9e7f7defd88a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 015876fd91b2a749c23aa821dd398904d2b25080b3d16b3acf3eeeb504fa68e7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47813922F1ED574FE3A5E62C281E27567C0EFA9AD1F1000B7C48DD72D9DE589C064366
                                                                                                                                                                                                    Function 00007FF848A6F3FF Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 368be9742b9e8558c53e0afffb9852ffaae361d669f8170bcb1297304286f87d
                                                                                                                                                                                                    • Instruction ID: a6273056db6206d45225222213a6ec9b65295cea15476031b3e512e90ef2b435
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 368be9742b9e8558c53e0afffb9852ffaae361d669f8170bcb1297304286f87d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34312532A0DEC58FE750FA28984A6B9B7D0FF95350F04057BD489C30E6DF24A9458397
                                                                                                                                                                                                    Function 00007FF848A672D2 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f1c9d00be6d6f501b675adb7bfc75599f51d820e7b7fda4c4db21c18f00bb2c0
                                                                                                                                                                                                    • Instruction ID: 380d7f0700cd9c6b92e4d29de18fa8752a79239daf8f32e82eebcd96d543b178
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1c9d00be6d6f501b675adb7bfc75599f51d820e7b7fda4c4db21c18f00bb2c0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12A10F30A1DA488FDB59EB2CD8566787BE1FF99740F0401BAD48AD7296DF24EC41C782
                                                                                                                                                                                                    Function 00007FF848A67C38 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f5b440f37a450ddbaa4ba62846aae4ad9f6e7e89aabcc1a0ba265d23b3113017
                                                                                                                                                                                                    • Instruction ID: 2dd827c3e9583db617ec042b83a6a5d68242f50f3b585985a356210fabef5500
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5b440f37a450ddbaa4ba62846aae4ad9f6e7e89aabcc1a0ba265d23b3113017
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1A10331A1DA894FDB80FF2C9496AF93BE0EF59351F04017AE48DD71A2DB24A845C794
                                                                                                                                                                                                    Function 00007FF848A70B39 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9072b1679fc0eb0397ece2073a6da8c0cc1145f5ac3781e19bff70a4e11040a0
                                                                                                                                                                                                    • Instruction ID: e073379aec3750781d2c42b28ff909c96afb412b80a3c53c3d7003e9861c723d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9072b1679fc0eb0397ece2073a6da8c0cc1145f5ac3781e19bff70a4e11040a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18A1DE31E0DA8E8FDB89FF6884556A97BE1FF59340F0801BAD009D7296CB68EC468751
                                                                                                                                                                                                    Function 00007FF848A77362 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0c562d16c130ce8a5f924f426dd1e7d78775cf1225a113e994867940072c2210
                                                                                                                                                                                                    • Instruction ID: 119374b60008bcdc6ae446ede5da178e1ebf11c5d398424363316d7a9f1c8850
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c562d16c130ce8a5f924f426dd1e7d78775cf1225a113e994867940072c2210
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0781E911B2DE894FEB99EB3C48162757BE2EF8A250B0901F6D44DC72DBDE28EC425351
                                                                                                                                                                                                    Function 00007FF848A804A6 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 349b2ffc929641cfdc0e013d1b6623b3a7a65725522f9763f597409118fc66ec
                                                                                                                                                                                                    • Instruction ID: 9d2ab2ff1d9bbc07df72ea462e29ae1124c898ff142f2a7310119306ff395b0d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 349b2ffc929641cfdc0e013d1b6623b3a7a65725522f9763f597409118fc66ec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE81FB21D0EBC60FE369F62828171B47BD1DF962A4F1401BAD48D86593DFA8580A83B7
                                                                                                                                                                                                    Function 00007FF848A64DC0 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5bbd259a3431f9ee0dfcb2370116aa0cf9711e42893e7a6667e339952599ca65
                                                                                                                                                                                                    • Instruction ID: 90d55bfa1f93784c6a0602a63c11504c8cf97d79170e6bf66efbed847cc41acb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bbd259a3431f9ee0dfcb2370116aa0cf9711e42893e7a6667e339952599ca65
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0910431D1DE869FE694FA288446775B3E1FF95390F0405BAC48EC318ADF68E8468792
                                                                                                                                                                                                    Function 00007FF848A79148 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 39d6a00e372f67368c1d9a57ff6d8b4d2e337b1fb99ce761b3a8823efaa1b809
                                                                                                                                                                                                    • Instruction ID: 05de907dc094ed4d5aecdff0e8c253dddb3d9c61e338c6d393022148517eb41f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39d6a00e372f67368c1d9a57ff6d8b4d2e337b1fb99ce761b3a8823efaa1b809
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E810562E0EAC64FE356D63C68163757BE0FF56650F0C01FBC089C71DBDA68A8498396
                                                                                                                                                                                                    Function 00007FF848A785D9 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 57fd5e5b8d3ea7780f5adf1756694e53a01ade913c417799f31cb411a33f7c8d
                                                                                                                                                                                                    • Instruction ID: c4f1868fe5e931a90e8c988832b734083f82d2a60a219d104a7e8d90364df53a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57fd5e5b8d3ea7780f5adf1756694e53a01ade913c417799f31cb411a33f7c8d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D71802190EA464FE729F52898421B177D0EF41351F2441BEC48BC3587EB59F883A3AF
                                                                                                                                                                                                    Function 00007FF848A66DC1 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: db1aae544ad9fac4b6295e6dc17e94aa5a4feda0609c8bdc1922ea394189cf9c
                                                                                                                                                                                                    • Instruction ID: 0ae576a5e68880eb07fac78e15be200f7c47f4ec93ea90e7e66fa64b9175f3ee
                                                                                                                                                                                                    • Opcode Fuzzy Hash: db1aae544ad9fac4b6295e6dc17e94aa5a4feda0609c8bdc1922ea394189cf9c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A961FF6284F7C64FE7479B349C715A07FB0AE17284B1E41EBC488CF1EBD6689849C366
                                                                                                                                                                                                    Function 00007FF848A67180 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 31001a7df15e2ebdc3cc0279736412af1682119b20bde9e13c9c1ff9d31d6e70
                                                                                                                                                                                                    • Instruction ID: 69aadd8db4fcb2015f0544cf375332a55c08feb4511de4a0a3f99ddd8ab07573
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31001a7df15e2ebdc3cc0279736412af1682119b20bde9e13c9c1ff9d31d6e70
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97712030A2994E8FDF84EF1CC486BA937E1FF68341F400179E44AE32A5DB64E841C795
                                                                                                                                                                                                    Function 00007FF848A751C9 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 240b13c5bc3bf9068d2725533ae710e9b6b6cabfdd3cbbe7898417f624a51af3
                                                                                                                                                                                                    • Instruction ID: adb1045144252b558b2f45ed5e27194068e27c0d09b7c29891205499900fecbb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 240b13c5bc3bf9068d2725533ae710e9b6b6cabfdd3cbbe7898417f624a51af3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04613820A1EB864FE355E73488563B577E2EF86340F1541BAC08EC71D7DF68A846C3A2
                                                                                                                                                                                                    Function 00007FF848A67C60 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9a56c5430fea5139570e1caff4d00bee45ee80f490880281e0a99d4d38cc270e
                                                                                                                                                                                                    • Instruction ID: d0d3ce0db44d72e408af800dc91a8817c82d809de91e94191c03918f05768e5e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a56c5430fea5139570e1caff4d00bee45ee80f490880281e0a99d4d38cc270e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6614B6290E6C91FD742FF3898165E93FE0DF56264F0841B7E4CCCB193EA18994AC392
                                                                                                                                                                                                    Function 00007FF848A76B63 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: dc8d712b22d7eea6d58a034385f22211c2da9b1a9a9754075ead694d954bacde
                                                                                                                                                                                                    • Instruction ID: 4b03965133559911bf338f7c818714c2015d74765453cba78cda5602d0850987
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc8d712b22d7eea6d58a034385f22211c2da9b1a9a9754075ead694d954bacde
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA51F931A0DA894FD755E738881A7A53FE1EF96260F0801FFD449C71A3DE59AC028392
                                                                                                                                                                                                    Function 00007FF848A62B25 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fc9b10c3c382c2a28385f35aa20086b2e52b4b8566c40844981102b8d41716fa
                                                                                                                                                                                                    • Instruction ID: 9cdb0389d493d306c5fedb0f7531645a2bf39cccd89694464269efb4512be071
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc9b10c3c382c2a28385f35aa20086b2e52b4b8566c40844981102b8d41716fa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A51C13090E6898FDB95EF28D8557E5BBB1FF46340F0801EAD04CD7296CB389986CB52
                                                                                                                                                                                                    Function 00007FF848A775D0 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1bdd565008c6d3cdadc33d0fc9c8dc4dabc4c4464eb796e87f5c6a82ea0f7e41
                                                                                                                                                                                                    • Instruction ID: 8be9a8afb7ae2a7e46b7119a897c63a11bf4008579c92b42c77fce7c4c164d7c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bdd565008c6d3cdadc33d0fc9c8dc4dabc4c4464eb796e87f5c6a82ea0f7e41
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62514622A1E94A4FE368E62C98523B573D1FF45390F54457AC04EC31C5DFA9E84293A6
                                                                                                                                                                                                    Function 00007FF848A65BB0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b7ba2a30b51d1b9a541466b57974dedb19b36d409ab9461405fd0bd53d5f7dea
                                                                                                                                                                                                    • Instruction ID: d94e10714419df2c5f484d9035386c3bfc36fff4673146896aca3d11757f0105
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7ba2a30b51d1b9a541466b57974dedb19b36d409ab9461405fd0bd53d5f7dea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F412921E0D98A4FE798FB2C94566B577D1FFA5380B1401B6D08DC718AEF68EC028352
                                                                                                                                                                                                    Function 00007FF848A69325 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c4685dde483a139244dd54e6270a5c38f07db940db32b294558ae513d713689f
                                                                                                                                                                                                    • Instruction ID: 77f1afd3e548feef62477e9381c525f9856d57efc612e0076fe13010417f42dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4685dde483a139244dd54e6270a5c38f07db940db32b294558ae513d713689f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7141D121B0DD4B4FEBE9EA2C9495A7473D1FF5825074801BAC44DCB29BDA58DC418346
                                                                                                                                                                                                    Function 00007FF848A67C68 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 67687447c72cc552af630761e621525bd32fbfc684b32e041e75858e274f2bf5
                                                                                                                                                                                                    • Instruction ID: 8ccace144287747293fe1ba36812a94b33622c3384f2cb5f3412032f2ddbfd5d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67687447c72cc552af630761e621525bd32fbfc684b32e041e75858e274f2bf5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4641256290D6DA4EEB41FF78A4166FC3BE0EF56365F080177E48CD6093EE189588C399
                                                                                                                                                                                                    Function 00007FF848A61BF3 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9daf91c42649dec6d9e975930151d55e7a4fe54dd09578ba4e3dbbf2fb7b01ef
                                                                                                                                                                                                    • Instruction ID: 98662559b07ae445ea68c0a321780b2e6faacf9b3439b0301e3f3501b2cdefe8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9daf91c42649dec6d9e975930151d55e7a4fe54dd09578ba4e3dbbf2fb7b01ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21418B67A1EA655ED315F77D788A6FD3F94EF813B0F040177E08CCA097E900684982E5
                                                                                                                                                                                                    Function 00007FF848A6C1BD Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5abb3a0b1881a1a49093ca3e1114dd40de96e583366802bf511e8892e599768c
                                                                                                                                                                                                    • Instruction ID: cc3855cee3a9d5fc60a62a70f7f1783a550960e18544550fb451b362305de7d6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5abb3a0b1881a1a49093ca3e1114dd40de96e583366802bf511e8892e599768c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C41E921A0EB854FE386F63D98512707FD1EF46790B0900FBD489DB1D7DD549C8583A5
                                                                                                                                                                                                    Function 00007FF848A76B02 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5352dd3a7ebb5c81e41d8b7b04ab93b4318fcf7b9fc6b19d64240356058c95a7
                                                                                                                                                                                                    • Instruction ID: e07d2a2e7ad5853d6f0c017201a15a4f5b9ffb669f89cf35679a57548cc1aa5f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5352dd3a7ebb5c81e41d8b7b04ab93b4318fcf7b9fc6b19d64240356058c95a7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A441D73190D7894FD756EB2888267A47FF1EF47260F1902EFD489C71A3DA59A8068352
                                                                                                                                                                                                    Function 00007FF848A62C46 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f758563061e96d0897051be17caf72e75458781d704872b8407322ff32225439
                                                                                                                                                                                                    • Instruction ID: beff375f166df72c16890d4c60e4250e9f665a86897cc91f7e00e5f87febd333
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f758563061e96d0897051be17caf72e75458781d704872b8407322ff32225439
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60510770D09A5D8FDB94EB68C889BA8B7F1FF59341F0000AAD04DEB296DB749D85CB14
                                                                                                                                                                                                    Function 00007FF848A6DA90 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 841903bf2299d58538974645bff50d750d8f35a5d41e5ee89ea1b25bbf00af97
                                                                                                                                                                                                    • Instruction ID: 4929e43ef17393eda523475e31d19f8b63ded41b710a4a8d4b5e801621f68b16
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 841903bf2299d58538974645bff50d750d8f35a5d41e5ee89ea1b25bbf00af97
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB41C13061EE868FDBA5EB3CC051E6177E2EF59380F1845E9D08AC72AACE65F841C751
                                                                                                                                                                                                    Function 00007FF848A66A4A Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f3ee8c9590fb394f7549686192c5db818052b659f5a448fd27430682861a806e
                                                                                                                                                                                                    • Instruction ID: ddbe2cc749f7f05692d15d936645daa1290011795b29df2e7a137d2c3a0166b3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3ee8c9590fb394f7549686192c5db818052b659f5a448fd27430682861a806e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6413D64E1995AAFEB44FBA8D8527FCB3B2FF98780F540174D009E7286DE6868028751
                                                                                                                                                                                                    Function 00007FF848A76CEA Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7231a819dd2ecca094fb62b6ad60a7c843d1abc000ca4d27dbf9bbced793bcd9
                                                                                                                                                                                                    • Instruction ID: eeac7e9b530ee2dd34a30c32d7e118658e447ec615144d7d7d3143ed59717266
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7231a819dd2ecca094fb62b6ad60a7c843d1abc000ca4d27dbf9bbced793bcd9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E141D330A1DA494FEB98FF2894426B977E1EF98380F44013EE84ED3187DF64E805478A
                                                                                                                                                                                                    Function 00007FF848A7DCF5 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4c5ace17d8d0ec123c8eeab3e0a1221fc4f99534b05eda5268da9c2d5a2d030f
                                                                                                                                                                                                    • Instruction ID: d5da68993394a65e7897eda188383044c948f6489771944cf485637c6930dbe8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c5ace17d8d0ec123c8eeab3e0a1221fc4f99534b05eda5268da9c2d5a2d030f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131F430B0E9494FDB95FB2CC456B6837D2EF98351F0500BAD04DC72AADEA8DC458792
                                                                                                                                                                                                    Function 00007FF848A69945 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c67eecb5972dc71f6170a75d4ddf8d0b2803d76dca2e713062f91620263834c9
                                                                                                                                                                                                    • Instruction ID: aab3e52bd7bf73ef10d20cde0752e1216d94f205a6ddff276f8a78358f55386e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67eecb5972dc71f6170a75d4ddf8d0b2803d76dca2e713062f91620263834c9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E41D02180E7C54FDB13FB3844AA5E53FA0EF12298B0901EBD8D8CF197EE185945C36A
                                                                                                                                                                                                    Function 00007FF848A805EA Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 579a4b06bfd1f0dcd8a0840f1d28830af63e3cb40f55e0e06cc7d5d85abc44b8
                                                                                                                                                                                                    • Instruction ID: 631c8f910a60a951b93f0faddd927bbff50a0cb2194aa51af7f9ec3f93a3bda0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 579a4b06bfd1f0dcd8a0840f1d28830af63e3cb40f55e0e06cc7d5d85abc44b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45310C31F0EE861FE25DE53C2C561B43BC1EFD5660B0802BFE44DC3297DEA458028295
                                                                                                                                                                                                    Function 00007FF848A6BA00 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a5763c9c9783da38ae20b07316d094178dd6cb52dc9129ca7fad84dc0e821b78
                                                                                                                                                                                                    • Instruction ID: 2c6fb7002f405c91d1713c41ede553d48fc3f21a002948a0fd883ac97b53fd6a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5763c9c9783da38ae20b07316d094178dd6cb52dc9129ca7fad84dc0e821b78
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D31E13071DA494FEB94EB2C84197B977D2FF99340F0401BAD48DD7296DE699C0AC392
                                                                                                                                                                                                    Function 00007FF848A69960 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a8b1892b096e11c353a6aac002f105778d2e7650a880389962306ebda2a87762
                                                                                                                                                                                                    • Instruction ID: b19edcb8f9a5cf83ac5ab9281211a5aa75871c726798b0af3201eb022d1fa64d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8b1892b096e11c353a6aac002f105778d2e7650a880389962306ebda2a87762
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44212831B0ED0F4FEAD8E51C546A3BA63C2EB987A1F14107AD48DD32A8DF29DC014359
                                                                                                                                                                                                    Function 00007FF848A7CD61 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ca29672dd06812e902e59f53310850833f165c9630c26ed6d17d1aeb39efe6f3
                                                                                                                                                                                                    • Instruction ID: e0de4d7e94ff271ddf43ef42526ab83e371c9cbcdb065a294b0443df38c320fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca29672dd06812e902e59f53310850833f165c9630c26ed6d17d1aeb39efe6f3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C31D17281DB884FDB25EF189C0A5E9BFE4EB9A310F04016FE489D3152E760E94587C3
                                                                                                                                                                                                    Function 00007FF848A76E91 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ba11f7b73d20ea9a9a5c39fcee34196ccee05147a9daad82083b5de8782760de
                                                                                                                                                                                                    • Instruction ID: 0457a826114b5f86711fcc8efdc6a4d82769db37bb71b1c886042c3efaa037c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba11f7b73d20ea9a9a5c39fcee34196ccee05147a9daad82083b5de8782760de
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD214B30A1DA0D8FDF98EA1894566BC77E1FF98354F08027ED04EE3281DF64A841879A
                                                                                                                                                                                                    Function 00007FF848A66315 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 506ac9b5f6732af65f9e443cc2d00c9fd93ab477ed205274106ad5d14ca5cb24
                                                                                                                                                                                                    • Instruction ID: 3163cc82aa631aec5b48e70f5108af2d2d304ad76b98590e6af5f8eafe86a3bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 506ac9b5f6732af65f9e443cc2d00c9fd93ab477ed205274106ad5d14ca5cb24
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00219431A2DE8A4FAB48FE2894424B973D1EF68794B54017AE84EC3187EE34F5424745
                                                                                                                                                                                                    Function 00007FF848A65B80 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0a4c30d6ad407a5e52f086080e95e1977013ecb26248051b00a5754ad6122b0a
                                                                                                                                                                                                    • Instruction ID: 0b327dfb78c48a95837f32f5cd0a5d6787bd37585c1f4648059988dac844fc25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a4c30d6ad407a5e52f086080e95e1977013ecb26248051b00a5754ad6122b0a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4121F912A1EAC60FE755FB3C54A61F937E0EF61254B0841B7C088CB19BEE5898464395
                                                                                                                                                                                                    Function 00007FF848A61CA0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bd5705c4f800d5086e5c8383454d693c214b03cccaaab032e996d6106986c585
                                                                                                                                                                                                    • Instruction ID: 3a81e483cdccd53e8abab7fe21c88448101ea1e6c71bc642f482d0e82d94ac43
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd5705c4f800d5086e5c8383454d693c214b03cccaaab032e996d6106986c585
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB213832F1AD198FE7A5E62C905A3B927D1FF99781F04017AD40EE7299CF545C028396
                                                                                                                                                                                                    Function 00007FF848A67D09 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fdcc925bc1d1c6d9fa8e3e8c710aba9d9007a5342fb8bad8c370a66d8421e24d
                                                                                                                                                                                                    • Instruction ID: ed7886f923c2ad2b9e80879a9ca7e5bee4990516fd0774eb259de2a67090c3b1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdcc925bc1d1c6d9fa8e3e8c710aba9d9007a5342fb8bad8c370a66d8421e24d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D216B30928A4E8FDF84EF188446BEA77E1FF68341F00023AE44AE3195CB749851CBA5
                                                                                                                                                                                                    Function 00007FF848A6E111 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f4a2e51f2ecf537d144e35c9fc39510f26823223772912e9ebed13b7e240e1e1
                                                                                                                                                                                                    • Instruction ID: ed77e57b447ddc1a936d92c762eb96d45252c1332e66771e89601b51088b9999
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4a2e51f2ecf537d144e35c9fc39510f26823223772912e9ebed13b7e240e1e1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88112B32F0ED894FE3D5D52C2C9A1782AC1EF64654B2500BBD48CE72AADF949C158346
                                                                                                                                                                                                    Function 00007FF848A648FA Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6ed48c7fefa29efbb4eef8070870ffd20e63440e99b8e21b7fbcc8cfa3f8d89e
                                                                                                                                                                                                    • Instruction ID: b997a1403e890679a87657ef651e5678c70112176dcd8f5965ed1201fb2a5c06
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ed48c7fefa29efbb4eef8070870ffd20e63440e99b8e21b7fbcc8cfa3f8d89e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A210822E1EE998FD756E72D485A3A43FE0FF96641F0800B7D04CEB29ACE545C0483A6
                                                                                                                                                                                                    Function 00007FF848A6E130 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f32a1131d13891959ca36b34acdd9e04c2245faeead8ef653002ea3d7e3b8f71
                                                                                                                                                                                                    • Instruction ID: 40af23acea2507d210de5b4570a976e081b58c13fde45215b37ea2f89e3803af
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f32a1131d13891959ca36b34acdd9e04c2245faeead8ef653002ea3d7e3b8f71
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9114C32F0ED4D4FE7D4A46D3C9A17826C0EFA8664B1500BBD44CE3299DE858C518346
                                                                                                                                                                                                    Function 00007FF848A66BC6 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a3818ce16810a822c5dd326664b5a2ac26d0031bfea62a00fca25f63ba9f74f8
                                                                                                                                                                                                    • Instruction ID: 4285bf02c6d28f14954b80bb4f4c95a02b8d88ae18d56ec7902741c7de57b6b1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3818ce16810a822c5dd326664b5a2ac26d0031bfea62a00fca25f63ba9f74f8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7211E762D0EEC75FE359EB3448661B17BE2EF55680B0C00AEC08AD71D7DFA85C068356
                                                                                                                                                                                                    Function 00007FF848A66D19 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fda23094da2adcda4aba57413678a351d4de3b74ae4ef76ae1891711ab8635fa
                                                                                                                                                                                                    • Instruction ID: 3399316de08853f11d16345ebac945a44fdeb88aac4c2d4966ca22e68ee9f982
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fda23094da2adcda4aba57413678a351d4de3b74ae4ef76ae1891711ab8635fa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F110621D1DECA8FE799EB2894551B577E1FFA4240B4841BAC04DCB2CAEF68E8064346
                                                                                                                                                                                                    Function 00007FF848A6C5D0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: dbdb7e8aaa41b1d740fa8601c0b27db6e47b953e1a124f521acd54de9715eb0e
                                                                                                                                                                                                    • Instruction ID: 874c3d4a7df2ed831423f4f6f70aec57c83047b9b8290bb7790f8f82d9a7ea86
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbdb7e8aaa41b1d740fa8601c0b27db6e47b953e1a124f521acd54de9715eb0e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42116B32B0DD0A4FEBD8E51C64991B573D2EBD83A1B14143BD44DD32A8EF69DC428349
                                                                                                                                                                                                    Function 00007FF848A64150 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cc409f68a39c2ed5268f44f1715c3df6bcbd9fde443f6599eb0885ca75e67cb6
                                                                                                                                                                                                    • Instruction ID: 8a0b7098d0c8503d1d0aa4b58e51acf95a419822aa2de283e4b5f7f25d48b644
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc409f68a39c2ed5268f44f1715c3df6bcbd9fde443f6599eb0885ca75e67cb6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00216F7181D6C58FDB4AEF28D480595BBA1FF0A340B0901FBE849DF29BCA749945CB94
                                                                                                                                                                                                    Function 00007FF848A61364 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2554035eb0592dc3621d25885c9cdb73c4a7dfb513213b9f168d159f13526560
                                                                                                                                                                                                    • Instruction ID: d05b42cd3a58bf2905544045bbe5db7f39e70ce85c3b4383bc637241ea2b42dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2554035eb0592dc3621d25885c9cdb73c4a7dfb513213b9f168d159f13526560
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A21F731A0A61E8FCB88EE14C491BE9B7B1FF99300F541578D04AA7285CB75A981CB91
                                                                                                                                                                                                    Function 00007FF848A6352A Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4fb9dc271c396f928b474487aa91a5c0da4f969d694587ae8060476b608dbf41
                                                                                                                                                                                                    • Instruction ID: 080cfcb7ac2050a6a704306e7f4054b5fbe3c066024d5ad25ab11af5cfb76129
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fb9dc271c396f928b474487aa91a5c0da4f969d694587ae8060476b608dbf41
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63115130909A5C8FDB94EF18C8587A5B7B2FF9A305F1001EAC05DE7292DB359D85CB40
                                                                                                                                                                                                    Function 00007FF848A769B1 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3caf76243dedf0afdb3ebaa272f2a5f89a8e229ffab759e2a1334e1343fcaab6
                                                                                                                                                                                                    • Instruction ID: 6afe55b6c97e873dc983f56d631e68b676bf6b48f071d7390a4a31f7d14a53a5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3caf76243dedf0afdb3ebaa272f2a5f89a8e229ffab759e2a1334e1343fcaab6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCF0AF33B0DB484EAB59AA0DB8431F877D1EBC6275F04037FD18AD2597EF16A417428A
                                                                                                                                                                                                    Function 00007FF848A6B9E9 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f4be291187fa9f032543984fc2fdab3cdb7fba6c3d96842baabc22a805b30c43
                                                                                                                                                                                                    • Instruction ID: 2c77c61165c39537739d018ab1c2579f5ab85cf796623952d3459771ffdfcf8f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4be291187fa9f032543984fc2fdab3cdb7fba6c3d96842baabc22a805b30c43
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC01F73250EBC94FC786D62898606A17FE1FF97214F0901EBD4C8DB293DA569809C392
                                                                                                                                                                                                    Function 00007FF848A65BE0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 35bf98ce083d3cbead83f6cafe86c1dc062dcf48836e731805f53a727f8689f7
                                                                                                                                                                                                    • Instruction ID: 368a160534bd9f7e0af0a790836d2abab9363bf281941331de711cada6c46618
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35bf98ce083d3cbead83f6cafe86c1dc062dcf48836e731805f53a727f8689f7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B01D630E2DD4B4FEAD8FB288045ABA73E1FFA4340B544579D44DC3189DE68EC424381
                                                                                                                                                                                                    Function 00007FF848A66D30 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 72f132021d4b139b304a0b0f32bd3e54569df880c18c0602ff2739a4da350d8a
                                                                                                                                                                                                    • Instruction ID: 943063f19556e098242b70e17360ba1baf9b3d6b9800355b2a22d5c97b570319
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72f132021d4b139b304a0b0f32bd3e54569df880c18c0602ff2739a4da350d8a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3901D630E29D4B8FEBA8FB2C844557A73E1FF94340B48457AD44DC724AEE68E8424741
                                                                                                                                                                                                    Function 00007FF848A6EB2D Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e33431f0327a50027e89b53011bf2f3ce064259892cd053591bad74751a4aa8a
                                                                                                                                                                                                    • Instruction ID: 17e85c4b294fda57b2338d710f8e170eff0ab9f85ad9dfdb91d41a5f27ef03e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e33431f0327a50027e89b53011bf2f3ce064259892cd053591bad74751a4aa8a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC014432C0E68C9FD745EF3488565E97FB0EF46280F0840E7C48EDB096CA6815488701
                                                                                                                                                                                                    Function 00007FF848A6D5CD Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 625b1a8f07cf6ab64a235e473698828fd01d42a820043405f7536f90a0e18776
                                                                                                                                                                                                    • Instruction ID: 4bad04e88648d52e20606bacdb9e6c8f30f025863cc377b5f0b25b38bb77a9e9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 625b1a8f07cf6ab64a235e473698828fd01d42a820043405f7536f90a0e18776
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5F0442191EA994FE6AAF73C14556B527E0EF96350F4401BBC0CDC228ACE4A28428396
                                                                                                                                                                                                    Function 00007FF848A8032A Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4c287d70218c1d5c5efe597ade6e4933738ce624581126fdddfe0215e0204f31
                                                                                                                                                                                                    • Instruction ID: 37640e08fde5eae6026b8c7c0e0abc0a5053dfb577de05aa917a4cb46e5a8e40
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c287d70218c1d5c5efe597ade6e4933738ce624581126fdddfe0215e0204f31
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0FC11E1DE890FD389E63C785516077D1EB8A29070801F7C54DCB297DD545C8943A2
                                                                                                                                                                                                    Function 00007FF848A62D9E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6bded719aaa498a355c1ec52e2c900b34019c038a318f54dfa1234b80c28f08b
                                                                                                                                                                                                    • Instruction ID: f6115c523e2b5d8bda950ac0359ccb956f205190ae6944a212dc17bea9d4632a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bded719aaa498a355c1ec52e2c900b34019c038a318f54dfa1234b80c28f08b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26019A7490891D8FCB94EF58C889BA8B7F1FF6A300F111195D00EE7256DA70EC819F44
                                                                                                                                                                                                    Function 00007FF848A68310 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 370c8570a1174c77fe84079f6418018c1552aa08eeb5e82216b9b6a1da296f20
                                                                                                                                                                                                    • Instruction ID: 5a96d246ab78f98b017a1d0c91cb0f9eb492a768763ec848379e6add369609fd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 370c8570a1174c77fe84079f6418018c1552aa08eeb5e82216b9b6a1da296f20
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54F0E23150E80B0FE678E10C940E77166D8EF893F4F21007AE44EC21A3DA88EC42A66A
                                                                                                                                                                                                    Function 00007FF848A64C05 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3a9cc8f3ad53a6a62b3115f4f268773eba25b99319b8a89241ed9ad3f86a9552
                                                                                                                                                                                                    • Instruction ID: d0e1e8511b01c0d6489c7c35262779dfd96467ef126f06bf51d638c3a22a4f5f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a9cc8f3ad53a6a62b3115f4f268773eba25b99319b8a89241ed9ad3f86a9552
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF0E911E0FD9A0FD396A22C14261B41B81EB95650B4901A7C588D729FDE4C4C5243E6
                                                                                                                                                                                                    Function 00007FF848A65D49 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1a06f5477daf23788cb25b6c0525f140d3a42cfc09e5aa8d00691ef0a10a2adf
                                                                                                                                                                                                    • Instruction ID: 18c2ec6f4c30fa75764ef3267b514261d2ca56864f9ff098ea7ba425979a87e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a06f5477daf23788cb25b6c0525f140d3a42cfc09e5aa8d00691ef0a10a2adf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B016970C1DBCE8FDB46EF2888681A97FB0FF69200F0504ABD859D72A3DAB559148741
                                                                                                                                                                                                    Function 00007FF848A6BB42 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d323d6a8d1d3d86002e007549a1057baf94170a838cfaa655a1468cd8d2da626
                                                                                                                                                                                                    • Instruction ID: 21c33ab3918ba0b5bd22cc32c80b80a57ff1d70afedab2b5e940ee0adab1cba8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d323d6a8d1d3d86002e007549a1057baf94170a838cfaa655a1468cd8d2da626
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6F0CD3140E68A0FE316EB3894555A1BBE0FF45350F0D01F7D588D719FDB58A845C756
                                                                                                                                                                                                    Function 00007FF848A7C193 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 954335daf397a8f78adeff6a94927a1407f437ccfbf12a6f8bcdb28a8ffef61c
                                                                                                                                                                                                    • Instruction ID: 405bdac1f873e66b52423a40d0cb5bde0916ae9d121224d5477285101e8bac43
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 954335daf397a8f78adeff6a94927a1407f437ccfbf12a6f8bcdb28a8ffef61c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AF0A072B1EA1D4FE258FA1C24032B873C2EB89560B10407FC48FC329ADE55A80B0396
                                                                                                                                                                                                    Function 00007FF848A6499F Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9411b69f83cccf3789761347501715af237d5e13781cbaaeb5835b5858d9d8e2
                                                                                                                                                                                                    • Instruction ID: b45306205472020fc1fa33f437de22e5bba38faafa1ffe6c09f4499fc328a098
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9411b69f83cccf3789761347501715af237d5e13781cbaaeb5835b5858d9d8e2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2F0F831B1982C8FDF94EA8CE445AECB7E1EB98321F0402B6E40DE3259CA2498018795
                                                                                                                                                                                                    Function 00007FF848A64A21 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a9b36d0772c4b0b79d752ab2402cdc56ef41f7abc63c68b465d9f1858d1c38af
                                                                                                                                                                                                    • Instruction ID: b40ed1f9205a3be6f3032cd902ace34a7b31fdbf21d496d630c2d2dd7834444c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9b36d0772c4b0b79d752ab2402cdc56ef41f7abc63c68b465d9f1858d1c38af
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1E0C03280DA4C5F9740FA9D7C068F6BF94FB45334F00005EE04DD3092D2155412C35A
                                                                                                                                                                                                    Function 00007FF848A7F161 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: df556d96df09e554697a3e529c58b5fe0904995e1a520936880f40a411517532
                                                                                                                                                                                                    • Instruction ID: 0518b32aaca27539c163f5d1c59e4bd693826adeff9db9e9f0f6eb131d3c99cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: df556d96df09e554697a3e529c58b5fe0904995e1a520936880f40a411517532
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32E04F605087818FC751DB25C8896543BE1FF06205F9A02DAE044CA1A2D72DDD89DB56
                                                                                                                                                                                                    Function 00007FF848A751B9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7ca0cb507355e70652966233fc64c8d978bb7590e85629e8d631f936ff6a3426
                                                                                                                                                                                                    • Instruction ID: a7680146bc2350349c895fb637dd4eeef4ebdeff5cef786b070e74156c4662ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ca0cb507355e70652966233fc64c8d978bb7590e85629e8d631f936ff6a3426
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E0D83170D5054FE718F64494916F43352DB95360F14423AC805C62D4CE98E8819385
                                                                                                                                                                                                    Function 00007FF848A65D0E Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d4a7edfb7e3f864de43f1f4cf20ccc55611ca8bf8b5315cf6440854d3d0925a1
                                                                                                                                                                                                    • Instruction ID: e5e07618b14bca57c942b0563e1a5d1f7e373ff99402648c81a923858aefc915
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4a7edfb7e3f864de43f1f4cf20ccc55611ca8bf8b5315cf6440854d3d0925a1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63E08651C1F6C65FE753EB744D5B5947FA19F23180B0C40EAC088DB197D54C51098312
                                                                                                                                                                                                    Function 00007FF848A6EC50 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 39252303ae7577def5c481ef1deb0c171307fe0c82bb224ab4ef272f92039d7d
                                                                                                                                                                                                    • Instruction ID: b6b9070508da61551d3ce808020c2e628f86ac208645d66290e6180dc2e3edeb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39252303ae7577def5c481ef1deb0c171307fe0c82bb224ab4ef272f92039d7d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90E0E61090A7854EDB86E72949415403BE0AE4B254F4D00D1D488DB197E14D95D88353
                                                                                                                                                                                                    Function 00007FF848A74EED Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0ecd04aabf5365dde091841ab99b3478835cc96e828d89a0df6577b276410f90
                                                                                                                                                                                                    • Instruction ID: 1529a17f05246e0c9c0879ed2ca6b8cae36611c89da8c0b6c4fbc602bda833ff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ecd04aabf5365dde091841ab99b3478835cc96e828d89a0df6577b276410f90
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBD05E2070E8254FE9A0FB1CA44AB7C27C0EF84791F4004B6E09DC72A6CA8DDC4153A6
                                                                                                                                                                                                    Function 00007FF848A669FA Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ca780dd9a0d4e0b78d96ddec95d7dd94fbce566d190c4785afdc76d688965eb7
                                                                                                                                                                                                    • Instruction ID: 6ff0a095cf5a85672a02d2abc4458cf0c1296537cef82ca77a65eaf7ed8a1c4e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca780dd9a0d4e0b78d96ddec95d7dd94fbce566d190c4785afdc76d688965eb7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDD09760E0CD8C9ECB45EAB848415E8FBF3FF4AA50B8802BCC049A71C2DC18B401C302
                                                                                                                                                                                                    Function 00007FF848A64DE8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b8169e84d08b733edcadff4256f0c43c65b8e1d5e7caad8adf5bbfb67abe638d
                                                                                                                                                                                                    • Instruction ID: 0d906fab01e0ee007ff3c7e7d5b32c09bccdfae6133507e660beadeb86a8a7ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8169e84d08b733edcadff4256f0c43c65b8e1d5e7caad8adf5bbfb67abe638d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2C01210D1E8160AEAB8B25820127F40181CF05350F0510B5FC58F62C9DECD1C9182DE
                                                                                                                                                                                                    Function 00007FF848A72C7D Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000F.00000002.2720221138.00007FF848A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_15_2_7ff848a60000_Bluetrait MSP Agent.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c22580b4e0082a3cf5d380a1da5ff37fbb62f0b19343653b148fdc6ee59edf20
                                                                                                                                                                                                    • Instruction ID: bec875d16868f92f5114e0d61d7aaa1c2938b93c8a6e1e4f4e1c15e406ba7247
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c22580b4e0082a3cf5d380a1da5ff37fbb62f0b19343653b148fdc6ee59edf20
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FC02B70F48D4F0FB1C8C51C000912212D2E394880F04013D900BC32C0CF24C4030300