Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe

Overview

General Information

Sample URL:https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe
Analysis ID:1575243
Infos:

Detection

HTMLPhisher
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected BlockedWebSite
Yara detected Powershell download and execute
Machine Learning detection for dropped file
Uses ipconfig to lookup or modify the Windows network settings
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores large binary data to the registry

Classification

Process Tree

  • System is w11x64_office
  • chrome.exe (PID: 440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 290DF23002E9B52249B5549F0C668A86)
    • chrome.exe (PID: 6204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1896,i,3275453913405260217,5012040670754835409,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2232 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)
  • chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe" MD5: 290DF23002E9B52249B5549F0C668A86)
  • rundll32.exe (PID: 8080 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: C87FA6FC1D294962EABE44509FE1921C)
  • Bootstrapper.exe (PID: 8116 cmdline: "C:\Users\user\Downloads\Bootstrapper.exe" MD5: 2A4DCF20B82896BE94EB538260C5FB93)
  • Bootstrapper.exe (PID: 8156 cmdline: "C:\Users\user\Downloads\Bootstrapper.exe" MD5: 2A4DCF20B82896BE94EB538260C5FB93)
    • conhost.exe (PID: 8164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
    • cmd.exe (PID: 2312 cmdline: "cmd" /c ipconfig /all MD5: 428CEC6B0034E0F183EB5BAE887BE480)
      • conhost.exe (PID: 7360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • ipconfig.exe (PID: 7380 cmdline: ipconfig /all MD5: F9739E9B83D9A616C7B201B902DD4B8B)
    • BootstrapperV1.23.exe (PID: 7272 cmdline: "C:\Users\user\Downloads\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\user\Downloads\Bootstrapper.exe" --isUpdate true MD5: 02C70D9D6696950C198DB93B7F6A835E)
      • conhost.exe (PID: 7216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • cmd.exe (PID: 6476 cmdline: "cmd" /c ipconfig /all MD5: 428CEC6B0034E0F183EB5BAE887BE480)
        • conhost.exe (PID: 6652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
        • ipconfig.exe (PID: 6704 cmdline: ipconfig /all MD5: F9739E9B83D9A616C7B201B902DD4B8B)
      • WerFault.exe (PID: 7564 cmdline: C:\Windows\system32\WerFault.exe -u -p 7272 -s 2148 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_62JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security
    dropped/chromecache_62JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security
      dropped/chromecache_62JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security
        dropped/chromecache_62JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security
          dropped/chromecache_62JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security
            Click to see the 4 entries

            HTML

            SourceRuleDescriptionAuthorStrings
            1.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

              Sigma Signatures

              Sigma detected: Suspicious Network Command
              Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: "cmd" /c ipconfig /all, CommandLine: "cmd" /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Downloads\Bootstrapper.exe" , ParentImage: C:\Users\user\Downloads\Bootstrapper.exe, ParentProcessId: 8156, ParentProcessName: Bootstrapper.exe, ProcessCommandLine: "cmd" /c ipconfig /all, ProcessId: 2312, ProcessName: cmd.exe

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exeAvira URL Cloud: detection malicious, Label: malware
              Antivirus detection for dropped file
              Source: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadAvira: detection malicious, Label: TR/AVI.Agent.iqkvn
              Source: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadAvira: detection malicious, Label: TR/AVI.Agent.iqkvn
              Source: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadAvira: detection malicious, Label: TR/AVI.Agent.iqkvn
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadReversingLabs: Detection: 75%
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeReversingLabs: Detection: 63%
              Machine Learning detection for dropped file
              Source: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadJoe Sandbox ML: detected
              Source: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadJoe Sandbox ML: detected
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeJoe Sandbox ML: detected
              Source: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadJoe Sandbox ML: detected
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeJoe Sandbox ML: detected

              Phishing

              barindex
              Yara detected BlockedWebSite
              Source: Yara matchFile source: dropped/chromecache_62, type: DROPPED
              Source: Yara matchFile source: 1.0.pages.csv, type: HTML
              Source: https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exeHTTP Parser: No favicon
              Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.24:49777 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.24:49782 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49809 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49811 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49812 version: TLS 1.2
              Source: chrome.exeMemory has grown: Private usage: 26MB later: 35MB
              Source: unknownTCP traffic detected without corresponding DNS query: 23.201.169.47
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.151
              Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.151
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownUDP traffic detected without corresponding DNS query: 23.57.90.151
              Source: unknownUDP traffic detected without corresponding DNS query: 23.57.90.151
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 23.57.90.151
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
              Source: unknownTCP traffic detected without corresponding DNS query: 104.126.37.179
              Source: unknownTCP traffic detected without corresponding DNS query: 104.126.37.179
              Source: unknownTCP traffic detected without corresponding DNS query: 104.126.37.179
              Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.37
              Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.37
              Source: unknownTCP traffic detected without corresponding DNS query: 23.201.169.47
              Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.49
              Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.49
              Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: */*If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org
              Source: global trafficDNS traffic detected: DNS query: f29cc861.solaraweb-alj.pages.dev
              Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: getsolara.dev
              Source: global trafficDNS traffic detected: DNS query: 485b1b07.solaraweb-alj.pages.dev
              Source: global trafficDNS traffic detected: DNS query: clientsettings.roblox.com
              Source: global trafficDNS traffic detected: DNS query: www.nodejs.org
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
              Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
              Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.24:49777 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.24:49782 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49809 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49811 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49812 version: TLS 1.2
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir440_1012552717
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir440_1012552717
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7272 -s 2148
              Source: classification engineClassification label: mal88.phis.evad.win@36/16@12/133
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a4bddb66-5e8e-4e88-8b04-9e42b20864a7.tmp
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6652:120:WilError_03
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeMutant created: NULL
              Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7272
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7360:120:WilError_03
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeFile created: C:\Users\user\AppData\Local\Temp\node-v18.16.0-x64.msi
              Source: C:\Users\user\Downloads\Bootstrapper.exeFile read: C:\Users\user\Desktop\desktop.ini
              Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1896,i,3275453913405260217,5012040670754835409,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2232 /prefetch:11
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1896,i,3275453913405260217,5012040670754835409,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2232 /prefetch:11
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: unknownProcess created: C:\Users\user\Downloads\Bootstrapper.exe "C:\Users\user\Downloads\Bootstrapper.exe"
              Source: unknownProcess created: C:\Users\user\Downloads\Bootstrapper.exe "C:\Users\user\Downloads\Bootstrapper.exe"
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess created: C:\Users\user\Downloads\BootstrapperV1.23.exe "C:\Users\user\Downloads\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\user\Downloads\Bootstrapper.exe" --isUpdate true
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess created: C:\Users\user\Downloads\BootstrapperV1.23.exe "C:\Users\user\Downloads\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\user\Downloads\Bootstrapper.exe" --isUpdate true
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7272 -s 2148
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: mscoree.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: version.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: vcruntime140_1_clr0400.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: iphlpapi.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: dnsapi.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: dhcpcsvc.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: winnsi.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: wintypes.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: profapi.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: rasapi32.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: rtutils.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: rasman.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: mswsock.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: winhttp.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: rasadhlp.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: fwpuclnt.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: secur32.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: sspicli.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: schannel.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: ncrypt.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: ntasn1.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: ncryptsslp.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: msasn1.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: propsys.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: cfgmgr32.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: edputil.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: urlmon.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: iertutil.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: srvcli.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: netutils.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: srvcli.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: netutils.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: windows.staterepositoryps.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: virtdisk.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: wldp.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: smartscreenps.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: appresolver.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: userenv.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: bcp47langs.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeSection loaded: apphelp.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: mscoree.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: apphelp.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: version.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: vcruntime140_1_clr0400.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: iphlpapi.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: dnsapi.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: dhcpcsvc.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: winnsi.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: wintypes.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: profapi.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: rasapi32.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: rtutils.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: rasman.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: mswsock.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: winhttp.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: rasadhlp.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: fwpuclnt.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: secur32.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: sspicli.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: schannel.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: ncrypt.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: ntasn1.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: ncryptsslp.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: msasn1.dll
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dll
              Source: C:\Users\user\Downloads\Bootstrapper.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

              Persistence and Installation Behavior

              barindex
              Uses ipconfig to lookup or modify the Windows network settings
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 391329.crdownloadJump to dropped file
              Source: C:\Users\user\Downloads\Bootstrapper.exeFile created: C:\Users\user\Downloads\BootstrapperV1.23.exeJump to dropped file
              Source: C:\Users\user\Downloads\Bootstrapper.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults data
              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\Bootstrapper.exeMemory allocated: 22395050000 memory reserve | memory write watch
              Source: C:\Users\user\Downloads\Bootstrapper.exeMemory allocated: 223AE9E0000 memory reserve | memory write watch
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeMemory allocated: 19350290000 memory reserve | memory write watch
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeMemory allocated: 19368310000 memory reserve | memory write watch
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 600000
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599890
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599780
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599668
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599555
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599445
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599333
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599205
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599078
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598967
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598855
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598743
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598631
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598503
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598375
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598264
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598152
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598040
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597925
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597801
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597673
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597547
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597436
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597325
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597213
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597101
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596989
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596861
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596735
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596623
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596511
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596399
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596287
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596160
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596033
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595906
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595795
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595683
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595572
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595461
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595350
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595238
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595080
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594952
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594840
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594728
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594619
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594508
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594396
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594268
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594140
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 600000
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599886
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599776
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599633
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599521
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599397
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599287
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599160
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599032
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598920
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598808
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598696
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598584
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598456
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598330
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598217
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598107
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597995
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597883
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597772
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597663
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597553
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597435
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597318
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597169
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597039
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596934
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596822
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596709
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596584
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596456
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596344
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596232
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596120
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596007
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595897
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595787
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595659
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595532
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595404
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595291
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595180
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595067
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594941
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594828
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594716
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594608
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594480
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594370
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594258
              Source: C:\Users\user\Downloads\Bootstrapper.exeWindow / User API: threadDelayed 1131
              Source: C:\Users\user\Downloads\Bootstrapper.exeWindow / User API: threadDelayed 5721
              Source: C:\Users\user\Downloads\Bootstrapper.exeWindow / User API: threadDelayed 1876
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeWindow / User API: threadDelayed 1267
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeWindow / User API: threadDelayed 8561
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -11068046444225724s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -600000s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599890s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 7424Thread sleep count: 1131 > 30
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 7424Thread sleep count: 5721 > 30
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599780s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599668s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599555s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599445s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599333s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599205s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -599078s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598967s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598855s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598743s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598631s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598503s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598375s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598264s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598152s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -598040s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597925s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597801s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597673s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597547s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597436s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597325s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597213s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -597101s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596989s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596861s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596735s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596623s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596511s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596399s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596287s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596160s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -596033s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595906s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595795s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595683s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595572s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 7456Thread sleep count: 1876 > 30
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595461s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595350s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595238s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -595080s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594952s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594840s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594728s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594619s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594508s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594396s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594268s >= -30000s
              Source: C:\Users\user\Downloads\Bootstrapper.exe TID: 6380Thread sleep time: -594140s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -25825441703193356s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -600000s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 6664Thread sleep count: 1267 > 30
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599886s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 6664Thread sleep count: 8561 > 30
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599776s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599633s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599521s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599397s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599287s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599160s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -599032s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598920s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598808s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598696s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598584s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598456s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598330s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598217s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -598107s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597995s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597883s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597772s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597663s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597553s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597435s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597318s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597169s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -597039s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596934s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596822s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596709s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596584s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596456s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596344s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596232s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596120s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -596007s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595897s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595787s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595659s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595532s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595404s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595291s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595180s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -595067s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -594941s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -594828s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -594716s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -594608s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -594480s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -594370s >= -30000s
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exe TID: 3388Thread sleep time: -594258s >= -30000s
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 600000
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599890
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599780
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599668
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599555
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599445
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599333
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599205
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 599078
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598967
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598855
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598743
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598631
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598503
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598375
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598264
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598152
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 598040
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597925
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597801
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597673
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597547
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597436
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597325
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597213
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 597101
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596989
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596861
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596735
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596623
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596511
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596399
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596287
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596160
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 596033
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595906
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595795
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595683
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595572
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595461
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595350
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595238
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 595080
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594952
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594840
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594728
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594619
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594508
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594396
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594268
              Source: C:\Users\user\Downloads\Bootstrapper.exeThread delayed: delay time: 594140
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 600000
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599886
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599776
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599633
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599521
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599397
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599287
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599160
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 599032
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598920
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598808
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598696
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598584
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598456
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598330
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598217
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 598107
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597995
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597883
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597772
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597663
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597553
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597435
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597318
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597169
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 597039
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596934
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596822
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596709
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596584
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596456
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596344
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596232
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596120
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 596007
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595897
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595787
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595659
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595532
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595404
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595291
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595180
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 595067
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594941
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594828
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594716
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594608
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594480
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594370
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeThread delayed: delay time: 594258
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess information queried: ProcessInformation
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess queried: DebugPort
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess queried: DebugPort
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess token adjusted: Debug
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess token adjusted: Debug
              Source: C:\Users\user\Downloads\Bootstrapper.exeMemory allocated: page read and write | page guard

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Yara detected Powershell download and execute
              Source: Yara matchFile source: \Device\ConDrv, type: DROPPED
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Users\user\Downloads\Bootstrapper.exeProcess created: C:\Users\user\Downloads\BootstrapperV1.23.exe "C:\Users\user\Downloads\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\user\Downloads\Bootstrapper.exe" --isUpdate true
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Users\user\Downloads\Bootstrapper.exeQueries volume information: C:\Users\user\Downloads\Bootstrapper.exe VolumeInformation
              Source: C:\Users\user\Downloads\Bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
              Source: C:\Users\user\Downloads\Bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeQueries volume information: C:\Users\user\Downloads\BootstrapperV1.23.exe VolumeInformation
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
              Source: C:\Users\user\Downloads\BootstrapperV1.23.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Users\user\Downloads\Bootstrapper.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Windows Management Instrumentation              		1
              DLL Side-Loading              		11
              Process Injection              		11
              Masquerading              		OS Credential Dumping11
              Security Software Discovery              		Remote ServicesData from Local System2
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Modify Registry              		LSASS Memory1
              Process Discovery              		Remote Desktop ProtocolData from Removable Media1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Extra Window Memory Injection              		1
              Disable or Modify Tools              		Security Account Manager41
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook41
              Virtualization/Sandbox Evasion              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture3
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
              Process Injection              		LSA Secrets1
              System Network Configuration Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Rundll32              		Cached Domain Credentials1
              File and Directory Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync22
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              File Deletion              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              Extra Window Memory Injection              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe100%Avira URL Cloudmalware

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\Downloads\Unconfirmed 391329.crdownload100%AviraTR/AVI.Agent.iqkvn
              C:\Users\user\Downloads\Unconfirmed 391329.crdownload100%Joe Sandbox ML
              C:\Users\user\Downloads\Unconfirmed 391329.crdownload75%ReversingLabsWin64.Trojan.Malgent
              C:\Users\user\Downloads\Unconfirmed 391329.crdownload100%AviraTR/AVI.Agent.iqkvn
              C:\Users\user\Downloads\Unconfirmed 391329.crdownload100%Joe Sandbox ML
              C:\Users\user\Downloads\BootstrapperV1.23.exe100%Joe Sandbox ML
              C:\Users\user\Downloads\BootstrapperV1.23.exe63%ReversingLabsWin64.Trojan.Heracles
              C:\Users\user\Downloads\Unconfirmed 391329.crdownload100%AviraTR/AVI.Agent.iqkvn
              C:\Users\user\Downloads\Unconfirmed 391329.crdownload100%Joe Sandbox ML
              C:\Users\user\Downloads\BootstrapperV1.23.exe100%Joe Sandbox ML

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              bg.microsoft.map.fastly.net
              		199.232.210.172
              		truefalse
                		high
                a.nel.cloudflare.com
                		35.190.80.1
                		truefalse
                  		high
                  getsolara.dev
                  		104.21.93.27
                  		truefalse
                    		high
                    f29cc861.solaraweb-alj.pages.dev
                    		172.66.44.59
                    		truefalse
                      		high
                      www.nodejs.org
                      		104.20.23.46
                      		truefalse
                        		high
                        485b1b07.solaraweb-alj.pages.dev
                        		172.66.44.59
                        		truefalse
                          		unknown
                          edge-term4-lhr2.roblox.com
                          		128.116.119.3
                          		truefalse
                            		unknown
                            www.google.com
                            		142.250.181.132
                            		truefalse
                              		high
                              clientsettings.roblox.com
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exetrue
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  172.217.19.206
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  52.168.117.173
                                  		unknownUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  1.1.1.1
                                  		unknownAustralia
                                  		13335CLOUDFLARENETUSfalse
                                  128.116.119.3
                                  		edge-term4-lhr2.roblox.comUnited States
                                  		22697ROBLOX-PRODUCTIONUSfalse
                                  172.217.17.35
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  172.66.44.59
                                  		f29cc861.solaraweb-alj.pages.devUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  142.250.181.132
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  104.20.23.46
                                  		www.nodejs.orgUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  142.250.181.138
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  35.190.80.1
                                  		a.nel.cloudflare.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.181.99
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  64.233.163.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  104.21.93.27
                                  		getsolara.devUnited States
                                  		13335CLOUDFLARENETUSfalse

                                  Private

                                  IP
                                  192.168.2.24
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1575243
                                  Start date and time:2024-12-14 23:52:29 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                  Sample URL:https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe
                                  Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                  Run name:Potential for more IOCs and behavior
                                  Number of analysed new started processes analysed:34
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:1
                                  Technologies:
                                  • EGA enabled
                                  Analysis Mode:stream
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal88.phis.evad.win@36/16@12/133

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 172.64.149.23, 104.18.38.233
                                  • Excluded domains from analysis (whitelisted): crt.comodoca.com.cdn.cloudflare.net, crt.comodoca.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtCreateKey calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                  • VT rate limit hit for: https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe

                                  Created / dropped Files

                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BootstrapperV1.2_cd71913e866a70634998d571867a63e17351_9c4008b6_2e51086e-6a71-47dd-926b-6562cfec5a1d\Report.wer

                                  Download File
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2251), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):65536
                                  Entropy (8bit):1.5623639275077312
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:C77E62E67D81B28C986CA1805C326B35
                                  SHA1:BFD0A971AF6A1DA1EA314557E05BFFB33EA55225
                                  SHA-256:C139E1EA34EE0D2F572D611B2467C9ABD1DE3F8D31457E0A99965DAC7740E48A
                                  SHA-512:5072DB5EE15DC4287A0CE7F3FFF410A138F8E1CCE5D0A79311CECD3F32192960DB0D5B61C8D30E255931A44BE84D1F67DCCC4A21923BE2F26F53EFF02BCC8560
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.6.9.0.4.7.3.2.5.1.7.1.9.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.6.9.0.4.7.4.4.0.8.7.1.7.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.e.5.1.0.8.6.e.-.6.a.7.1.-.4.7.d.d.-.9.2.6.b.-.6.5.6.2.c.f.e.c.5.a.1.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.7.c.5.7.1.a.b.-.b.1.c.8.-.4.5.b.4.-.a.8.6.a.-.1.f.d.9.d.4.4.b.6.f.8.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.o.o.t.s.t.r.a.p.p.e.r.V.1...2.3...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.S.o.l.a.r.a.B.o.o.t.s.t.r.a.p.p.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.6.8.-.0.0.0.1.-.0.0.0.e.-.b.b.c.6.-.2.8.1.d.7.b.4.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.f.e.1.7.3.6.3.1.c.a.d.c.4.a.7.6.9.5.d.3.9.9.5.7.a.1.2.d.e.9.c.0.0.0.0.0.0.0.0.!.0.0.0.0.3.0.2.3.1.a.4.6.7.a.4.9.c.c.3.7.7.6.8.e.e.a.0.f.5.5.f.4.b.e.a.1.c.b.f.

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.0ada9575-fe12-49d8-8fb9-fdf95f35d78e.tmp.xml

                                  Download File
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:XML 1.0 document, ASCII text, with very long lines (2272), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):7513
                                  Entropy (8bit):4.847781922423919
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:C3691869ED2DC379FBE40A0B471012F1
                                  SHA1:F627B3AD13BA3C1EC57D8180B1B19B53DE5D3BF5
                                  SHA-256:FDF82ACDCEF613B950FF41AB736B10AD1E3EA3495598C7C88CF686E73F4D9F22
                                  SHA-512:6DB79D527E9E19C67FBC00277B7A5737465C5933E595450BDD1B512AD139DEA7E5B2A605ACE0937C8259C0E688AD726216263D06E755AD2AD1DA1BAF6FAC4B75
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="22631" />.. <arg nm="vercsdbld" val="4169" />.. <arg nm="verqfe" val="4169" />.. <arg nm="csdbld" val="4169" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="7484" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.1.22621.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" /

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.6be6b163-d357-4ee8-adb3-269fd7041d0c.tmp.WERInternalMetadata.xml

                                  Download File
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (380), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):9090
                                  Entropy (8bit):3.7574760660579782
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B60B6AC0EA3D0D9B0B1EBDF03AA505DF
                                  SHA1:84B7CB48F2E8515934E6AB2AA6991041414FF679
                                  SHA-256:11CFC2963047D0DA757D3250A9D9E920E48197F1DF568F154167A8FCF14CC89A
                                  SHA-512:40097E2E349CC20E6923C1BBBD19F66624C0A3C159CE6951376F7581971AF57A2B4AA769C2FB7127DF768F2DA68D83691355C32644E09602E2444AB13968943B
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.2.2.6.3.1.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.2.2.6.2.1...4.1.6.9...a.m.d.6.4.f.r.e...n.i._.r.e.l.e.a.s.e...2.2.0.5.0.6.-.1.2.5.0.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.4.1.6.9.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.........<.B.u.i.l.d.L.a.y.e.r.s.>...........<.B.u.i.l.d.L.a.y.e.r. .L.a.y.e.r.N.a.m.e.=.".2.2.6.2.1...1...a.m.d.6.4.f.r.e...n.i._.r.

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.9edc73a2-9259-483e-8bbd-bd2e7fb852de.tmp.dmp

                                  Download File
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:Mini DuMP crash report, 16 streams, Sat Dec 14 22:54:33 2024, 0x1205a4 type
                                  Category:dropped
                                  Size (bytes):578155
                                  Entropy (8bit):3.354573991062211
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:270E6F1E0DF9DA52AA2913D0BA7DF19F
                                  SHA1:7B80B3B55E0135432057A05AF4B5DBEBD28B3D48
                                  SHA-256:F02842946A447A2BE323E0255CBD4A026D15683785F45B5B93763619D42D6992
                                  SHA-512:E75258976BDAABF8B3A09AAE3D348BF6CB32B95848C5BFB2110F4E63AA88C89F1188EBE9506E9C3683E05A1CAD08CB11C63B74DBA98859AFC01E55698C9BB10B
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:MDMP..]..... .........^g........................<...$.......<...`)......`....)......4R..............l.......8...........T............V...{...........D...........F..............................................................................gX.......G......Lw...............*.`....T.......h.....^g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................2.2.6.2.1...1...a.m.d.6.4.f.r.e...n.i._.r.e.l.e.a.s.e...2.2.0.5.0.6.-.1.2.5.0...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5a2098e080cf7ac4.automaticDestinations-ms

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):1536
                                  Entropy (8bit):1.2738520304209824
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:4869376AC2EDFA86946F63F6A2E4368B
                                  SHA1:E0A1F6F6A3068D40A63581AD1CA1F6983E98D938
                                  SHA-256:BA7063AA9A3E26C82AA0E3B7F7BF22C479E4697221C592DC09FD00A2FE04BF1A
                                  SHA-512:D95309737CC8571534F0B7BDC7EF35DD826BE506CBF3F9471C09251BB92234588BF93CC827E7A208C684FC40E5207759F97C4B1D20E85B86F850FC3C9253A72C
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\Downloads\Bootstrapper.exe (copy)

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):0
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:2A4DCF20B82896BE94EB538260C5FB93
                                  SHA1:21F232C2FD8132F8677E53258562AD98B455E679
                                  SHA-256:EBBCB489171ABFCFCE56554DBAEACD22A15838391CBC7C756DB02995129DEF5A
                                  SHA-512:4F1164B2312FB94B7030D6EB6AA9F3502912FFA33505F156443570FC964BFD3BB21DED3CF84092054E07346D2DCE83A0907BA33F4BA39AD3FE7A78E836EFE288
                                  Malicious:true
                                  Reputation:unknown
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Ll.g.........."......v............... ....@...... ....................................`.................................................D...T.......u............................................................................................ ..H............text....t... ...v.................. ..`.rsrc...u............x..............@..@.reloc...............~..............@..BH........................................................................0..R.......(....:....*r...p(....r...po....:-...r-..pr&..p.. (.....@....r...pr<..p(....(....&*.......0..........rL..prT..p.(....s....%.o....%.o....%.o....%.o.....s.......o.....o....&.o....o......(....9.....o....o.............9.....o......*.......8.8p.......0..8.......r\..p.......%...%.r^..p.%...%.r...p.%...%.r...p.(......*.....(....~....%:....&~......*...s....%.....(...+*...0..l.........(....r...p(....(....r\..p.

                                  C:\Users\user\Downloads\BootstrapperV1.23.exe

                                  Download File
                                  Process:C:\Users\user\Downloads\Bootstrapper.exe
                                  File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):819200
                                  Entropy (8bit):5.598261375667174
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:02C70D9D6696950C198DB93B7F6A835E
                                  SHA1:30231A467A49CC37768EEA0F55F4BEA1CBFB48E2
                                  SHA-256:8F2E28588F2303BD8D7A9B0C3FF6A9CB16FA93F8DDC9C5E0666A8C12D6880EE3
                                  SHA-512:431D9B9918553BFF4F4A5BC2A5E7B7015F8AD0E2D390BB4D5264D08983372424156524EF5587B24B67D1226856FC630AACA08EDC8113097E0094501B4F08EFEB
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 63%
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  Reputation:unknown
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....5g.........."......v............... ....@...... ....................................`.................................................4...T.......u............................................................................................ ..H............text....t... ...v.................. ..`.rsrc...u............x..............@..@.reloc...............~..............@..BH...........|............................................................0..R.......(....:....*r...p(....r...po....:-...r-..pr&..p.. (.....@....r...pr<..p(....(....&*.......0..........rL..prT..p.(....s....%.o....%.o....%.o....%.o.....s.......o.....o....&.o....o......(....9.....o....o.............9.....o......*.......8.8p.......0..8.......r\..p.......%...%.r^..p.%...%.r...p.%...%.r...p.(......*.....(....~....%:....&~......*...s....%.....(...+*...0..l.........(....r...p(....(....r\..p.

                                  C:\Users\user\Downloads\DISCORD

                                  Download File
                                  Process:C:\Users\user\Downloads\Bootstrapper.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):103
                                  Entropy (8bit):4.081427527984575
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B016DAFCA051F817C6BA098C096CB450
                                  SHA1:4CC74827C4B2ED534613C7764E6121CEB041B459
                                  SHA-256:B03C8C2D2429E9DBC7920113DEDF6FC09095AB39421EE0CC8819AD412E5D67B9
                                  SHA-512:D69663E1E81EC33654B87F2DFADDD5383681C8EBF029A559B201D65EB12FA2989FA66C25FA98D58066EAB7B897F0EEF6B7A68FA1A9558482A17DFED7B6076ACA
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{. "args" : {. "code" : "8PgspRYAQu". },. "cmd" : "INVITE_BROWSER",. "nonce" : ".". }

                                  C:\Users\user\Downloads\Unconfirmed 391329.crdownload

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):819200
                                  Entropy (8bit):5.598226996524291
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:2A4DCF20B82896BE94EB538260C5FB93
                                  SHA1:21F232C2FD8132F8677E53258562AD98B455E679
                                  SHA-256:EBBCB489171ABFCFCE56554DBAEACD22A15838391CBC7C756DB02995129DEF5A
                                  SHA-512:4F1164B2312FB94B7030D6EB6AA9F3502912FFA33505F156443570FC964BFD3BB21DED3CF84092054E07346D2DCE83A0907BA33F4BA39AD3FE7A78E836EFE288
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Avira, Detection: 100%
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 75%
                                  • Antivirus: Avira, Detection: 100%
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: Avira, Detection: 100%
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  Reputation:unknown
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Ll.g.........."......v............... ....@...... ....................................`.................................................D...T.......u............................................................................................ ..H............text....t... ...v.................. ..`.rsrc...u............x..............@..@.reloc...............~..............@..BH........................................................................0..R.......(....:....*r...p(....r...po....:-...r-..pr&..p.. (.....@....r...pr<..p(....(....&*.......0..........rL..prT..p.(....s....%.o....%.o....%.o....%.o.....s.......o.....o....&.o....o......(....9.....o....o.............9.....o......*.......8.8p.......0..8.......r\..p.......%...%.r^..p.%...%.r...p.%...%.r...p.(......*.....(....~....%:....&~......*...s....%.....(...+*...0..l.........(....r...p(....(....r\..p.

                                  C:\Windows\appcompat\Programs\Amcache.hve

                                  Download File
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:MS Windows registry file, NT/2000 or above
                                  Category:dropped
                                  Size (bytes):786432
                                  Entropy (8bit):3.530840608078094
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:51F60E3D1630179DB5BEF5FE874C6D8F
                                  SHA1:8156F598E16163B42F0CCC4C58140A1FAE6405E5
                                  SHA-256:1FF65B014F13359E35577F3C3FB17E39BFE66436E85F7638A2E34478FBA63E20
                                  SHA-512:F8CE01EB8110A5FFCCD975B2F8BE94CBFBD4D4BC2C5CF90A0616D660EBBDFAAA2CC1C9341F5CEA809A9A56A57377A9EEB889D085F0E2F129754B2724DB2484B0
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:regfm...m...w.k.eJ.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......X.......n......X.......n..........X.......n...rmtm...@-J..............................................................................................................................................................................................................................................................................................................................................|)..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Windows\appcompat\Programs\Amcache.hve.LOG1

                                  Download File
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:MS Windows registry file, NT/2000 or above
                                  Category:dropped
                                  Size (bytes):163840
                                  Entropy (8bit):2.061727924992082
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:9DB91C356E7505E5A2D061F460D71CAF
                                  SHA1:731E1C5153F020B29321B6A202FB4438A7E9DF26
                                  SHA-256:7814591867B58D55C65B5384F9ACD89127A226D4AA1F39C1D030A91EE248952D
                                  SHA-512:6C3EDA6B23C349F4E7D891F1ED650D71ACE16FE9FFC9E776F5B76B946C4FDA3A6C0B0B8AFDD24C3FD469F63024971049EE00F1D3F5EFAEE1C8CEB9C58DDCAF46
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:regfl...l...w.k.eJ.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......X.......n......X.......n..........X.......n...rmtm...@-J..............................................................................................................................................................................................................................................................................................................................................z)..HvLE.N......l.............E.j|.j.\{O.............`.......P..............hbin................w.k.eJ..........nk,.w.k.eJ......(....................... .......................b.......&...{11517B7C-E79D-4e20-961B-75A811715ADD}..p...sk..............t.......\...h.............H.........?...................?...................?........... ... ...................................vk..b...P.........T.CreatingCommand.....".C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.d.e.v.i.c.e.c.e.n.s.u.s...e.x.e.".

                                  Chrome Cache Entry: 88

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, from Unix, original size modulo 2^32 24051
                                  Category:downloaded
                                  Size (bytes):4515
                                  Entropy (8bit):7.956467386800229
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:99A8B213866426D482DB5C874E91CFC1
                                  SHA1:49BFFD206943C4A850376205EE720A87D08CE8CC
                                  SHA-256:D117A3A72EDA86BB4E103C5DAD01F6828F9454E9232CDD763806D57FF6D3DEBE
                                  SHA-512:CACDEA20F37A4FD5A551FAA04A2916D467E197CCF971E7104E18A2213CF1F1EA3C84B7389C3841C5249053A1854C28C92A86A5E0986244A8F26BFC35792F15C1
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://f29cc861.solaraweb-alj.pages.dev/cdn-cgi/styles/cf.errors.css
                                  Preview:...........<..r.......F[:Z,..F. H.....O...%.6.H...n......I\%.3....R...bUI........6..,k.Gy....rK&?...\..._..+.p.!5.~.......r..{(S.#.v....B~.....T.....@o.....a.<fP&.`Yt.W..&.O.<.2C'.U).p+#.D.c,?&..V~L....A.`..[<4rS_.2B.......d.)A..T...%Y.`+.~..`=H.5.W.g..\^.,c.C......FY.Y.:P..;.k..U...v.P..-...&\.B.Ly.*.~(m2A=.].k........[..#...Yezy..HCy.@{F.!<6.(P}>.....l........lQO...}..(.?.{x.....D.......)...Jt....`.j.].....8.2K.u..&S.C..m..*.Q.f...5%.8PK-...'?..P....T..........h-..^.d..2y.5N.!hO.j.:..&..I...a..~.~9...N.-.gI.v.%.7:...".&......!...%...d..m.....;*...r.|T..zx...9.q{........m.j.WO.B....MSB...zXm..D.............1............gXo...u?l...o.lj...7.."Pn:Pw~.[tR.2..6W........... .zLFD.....~.....m........{...t.....D.3.%..6Q.I.M.<M..}....@.u.@.@..M......2..%.......MK.g..qu.a5...!...QS.0...0.x..R.......g..+.V........8.Z7....$H}.zN....^..`..M4....*p........Tb.M.Y..a.6Wq#e.J.....C~........^........K.jN..5.a.t......X .P..?....R?'O6....6q.2q..................m\

                                  Chrome Cache Entry: 91

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):51
                                  Entropy (8bit):5.39791553804993
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:0DFE332E6C1A8016F2DD62F69118B65F
                                  SHA1:8F01013912F6851CA2B02E2D915A5E7EA9434277
                                  SHA-256:94B32CF6A71E7DFB20721D812245DE7095C3171DFB71496B187D0E80F13BC248
                                  SHA-512:AB93A59B1654FFF29EFC631BE6946CB4E7C6EC69CE41A234A6F23878691DA70C8D1FBCF38325DDFDC36C09A701E473C69A5C57B1BD6ED19490E193D42A908E4F
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:!... v.~%iH:.Z.o{..'b...N.v...p...0.=){..N...[.0..

                                  Chrome Cache Entry: 93

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 54 x 54, 8-bit colormap, non-interlaced
                                  Category:downloaded
                                  Size (bytes):452
                                  Entropy (8bit):7.0936408308765495
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:C33DE66281E933259772399D10A6AFE8
                                  SHA1:B9F9D500F8814381451011D4DCF59CD2D90AD94F
                                  SHA-256:F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
                                  SHA-512:5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://f29cc861.solaraweb-alj.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
                                  Preview:.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

                                  \Device\ConDrv

                                  Download File
                                  Process:C:\Users\user\Downloads\BootstrapperV1.23.exe
                                  File Type:ISO-8859 text, with CRLF, LF line terminators
                                  Category:dropped
                                  Size (bytes):575
                                  Entropy (8bit):4.9334594979655515
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:06F0C1EA2D397BB67D08A021BE16E7F2
                                  SHA1:10D0313DC2E61081546E7ECDB15A8B64732092AE
                                  SHA-256:D752DD74ECCC283C93DF541DDCBD236737F14828073D4E4B3CC993BF1C2D3EA6
                                  SHA-512:7402E60109EB87014C707E89289599E60F75812E492256434ECA693CB3B9053CBCC0766E4A2B4C0579B657C046C5B76BE27CE33CFE57B253C5BE21E076A2CBEC
                                  Malicious:true
                                  Yara Hits:
                                  • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: \Device\ConDrv, Author: Joe Security
                                  • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: \Device\ConDrv, Author: Joe Security
                                  Reputation:unknown
                                  Preview:.............................................................------------------------.. ..[-] Fetching endpoint.....[-] Deleting old bootstrapper.....[-] Killing conflicting processes.....[-] Ensuring essential directories.....[-] Ensuring essential dependencies.....[-] Downloading node......Unhandled Exception: System.Net.WebException: The operation has timed out.. at System.Net.WebClient.DownloadFile(Uri address, String fileName).. at Program.DownloadAndInstallNode().. at Program.EnsureDependencies().. at Program.Main(String[] args).

                                  Static File Info

                                  No static file info