80629167db6a2c88cdf32d6f115e27ba212e32f8c4cb73ecf7552f894b482e9f

Analysis

max time kernel
49s
max time network
59s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrap.Studio.4.1.7.Setup.exe
Size

29.6MB
MD5

3d5fe2a2641cfefaa5bcdfea0a1f73a3
SHA1

97bbabb00d800fab5b1d8d542284d8865ae5562f
SHA256

80629167db6a2c88cdf32d6f115e27ba212e32f8c4cb73ecf7552f894b482e9f
SHA512

2b8c74c5279676955cc19023830efff0453a7970283669f1caa26fe6e0f8f30035266579bf6603e30d2f09524ad15f917b3354b37e744c9ccad0bead59b11a65
SSDEEP

786432:xjPsP9oZq+A1eT9Vbjp0ojmsKyZImazRv:xjP69oW0jb90oasb0V

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2472	Bootstrap.Studio.4.1.7.Setup.tmp
1296	Bootstrap Studio.exe
2140	Bootstrap Studio.exe

Loads dropped DLL 51 IoCs

pid	Process
2436	Bootstrap.Studio.4.1.7.Setup.exe
2472	Bootstrap.Studio.4.1.7.Setup.tmp
2472	Bootstrap.Studio.4.1.7.Setup.tmp
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
1296	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe
2140	Bootstrap Studio.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-utility-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-HIUVG.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-J73MH.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-390GN.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-PSGFO.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-console-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-convert-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\unins000.exe	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-2I51U.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-09PNA.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\resources\is-AQGR4.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-multibyte-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-stdio-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-9GQUV.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-7R7AM.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-0B59V.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-RJ36G.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-7FGVE.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-datetime-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\libEGL.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-profile-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-IM19G.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-O4BQR.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-4FGVQ.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\vcruntime140.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-file-l2-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-timezone-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\unins000.dat	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-JR4LB.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-IN974.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-0Q2LL.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-8TT3P.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-util-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-memory-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-VE5NU.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-BFVO4.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-HQGAN.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-MNENF.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-8TCMB.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-J6BSQ.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-libraryloader-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-synch-l1-2-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-time-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-AG145.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-6I7NC.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-N4QPS.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-filesystem-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-runtime-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-AS1VA.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-H43ID.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-0P5VM.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-NVF5G.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\msvcp140.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-namedpipe-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-P5740.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-SNR8R.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-0M2QC.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\locales\is-PKUKV.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-errorhandling-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-localization-l1-2-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File opened for modification	C:\Program Files (x86)\Bootstrap Studio\api-ms-win-core-processenvironment-l1-1-0.dll	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-LD0FN.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-TIUS1.tmp	Bootstrap.Studio.4.1.7.Setup.tmp
File created	C:\Program Files (x86)\Bootstrap Studio\is-FKLKD.tmp	Bootstrap.Studio.4.1.7.Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrap.Studio.4.1.7.Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrap.Studio.4.1.7.Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrap Studio.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrap Studio.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Bootstrap Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Bootstrap Studio.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2472	Bootstrap.Studio.4.1.7.Setup.tmp
2472	Bootstrap.Studio.4.1.7.Setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2472	Bootstrap.Studio.4.1.7.Setup.tmp

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2472	2436	Bootstrap.Studio.4.1.7.Setup.exe	28
PID 2436 wrote to memory of 2472	2436	Bootstrap.Studio.4.1.7.Setup.exe	28
PID 2436 wrote to memory of 2472	2436	Bootstrap.Studio.4.1.7.Setup.exe	28
PID 2436 wrote to memory of 2472	2436	Bootstrap.Studio.4.1.7.Setup.exe	28
PID 2436 wrote to memory of 2472	2436	Bootstrap.Studio.4.1.7.Setup.exe	28
PID 2436 wrote to memory of 2472	2436	Bootstrap.Studio.4.1.7.Setup.exe	28
PID 2436 wrote to memory of 2472	2436	Bootstrap.Studio.4.1.7.Setup.exe	28
PID 2472 wrote to memory of 1296	2472	Bootstrap.Studio.4.1.7.Setup.tmp	32
PID 2472 wrote to memory of 1296	2472	Bootstrap.Studio.4.1.7.Setup.tmp	32
PID 2472 wrote to memory of 1296	2472	Bootstrap.Studio.4.1.7.Setup.tmp	32
PID 2472 wrote to memory of 1296	2472	Bootstrap.Studio.4.1.7.Setup.tmp	32
PID 1296 wrote to memory of 2140	1296	Bootstrap Studio.exe	33
PID 1296 wrote to memory of 2140	1296	Bootstrap Studio.exe	33
PID 1296 wrote to memory of 2140	1296	Bootstrap Studio.exe	33
PID 1296 wrote to memory of 2140	1296	Bootstrap Studio.exe	33

C:\Users\Admin\AppData\Local\Temp\Bootstrap.Studio.4.1.7.Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrap.Studio.4.1.7.Setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\is-BAS4F.tmp\Bootstrap.Studio.4.1.7.Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BAS4F.tmp\Bootstrap.Studio.4.1.7.Setup.tmp" /SL5="$40016,30710923,179712,C:\Users\Admin\AppData\Local\Temp\Bootstrap.Studio.4.1.7.Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Program Files (x86)\Bootstrap Studio\Bootstrap Studio.exe
    "C:\Program Files (x86)\Bootstrap Studio\Bootstrap Studio.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of WriteProcessMemory
    PID:1296
  - - C:\Program Files (x86)\Bootstrap Studio\Bootstrap Studio.exe
      "C:\Program Files (x86)\Bootstrap Studio\Bootstrap Studio.exe" --type=renderer --no-sandbox --primordial-pipe-token=399819A0F6F2DABE2ADE416664656B32 --lang=en-US --app-path="C:\Program Files (x86)\Bootstrap Studio\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#202426 --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=399819A0F6F2DABE2ADE416664656B32 --renderer-client-id=3 --mojo-platform-channel-handle=1384 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Bootstrap Studio\MSVCP140.dll

Filesize
429KB

MD5
d25c3ff7a4cbbffc7c9fff4f659051ce

SHA1
02fe8d84d7f74c2721ff47d72a6916028c8f2e8a

SHA256
9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5

SHA512
945fe55b43326c95f1eee643d46a53b69a463a88bd149f90e9e193d71b84f4875455d37fd4f06c1307bb2cdbe99c1f6e18cb33c0b8679cd11fea820d7e728065

Download Submit
C:\Program Files (x86)\Bootstrap Studio\VCRUNTIME140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
C:\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
8c137389afccacccbe5864fba3464f48

SHA1
fb99931a34143b93e5e7a72166af830bbb389157

SHA256
8afdaf1c630aecb97ab5625ac8483664643c526bd705decfae0daaf2481f0a81

SHA512
4723f709483bc62b4200a5e5cc48c8af77994b0d06d0dfa3737ad40cb20099db4bcdf69edfaab7f315e1cdf47866feb473bb4f1d26b25f5823f1a2ea2e1a04cd

Download Submit
C:\Program Files (x86)\Bootstrap Studio\blink_image_resources_200_percent.pak

Filesize
24KB

MD5
61cebc61b4d0f7e29564b340311e5478

SHA1
c374d753d938281ab2f3d9f7fd454d8542832dc4

SHA256
1c4f11111f9c40f0a85a4854fa3fa7e112deb27b6aaad1388eb9e1427d550692

SHA512
0dd56cde910ee3ad1a3833ed82e753b67df638bdcd9da3135bc97a9bb8d170bc19fd772d07588883a2f881203bb3e752660edaed00f5df433376a8be28b3cb85

Download Submit
C:\Program Files (x86)\Bootstrap Studio\content_resources_200_percent.pak

Filesize
15B

MD5
7c321056f805aabd5a503821fa1994cd

SHA1
9c690875c9189c66c93ebd4c0971739653bccd19

SHA256
261e6aad3ad0a5f608b5694919ee39026c4c3eb4256540068f7c1aa46be9315a

SHA512
8a5f4b3726e4513251475ac470f86f0daa0d5ae42bb750019ce96ed871cb04a7391cea2cef79e67c585e3a982041575e60d0f79b3a5bb9ad09be53362787f090

Download Submit
C:\Program Files (x86)\Bootstrap Studio\content_shell.pak

Filesize
11.5MB

MD5
01f9ec2c8fc63c3cf5d3ee04a96ad9fb

SHA1
3b61e6438d8cc0277d06cbd449056f11edc0b16d

SHA256
8a6979c6ee80e2b57a7e065008499b372f979ee65b0b4531f59e85eebb1567c6

SHA512
73fb38abb6182ad3b3d2f692eef3a39a1cf05858bf1c532490d83a27daabd0f1f720e17f28b8a676485ca07663f3727d39fb82746e967c9b168daeaa528abac1

Download Submit
C:\Program Files (x86)\Bootstrap Studio\ffmpeg.dll

Filesize
1.6MB

MD5
d9bf7995b2f465774331f4b81159b073

SHA1
1bfc5919a04469bf6a263005e7b7f20b9b2db74e

SHA256
a1a7d37b5175b365c9736e67319857ad52ff4e53a38eb4cbbddb0e4e1fb8e749

SHA512
bccf5dae4b12aebb858719828747ac9d6c4ba591e53cf61363e7254a447a0b4039747943283cd6f2b756d134a6fae3bbad5b5b763a0ac5dc37fa7dd60624fd73

Download Submit
C:\Program Files (x86)\Bootstrap Studio\icudtl.dat

Filesize
9.7MB

MD5
bc7f54e4df91c9137dced27976228b66

SHA1
fe532df1de6dd6f9971227b48f8856e07ae0883d

SHA256
51b93e0bc7e6d697ccc29703e2ebc9210c231c931fe764c372e5ba0d26098d3b

SHA512
8fe03a5b65236c90af171f68e911ff307d40f249120ea1c2324e8a7ccf4061ce6ce6dfe66bc957e76bfa7e5161aaa005f40b9be95dc6481df46f25fbae41e14b

Download Submit
C:\Program Files (x86)\Bootstrap Studio\locales\en-US.pak

Filesize
3KB

MD5
6ae08e7b5687da062c89c49ed4b9cebe

SHA1
7c5964e9359330baefb5ca8c7bd4a37c996d9ae7

SHA256
45f4bad5d9a054c0183c130c6f0764eb37e55f5fc9fdc3cf479da2bb06c18a90

SHA512
4de77e42401689a73e21e05882f3b4326edc4b4d2f9d91d381ce0ec86b8c210d12f944b43caf0d2f5689f4e2824c1461468acba266565a41609cdc02ac42eb37

Download Submit
C:\Program Files (x86)\Bootstrap Studio\natives_blob.bin

Filesize
256KB

MD5
2f3295417175b37822bf3106b33fab6e

SHA1
45c1db70ce3062aae85069629519e61bac6cf5d2

SHA256
63ca83faf83e5c47f9ea5915961aeb171b740fe4d4d10c18581c867567fc2e99

SHA512
30f1de45805f387684a17922aaa91596ce8874dc49d9faa251b0d72bd2c55f91be1d3e3bd74a00933869ddd79e1d36ba03a12db41b2a2875b219bc8e91a98255

Download Submit
C:\Program Files (x86)\Bootstrap Studio\node.dll

Filesize
13.7MB

MD5
24922306e880dcf4ff18224134ea4f4c

SHA1
2c41581098a10eb8130a037b908e22f4323d5e7e

SHA256
b204d42ec01e6a391af66aa33de340db5c8e861d7b9034671603e101dc6fd05d

SHA512
18924eb7494d6bad314ab0979dc74f9ebf6447430bb602b03cd8a57ade344c938d6c66f255df2bc687ff357fab92ed0c69a77d97b2a03d24fbd52992a5c2130f

Download Submit
C:\Program Files (x86)\Bootstrap Studio\pdf_viewer_resources.pak

Filesize
137KB

MD5
a03daa2328b5df6f58766d552363c90e

SHA1
6b4d9a18d58706d502a02ac7399c8a631c1f3eb8

SHA256
73811ff0473c30a8153ca640776507d4ad0e9366b10918c68ea949f3670ea5ca

SHA512
97e7865c45d9634f7c938e598c61e72025233662649ee2749b143b8ef2f1ad64e5f0c67436e8e28260f3add5ffcc55b1bf159188f7d61404e470c2a5149f806e

Download Submit
C:\Program Files (x86)\Bootstrap Studio\resources\app.asar

Filesize
1.1MB

MD5
b3b0b3d8438756f152988be8289cb1bd

SHA1
66223e98b5e53bce553a70b7e2390444021747ff

SHA256
fdf14d9e7c279f6de29a8e3bcf7be77e61af4dc16892b1352ed7cdf8dac83dc3

SHA512
8912b1b580f9fcd0797e1ef36b246c2d8598b5618ad66940097153899d79c77391f70d405dac310e6e9d16792dfd5d5a10f2c0abe1a112d6c8181d95d5805265

Download Submit
C:\Program Files (x86)\Bootstrap Studio\resources\electron.asar

Filesize
232KB

MD5
c5dc1d9f15c08edbc471b91c9cd623ed

SHA1
73d05257bacae6f7ed0b8e0707d5e6544e7a1c5a

SHA256
2c16af93461416fb4e645fc32d52f997c89da8531856136fcbb506e45ceabf8f

SHA512
37ca8c900acf7b6573efca2dae95c4dda37139f095c83d6ca8bccb4e430ce4763a0e2d8dff3bfe1d0867bf4f978c4fcfb6d749632996526f83d288f7f566cb88

Download Submit
C:\Program Files (x86)\Bootstrap Studio\snapshot_blob.bin

Filesize
1.0MB

MD5
941cedba2d39794543c2453b1b27cd7c

SHA1
bb3ebc9fffaaf6ed295e59220f537cb634f49c42

SHA256
8d569dc66bed9ec53cf7b81f0ed3ecd9f89dae619c192bb5a99448726a158809

SHA512
600bc1fdcd10db82380b52b49ecfb637826912a0f58446ec4e0acb62cd95f16f2191c253b817c9ebe30a7c384cc8d9bfc517745320a02b332695f3b407dcd88f

Download Submit
C:\Program Files (x86)\Bootstrap Studio\ucrtbase.DLL

Filesize
895KB

MD5
f0270079e98f80cd59ee4c45fe9c7697

SHA1
9faf9ca18036c83d83d1c2c3107c4d285381049f

SHA256
94952e907781c68d22294fc38d3463a86bbacf285d637eeb1889f7cf41c69129

SHA512
1995d1fabc38f078af3fadcc054080be9d2587123100dfb830df0040061a2a68cde43e582e1e7b45d849b1d2c65c733ac6a0aad02ef736389a9c344ed68088d5

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
eb9161fd0b8137d2c43bbe7c646c8e3c

SHA1
f41e6e7302b4bde1281f583a5c4fd5fe7b03f2e3

SHA256
9e4f1d09a2471ff46b5bb2d9fddb0bc04143398d14341d11423a7589796413f7

SHA512
f733062e46f46dbe85a21868ae0e5304e13c645c26e57d0cba905bcd23c872b68f07a9813b4f55fcddcf67475d649d5833d893b27d1ff3756d3f4deea0bdc785

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
a9b1331617f9913210d4dfde195d6929

SHA1
6587bf0b9b89f212ee0e211ca55bbce376fa7841

SHA256
efb33877982c3d8001cf752b50bfd1e422327c274bdd1c843d762f629307f95a

SHA512
eafe8157c510073349cfddecef6a713235b21a2c5f804a0e05f8cc2d1f1c82d9325c02c395448e029e5836df72aa62c9026e93e9b5057a615a94eb0f95ff7a00

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
755b7023ed998486d9029f56c52cdd74

SHA1
dbe7f8bad220e3d000b0abd18e4b36697f96e6e0

SHA256
08a74c3c146bfddd7236c63e83e5cfb98ebe4595155a8954b50d1f0e60067521

SHA512
3590531682857e93c8a911e9b9d04f34fe5e49bc78a29804cf0c1cc974dc523c6d695837fb0db6ee6d1c6093acdadff3b19768e751e9c7dbdda232c95cdbd798

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
e7e679dfd5704fb3bbae35b1675f66d9

SHA1
2c0cc9796dd06a69b6c0e0dc4a75a93aeb294b92

SHA256
057b0483fee48563e78ff5a4ce27db03b65189d8a9cb16b4e0d9ccdeab769c81

SHA512
5393964b1dd842fe6be7346a57ecea8cd7460f5fa4596137b1a2b6ddf71ddcff5e6584f3199d0aad3b3c3c234d4cdb7a4c63a2e7954fd30b7b02f415edd64855

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
154a0b0e4df921852b403f9c3710ebe0

SHA1
e6cb14f232a85609931704b006bd3950baf0a874

SHA256
58c9475a169eecbef8a404a73fda8c4f57282e66e74ba19a1f5c081e9cee7207

SHA512
a325bdb2ac6f854251aa742fcfa771769c3e8843bdd2bf8acf6be170c419f8a65473c2e3b9b149aa61f6452b39749e171fe5945b9d601c356c254cd18deb4754

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-core-timezone-l1-1-0.dll

Filesize
17KB

MD5
17c1f6b7e224239a45df2760ad534aa6

SHA1
340d78bb270139ec7b771b8cef0da92639750cea

SHA256
0b015be1efc6d20e6ad2a83704c2efdaaf3738bbeb145bc663a098345f38c82c

SHA512
16aa3356c771593c314f922004b69386afd207f5de5466e5dc04fbdc8e10beb28df4b7421ee8abd9024083b55abbbfba54bd4b60b07abde9f25e3332bddc71c7

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-conio-l1-1-0.dll

Filesize
18KB

MD5
ead443b805f5dfddf6b384b214b28ddb

SHA1
8a82e3603936a6623514d0e707fcb48a5933c0ce

SHA256
2da15eb964ab1e82d5eca744aa1636eb667315f3ef84e365ce556ab8758c3550

SHA512
49fe8c2602c29d8652b85e46fd178c78615dcba756a9a7b69ec9248716193db747c60521b94da1e50f009f7824c487e5fb1772b9d171f82c6f329e19c0821080

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
5760bec3a8c82192d724254b80997b83

SHA1
9638cbe7c220dd8ed432104c20fb9dbffbf3e35c

SHA256
ba51a438d47331deef6178345b235e768a4e648d43fd44e28b95e7292cd4f04c

SHA512
56892e8b9d1e34210821b41defaa60e9d1d0014cf827a0ab358bfdea29e95dd5d82565ecd8d81aaef2b93f2b30aef7b1898691adc0660278e5c9047da33ff070

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
a8b527fa19da868dde67c429398addc0

SHA1
7ca13408565890f1f96ce838c818f2fe4b8b5a7c

SHA256
1f62695f9fb0fc6feca4283bb4be26eeea1c5f10368ad51c8a5d910d3e105188

SHA512
18c9a578baa8cac20f0610c0939fe69638b00de09e9ceba72da4801277c64eab1c7ae12da63e087bfe2361b4454229a7c68983d0d30f82fc4e82aa2bf23e33f2

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
2ab82a2368023085ffb3e2c4df1483d3

SHA1
5c7204631683653644771354b4282c63c994dad8

SHA256
9480bb7257c40483e6cb6433cdd90871d55912bdbcfb87f33c11d7401f50f94a

SHA512
96f1ae8252d353297517b9459a359fc617d1065aafefa1532df44cb7781a2c16d5e1429fad3330efddd874a0b00592146b2582cd9d9d918bbedf97823d4825a2

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
4bce918c3f34c152ea99591b7501c932

SHA1
b83e00bdbc78af04146e267a98bccb1597902203

SHA256
ed8b2def856e4effce4856efcc7f3c35fb7e3428287ba8851cde2da8df1d1c58

SHA512
463d73d57ca18c91e401b0293f78286d1d3221775f4a2ea3ee3e59137697bede9327f32b0335e4275626f1b31030543e6abd48988a1f976ec1dd3cbc1b680a9c

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
53d8e61ba651a14e136c3ac3d30dfb35

SHA1
a470dbd794d0a3a23d01f13d146e8cef8dec6886

SHA256
37489d3f078513ecccb7bfb9f18ec1338d011b91ad091085ad1db02f633a23bf

SHA512
2be10659f627bf456d0e75bfe58f2306141841e6ee2d38a742c2e9f4282122075de42a882639643fda9957026efcb0e6dfc00995c911515fae94690923a9bfc8

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
6db484b0d207fd72b5db5ca490bd4ca5

SHA1
8b7a5bb7ce4007b26545fd22902048e05a646446

SHA256
1d8e2b59452b927cc3e0f75b2d5277b667a503c53507fdac11d3d8b44986080d

SHA512
9419ce9148f7c6a473412036bcbca9672f47390295e8a84858f50556c22b66a7385bcee089715ecd7ff1cf5c59257717a75444bee1a4d3e4332326bbc407e0fa

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
55ce323ccbc72920750d305c0b2a09c4

SHA1
8c51f65875cce5c049078fe0209a9a9d1cb98031

SHA256
86cc087d197b1243413c0963b6f132648489fe26a4a11a7a77163744810e9165

SHA512
b760a985f6fc895ccb0d9e0d99d4215cbc90f5d85dfcf46d96dc727c3e5ccea424d8b04c21fae8e2f32127bb6b4e1d63b3ac43bd21b22859d3c6941c8052afa9

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
549f6735f986e1ddc0c85a3502052fec

SHA1
4cf90329f18993c0982cacc1d718e0308176971b

SHA256
8824840d84f561d2b46d13f30484683c36328850a596f1e2ee48bca2e7de2d30

SHA512
51ff305d59e2d1a365095406e9f56b28e57cd95ac36955d93a8f2d6b3dd3d474b30643cf527a67760c540e83517aee2f743214c931cf5e58bc79ae016a47b64f

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-string-l1-1-0.dll

Filesize
23KB

MD5
8f0cb5ca0c982efcec40241f81f9cc11

SHA1
3af0fc542fe2d63ea5acd117e91de134fed3b5ef

SHA256
6147eb7e5bd6ac004301350ef4b168e552b82e301e14dcf3b10df88d833dc1be

SHA512
e6c9ef79f472bd2ae555a9efb606176674d22fb7bb359f268bc0b572382af0336694171a3ec4f5cc986f2eeae63bc0804198715d0494a6c7d58c4160e6e9b966

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
b3f20781c32907a02b16c8e8e2a32e74

SHA1
615e9a72372c69583d0c53e461554eae1368d34a

SHA256
dc7f41906edf362829b5e9157ba0c1da73ce32f95b4cb468cce96521c4c4ac8c

SHA512
f928a79699af5b89d674daf8915c7321feebdd0ba30f611228a88c9781ce2da3c99a724cc8385fe721556126871522b53d149118f747749e665a0754fbdfe15e

Download Submit
\Program Files (x86)\Bootstrap Studio\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
ead03b9a61a23ff6275ca364a1c6536f

SHA1
4221be864a141079699e80b6b121beb08d20c3c0

SHA256
dd0d05feadf990eaa82d691be1990a2bd2ebe7f9874880d1871760dc15d9b3c1

SHA512
e8b238bff471d06439e170e90af93251818f434ca56491494ee2d9684a1837825f2b169f9dc73201c5563dc7500c2438a6081de56dd1a0b0cab25c9382d6bfc5

Download Submit
\Users\Admin\AppData\Local\Temp\is-BAS4F.tmp\Bootstrap.Studio.4.1.7.Setup.tmp

Filesize
816KB

MD5
fac5901f43aeae824f7f615367c25742

SHA1
8a13379a0f7db11df3fbe69b116869d3baac95ee

SHA256
560e2f85c2e1dd375dbeb59d72cc595f84d04d102b4563ef1325ba398f22d592

SHA512
112f8f7c65d5637e430ae0aa05544bbd2670903d3ae8d88820f0354a2b2916245806466ad020cf6d3259c0ab9ff1b826521cd33a9936e5a65694defcb6d38d3f

Download Submit
memory/1296-325-0x0000000039580000-0x0000000039581000-memory.dmp

Filesize
4KB

Download
memory/2140-337-0x0000000017E00000-0x0000000017E01000-memory.dmp

Filesize
4KB

Download
memory/2436-10-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2436-2-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/2436-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2436-329-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2472-12-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2472-11-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2472-8-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2472-327-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download