netsupport | 677bf5f29312f25cfe97c764ff07281fe1cb98308dbfe8a20cf6d7fdcb6f12b1

Analysis

max time kernel
110s
max time network
150s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/01/2023, 16:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Lightshot-setup.exe
Size

14.7MB
MD5

cfc6d78fb0745b3e7738a5bf4be2b9cc
SHA1

eba8eddfd8c581f0dfc9e4b581a23bf0dd3f22ce
SHA256

677bf5f29312f25cfe97c764ff07281fe1cb98308dbfe8a20cf6d7fdcb6f12b1
SHA512

e96ce3d452a6b409e548446bc0563118eb1c1f7e6de7ba71fe5fa73f1d98fb7157f3afbfccee7a6ddf5026fbfe59bcaa3398838e73548fd6b500818dce6221ab
SSDEEP

393216:vM/DSImRQn+K9hT3CoiEKWocnlvEtA39:k/DOo9d3zlWQ9

Score

10^/10

netsupport persistence rat

Malware Config

Signatures

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport

Executes dropped EXE 1 IoCs

pid	Process
2012	RawDigger.exe

Loads dropped DLL 42 IoCs

pid	Process
856	Lightshot-setup.exe
856	Lightshot-setup.exe
856	Lightshot-setup.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe
2012	RawDigger.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Serial Disc IO Helper = "C:\\Users\\Admin\\AppData\\Roaming\\PC Booster Pro\\RawDigger.exe"	RawDigger.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	RawDigger.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	RawDigger.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2012	RawDigger.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2012	RawDigger.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2012	RawDigger.exe

C:\Users\Admin\AppData\Local\Temp\Lightshot-setup.exe
"C:\Users\Admin\AppData\Local\Temp\Lightshot-setup.exe"
1⤵
- Loads dropped DLL
PID:856

C:\Users\Admin\AppData\Roaming\PC Booster Pro\RawDigger.exe
"C:\Users\Admin\AppData\Roaming\PC Booster Pro\RawDigger.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\PC Booster Pro\MSVCP100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\MSVCR100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QtCore4.dll

Filesize
2.5MB

MD5
57507a6b17ffb855074e715510b6deec

SHA1
f750cbf94b98059990b680a4c81880a05f7e8b2a

SHA256
5641396ecb59afd714b79607c0278f4dfc9e4db441a90b56a2eb0c7108289839

SHA512
1e5acf82e76e733f895445d4c4070c8f3f8176c809f03c63c774099059ab364bec175f9032d0bdc0d713ff104e7d560aae85c5874d37dfb07f622b6bdf5c2a2a

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\RawDigger.exe

Filesize
1.5MB

MD5
58483a36a5700f65d1a0d882c91d9d0b

SHA1
e60a76c27d0eca6b029b75a6318a46a5fdccb341

SHA256
da84713fd0239df43cbcbac590c44e48699f3fb1e07af7ba95957e3dda7d80c5

SHA512
3ebb4790274ef443357f0c38ead8a9a535e53b9a3dda69bcadda617b718653ce68fc0426b622612614cb6f9063768f5a1419faad18b2d15b35605a80741ffc7c

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
86279521328398e87699d248628eb13a

SHA1
e4d4c39bda90635f1f5c2fc58b1304e2daac9caf

SHA256
3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337

SHA512
2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
422adad24e8da100f85bf3de86b5f302

SHA1
7004b3ed8663b5890cd25e1a7899a766be912728

SHA256
e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956

SHA512
e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
602a35b140d9d68d7b3e488896158365

SHA1
f1ba615abb54ff786ddbc74dffffd56394bfc892

SHA256
43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52

SHA512
4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
a07afa26ab56a8d3b8b16591a1962005

SHA1
2b6f3143487f747911ee20f039f1ffb1381858ac

SHA256
6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b

SHA512
b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
ed215daa7493bf93c5eadef178a261e0

SHA1
b20c8dc7ba00f98a326f5f4fd55329b72f8e5699

SHA256
8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26

SHA512
3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
a9c7db516186c8e367fed757e238c61a

SHA1
1318d6496e7146e773aca85be6d0e9b87a09e284

SHA256
ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659

SHA512
6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
c6385b316bb04ca36d76b077eeb9a61e

SHA1
fc376f68798fecd41fb1c936eed1bce3f2ee6bef

SHA256
060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc

SHA512
bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
311e582d5d3d8421e883c4a8248eacc8

SHA1
c99e61d1446fce0f883a2aad261af22d77953a59

SHA256
369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4

SHA512
050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
10731d3320c12abb62d3866d7e728cce

SHA1
df4e131c825d1ca5cd14e00e5c04785d6ca508f7

SHA256
9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700

SHA512
7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
cf5f256e8cd76ba85e6c3047f078814a

SHA1
b7cde77313ceaae76a46c1111b33b3d8f47c4214

SHA256
9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1

SHA512
856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
78dfcb76dc8b42411dbc682f78f5c6eb

SHA1
e50f6719fee44c70518cf8442737a688b5f45e62

SHA256
8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f

SHA512
968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
8bd7a27e6ca969d3eb46086d411ce05d

SHA1
3bbf6f55853b1487debca58d7cb5c877d0abd517

SHA256
8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c

SHA512
fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
f681a45c47ebb2c56c1465677ec33ff3

SHA1
06bf7798c51325cf1806e14dea56ff98b05b7846

SHA256
3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af

SHA512
eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
00446e48d60abf044acc72b46d5c3afb

SHA1
0ccc0c5034ac063e1d4af851b0de1f4ea99aff97

SHA256
82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a

SHA512
69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
376b4a7a02f20ed3aede05039ec3daf0

SHA1
c9149b37f85cfc724bedc0ecd543d95280055de1

SHA256
b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c

SHA512
ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
6376bf5bac3f0208f0a5d11415ccd444

SHA1
c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8

SHA256
e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e

SHA512
9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avcodec-58.dll

Filesize
9.2MB

MD5
471384b8ab0412d9f49e73cddf66ee53

SHA1
8ae55ffaccbc9fb05dfee9209f87b2f8932b67be

SHA256
775de31d8f8212458e90ed205417c47679d62a9565ff988a967b50e176bb3615

SHA512
6fc3743638c3f58313929b134055698f46fb5ab4047711ebe79dc62cb9ec7299943b2ee85c3e0850405d7c04bace79bc8e8e6bebfdb5f87971cd14d025af3af9

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avformat-58.dll

Filesize
1.8MB

MD5
74e7a063d078809e567d09d0602512b0

SHA1
ad52e1b87c046a06f787d120eb992f02108f79cf

SHA256
e0ecd90ff80c789b3859264d038cd2ebf1fecdc0546ed669dfc0bab1f3820e0c

SHA512
984de300fee3d9de77c71fbcf705acbbc724ce25ea86374d5532aa4cfa6245e8f66bc7e989b6afbbd8083b24f4282de328ab6afa8664a3be75fb044bf836b2d8

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avutil-56.dll

Filesize
455KB

MD5
c3997689e6b0bcdb31b2c29a2b0aa57d

SHA1
0ab05677dc3f8ee5bf8ab5a7811fd6cf1641166f

SHA256
27c480cd5d35361278039a91e3fcdf5d9df58ee9e4e4d9ac8cc132e79349154b

SHA512
fdf070baae47611978b9289c96e6c7c33e8c213e9c6428dbd35cb8b09e2f00904e1d760a83ca6ce7596807136db2e9066f186f5b0f26a2cabad156ee162e89fe

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\jpeg8.dll

Filesize
242KB

MD5
e925a83df59e7fc3db2c104e5e965ee3

SHA1
ff7cb4ac5ee65bbde9ef3de2532012a4572565ab

SHA256
c144153e88527567e9de84777a80f0f5305e07b6ffc036546a2cc587361cb806

SHA512
c3adbeee7e284037915f8a9c18e4c93e69c55e530cfa5da01a5ea46a6821d65377e1829d2532afd0788015246915778d154ae8ad38839554b11d6a2dd00547b9

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libpushpp.dll

Filesize
85KB

MD5
87ca20f6bb901e31d7bc7ec019d101e4

SHA1
225ac915742a0f1e84afb530a54d056c86014680

SHA256
85e9f28bc839619cf1df3ec9115cda40741d2d169baa93fc8144a8957d23aa88

SHA512
2363cbb7774ebbcd8974f5fe995c26a486da0bbf76f8276c2c01b87cb0194fde11409221c40434dcc06eebaee68a17c460fd487c7a73434e114d2ef11c5717ee

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\librawf.dll

Filesize
1.8MB

MD5
1a0d4dda536b37a08cc99e9fc2bde4f2

SHA1
dc8c5b319c069b3d2f5e7c632f6b70d48980fcd7

SHA256
f13e014ce258dc5ff00e43bd274751f773df0eefd69e44ef7ee4ce45461cc5e0

SHA512
120145fbb98fa2ed7ed89ab31e9fd2bf619e30b870799a39bf9c0e3755a9e5a7b57b06d46b128bb10fb4f50a21d05231d868d702e0fe151fdea74f097e5178f7

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libxml2.dll

Filesize
1007KB

MD5
d9c0a51baa596e5c6c294f531b2fcce4

SHA1
8dd53e5d5b02bdc25d5d859f68ca80c8e2485849

SHA256
a25ad1ab50d0c3abea22639c8f97cf3022072ef5aaf06fda7c77361bdbaa69e8

SHA512
463409830d59ba3e93400f2975653b9d36c74677eb253696f1cc21ddf6080592cfaafc916dea91652c1c44b5f1094e359450fb474222de0e553d49cba587c566

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\rawspeed.dll

Filesize
253KB

MD5
f630b00f77fd586de61f0cf21da329cc

SHA1
799b4df8194d9179c9db81599798a3640e1ebb05

SHA256
9dbe6fc45b69ef8230389747b03ac914a16938d5dbfc9ad2ecb58260a4534316

SHA512
2f46de15ed4481278fdaa9b9037251b99771ab53ed1ef566c6a4a1e17ff4ee42a42914c8e2e09bb5a58f36143abd017bf7d2491e5ef6080d77ca3c8e7135ffbd

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\swresample-3.dll

Filesize
102KB

MD5
6384184848b3c98b104bc983769cf2e0

SHA1
9c56c4f533a3cf98f5bd77be7b8951fbb6838874

SHA256
cb3234381a5ca746c43fe1c80fc6dad996873f3fc25c99d6c6b8560afa2e41a5

SHA512
b63bab379e6897b89c95965a01747593eb73d7d90cc237a8f1418dcf881b844c978887ccb12233e60ad3f1bd1578e6fa2898ebecb8d306591b7b5afdd3ef6b0c

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\ucrtbase.DLL

Filesize
880KB

MD5
5dafe0bfb955e780b3d50da4524b752f

SHA1
91c0d9fabe748d373215ba21b90278671b5f8957

SHA256
6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9

SHA512
37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

Download Submit
\Users\Admin\AppData\Local\Temp\pbBE422358\PB3Dll.dll

Filesize
202KB

MD5
142bc2bb269b896cc0f11f9021dcbc52

SHA1
75b09b25f8f6b3b0fc94fcdcc61d932f303ac418

SHA256
5da7da9abb77790ddbb87d86b9ea4b01a4f375035827e30fa879dab8c2a737db

SHA512
150ffd4e66ee126912c6a5071bec750e4b5e603af9cc79b26c63e482f7d5d0aafcae1c995f10b60ba2da138effb19c668e1515f35db3b8b7a508ef34f59d134a

Download Submit
\Users\Admin\AppData\Local\Temp\pbBE422358\PBAddon.dll

Filesize
91KB

MD5
abe8be236edb694347af082cb07d5e6b

SHA1
f6c5bafc983c9ad03f83932094301b0ced05a6e4

SHA256
fa0cf81db49bd2995fdd5c1788e6f4926dc64981f40e9953906a55d8f104824b

SHA512
b4c5cabddb663a05a4e88788ec217bfc97af8b3aca648cdfcdfdad0166f833c50a11b3ba0b544091278460f113688a2d969f8cf5b89b69c2ba25e124c847befc

Download Submit
\Users\Admin\AppData\Local\Temp\pbBE422358\PBCore.dll

Filesize
472KB

MD5
016a5d74b1e5a4625bf1ad1aac6bfb68

SHA1
1a4247c53e1472e2199c12e46389ac0df172bc19

SHA256
d43cb6a64b707d13ac99936e71c6be436c32a76506ed1fe462e2f9249722d487

SHA512
f635d56caf1d50e6ad8c5074d0840cdb127380898f5e63b53c0eda1a7230012e4ba622d3639d6ef72bde1250c500fc798b5ef90ff07b53f1eb3343034fb6f3a7

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\QtCore4.dll

Filesize
2.5MB

MD5
57507a6b17ffb855074e715510b6deec

SHA1
f750cbf94b98059990b680a4c81880a05f7e8b2a

SHA256
5641396ecb59afd714b79607c0278f4dfc9e4db441a90b56a2eb0c7108289839

SHA512
1e5acf82e76e733f895445d4c4070c8f3f8176c809f03c63c774099059ab364bec175f9032d0bdc0d713ff104e7d560aae85c5874d37dfb07f622b6bdf5c2a2a

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
86279521328398e87699d248628eb13a

SHA1
e4d4c39bda90635f1f5c2fc58b1304e2daac9caf

SHA256
3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337

SHA512
2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
422adad24e8da100f85bf3de86b5f302

SHA1
7004b3ed8663b5890cd25e1a7899a766be912728

SHA256
e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956

SHA512
e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
602a35b140d9d68d7b3e488896158365

SHA1
f1ba615abb54ff786ddbc74dffffd56394bfc892

SHA256
43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52

SHA512
4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
a07afa26ab56a8d3b8b16591a1962005

SHA1
2b6f3143487f747911ee20f039f1ffb1381858ac

SHA256
6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b

SHA512
b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
ed215daa7493bf93c5eadef178a261e0

SHA1
b20c8dc7ba00f98a326f5f4fd55329b72f8e5699

SHA256
8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26

SHA512
3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
a9c7db516186c8e367fed757e238c61a

SHA1
1318d6496e7146e773aca85be6d0e9b87a09e284

SHA256
ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659

SHA512
6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
c6385b316bb04ca36d76b077eeb9a61e

SHA1
fc376f68798fecd41fb1c936eed1bce3f2ee6bef

SHA256
060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc

SHA512
bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
311e582d5d3d8421e883c4a8248eacc8

SHA1
c99e61d1446fce0f883a2aad261af22d77953a59

SHA256
369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4

SHA512
050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
10731d3320c12abb62d3866d7e728cce

SHA1
df4e131c825d1ca5cd14e00e5c04785d6ca508f7

SHA256
9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700

SHA512
7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
cf5f256e8cd76ba85e6c3047f078814a

SHA1
b7cde77313ceaae76a46c1111b33b3d8f47c4214

SHA256
9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1

SHA512
856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
78dfcb76dc8b42411dbc682f78f5c6eb

SHA1
e50f6719fee44c70518cf8442737a688b5f45e62

SHA256
8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f

SHA512
968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
8bd7a27e6ca969d3eb46086d411ce05d

SHA1
3bbf6f55853b1487debca58d7cb5c877d0abd517

SHA256
8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c

SHA512
fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
f681a45c47ebb2c56c1465677ec33ff3

SHA1
06bf7798c51325cf1806e14dea56ff98b05b7846

SHA256
3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af

SHA512
eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
00446e48d60abf044acc72b46d5c3afb

SHA1
0ccc0c5034ac063e1d4af851b0de1f4ea99aff97

SHA256
82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a

SHA512
69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
376b4a7a02f20ed3aede05039ec3daf0

SHA1
c9149b37f85cfc724bedc0ecd543d95280055de1

SHA256
b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c

SHA512
ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
6376bf5bac3f0208f0a5d11415ccd444

SHA1
c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8

SHA256
e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e

SHA512
9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\avcodec-58.dll

Filesize
9.2MB

MD5
471384b8ab0412d9f49e73cddf66ee53

SHA1
8ae55ffaccbc9fb05dfee9209f87b2f8932b67be

SHA256
775de31d8f8212458e90ed205417c47679d62a9565ff988a967b50e176bb3615

SHA512
6fc3743638c3f58313929b134055698f46fb5ab4047711ebe79dc62cb9ec7299943b2ee85c3e0850405d7c04bace79bc8e8e6bebfdb5f87971cd14d025af3af9

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\avformat-58.dll

Filesize
1.8MB

MD5
74e7a063d078809e567d09d0602512b0

SHA1
ad52e1b87c046a06f787d120eb992f02108f79cf

SHA256
e0ecd90ff80c789b3859264d038cd2ebf1fecdc0546ed669dfc0bab1f3820e0c

SHA512
984de300fee3d9de77c71fbcf705acbbc724ce25ea86374d5532aa4cfa6245e8f66bc7e989b6afbbd8083b24f4282de328ab6afa8664a3be75fb044bf836b2d8

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\avutil-56.dll

Filesize
455KB

MD5
c3997689e6b0bcdb31b2c29a2b0aa57d

SHA1
0ab05677dc3f8ee5bf8ab5a7811fd6cf1641166f

SHA256
27c480cd5d35361278039a91e3fcdf5d9df58ee9e4e4d9ac8cc132e79349154b

SHA512
fdf070baae47611978b9289c96e6c7c33e8c213e9c6428dbd35cb8b09e2f00904e1d760a83ca6ce7596807136db2e9066f186f5b0f26a2cabad156ee162e89fe

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\jpeg8.dll

Filesize
242KB

MD5
e925a83df59e7fc3db2c104e5e965ee3

SHA1
ff7cb4ac5ee65bbde9ef3de2532012a4572565ab

SHA256
c144153e88527567e9de84777a80f0f5305e07b6ffc036546a2cc587361cb806

SHA512
c3adbeee7e284037915f8a9c18e4c93e69c55e530cfa5da01a5ea46a6821d65377e1829d2532afd0788015246915778d154ae8ad38839554b11d6a2dd00547b9

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\libpushpp.dll

Filesize
85KB

MD5
87ca20f6bb901e31d7bc7ec019d101e4

SHA1
225ac915742a0f1e84afb530a54d056c86014680

SHA256
85e9f28bc839619cf1df3ec9115cda40741d2d169baa93fc8144a8957d23aa88

SHA512
2363cbb7774ebbcd8974f5fe995c26a486da0bbf76f8276c2c01b87cb0194fde11409221c40434dcc06eebaee68a17c460fd487c7a73434e114d2ef11c5717ee

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\librawf.dll

Filesize
1.8MB

MD5
1a0d4dda536b37a08cc99e9fc2bde4f2

SHA1
dc8c5b319c069b3d2f5e7c632f6b70d48980fcd7

SHA256
f13e014ce258dc5ff00e43bd274751f773df0eefd69e44ef7ee4ce45461cc5e0

SHA512
120145fbb98fa2ed7ed89ab31e9fd2bf619e30b870799a39bf9c0e3755a9e5a7b57b06d46b128bb10fb4f50a21d05231d868d702e0fe151fdea74f097e5178f7

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\libxml2.dll

Filesize
1007KB

MD5
d9c0a51baa596e5c6c294f531b2fcce4

SHA1
8dd53e5d5b02bdc25d5d859f68ca80c8e2485849

SHA256
a25ad1ab50d0c3abea22639c8f97cf3022072ef5aaf06fda7c77361bdbaa69e8

SHA512
463409830d59ba3e93400f2975653b9d36c74677eb253696f1cc21ddf6080592cfaafc916dea91652c1c44b5f1094e359450fb474222de0e553d49cba587c566

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\msvcp100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\msvcr100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\rawspeed.dll

Filesize
253KB

MD5
f630b00f77fd586de61f0cf21da329cc

SHA1
799b4df8194d9179c9db81599798a3640e1ebb05

SHA256
9dbe6fc45b69ef8230389747b03ac914a16938d5dbfc9ad2ecb58260a4534316

SHA512
2f46de15ed4481278fdaa9b9037251b99771ab53ed1ef566c6a4a1e17ff4ee42a42914c8e2e09bb5a58f36143abd017bf7d2491e5ef6080d77ca3c8e7135ffbd

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\swresample-3.dll

Filesize
102KB

MD5
6384184848b3c98b104bc983769cf2e0

SHA1
9c56c4f533a3cf98f5bd77be7b8951fbb6838874

SHA256
cb3234381a5ca746c43fe1c80fc6dad996873f3fc25c99d6c6b8560afa2e41a5

SHA512
b63bab379e6897b89c95965a01747593eb73d7d90cc237a8f1418dcf881b844c978887ccb12233e60ad3f1bd1578e6fa2898ebecb8d306591b7b5afdd3ef6b0c

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\ucrtbase.dll

Filesize
880KB

MD5
5dafe0bfb955e780b3d50da4524b752f

SHA1
91c0d9fabe748d373215ba21b90278671b5f8957

SHA256
6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9

SHA512
37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

Download Submit
\Users\Admin\AppData\Roaming\PC Booster Pro\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
memory/856-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/2012-120-0x0000000004E20000-0x0000000005A6A000-memory.dmp

Filesize
12.3MB

Download
memory/2012-121-0x00000000025C0000-0x00000000025DC000-memory.dmp

Filesize
112KB

Download
memory/2012-122-0x0000000004E20000-0x0000000005A6A000-memory.dmp

Filesize
12.3MB

Download