| Indicator | Suspicion | |-----------|-----------| | Unsigned or self-signed | Possible tampering | | Calls to powershell -enc | Downl0ader behaviour | | Writes to Startup folder | Persistence mechanism | | Downloaded secondary payload not expected by org policy | Check with app owner | | Outbound to IP instead of domain | C2-like behaviour |
: Similar files like bootstrapper.exe are core components for platforms like Steam and Google Play Games to keep games updated. Bootstrapper-v2.14.exe
If the installer can't "unlink" or overwrite a file, it’s often because an old version is still running in the background. Security Quarantines: Bootstrapper-v2.14.exe