146e60d8dc75128cfd31cd96f589e53224637b76473ebb64a920a4d9da0eccc2

Analysis

max time kernel
42s
max time network
44s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Boostrapper.exe
Size

28.6MB
MD5

dce9cff74b9d9bab6a5986013aec628e
SHA1

b815990c20f978888cbf1d09a31f374423785d0b
SHA256

146e60d8dc75128cfd31cd96f589e53224637b76473ebb64a920a4d9da0eccc2
SHA512

a4cd1c4ebc9937b0f902660e067028cba11ae1a14332ea0948e74e9a270668ece765f0f1462d34ade757cc04ac634bdb171ff8b980b1a04f9bccca01a130411b
SSDEEP

786432:GhQiXgPQEErUlqsA3XTg5MS57vDACrv3Fqbqx:iQE89Ed3XTg5MS57v0eqbQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4352	BOOTSTRAPPER.EXE
1976	BOOTSTRAPPER.EXE
860	BOOTSTRAPPER.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
147	pastebin.com
264	pastebin.com
273	pastebin.com
6	pastebin.com
47	pastebin.com
95	pastebin.com
98	pastebin.com
109	pastebin.com
285	pastebin.com
287	pastebin.com
79	pastebin.com
106	pastebin.com
179	pastebin.com
19	pastebin.com
30	pastebin.com
38	pastebin.com
40	pastebin.com
64	pastebin.com
279	pastebin.com
310	pastebin.com
207	pastebin.com
316	pastebin.com
322	pastebin.com
9	pastebin.com
13	pastebin.com
115	pastebin.com
160	pastebin.com
167	pastebin.com
298	pastebin.com
309	pastebin.com
22	pastebin.com
48	pastebin.com
67	pastebin.com
134	pastebin.com
173	pastebin.com
303	pastebin.com
320	pastebin.com
27	pastebin.com
96	pastebin.com
129	pastebin.com
195	pastebin.com
250	pastebin.com
81	pastebin.com
306	pastebin.com
26	pastebin.com
130	pastebin.com
152	pastebin.com
164	pastebin.com
246	pastebin.com
255	pastebin.com
330	pastebin.com
80	pastebin.com
87	pastebin.com
175	pastebin.com
197	pastebin.com
208	pastebin.com
7	pastebin.com
117	pastebin.com
122	pastebin.com
133	pastebin.com
331	pastebin.com
31	pastebin.com
103	pastebin.com
230	pastebin.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Boostrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4352	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1976	BOOTSTRAPPER.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 4796	1992	Boostrapper.exe	78
PID 1992 wrote to memory of 4796	1992	Boostrapper.exe	78
PID 1992 wrote to memory of 4796	1992	Boostrapper.exe	78
PID 1992 wrote to memory of 4352	1992	Boostrapper.exe	79
PID 1992 wrote to memory of 4352	1992	Boostrapper.exe	79
PID 4796 wrote to memory of 2976	4796	BOOSTRAPPER.EXE	81
PID 4796 wrote to memory of 2976	4796	BOOSTRAPPER.EXE	81
PID 4796 wrote to memory of 2976	4796	BOOSTRAPPER.EXE	81
PID 4796 wrote to memory of 1976	4796	BOOSTRAPPER.EXE	82
PID 4796 wrote to memory of 1976	4796	BOOSTRAPPER.EXE	82
PID 2976 wrote to memory of 1228	2976	BOOSTRAPPER.EXE	120
PID 2976 wrote to memory of 1228	2976	BOOSTRAPPER.EXE	120
PID 2976 wrote to memory of 1228	2976	BOOSTRAPPER.EXE	120
PID 2976 wrote to memory of 860	2976	BOOSTRAPPER.EXE	85
PID 2976 wrote to memory of 860	2976	BOOSTRAPPER.EXE	85

C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
  "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4796
- - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
    "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
      "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        11⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        12⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        13⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        14⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        15⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        16⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        17⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        18⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        19⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        20⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        21⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        22⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        23⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        24⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        25⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        26⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        27⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        28⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        29⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        30⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        31⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        32⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        33⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        34⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        35⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        36⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        37⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        38⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        39⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        40⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        41⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        42⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        43⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        44⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        45⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        46⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        47⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        48⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        49⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        50⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        51⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        52⤵
        
        PID:128
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        53⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        54⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        55⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        56⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        57⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        58⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        59⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        60⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        61⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        62⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        63⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        64⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        65⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        66⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        67⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        68⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        69⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        70⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        71⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        72⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        73⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        74⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        75⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        76⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        77⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        78⤵
        
        PID:132
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        79⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        80⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        81⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        82⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        83⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        84⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        85⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        86⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        87⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        88⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        89⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        90⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        91⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        92⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        93⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        94⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        95⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        96⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        97⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        98⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        99⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        100⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        100⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        99⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        98⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        97⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        96⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        95⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        94⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        93⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        92⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        91⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        90⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        89⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        88⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        87⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        86⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        85⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        84⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        83⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        82⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        81⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        80⤵
        
        PID:6572
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        81⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        79⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        78⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        77⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        76⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        75⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        74⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        73⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        72⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        71⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        70⤵
        
        PID:788
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        71⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        69⤵
        
        PID:128
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        68⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        67⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        66⤵
        
        PID:7132
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        67⤵
        
        PID:5816
        
        C:\ProgramData\Solara\Solara.exe
        
        "C:\ProgramData\Solara\Solara.exe"
        67⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        65⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        64⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        63⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        62⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        61⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        60⤵
        
        PID:6240
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        61⤵
        
        PID:6480
        
        C:\ProgramData\Solara\Solara.exe
        
        "C:\ProgramData\Solara\Solara.exe"
        61⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        59⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        58⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        57⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        56⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        55⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        54⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        53⤵
        
        PID:4020
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        54⤵
        
        PID:3240
        
        C:\ProgramData\Solara\Solara.exe
        
        "C:\ProgramData\Solara\Solara.exe"
        54⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        52⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        51⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        50⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        49⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        48⤵
        
        PID:2152
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        49⤵
        
        PID:6868
        
        C:\ProgramData\Solara\Solara.exe
        
        "C:\ProgramData\Solara\Solara.exe"
        49⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        47⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        46⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        45⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        44⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        43⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        42⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        41⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        40⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        39⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        38⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        37⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        36⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        35⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        34⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        33⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        32⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        31⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        30⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        29⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        28⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        27⤵
        
        PID:4980
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        28⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        26⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        25⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        24⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        23⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        22⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        21⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        20⤵
        
        PID:3052
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        21⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        19⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        18⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        17⤵
        
        PID:4540
        
        C:\Windows\System32\msiexec.exe
        
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        18⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        16⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        15⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        14⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        13⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        12⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        10⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        7⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        6⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
      "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
      4⤵
      Executes dropped EXE
      PID:860
- - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
    "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1976
- C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
  "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4352
- - C:\Windows\System32\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
    3⤵
    PID:4124

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:240
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 2A9CE5C5912AE085C3DE2366DEAEED5A
  2⤵
  PID:5992
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A7434A7488C8EAD506130B04A044DDC5
  2⤵
  PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BOOTSTRAPPER.EXE.log

Filesize
1KB

MD5
c82fe8e5dba673cad964a55d81950097

SHA1
abfac574ec5e424bbf315e96f6f26eda44d5b475

SHA256
4ec4ed1849c6cc0a3b4486eba9a20110e7bd3d3a08edf8c401af55b6e4049b56

SHA512
b6c6190a4ac7c186665a434debb2abc213fe8d9c184c88334b95b2563639fea267bdc3a39e5ec5f44e1978e36c883e2962469909105f2d413eba83fc2978f229

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE

Filesize
972KB

MD5
90fd25ced85fe6db28d21ae7d1f02e2c

SHA1
e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056

SHA256
97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f

SHA512
1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\DISCORD

Filesize
103B

MD5
487ab53955a5ea101720115f32237a45

SHA1
c59d22f8bc8005694505addef88f7968c8d393d3

SHA256
d64354a111fd859a08552f6738fecd8c5594475e8c03bb37546812a205d0d368

SHA512
468689d98645c9f32813d833a07bbcf96fe0de4593f4f4dc6757501fbce8e9951d21a8aa4a7050a87a904d203f521134328d426d4e6ab9f20e7e759769003b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
192KB

MD5
fc46bdbb2581ac42c82944e721e67279

SHA1
6514638565d53c5454fb6c44d5ae29012d2d15a2

SHA256
a201bf55235f09e6861019203034cd4f4a330c2893011cea5fa9832fa48717c4

SHA512
3c279e434fa0e029a12947f7cf1f375889b1c49952e287c554c49ae58c9c96b5bbe02ce29257f45864864473f950a26002715ce48a897a6063fbfa2ccf15bfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
18.2MB

MD5
b54e08c92a666269dd3a3cbd1f3ba7cb

SHA1
d3b692f02a0de3ff0cbae7ca49be20c91f8d8fbd

SHA256
bed9c2f7f98ccbdd72cb3ce111ad357e9534d55b8df5dbdf99cbbbec6e3ca5ef

SHA512
aaea81e7f4bb4e04afa4722867e05733d75912029740ef690d180c48c135ba2b40ec5b6f74cd1032bb490b4ebe26915ea7657d566297bf9dfd263e8efd15fe19

Download Submit
C:\Windows\Installer\e57e426.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
memory/4352-19-0x000001F6D0600000-0x000001F6D0622000-memory.dmp

Filesize
136KB

Download
memory/4352-45-0x000001F6E90C0000-0x000001F6E90CA000-memory.dmp

Filesize
40KB

Download
memory/4352-86-0x000001F6E90F0000-0x000001F6E9102000-memory.dmp

Filesize
72KB

Download
memory/4352-11-0x000001F6CE770000-0x000001F6CE86A000-memory.dmp

Filesize
1000KB

Download
memory/4756-506-0x000001DAAF4B0000-0x000001DAAF4D4000-memory.dmp

Filesize
144KB

Download
memory/4756-508-0x000001DACA0C0000-0x000001DACA5FC000-memory.dmp

Filesize
5.2MB

Download
memory/4756-509-0x000001DAC9D30000-0x000001DAC9DEA000-memory.dmp

Filesize
744KB

Download
memory/4756-510-0x000001DAC9DF0000-0x000001DAC9EA2000-memory.dmp

Filesize
712KB

Download