7d2d951a80874ac6d0194f5c972e76c2d92be57627198e2a7c011811868a91dd

Analysis

max time kernel
76s
max time network
82s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

driver_booster_setup_cyri.exe
Size

24.7MB
MD5

291dd01e49c206cb9f1f7892d1b3776e
SHA1

cf46cd488fccdad30d1e381dbf3f10992b6b3430
SHA256

7d2d951a80874ac6d0194f5c972e76c2d92be57627198e2a7c011811868a91dd
SHA512

b4ae258d903057cff0c2fdeb265f544fe3191d86e692fbbfcfca6bac747b2d46938adbba5bde28fddbb83a7869eab8c2579512a13352f8e4c582b5bfc0e985f7
SSDEEP

393216:/4I5UMYEojxBzIUWUdQ5/lXUryjYCRcSUbUMAWNArssIKXxYdKDc46YE:/4+UDvDzLNW/5l8CRiYwArcKXxYYDIYE

Score

9^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000016474-96.dat	acprotect
behavioral1/files/0x0006000000016474-102.dat	acprotect

Executes dropped EXE 29 IoCs

pid	Process
788	driver_booster_setup_cyri.tmp
1488	setup.exe
1684	driver_booster_setup_cyri.tmp
1284	HWiNFO.exe
464	CareScan.exe
1992	SetupHlp.exe
1940	RttHlp.exe
780	InstStat.exe
1144	DriverBooster.exe
1588	SetupHlp.exe
1356	HWiNFO.exe
1800	Manta.exe
1568	AutoUpdate.exe
1216	ChangeIcon.exe
628	NoteIcon.exe
852	RttHlp.exe
1928	Manta.exe
1172	Manta.exe
1048	NoteIcon.exe
1612	ChangeIcon.exe
1928	rma.exe
1712	FaultFixes.exe
1172	FaultFixes.exe
1108	RttHlp.exe
1332	SetupHlp.exe
1588	AUpdate.exe
1948	Manta.exe
364	Manta.exe
1368	DBDownloader.exe

Loads dropped DLL 64 IoCs

pid	Process
456	driver_booster_setup_cyri.exe
788	driver_booster_setup_cyri.tmp
788	driver_booster_setup_cyri.tmp
788	driver_booster_setup_cyri.tmp
268	driver_booster_setup_cyri.exe
1684	driver_booster_setup_cyri.tmp
1684	driver_booster_setup_cyri.tmp
1684	driver_booster_setup_cyri.tmp
1684	driver_booster_setup_cyri.tmp
1684	driver_booster_setup_cyri.tmp
1684	driver_booster_setup_cyri.tmp
464	CareScan.exe
464	CareScan.exe
464	CareScan.exe
1284	HWiNFO.exe
464	CareScan.exe
464	CareScan.exe
464	CareScan.exe
464	CareScan.exe
464	CareScan.exe
1684	driver_booster_setup_cyri.tmp
1992	SetupHlp.exe
1992	SetupHlp.exe
1992	SetupHlp.exe
1992	SetupHlp.exe
1992	SetupHlp.exe
1992	SetupHlp.exe
1992	SetupHlp.exe
1992	SetupHlp.exe
1992	SetupHlp.exe
1940	RttHlp.exe
1940	RttHlp.exe
1940	RttHlp.exe
1940	RttHlp.exe
1940	RttHlp.exe
1940	RttHlp.exe
1940	RttHlp.exe
1940	RttHlp.exe
1684	driver_booster_setup_cyri.tmp
780	InstStat.exe
780	InstStat.exe
780	InstStat.exe
780	InstStat.exe
780	InstStat.exe
780	InstStat.exe
780	InstStat.exe
780	InstStat.exe
780	InstStat.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1488	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir Desktop	CareScan.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop	CareScan.exe
Key opened	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\SOFTWARE\Avira\AntiVirus	CareScan.exe
Key opened	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Avast Software\Avast	CareScan.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Avast Software\Avast	CareScan.exe
Key opened	\REGISTRY\MACHINE\Software\Avast Software\Avast	CareScan.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}\desktop.ini	SetupHlp.exe
File opened for modification	C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}\desktop.ini	SetupHlp.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	CareScan.exe
File opened (read-only)	\??\J:	CareScan.exe
File opened (read-only)	\??\K:	CareScan.exe
File opened (read-only)	\??\Q:	CareScan.exe
File opened (read-only)	\??\S:	CareScan.exe
File opened (read-only)	\??\Y:	CareScan.exe
File opened (read-only)	\??\Z:	CareScan.exe
File opened (read-only)	\??\W:	CareScan.exe
File opened (read-only)	\??\B:	CareScan.exe
File opened (read-only)	\??\E:	CareScan.exe
File opened (read-only)	\??\I:	CareScan.exe
File opened (read-only)	\??\L:	CareScan.exe
File opened (read-only)	\??\O:	CareScan.exe
File opened (read-only)	\??\P:	CareScan.exe
File opened (read-only)	\??\T:	CareScan.exe
File opened (read-only)	\??\X:	CareScan.exe
File opened (read-only)	\??\H:	CareScan.exe
File opened (read-only)	\??\N:	CareScan.exe
File opened (read-only)	\??\U:	CareScan.exe
File opened (read-only)	\??\A:	CareScan.exe
File opened (read-only)	\??\G:	CareScan.exe
File opened (read-only)	\??\M:	CareScan.exe
File opened (read-only)	\??\R:	CareScan.exe
File opened (read-only)	\??\V:	CareScan.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	SetupHlp.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-O6FFV.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DpInst\x86\is-S1QKU.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Database\Scan\is-D2OE0.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-51GNF.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Apps\is-AO7R5.tmp	driver_booster_setup_cyri.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Update\	AutoUpdate.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-TTKNR.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-HRLNM.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DrvInstall\is-TQN50.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Main\is-QD94R.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Apps\is-BNOMP.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-F2CPT.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\database\StartupDRate.db	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-3JRN6.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-38SQ6.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-FS1S6.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Boost\is-CTC7T.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Skin\is-7FLV5.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-C952J.tmp	driver_booster_setup_cyri.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\LocalData\WhiteList.ini	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-3GG5U.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-JKGS6.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-K10SV.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DpInst\x64\is-DKMGQ.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-KHC4H.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\LocalData\is-IO6FS.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\database\StartupInfoBlack.db	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ScanData\dev-pro.dat	DriverBooster.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-0671M.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DrvInstall\is-9ANK5.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\LocalData\is-KHD3D.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-QGAPD.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DrvInstall\is-OM5VV.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Database\is-AJMEM.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-4C67S.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\database\startupWhite.db	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-EO68I.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-Q73B6.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-74SP1.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-E87EP.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Apps\is-OJJ0J.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Apps\is-47OP1.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Apps\is-41EMU.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Apps\is-74EEQ.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-O2U3D.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-P5MGM.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ScanData\scan.dat	DriverBooster.exe
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ZLBD88C.tmp	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Database\Scan\WhiteListtmp	DBDownloader.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-IK6JD.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-24S5O.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Boost\is-MQB3K.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Boost\is-JS72F.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-QGVJ0.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-S6F48.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Apps\is-G928A.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-928PM.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-6RS95.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Boost\is-8CV9B.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-9M0DT.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ErrCodeSpec\is-1R0NJ.tmp	driver_booster_setup_cyri.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ScanData\DxPatch.ini	DriverBooster.exe
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\LocalData\WhiteList.ini	DriverBooster.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.1.0\is-SIDME.tmp	driver_booster_setup_cyri.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	DriverBooster.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	DriverBooster.exe

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\9.1.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd\ = "DB_Open_dbd"	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\9.1.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop\ = "DB_Open_dbop"	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{735354FB-CEAA-4735-B494-AF4F64F99237}	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command	SetupHlp.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DriverBooster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DriverBooster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	DriverBooster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	DriverBooster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	DriverBooster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	DriverBooster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DriverBooster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	DriverBooster.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
788	driver_booster_setup_cyri.tmp
788	driver_booster_setup_cyri.tmp
1488	setup.exe
1488	setup.exe
1684	driver_booster_setup_cyri.tmp
1684	driver_booster_setup_cyri.tmp
464	CareScan.exe
464	CareScan.exe
1684	driver_booster_setup_cyri.tmp
1992	SetupHlp.exe
1992	SetupHlp.exe
1684	driver_booster_setup_cyri.tmp
780	InstStat.exe
780	InstStat.exe
1144	DriverBooster.exe
1144	DriverBooster.exe
1588	SetupHlp.exe
1588	SetupHlp.exe
1588	SetupHlp.exe
1568	AutoUpdate.exe
1568	AutoUpdate.exe
1712	FaultFixes.exe
1712	FaultFixes.exe
1172	FaultFixes.exe
1172	FaultFixes.exe
1144	DriverBooster.exe
1332	SetupHlp.exe
1332	SetupHlp.exe
1588	AUpdate.exe
1588	AUpdate.exe
1368	DBDownloader.exe
1368	DBDownloader.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
468	Process not Found
468	Process not Found
468	Process not Found
468	Process not Found
468	Process not Found
468	Process not Found

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	788	driver_booster_setup_cyri.tmp
Token: SeDebugPrivilege	1684	driver_booster_setup_cyri.tmp
Token: SeLoadDriverPrivilege	1284	HWiNFO.exe
Token: SeLoadDriverPrivilege	1284	HWiNFO.exe
Token: SeLoadDriverPrivilege	1284	HWiNFO.exe
Token: SeRestorePrivilege	464	CareScan.exe
Token: SeBackupPrivilege	464	CareScan.exe
Token: 33	1144	DriverBooster.exe
Token: SeIncBasePriorityPrivilege	1144	DriverBooster.exe
Token: SeDebugPrivilege	464	CareScan.exe
Token: 33	1144	DriverBooster.exe
Token: SeIncBasePriorityPrivilege	1144	DriverBooster.exe
Token: SeDebugPrivilege	1368	DBDownloader.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1488	setup.exe
1684	driver_booster_setup_cyri.tmp
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1144	DriverBooster.exe
1144	DriverBooster.exe
1144	DriverBooster.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 788	456	driver_booster_setup_cyri.exe	28
PID 456 wrote to memory of 788	456	driver_booster_setup_cyri.exe	28
PID 456 wrote to memory of 788	456	driver_booster_setup_cyri.exe	28
PID 456 wrote to memory of 788	456	driver_booster_setup_cyri.exe	28
PID 456 wrote to memory of 788	456	driver_booster_setup_cyri.exe	28
PID 456 wrote to memory of 788	456	driver_booster_setup_cyri.exe	28
PID 456 wrote to memory of 788	456	driver_booster_setup_cyri.exe	28
PID 788 wrote to memory of 1488	788	driver_booster_setup_cyri.tmp	29
PID 788 wrote to memory of 1488	788	driver_booster_setup_cyri.tmp	29
PID 788 wrote to memory of 1488	788	driver_booster_setup_cyri.tmp	29
PID 788 wrote to memory of 1488	788	driver_booster_setup_cyri.tmp	29
PID 788 wrote to memory of 1488	788	driver_booster_setup_cyri.tmp	29
PID 788 wrote to memory of 1488	788	driver_booster_setup_cyri.tmp	29
PID 788 wrote to memory of 1488	788	driver_booster_setup_cyri.tmp	29
PID 1488 wrote to memory of 268	1488	setup.exe	30
PID 1488 wrote to memory of 268	1488	setup.exe	30
PID 1488 wrote to memory of 268	1488	setup.exe	30
PID 1488 wrote to memory of 268	1488	setup.exe	30
PID 1488 wrote to memory of 268	1488	setup.exe	30
PID 1488 wrote to memory of 268	1488	setup.exe	30
PID 1488 wrote to memory of 268	1488	setup.exe	30
PID 268 wrote to memory of 1684	268	driver_booster_setup_cyri.exe	31
PID 268 wrote to memory of 1684	268	driver_booster_setup_cyri.exe	31
PID 268 wrote to memory of 1684	268	driver_booster_setup_cyri.exe	31
PID 268 wrote to memory of 1684	268	driver_booster_setup_cyri.exe	31
PID 268 wrote to memory of 1684	268	driver_booster_setup_cyri.exe	31
PID 268 wrote to memory of 1684	268	driver_booster_setup_cyri.exe	31
PID 268 wrote to memory of 1684	268	driver_booster_setup_cyri.exe	31
PID 1684 wrote to memory of 1284	1684	driver_booster_setup_cyri.tmp	33
PID 1684 wrote to memory of 1284	1684	driver_booster_setup_cyri.tmp	33
PID 1684 wrote to memory of 1284	1684	driver_booster_setup_cyri.tmp	33
PID 1684 wrote to memory of 1284	1684	driver_booster_setup_cyri.tmp	33
PID 1684 wrote to memory of 464	1684	driver_booster_setup_cyri.tmp	34
PID 1684 wrote to memory of 464	1684	driver_booster_setup_cyri.tmp	34
PID 1684 wrote to memory of 464	1684	driver_booster_setup_cyri.tmp	34
PID 1684 wrote to memory of 464	1684	driver_booster_setup_cyri.tmp	34
PID 1684 wrote to memory of 1992	1684	driver_booster_setup_cyri.tmp	35
PID 1684 wrote to memory of 1992	1684	driver_booster_setup_cyri.tmp	35
PID 1684 wrote to memory of 1992	1684	driver_booster_setup_cyri.tmp	35
PID 1684 wrote to memory of 1992	1684	driver_booster_setup_cyri.tmp	35
PID 1684 wrote to memory of 1992	1684	driver_booster_setup_cyri.tmp	35
PID 1684 wrote to memory of 1992	1684	driver_booster_setup_cyri.tmp	35
PID 1684 wrote to memory of 1992	1684	driver_booster_setup_cyri.tmp	35
PID 1992 wrote to memory of 1940	1992	SetupHlp.exe	37
PID 1992 wrote to memory of 1940	1992	SetupHlp.exe	37
PID 1992 wrote to memory of 1940	1992	SetupHlp.exe	37
PID 1992 wrote to memory of 1940	1992	SetupHlp.exe	37
PID 1992 wrote to memory of 1940	1992	SetupHlp.exe	37
PID 1992 wrote to memory of 1940	1992	SetupHlp.exe	37
PID 1992 wrote to memory of 1940	1992	SetupHlp.exe	37
PID 1684 wrote to memory of 780	1684	driver_booster_setup_cyri.tmp	38
PID 1684 wrote to memory of 780	1684	driver_booster_setup_cyri.tmp	38
PID 1684 wrote to memory of 780	1684	driver_booster_setup_cyri.tmp	38
PID 1684 wrote to memory of 780	1684	driver_booster_setup_cyri.tmp	38
PID 1488 wrote to memory of 1144	1488	setup.exe	39
PID 1488 wrote to memory of 1144	1488	setup.exe	39
PID 1488 wrote to memory of 1144	1488	setup.exe	39
PID 1488 wrote to memory of 1144	1488	setup.exe	39
PID 1488 wrote to memory of 1588	1488	setup.exe	40
PID 1488 wrote to memory of 1588	1488	setup.exe	40
PID 1488 wrote to memory of 1588	1488	setup.exe	40
PID 1488 wrote to memory of 1588	1488	setup.exe	40
PID 1488 wrote to memory of 1588	1488	setup.exe	40
PID 1488 wrote to memory of 1588	1488	setup.exe	40

C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe
"C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:456
- C:\Users\Admin\AppData\Local\Temp\is-G1RLB.tmp\driver_booster_setup_cyri.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-G1RLB.tmp\driver_booster_setup_cyri.tmp" /SL5="$80126,25203947,139264,C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:788
- - C:\Users\Admin\AppData\Local\Temp\is-54QCN.tmp-dbinst\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-54QCN.tmp-dbinst\setup.exe" "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe" /title="Driver Booster 9" /dbver=9.1.0.142 /eula="C:\Users\Admin\AppData\Local\Temp\is-54QCN.tmp-dbinst\EULA.rtf" /noemailpage /nochromepmt
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe
      "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\is-HTIN4.tmp\driver_booster_setup_cyri.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-HTIN4.tmp\driver_booster_setup_cyri.tmp" /SL5="$1018E,25203947,139264,C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:1684
      - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO.exe" /brandname
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        
        PID:1284
      - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\CareScan.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\CareScan.exe" /savefile /silentscan /low /output="C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ScanData\ScanResult_all.ini"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks for any installed AV software in registry
        Enumerates connected drives
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:464
      - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe" /install /trial /setup="C:\Users\Admin\AppData\Local\Temp\driver_booster_setup_cyri.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops desktop.ini file(s)
        Writes to the Master Boot Record (MBR)
        Drops file in Program Files directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1992
        
        C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe" /winstdate
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1940
      - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\InstStat.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\InstStat.exe" /install db9
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:780
  - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe
      "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe" /autoscan
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Checks processor information in registry
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1144
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO.exe" /brandname
        5⤵
        Executes dropped EXE
        
        PID:1356
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe" /CommStat /DoCommStat /Code="a602" /Days=0
        5⤵
        Executes dropped EXE
        
        PID:1800
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\AutoUpdate.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\AutoUpdate.exe" /auto /App=db9 /MainHwnd=0
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1568
      - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\rma.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\rma.exe" /run /auto
        6⤵
        Executes dropped EXE
        
        PID:1928
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ChangeIcon.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ChangeIcon.exe" /0 "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Main\"
        5⤵
        Executes dropped EXE
        
        PID:1216
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\NoteIcon.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\NoteIcon.exe" "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe"
        5⤵
        Executes dropped EXE
        
        PID:628
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe" /cnt
        5⤵
        Executes dropped EXE
        
        PID:852
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe" /CommStat /DoCommStat /Code="A500" /Days=0
        5⤵
        Executes dropped EXE
        
        PID:1172
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe" /CommStat /DoCommStat /Code="B500" /Days=7
        5⤵
        Executes dropped EXE
        
        PID:1928
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ChangeIcon.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\ChangeIcon.exe" /0 "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Icons\Main\"
        5⤵
        Executes dropped EXE
        
        PID:1612
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\FaultFixes.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\FaultFixes.exe" /fix-errorcode-1
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1712
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\FaultFixes.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\FaultFixes.exe" /fix-clean-1
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1172
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe" /stat
        5⤵
        Executes dropped EXE
        
        PID:1108
      - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\AUpdate.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\AUpdate.exe" /u http://stats.iobit.com/active_month.php /a db9 /p cyri /v 9.1.0.142 /t 5 /d 7 /db /user
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1588
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe" /afterupgrade
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1332
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe" /CommStat /DoCommStat /Code="A101" /Days=0
        5⤵
        Executes dropped EXE
        
        PID:1948
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Manta.exe" /CommStat /DoCommStat /Code="B101" /Days=7
        5⤵
        Executes dropped EXE
        
        PID:364
    - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DBDownloader.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DBDownloader.exe" {"proxytype":0,"task":[{"exp":"C:\\Program Files (x86)\\IObit\\Driver Booster\\9.1.0\\Database\\Scan\\WhiteList.db","u":"http://www.cd4o.com/drivers/wlst/160a63687750968a0cff33cfa56a0398.wlst","t":3,"p":"C:\\Program Files (x86)\\IObit\\Driver Booster\\9.1.0\\Database\\Scan\\WhiteListtmp","m":"160a63687750968a0cff33cfa56a0398","d":false}],"downtype":1}
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1368
  - - C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe
      "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe" /afterinstall /setup="C:\Users\Admin\AppData\Local\Temp\is-54QCN.tmp-dbinst\setup.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1588

C:\Windows\system32\taskeng.exe
taskeng.exe {C9741BA8-1B9F-4BC5-AA35-2F7091ABA04B} S-1-5-21-2292972927-2705560509-2768824231-1000:GRXNNIIE\Admin:Interactive:[1]
1⤵
PID:1752
- C:\Program Files (x86)\IObit\Driver Booster\9.1.0\NoteIcon.exe
  "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\NoteIcon.exe" "C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe" taskmode
  2⤵
  - Executes dropped EXE
  PID:1048

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Driver Booster\9.1.0\CareScan.exe

Filesize
3.4MB

MD5
c6feb1cdfb75f6bf43176c68a6be5d1f

SHA1
a33c81b1813e0952684f776251f18442d728b446

SHA256
9da000115b0e339b87006085a2cd036ae6a8a3b6d1d1bd9b4fb6509e04f5e467

SHA512
5b5b68857e7b9fffffabbc08f2d692eb902c21f44e1d162ac46b88f5b79084804ea02e14fbc119a992292178ee2ceec6f895a73132b72d0fea2fd7dbdd672984

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\CareScan.exe

Filesize
3.4MB

MD5
c6feb1cdfb75f6bf43176c68a6be5d1f

SHA1
a33c81b1813e0952684f776251f18442d728b446

SHA256
9da000115b0e339b87006085a2cd036ae6a8a3b6d1d1bd9b4fb6509e04f5e467

SHA512
5b5b68857e7b9fffffabbc08f2d692eb902c21f44e1d162ac46b88f5b79084804ea02e14fbc119a992292178ee2ceec6f895a73132b72d0fea2fd7dbdd672984

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO.exe

Filesize
171KB

MD5
226c4e3cc9f513f98a128c08f3dc7e80

SHA1
428f8c580aff677e4a36d06f71bde29106d4e2ae

SHA256
9f1d61d16b505064c9cba003630c09b1d09f25e3e42deeaacb105a7b246d49e2

SHA512
a6fd2c5df7939ae18ec7c1f1dab883c23017028f74b3a6ea708fec3f568ce99ae69827b4e5ea4587b55a45ff13cf4ea229044521cd8a12ddf4a90e73f5504d9a

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO32.dll

Filesize
1.2MB

MD5
e937e1a411075768ef3f287f9abc128a

SHA1
ee63928100563c1d846ecdc462a5c163ecce3d4c

SHA256
cb81c7cbd229b639f24db6655edc67f4c32954778d24e086d45a7229cc58351c

SHA512
a8a6123e1b88d3708ae76ab1ea2d3f15549d03549ee07fdf935357d06792fe63cceae7034e250588415040b8e11b0e892016bba165c488068c6c48f4cc7726a5

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Register.dll

Filesize
1.0MB

MD5
6caa319bdaad461f70be7215b1a14f1c

SHA1
88e5e169f004e0a423df672219dca962e8a8c23d

SHA256
c06ef0b045143a04f3df20cf3cd9938f47be24c207f0af1c1fe011c01f39a795

SHA512
bbc2fc020167a083fbc0d615983968ebca77224f7cd91b4fc6a489d9a1b2c677cef8abc99c8268ef18f8b9fa3bf86960b0709aa164362a6066c8c93e4abb25fa

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe

Filesize
2.3MB

MD5
4608eb2b3bc2ae80c301f63ac8538a97

SHA1
25dc359b4db73e352684a76ea1b4c5fd64c726b8

SHA256
fd01b7e1550b7ad7d79616f180d3856c0205f03e08de73e4dfd106a853d560b7

SHA512
f796c07fce5f7ddea3ea4a845b660f73c4c8b80cb47a37a372f00d2a13a329c89901cf16b584c4771653c9bf30a8456b98cdf51b4b9b2a0f45686b55a83fbf23

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe

Filesize
2.3MB

MD5
4608eb2b3bc2ae80c301f63ac8538a97

SHA1
25dc359b4db73e352684a76ea1b4c5fd64c726b8

SHA256
fd01b7e1550b7ad7d79616f180d3856c0205f03e08de73e4dfd106a853d560b7

SHA512
f796c07fce5f7ddea3ea4a845b660f73c4c8b80cb47a37a372f00d2a13a329c89901cf16b584c4771653c9bf30a8456b98cdf51b4b9b2a0f45686b55a83fbf23

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\Update\Update.ini

Filesize
1KB

MD5
221b5942dd2ff9df6c26397b77b2c57a

SHA1
89bf881df6c35d16e3276d495677dd6fa9c55815

SHA256
cef31866b2a28af58240e2eb3f2c0fd4663266f84e760eedcde468319f2b4697

SHA512
dad8922b02ede8bee5e93d41240e26bc91152cfee990872a0d98207370ee89a5e8259942f2c95fd8c90095505a64f9abc40d729724da9c027850d79105654ff9

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\cus.dat

Filesize
1KB

MD5
f6d1f716d56fac43b8dea37e2523c9d3

SHA1
1fdd345c4b27854c94a50efc144b1fba59e8db66

SHA256
71cdb38abddca6214f5586909af6166032ae7cd5bf4875bf13d375a335175e37

SHA512
7d46ac60fab2ee13bf3e2a954b2ca096df9375f7fdd8c9273128917c91551d4e8cc2b64473d93db9c84339c4fecf2716e92b3ddcaef8448c80f05c191f9f57f8

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\datastate.dll

Filesize
75KB

MD5
05d73ef4eac3ef5cd06f81ab292ec499

SHA1
4c8f7c64f2900ef70e048105f02805f1c38b94ff

SHA256
f4ab13542590fb63929cefc3c2c598d37637a61f49ab99b8de4eeb3f8a4683b9

SHA512
bd6bd095eb3281deb65590659a39fb9e34bab5c1e7ebd9796ec021514de149e9c09a9eabaa5a796371b5ec9d92989b5ae8dc6381fe7443aa0a9b5adcd795d102

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\local.dat

Filesize
80B

MD5
a63564fb3f7f2b4e8e49f4b4476bec96

SHA1
bb805327a113d6a24ba7d02ce701433e0594365c

SHA256
cf03d5fe2931b176fe4f4bc80791ef0c87af97a1edb66f0f10688ee3d0f90115

SHA512
0fb29ed860080999df14ef5d5ecdfe1879c5badcf6a6ce9c3cef0d316315c4795dbf6abf3a0420ab334d0d5c9ec95843c2fda06049c735f286a74cca72088af7

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\madBasic_.bpl

Filesize
209KB

MD5
752d6cd2023479342250eb576af4b451

SHA1
aabc6e14b64a68dd9e934036d25d3a602684cd3e

SHA256
6bd8913a44147de462eb971335938caa3906ad5a4bacbb8615c60024670caa5c

SHA512
15521c8a1d4d6a13783c347ebc601ecd6bbb3a489b46893ce0aa4c4dfafb9ce8f3cd2b8e80938d157e7812064b64836e187f274e3ffdaa68cc3bd5a4313c7ec2

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\madDisAsm_.bpl

Filesize
62KB

MD5
1856c3d0aba628ead9a1ac8a713fb11e

SHA1
196f94ce689b4de0537190582baba76e131e00cc

SHA256
9e3bda2c295be18ddcd7406366c325bf52b090f87612854ce3e35f80b633e931

SHA512
9e5896398def73664fa502ee4e0964aa3d4a5f3145cf118c2a2fd27e58e8908fd2bf26db472e8e96d2f2508d24bccd065a4a347da33c44f800ed4ab8599b389e

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\madExcept_.bpl

Filesize
435KB

MD5
70d73d518ceab5e50623cb73353dab4f

SHA1
c23656077432925131c95ab754ffb773d3cb9796

SHA256
eb2573197363b52d7a240c7e8944ab6b4a07fe101f1df0da764f281a611246fd

SHA512
8956b520619ce8380d19e58743c94a7a26980cc0dd3874172df9cfb9a09f4cff7855fc3d69c79acb42a21626590d59609d92a258ca8c8f99f16732080fe20688

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\rtl120.bpl

Filesize
1.1MB

MD5
af6ba2df6a5fd24af4074be3b9a3e419

SHA1
a507188f63e54b48a13f5f1f6350773b9b97605b

SHA256
d1dab9914233a86b06c4fdb192507db7a516367b274180accf181cde5bbf9efd

SHA512
242aadc1ea77870f3de5e866661be04ca2693b4a67ac8ea457ce9fe05ca067d2877b500a5cbb8a880a91f50a5bfe5c7407d7f784d97707ea4fb39c2f1d277942

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\sqlite3.dll

Filesize
905KB

MD5
93e1cbff5471692742520ac78f9d39c2

SHA1
2bf8cb6683e135922c232b2480c60157ce2e23f0

SHA256
c1f0111baf2423027596ada8458685957e913f0b72021faa34c498a14d70b9ce

SHA512
8e237c2d3db98b72c8abfb2eced58f5e3868cd79d66ac48b730a12a945eb64c287d8ef17a5f19b53b1d2fee8a19a91aac29861be5201ce55bd219f945406c9b3

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.1.0\vcl120.bpl

Filesize
1.9MB

MD5
3dac8fc6c8c43f85ef76d33b1736133f

SHA1
6d2d2ca5087b755c8e49be84871436b9fa6cf903

SHA256
132828f816e9e4f0ba2ed5ae5cd62d213e4cfc698bf06543cc7890c5ed5792e1

SHA512
68ddf4b68101fd9ca9899a901e7e22ed66067c0416ccc96780f8c109724ffe583aa135996fffe47b185c25d768ab48c84c256c43eb769ed90e143e5235530fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-54QCN.tmp-dbinst\setup.exe

Filesize
7.1MB

MD5
b9561578e1dd583f74bbd0e1dfe91105

SHA1
c8dae9e25a35759d4e6e08a3116319aef02a15bf

SHA256
8e6c349e197158a3f44f15e85bec54690e2ce6a6676867de193fe67dbaec93cf

SHA512
8f28759a6ef591aaef5cd1096fb7dea1e9f4b4469dca8257561e32bf27cf75eb191c54d575f40c3e3179cf0604f5bb962c4f73bf641fa68153b15d9480af29e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-54QCN.tmp-dbinst\setup.exe

Filesize
7.1MB

MD5
b9561578e1dd583f74bbd0e1dfe91105

SHA1
c8dae9e25a35759d4e6e08a3116319aef02a15bf

SHA256
8e6c349e197158a3f44f15e85bec54690e2ce6a6676867de193fe67dbaec93cf

SHA512
8f28759a6ef591aaef5cd1096fb7dea1e9f4b4469dca8257561e32bf27cf75eb191c54d575f40c3e3179cf0604f5bb962c4f73bf641fa68153b15d9480af29e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-G1RLB.tmp\driver_booster_setup_cyri.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HTIN4.tmp\driver_booster_setup_cyri.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HTIN4.tmp\driver_booster_setup_cyri.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
102B

MD5
430e599e654a0d79b9e670226f3e6d9b

SHA1
5780e209f23d6af9d4cab5e48b93eb66fb90493d

SHA256
700ea69afed2006643b682311b572b52c7264b65267780de5feaa21933d29a33

SHA512
5ce450a310a5d46c2d6bcc2bcd45c40ff2008ab18b24cbc6d765ba45b631cc53f842deb081dd8beb9ed93c4e650a9d7b00a7590348b642b327ae23bd634fee8d

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
56B

MD5
37ba980823908ef9d3dbbab646a0c436

SHA1
5a549c0e5b38479bdb797ad75ed20a3196c6976c

SHA256
bda1cde581bd73cff85aaebd778a7e4a13a4c6028477431a86ffd9ed43f481f6

SHA512
583c84bb9cdc3eca80ed484b29b747df27931b783af319733f4b90fc2d959e066f32f25f08b4d94906dfb4df895684f8db0fd0567d0f4ccdbba7dcb92867d242

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\CareScan.exe

Filesize
3.4MB

MD5
c6feb1cdfb75f6bf43176c68a6be5d1f

SHA1
a33c81b1813e0952684f776251f18442d728b446

SHA256
9da000115b0e339b87006085a2cd036ae6a8a3b6d1d1bd9b4fb6509e04f5e467

SHA512
5b5b68857e7b9fffffabbc08f2d692eb902c21f44e1d162ac46b88f5b79084804ea02e14fbc119a992292178ee2ceec6f895a73132b72d0fea2fd7dbdd672984

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\DataState.dll

Filesize
75KB

MD5
05d73ef4eac3ef5cd06f81ab292ec499

SHA1
4c8f7c64f2900ef70e048105f02805f1c38b94ff

SHA256
f4ab13542590fb63929cefc3c2c598d37637a61f49ab99b8de4eeb3f8a4683b9

SHA512
bd6bd095eb3281deb65590659a39fb9e34bab5c1e7ebd9796ec021514de149e9c09a9eabaa5a796371b5ec9d92989b5ae8dc6381fe7443aa0a9b5adcd795d102

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO.exe

Filesize
171KB

MD5
226c4e3cc9f513f98a128c08f3dc7e80

SHA1
428f8c580aff677e4a36d06f71bde29106d4e2ae

SHA256
9f1d61d16b505064c9cba003630c09b1d09f25e3e42deeaacb105a7b246d49e2

SHA512
a6fd2c5df7939ae18ec7c1f1dab883c23017028f74b3a6ea708fec3f568ce99ae69827b4e5ea4587b55a45ff13cf4ea229044521cd8a12ddf4a90e73f5504d9a

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\HWiNFO\HWiNFO32.dll

Filesize
1.2MB

MD5
e937e1a411075768ef3f287f9abc128a

SHA1
ee63928100563c1d846ecdc462a5c163ecce3d4c

SHA256
cb81c7cbd229b639f24db6655edc67f4c32954778d24e086d45a7229cc58351c

SHA512
a8a6123e1b88d3708ae76ab1ea2d3f15549d03549ee07fdf935357d06792fe63cceae7034e250588415040b8e11b0e892016bba165c488068c6c48f4cc7726a5

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\Register.dll

Filesize
1.0MB

MD5
6caa319bdaad461f70be7215b1a14f1c

SHA1
88e5e169f004e0a423df672219dca962e8a8c23d

SHA256
c06ef0b045143a04f3df20cf3cd9938f47be24c207f0af1c1fe011c01f39a795

SHA512
bbc2fc020167a083fbc0d615983968ebca77224f7cd91b4fc6a489d9a1b2c677cef8abc99c8268ef18f8b9fa3bf86960b0709aa164362a6066c8c93e4abb25fa

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\Register.dll

Filesize
1.0MB

MD5
6caa319bdaad461f70be7215b1a14f1c

SHA1
88e5e169f004e0a423df672219dca962e8a8c23d

SHA256
c06ef0b045143a04f3df20cf3cd9938f47be24c207f0af1c1fe011c01f39a795

SHA512
bbc2fc020167a083fbc0d615983968ebca77224f7cd91b4fc6a489d9a1b2c677cef8abc99c8268ef18f8b9fa3bf86960b0709aa164362a6066c8c93e4abb25fa

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\Register.dll

Filesize
1.0MB

MD5
6caa319bdaad461f70be7215b1a14f1c

SHA1
88e5e169f004e0a423df672219dca962e8a8c23d

SHA256
c06ef0b045143a04f3df20cf3cd9938f47be24c207f0af1c1fe011c01f39a795

SHA512
bbc2fc020167a083fbc0d615983968ebca77224f7cd91b4fc6a489d9a1b2c677cef8abc99c8268ef18f8b9fa3bf86960b0709aa164362a6066c8c93e4abb25fa

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe

Filesize
2.3MB

MD5
4608eb2b3bc2ae80c301f63ac8538a97

SHA1
25dc359b4db73e352684a76ea1b4c5fd64c726b8

SHA256
fd01b7e1550b7ad7d79616f180d3856c0205f03e08de73e4dfd106a853d560b7

SHA512
f796c07fce5f7ddea3ea4a845b660f73c4c8b80cb47a37a372f00d2a13a329c89901cf16b584c4771653c9bf30a8456b98cdf51b4b9b2a0f45686b55a83fbf23

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe

Filesize
2.3MB

MD5
4608eb2b3bc2ae80c301f63ac8538a97

SHA1
25dc359b4db73e352684a76ea1b4c5fd64c726b8

SHA256
fd01b7e1550b7ad7d79616f180d3856c0205f03e08de73e4dfd106a853d560b7

SHA512
f796c07fce5f7ddea3ea4a845b660f73c4c8b80cb47a37a372f00d2a13a329c89901cf16b584c4771653c9bf30a8456b98cdf51b4b9b2a0f45686b55a83fbf23

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe

Filesize
2.3MB

MD5
4608eb2b3bc2ae80c301f63ac8538a97

SHA1
25dc359b4db73e352684a76ea1b4c5fd64c726b8

SHA256
fd01b7e1550b7ad7d79616f180d3856c0205f03e08de73e4dfd106a853d560b7

SHA512
f796c07fce5f7ddea3ea4a845b660f73c4c8b80cb47a37a372f00d2a13a329c89901cf16b584c4771653c9bf30a8456b98cdf51b4b9b2a0f45686b55a83fbf23

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\SetupHlp.exe

Filesize
2.3MB

MD5
4608eb2b3bc2ae80c301f63ac8538a97

SHA1
25dc359b4db73e352684a76ea1b4c5fd64c726b8

SHA256
fd01b7e1550b7ad7d79616f180d3856c0205f03e08de73e4dfd106a853d560b7

SHA512
f796c07fce5f7ddea3ea4a845b660f73c4c8b80cb47a37a372f00d2a13a329c89901cf16b584c4771653c9bf30a8456b98cdf51b4b9b2a0f45686b55a83fbf23

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\madBasic_.bpl

Filesize
209KB

MD5
752d6cd2023479342250eb576af4b451

SHA1
aabc6e14b64a68dd9e934036d25d3a602684cd3e

SHA256
6bd8913a44147de462eb971335938caa3906ad5a4bacbb8615c60024670caa5c

SHA512
15521c8a1d4d6a13783c347ebc601ecd6bbb3a489b46893ce0aa4c4dfafb9ce8f3cd2b8e80938d157e7812064b64836e187f274e3ffdaa68cc3bd5a4313c7ec2

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\madDisAsm_.bpl

Filesize
62KB

MD5
1856c3d0aba628ead9a1ac8a713fb11e

SHA1
196f94ce689b4de0537190582baba76e131e00cc

SHA256
9e3bda2c295be18ddcd7406366c325bf52b090f87612854ce3e35f80b633e931

SHA512
9e5896398def73664fa502ee4e0964aa3d4a5f3145cf118c2a2fd27e58e8908fd2bf26db472e8e96d2f2508d24bccd065a4a347da33c44f800ed4ab8599b389e

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\madExcept_.bpl

Filesize
435KB

MD5
70d73d518ceab5e50623cb73353dab4f

SHA1
c23656077432925131c95ab754ffb773d3cb9796

SHA256
eb2573197363b52d7a240c7e8944ab6b4a07fe101f1df0da764f281a611246fd

SHA512
8956b520619ce8380d19e58743c94a7a26980cc0dd3874172df9cfb9a09f4cff7855fc3d69c79acb42a21626590d59609d92a258ca8c8f99f16732080fe20688

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\rtl120.bpl

Filesize
1.1MB

MD5
af6ba2df6a5fd24af4074be3b9a3e419

SHA1
a507188f63e54b48a13f5f1f6350773b9b97605b

SHA256
d1dab9914233a86b06c4fdb192507db7a516367b274180accf181cde5bbf9efd

SHA512
242aadc1ea77870f3de5e866661be04ca2693b4a67ac8ea457ce9fe05ca067d2877b500a5cbb8a880a91f50a5bfe5c7407d7f784d97707ea4fb39c2f1d277942

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\rtl120.bpl

Filesize
1.1MB

MD5
af6ba2df6a5fd24af4074be3b9a3e419

SHA1
a507188f63e54b48a13f5f1f6350773b9b97605b

SHA256
d1dab9914233a86b06c4fdb192507db7a516367b274180accf181cde5bbf9efd

SHA512
242aadc1ea77870f3de5e866661be04ca2693b4a67ac8ea457ce9fe05ca067d2877b500a5cbb8a880a91f50a5bfe5c7407d7f784d97707ea4fb39c2f1d277942

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\rtl120.bpl

Filesize
1.1MB

MD5
af6ba2df6a5fd24af4074be3b9a3e419

SHA1
a507188f63e54b48a13f5f1f6350773b9b97605b

SHA256
d1dab9914233a86b06c4fdb192507db7a516367b274180accf181cde5bbf9efd

SHA512
242aadc1ea77870f3de5e866661be04ca2693b4a67ac8ea457ce9fe05ca067d2877b500a5cbb8a880a91f50a5bfe5c7407d7f784d97707ea4fb39c2f1d277942

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\sqlite3.dll

Filesize
905KB

MD5
93e1cbff5471692742520ac78f9d39c2

SHA1
2bf8cb6683e135922c232b2480c60157ce2e23f0

SHA256
c1f0111baf2423027596ada8458685957e913f0b72021faa34c498a14d70b9ce

SHA512
8e237c2d3db98b72c8abfb2eced58f5e3868cd79d66ac48b730a12a945eb64c287d8ef17a5f19b53b1d2fee8a19a91aac29861be5201ce55bd219f945406c9b3

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\unins000.exe

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\vcl120.bpl

Filesize
1.9MB

MD5
3dac8fc6c8c43f85ef76d33b1736133f

SHA1
6d2d2ca5087b755c8e49be84871436b9fa6cf903

SHA256
132828f816e9e4f0ba2ed5ae5cd62d213e4cfc698bf06543cc7890c5ed5792e1

SHA512
68ddf4b68101fd9ca9899a901e7e22ed66067c0416ccc96780f8c109724ffe583aa135996fffe47b185c25d768ab48c84c256c43eb769ed90e143e5235530fc6

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.1.0\vcl120.bpl

Filesize
1.9MB

MD5
3dac8fc6c8c43f85ef76d33b1736133f

SHA1
6d2d2ca5087b755c8e49be84871436b9fa6cf903

SHA256
132828f816e9e4f0ba2ed5ae5cd62d213e4cfc698bf06543cc7890c5ed5792e1

SHA512
68ddf4b68101fd9ca9899a901e7e22ed66067c0416ccc96780f8c109724ffe583aa135996fffe47b185c25d768ab48c84c256c43eb769ed90e143e5235530fc6

Download Submit
\Users\Admin\AppData\Local\Temp\is-54QCN.tmp-dbinst\setup.exe

Filesize
7.1MB

MD5
b9561578e1dd583f74bbd0e1dfe91105

SHA1
c8dae9e25a35759d4e6e08a3116319aef02a15bf

SHA256
8e6c349e197158a3f44f15e85bec54690e2ce6a6676867de193fe67dbaec93cf

SHA512
8f28759a6ef591aaef5cd1096fb7dea1e9f4b4469dca8257561e32bf27cf75eb191c54d575f40c3e3179cf0604f5bb962c4f73bf641fa68153b15d9480af29e4

Download Submit
\Users\Admin\AppData\Local\Temp\is-54QCN.tmp\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Users\Admin\AppData\Local\Temp\is-54QCN.tmp\DriverBooster.exe

Filesize
8.2MB

MD5
d18598009c95250633fa5e8af1548918

SHA1
ede158481b03633180e9a37cbc7f17c00bb48c91

SHA256
b5debc9aafc0375a6015507f7919a8a589979e3a6001da9730ba8b7ca3a5baad

SHA512
b359f9ab2dde4994c974dd96c91cb287ad2923a23275472a36f621a0859a57d4a2e455243473880c62fc6734f1681e3b824d3e132a15b74b47a23b34138f7ab7

Download Submit
\Users\Admin\AppData\Local\Temp\is-G1RLB.tmp\driver_booster_setup_cyri.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
\Users\Admin\AppData\Local\Temp\is-HTIN4.tmp\driver_booster_setup_cyri.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
memory/268-151-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/268-75-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/268-73-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/268-145-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/364-215-0x00000000022F0000-0x00000000023FD000-memory.dmp

Filesize
1.1MB

Download
memory/456-55-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/456-68-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/456-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/456-61-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/464-114-0x0000000004710000-0x000000000481D000-memory.dmp

Filesize
1.1MB

Download
memory/780-152-0x0000000004000000-0x000000000410D000-memory.dmp

Filesize
1.1MB

Download
memory/852-186-0x0000000002D40000-0x0000000002E4D000-memory.dmp

Filesize
1.1MB

Download
memory/1108-203-0x00000000023C0000-0x00000000024CD000-memory.dmp

Filesize
1.1MB

Download
memory/1144-159-0x0000000006C10000-0x0000000006CAB000-memory.dmp

Filesize
620KB

Download
memory/1144-163-0x0000000009860000-0x00000000099B9000-memory.dmp

Filesize
1.3MB

Download
memory/1144-155-0x0000000000C70000-0x0000000000D07000-memory.dmp

Filesize
604KB

Download
memory/1144-156-0x0000000000D10000-0x0000000000F4E000-memory.dmp

Filesize
2.2MB

Download
memory/1144-157-0x0000000005890000-0x000000000599D000-memory.dmp

Filesize
1.1MB

Download
memory/1144-158-0x0000000006B30000-0x0000000006C01000-memory.dmp

Filesize
836KB

Download
memory/1144-170-0x000000000B150000-0x000000000B1E2000-memory.dmp

Filesize
584KB

Download
memory/1172-205-0x00000000038F0000-0x00000000039FD000-memory.dmp

Filesize
1.1MB

Download
memory/1172-188-0x0000000002170000-0x000000000227D000-memory.dmp

Filesize
1.1MB

Download
memory/1284-115-0x0000000010000000-0x0000000010237000-memory.dmp

Filesize
2.2MB

Download
memory/1332-208-0x00000000038E0000-0x00000000039ED000-memory.dmp

Filesize
1.1MB

Download
memory/1368-218-0x0000000000230000-0x00000000002C7000-memory.dmp

Filesize
604KB

Download
memory/1488-70-0x0000000073D31000-0x0000000073D33000-memory.dmp

Filesize
8KB

Download
memory/1568-173-0x0000000003870000-0x000000000397D000-memory.dmp

Filesize
1.1MB

Download
memory/1568-177-0x0000000005361000-0x0000000005446000-memory.dmp

Filesize
916KB

Download
memory/1568-175-0x00000000039C0000-0x00000000039D4000-memory.dmp

Filesize
80KB

Download
memory/1588-162-0x0000000004220000-0x000000000432D000-memory.dmp

Filesize
1.1MB

Download
memory/1588-209-0x0000000002CC0000-0x0000000002DCD000-memory.dmp

Filesize
1.1MB

Download
memory/1712-204-0x0000000004170000-0x000000000427D000-memory.dmp

Filesize
1.1MB

Download
memory/1800-169-0x0000000002280000-0x000000000238D000-memory.dmp

Filesize
1.1MB

Download
memory/1928-187-0x0000000002100000-0x000000000220D000-memory.dmp

Filesize
1.1MB

Download
memory/1940-147-0x0000000002C80000-0x0000000002D8D000-memory.dmp

Filesize
1.1MB

Download
memory/1992-127-0x0000000003910000-0x0000000003A1D000-memory.dmp

Filesize
1.1MB

Download