146e60d8dc75128cfd31cd96f589e53224637b76473ebb64a920a4d9da0eccc2

Analysis

max time kernel
39s
max time network
161s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Boostrapper.exe
Size

28.6MB
MD5

dce9cff74b9d9bab6a5986013aec628e
SHA1

b815990c20f978888cbf1d09a31f374423785d0b
SHA256

146e60d8dc75128cfd31cd96f589e53224637b76473ebb64a920a4d9da0eccc2
SHA512

a4cd1c4ebc9937b0f902660e067028cba11ae1a14332ea0948e74e9a270668ece765f0f1462d34ade757cc04ac634bdb171ff8b980b1a04f9bccca01a130411b
SSDEEP

786432:GhQiXgPQEErUlqsA3XTg5MS57vDACrv3Fqbqx:iQE89Ed3XTg5MS57v0eqbQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2744	BOOTSTRAPPER.EXE
2884	BOOTSTRAPPER.EXE
2808	BOOTSTRAPPER.EXE
2940	BOOTSTRAPPER.EXE
2672	BOOTSTRAPPER.EXE
2644	BOOTSTRAPPER.EXE
1076	BOOTSTRAPPER.EXE
2492	BOOTSTRAPPER.EXE
1660	BOOTSTRAPPER.EXE
1572	BOOTSTRAPPER.EXE
2952	BOOTSTRAPPER.EXE
1760	BOOTSTRAPPER.EXE
1664	BOOTSTRAPPER.EXE
1524	BOOTSTRAPPER.EXE
308	BOOTSTRAPPER.EXE
876	BOOTSTRAPPER.EXE
1612	BOOTSTRAPPER.EXE
2896	BOOTSTRAPPER.EXE
2848	BOOTSTRAPPER.EXE
2652	BOOTSTRAPPER.EXE
1504	BOOTSTRAPPER.EXE
2144	BOOTSTRAPPER.EXE
2428	BOOTSTRAPPER.EXE
3064	BOOTSTRAPPER.EXE
628	BOOTSTRAPPER.EXE
3084	BOOTSTRAPPER.EXE
3124	BOOTSTRAPPER.EXE
3220	BOOTSTRAPPER.EXE
3288	BOOTSTRAPPER.EXE
3372	BOOTSTRAPPER.EXE
3444	BOOTSTRAPPER.EXE
3560	BOOTSTRAPPER.EXE
3596	BOOTSTRAPPER.EXE
3688	BOOTSTRAPPER.EXE
3756	BOOTSTRAPPER.EXE
3848	BOOTSTRAPPER.EXE
3912	BOOTSTRAPPER.EXE
3988	BOOTSTRAPPER.EXE
4084	BOOTSTRAPPER.EXE
3188	BOOTSTRAPPER.EXE
3456	BOOTSTRAPPER.EXE
3736	BOOTSTRAPPER.EXE
3508	BOOTSTRAPPER.EXE
4204	BOOTSTRAPPER.EXE
4364	BOOTSTRAPPER.EXE
4404	BOOTSTRAPPER.EXE
4548	BOOTSTRAPPER.EXE
4700	BOOTSTRAPPER.EXE
4752	BOOTSTRAPPER.EXE
4844	BOOTSTRAPPER.EXE
4908	BOOTSTRAPPER.EXE
5108	BOOTSTRAPPER.EXE
4400	BOOTSTRAPPER.EXE
5052	BOOTSTRAPPER.EXE
5240	BOOTSTRAPPER.EXE
5564	BOOTSTRAPPER.EXE
5820	BOOTSTRAPPER.EXE
5908	BOOTSTRAPPER.EXE
5980	BOOTSTRAPPER.EXE
6024	BOOTSTRAPPER.EXE
6080	BOOTSTRAPPER.EXE
5136	BOOTSTRAPPER.EXE
5368	BOOTSTRAPPER.EXE
5380	BOOTSTRAPPER.EXE

Loads dropped DLL 64 IoCs

pid	Process
488	Boostrapper.exe
2760	Process not Found
2604	BOOSTRAPPER.EXE
2328	BOOSTRAPPER.EXE
2904	Process not Found
2928	Process not Found
2872	BOOSTRAPPER.EXE
2992	BOOSTRAPPER.EXE
2684	Process not Found
2816	Process not Found
2980	BOOSTRAPPER.EXE
2648	BOOSTRAPPER.EXE
2920	Process not Found
2468	BOOSTRAPPER.EXE
2964	Process not Found
1628	Process not Found
2476	BOOSTRAPPER.EXE
1576	Process not Found
2140	BOOSTRAPPER.EXE
1668	BOOSTRAPPER.EXE
900	Process not Found
1260	Process not Found
2860	BOOSTRAPPER.EXE
556	BOOSTRAPPER.EXE
2616	Process not Found
3016	Process not Found
3008	BOOSTRAPPER.EXE
1596	BOOSTRAPPER.EXE
1724	Process not Found
628	BOOSTRAPPER.EXE
2600	Process not Found
644	Process not Found
832	BOOSTRAPPER.EXE
1616	Process not Found
2420	BOOSTRAPPER.EXE
280	BOOSTRAPPER.EXE
3064	BOOSTRAPPER.EXE
2832	Process not Found
2676	Process not Found
2824	Process not Found
2784	BOOSTRAPPER.EXE
944	Process not Found
1828	BOOSTRAPPER.EXE
2276	Process not Found
2128	BOOSTRAPPER.EXE
1796	Process not Found
2564	BOOSTRAPPER.EXE
2108	Process not Found
2384	BOOSTRAPPER.EXE
1444	Process not Found
1964	BOOSTRAPPER.EXE
3092	Process not Found
2384	BOOSTRAPPER.EXE
3140	Process not Found
3116	BOOSTRAPPER.EXE
3232	Process not Found
3184	BOOSTRAPPER.EXE
3300	Process not Found
3280	BOOSTRAPPER.EXE
3380	Process not Found
3364	BOOSTRAPPER.EXE
3452	Process not Found
3436	BOOSTRAPPER.EXE
3548	BOOSTRAPPER.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Boostrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOSTRAPPER.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2952	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1660	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1076	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2672	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1572	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2492	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2808	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2744	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2884	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2940	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2644	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1664	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1760	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1524	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	308	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	876	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1612	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2896	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2848	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2652	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	1504	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2144	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	2428	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3064	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	628	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3084	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3124	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3220	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3288	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3372	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3444	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3560	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3596	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3688	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3756	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3848	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3912	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3988	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4084	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3456	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3188	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3736	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	3508	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4204	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4364	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4404	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4548	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4700	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4752	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4844	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4908	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5108	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	4400	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5052	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5240	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5564	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5820	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5908	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5980	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	6024	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	6080	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5136	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5368	BOOTSTRAPPER.EXE
Token: SeDebugPrivilege	5380	BOOTSTRAPPER.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 488 wrote to memory of 2604	488	Boostrapper.exe	29
PID 488 wrote to memory of 2604	488	Boostrapper.exe	29
PID 488 wrote to memory of 2604	488	Boostrapper.exe	29
PID 488 wrote to memory of 2604	488	Boostrapper.exe	29
PID 488 wrote to memory of 2744	488	Boostrapper.exe	30
PID 488 wrote to memory of 2744	488	Boostrapper.exe	30
PID 488 wrote to memory of 2744	488	Boostrapper.exe	30
PID 488 wrote to memory of 2744	488	Boostrapper.exe	30
PID 2604 wrote to memory of 2328	2604	BOOSTRAPPER.EXE	31
PID 2604 wrote to memory of 2328	2604	BOOSTRAPPER.EXE	31
PID 2604 wrote to memory of 2328	2604	BOOSTRAPPER.EXE	31
PID 2604 wrote to memory of 2328	2604	BOOSTRAPPER.EXE	31
PID 2604 wrote to memory of 2884	2604	BOOSTRAPPER.EXE	33
PID 2604 wrote to memory of 2884	2604	BOOSTRAPPER.EXE	33
PID 2604 wrote to memory of 2884	2604	BOOSTRAPPER.EXE	33
PID 2604 wrote to memory of 2884	2604	BOOSTRAPPER.EXE	33
PID 2328 wrote to memory of 2872	2328	BOOSTRAPPER.EXE	35
PID 2328 wrote to memory of 2872	2328	BOOSTRAPPER.EXE	35
PID 2328 wrote to memory of 2872	2328	BOOSTRAPPER.EXE	35
PID 2328 wrote to memory of 2872	2328	BOOSTRAPPER.EXE	35
PID 2328 wrote to memory of 2808	2328	BOOSTRAPPER.EXE	36
PID 2328 wrote to memory of 2808	2328	BOOSTRAPPER.EXE	36
PID 2328 wrote to memory of 2808	2328	BOOSTRAPPER.EXE	36
PID 2328 wrote to memory of 2808	2328	BOOSTRAPPER.EXE	36
PID 2872 wrote to memory of 2992	2872	BOOSTRAPPER.EXE	38
PID 2872 wrote to memory of 2992	2872	BOOSTRAPPER.EXE	38
PID 2872 wrote to memory of 2992	2872	BOOSTRAPPER.EXE	38
PID 2872 wrote to memory of 2992	2872	BOOSTRAPPER.EXE	38
PID 2872 wrote to memory of 2940	2872	BOOSTRAPPER.EXE	39
PID 2872 wrote to memory of 2940	2872	BOOSTRAPPER.EXE	39
PID 2872 wrote to memory of 2940	2872	BOOSTRAPPER.EXE	39
PID 2872 wrote to memory of 2940	2872	BOOSTRAPPER.EXE	39
PID 2992 wrote to memory of 2980	2992	BOOSTRAPPER.EXE	41
PID 2992 wrote to memory of 2980	2992	BOOSTRAPPER.EXE	41
PID 2992 wrote to memory of 2980	2992	BOOSTRAPPER.EXE	41
PID 2992 wrote to memory of 2980	2992	BOOSTRAPPER.EXE	41
PID 2992 wrote to memory of 2672	2992	BOOSTRAPPER.EXE	42
PID 2992 wrote to memory of 2672	2992	BOOSTRAPPER.EXE	42
PID 2992 wrote to memory of 2672	2992	BOOSTRAPPER.EXE	42
PID 2992 wrote to memory of 2672	2992	BOOSTRAPPER.EXE	42
PID 2980 wrote to memory of 2648	2980	BOOSTRAPPER.EXE	44
PID 2980 wrote to memory of 2648	2980	BOOSTRAPPER.EXE	44
PID 2980 wrote to memory of 2648	2980	BOOSTRAPPER.EXE	44
PID 2980 wrote to memory of 2648	2980	BOOSTRAPPER.EXE	44
PID 2980 wrote to memory of 2644	2980	BOOSTRAPPER.EXE	45
PID 2980 wrote to memory of 2644	2980	BOOSTRAPPER.EXE	45
PID 2980 wrote to memory of 2644	2980	BOOSTRAPPER.EXE	45
PID 2980 wrote to memory of 2644	2980	BOOSTRAPPER.EXE	45
PID 2648 wrote to memory of 2468	2648	BOOSTRAPPER.EXE	46
PID 2648 wrote to memory of 2468	2648	BOOSTRAPPER.EXE	46
PID 2648 wrote to memory of 2468	2648	BOOSTRAPPER.EXE	46
PID 2648 wrote to memory of 2468	2648	BOOSTRAPPER.EXE	46
PID 2648 wrote to memory of 1076	2648	BOOSTRAPPER.EXE	47
PID 2648 wrote to memory of 1076	2648	BOOSTRAPPER.EXE	47
PID 2648 wrote to memory of 1076	2648	BOOSTRAPPER.EXE	47
PID 2648 wrote to memory of 1076	2648	BOOSTRAPPER.EXE	47
PID 2468 wrote to memory of 2476	2468	BOOSTRAPPER.EXE	50
PID 2468 wrote to memory of 2476	2468	BOOSTRAPPER.EXE	50
PID 2468 wrote to memory of 2476	2468	BOOSTRAPPER.EXE	50
PID 2468 wrote to memory of 2476	2468	BOOSTRAPPER.EXE	50
PID 2468 wrote to memory of 2492	2468	BOOSTRAPPER.EXE	51
PID 2468 wrote to memory of 2492	2468	BOOSTRAPPER.EXE	51
PID 2468 wrote to memory of 2492	2468	BOOSTRAPPER.EXE	51
PID 2468 wrote to memory of 2492	2468	BOOSTRAPPER.EXE	51

C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:488
- C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
  "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
    "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
      "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        6⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        7⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        8⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        9⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        10⤵
        Loads dropped DLL
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        11⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        12⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        13⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        14⤵
        Loads dropped DLL
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        15⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        16⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        17⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        18⤵
        Loads dropped DLL
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        19⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        20⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        21⤵
        Loads dropped DLL
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        22⤵
        Loads dropped DLL
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        23⤵
        Loads dropped DLL
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        24⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        25⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        26⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        27⤵
        Loads dropped DLL
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        28⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        29⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        30⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        31⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        32⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        33⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        34⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        35⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        38⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        39⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        41⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        42⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        43⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        44⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        48⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        50⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        53⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        54⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        55⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        58⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        61⤵
        System Location Discovery: System Language Discovery
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        63⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        68⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        69⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        73⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        75⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        78⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        80⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        82⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        83⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        88⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        89⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        90⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        91⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        92⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        93⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        94⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        95⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        96⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        97⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        98⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        99⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        100⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        101⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        102⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        103⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        104⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        105⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        106⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        107⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        108⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        109⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        110⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        111⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        112⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        113⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        114⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        115⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        116⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        117⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        118⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        119⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        120⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        121⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        122⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        123⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        124⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        125⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        126⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        127⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        128⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        129⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        130⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        131⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        132⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        133⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        134⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        135⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        136⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        137⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        138⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        139⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        140⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        141⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        142⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        143⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        144⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        145⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        146⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        147⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        148⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        149⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        150⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        151⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        152⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        153⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        154⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        155⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        156⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        157⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        158⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        159⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        160⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        161⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        162⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        163⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        164⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        165⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        166⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        167⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        168⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        169⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        170⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        171⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        172⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        173⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        174⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        175⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        176⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        177⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        178⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        179⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        180⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        181⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        182⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        183⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        184⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        185⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        186⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        187⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        188⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        189⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        190⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        191⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        192⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        193⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        194⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        195⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        196⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        197⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        198⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        199⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        200⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        201⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        202⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        203⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        204⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        205⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        206⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        207⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        208⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        209⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        210⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOSTRAPPER.EXE"
        211⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        210⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        209⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        208⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        207⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        206⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        205⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        204⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        203⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        202⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        201⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        200⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        199⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        198⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        197⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        196⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        195⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        194⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        193⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        192⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        191⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        190⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        189⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        188⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        187⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        186⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        185⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        184⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        183⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        182⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        181⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        180⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        179⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        178⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        177⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        176⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        175⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        174⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        173⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        172⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        171⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        170⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        169⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        168⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        167⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        166⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        165⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        164⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        163⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        162⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        161⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        160⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        159⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        158⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        157⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        156⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        155⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        154⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        153⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        152⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        151⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        150⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        149⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        148⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        147⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        146⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        145⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        144⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        143⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        142⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        141⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        140⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        139⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        138⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        137⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        136⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        135⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        134⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        133⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        132⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        131⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        130⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        129⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        128⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        127⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        126⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        125⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        124⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        123⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        122⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        121⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        120⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        119⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        118⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        117⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        116⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        115⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        114⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        113⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        112⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        111⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        110⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        109⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        108⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        107⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        106⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        105⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        104⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        103⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        102⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        101⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        100⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        99⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        98⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        97⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        96⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        95⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        94⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        93⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        92⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        91⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        90⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        89⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        88⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        87⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        86⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        85⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        84⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        83⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        82⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        81⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        80⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        79⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        78⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        77⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        76⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        75⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        74⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        73⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        72⤵
        
        PID:6228
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 6228 -s 1072
        73⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        71⤵
        
        PID:5960
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5960 -s 1072
        72⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        70⤵
        
        PID:5444
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5444 -s 1072
        71⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        69⤵
        
        PID:5224
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5224 -s 1072
        70⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        68⤵
        
        PID:5948
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5948 -s 1072
        69⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        67⤵
        
        PID:5808
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5808 -s 1076
        68⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        66⤵
        
        PID:5524
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5524 -s 1076
        67⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        65⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5380
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5380 -s 1072
        66⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        64⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        63⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        62⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        61⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:6024
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 6024 -s 1072
        62⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        60⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5980
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5980 -s 1080
        61⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        59⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5908
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5908 -s 1072
        60⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        58⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5820
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5820 -s 1076
        59⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        57⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5564
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5564 -s 1080
        58⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        56⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5240
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5240 -s 1072
        57⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        55⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5052
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5052 -s 1076
        56⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        54⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        53⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5108
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5108 -s 1076
        54⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        52⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        51⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4844
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4844 -s 1072
        52⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        50⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4752
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4752 -s 1072
        51⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        49⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4700
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4700 -s 1068
        50⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        48⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4548
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4548 -s 1072
        49⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        47⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4404
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4404 -s 1068
        48⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        46⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        45⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4204
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4204 -s 1072
        46⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        44⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3508
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3508 -s 1072
        45⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        43⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3736
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3736 -s 1072
        44⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        42⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3456
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3456 -s 1068
        43⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        41⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3188
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3188 -s 1072
        42⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        40⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4084
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4084 -s 1068
        41⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        39⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        38⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3912
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3912 -s 1068
        39⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        37⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3848
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3848 -s 1072
        38⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        36⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3756
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3756 -s 1072
        37⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        35⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3688
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3688 -s 1076
        36⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        34⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3596
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3596 -s 1072
        35⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        33⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3560
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3560 -s 1068
        34⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3444
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3444 -s 1072
        33⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        31⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3372
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3372 -s 1080
        32⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3288
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3288 -s 1072
        31⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3220
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3220 -s 1072
        30⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3124
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3124 -s 1068
        29⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        27⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3084
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3084 -s 1072
        28⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:628
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 628 -s 1072
        27⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3064
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3064 -s 1072
        26⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2428
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2428 -s 1072
        25⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2144
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2144 -s 1076
        24⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1504
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1504 -s 1076
        23⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2652
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2652 -s 1068
        22⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2848
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2848 -s 1068
        21⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2896
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2896 -s 1072
        20⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1612
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1612 -s 1072
        19⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:876
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 876 -s 1072
        18⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:308
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 308 -s 1080
        17⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1524
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1524 -s 1072
        16⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1664
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1664 -s 1068
        15⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1760
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1760 -s 1072
        14⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2952
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2952 -s 1068
        13⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1572
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1572 -s 1068
        12⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1660
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1660 -s 1068
        11⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2492
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2492 -s 1072
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1076
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 1076 -s 1068
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2644
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2644 -s 1068
        8⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2672
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2672 -s 1072
        7⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2940
      - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2940 -s 1072
        6⤵
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
      "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2808
    - - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2808 -s 1072
        5⤵
        
        PID:3192
- - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
    "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2884
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2884 -s 1072
      4⤵
      PID:4268
- C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE
  "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2744
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 2744 -s 1072
    3⤵
    PID:3412

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-28453275284899258719642141821770640675-460288784-12363344932042581112-1660562744"
1⤵
PID:3812

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3914397824951581131810930441524893690807675705-731733213660601788-877848987"
1⤵
PID:5608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1316865745-224380283277200180745915607287064680386356064-1463247657-2138491745"
1⤵
PID:6644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPER.EXE

Filesize
972KB

MD5
90fd25ced85fe6db28d21ae7d1f02e2c

SHA1
e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056

SHA256
97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f

SHA512
1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa

Download Submit
memory/2808-23-0x00000000003E0000-0x00000000004DA000-memory.dmp

Filesize
1000KB

Download