babadeda | 677bf5f29312f25cfe97c764ff07281fe1cb98308dbfe8a20cf6d7fdcb6f12b1

Analysis

max time kernel
109s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2023, 16:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Lightshot-setup.exe
Size

14.7MB
MD5

cfc6d78fb0745b3e7738a5bf4be2b9cc
SHA1

eba8eddfd8c581f0dfc9e4b581a23bf0dd3f22ce
SHA256

677bf5f29312f25cfe97c764ff07281fe1cb98308dbfe8a20cf6d7fdcb6f12b1
SHA512

e96ce3d452a6b409e548446bc0563118eb1c1f7e6de7ba71fe5fa73f1d98fb7157f3afbfccee7a6ddf5026fbfe59bcaa3398838e73548fd6b500818dce6221ab
SSDEEP

393216:vM/DSImRQn+K9hT3CoiEKWocnlvEtA39:k/DOo9d3zlWQ9

Score

10^/10

babadeda netsupport crypter loader persistence rat

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

resource	yara_rule
behavioral2/files/0x000600000002315b-172.dat	family_babadeda
behavioral2/memory/4904-196-0x0000000007DA0000-0x0000000008290000-memory.dmp	family_babadeda

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport

Executes dropped EXE 1 IoCs

pid	Process
4904	RawDigger.exe

Loads dropped DLL 25 IoCs

pid	Process
448	Lightshot-setup.exe
448	Lightshot-setup.exe
448	Lightshot-setup.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe
4904	RawDigger.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Serial Disc IO Helper = "C:\\Users\\Admin\\AppData\\Roaming\\PC Booster Pro\\RawDigger.exe"	RawDigger.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	RawDigger.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	RawDigger.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4904	RawDigger.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4904	RawDigger.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4904	RawDigger.exe

C:\Users\Admin\AppData\Local\Temp\Lightshot-setup.exe
"C:\Users\Admin\AppData\Local\Temp\Lightshot-setup.exe"
1⤵
- Loads dropped DLL
PID:448

C:\Users\Admin\AppData\Roaming\PC Booster Pro\RawDigger.exe
"C:\Users\Admin\AppData\Roaming\PC Booster Pro\RawDigger.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pb631C51C0\PB3Dll.dll

Filesize
202KB

MD5
142bc2bb269b896cc0f11f9021dcbc52

SHA1
75b09b25f8f6b3b0fc94fcdcc61d932f303ac418

SHA256
5da7da9abb77790ddbb87d86b9ea4b01a4f375035827e30fa879dab8c2a737db

SHA512
150ffd4e66ee126912c6a5071bec750e4b5e603af9cc79b26c63e482f7d5d0aafcae1c995f10b60ba2da138effb19c668e1515f35db3b8b7a508ef34f59d134a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pb631C51C0\PBAddon.dll

Filesize
91KB

MD5
abe8be236edb694347af082cb07d5e6b

SHA1
f6c5bafc983c9ad03f83932094301b0ced05a6e4

SHA256
fa0cf81db49bd2995fdd5c1788e6f4926dc64981f40e9953906a55d8f104824b

SHA512
b4c5cabddb663a05a4e88788ec217bfc97af8b3aca648cdfcdfdad0166f833c50a11b3ba0b544091278460f113688a2d969f8cf5b89b69c2ba25e124c847befc

Download Submit
C:\Users\Admin\AppData\Local\Temp\pb631C51C0\PBCore.dll

Filesize
472KB

MD5
016a5d74b1e5a4625bf1ad1aac6bfb68

SHA1
1a4247c53e1472e2199c12e46389ac0df172bc19

SHA256
d43cb6a64b707d13ac99936e71c6be436c32a76506ed1fe462e2f9249722d487

SHA512
f635d56caf1d50e6ad8c5074d0840cdb127380898f5e63b53c0eda1a7230012e4ba622d3639d6ef72bde1250c500fc798b5ef90ff07b53f1eb3343034fb6f3a7

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\Changelog.txt

Filesize
67KB

MD5
95122e189c3279e80b561b591b137c98

SHA1
210b6c1a73c22b103c07b563d0dd0718ad8f6aec

SHA256
978d6455d4f5219db3acd0a1aac687efccedc26394be3a81350c9169f80a173e

SHA512
7db6923d20febd4b1a1a500060d09566f6d57ee9b09c9d6d8961461ca16e0129342d2e471a3aac84e0f876281f2c892def64b19ad6f735178ce7ac68e363c094

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\Copyrights.txt

Filesize
5KB

MD5
92ccf574391e7ab46ae979ff3e930913

SHA1
41fe5bb78d8ad720eb7a275b76b20149de3586e6

SHA256
4187a18775792685b888c90c052bbe1c0492704db18d592c8b19ac7ace5742d7

SHA512
1842c7352804d2f7d7158a95e4e8571b77ac178edf8e2ee7b6bd9aeeb93ee90a8fddcbcdfd06c518f8384e4552004b619008b0873e5604015e73a4ea908e32ed

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\EULA.txt

Filesize
23KB

MD5
51476d994ec1e84ddbfa26364adb027a

SHA1
134a6b0601312d74e808962c29c353254a55e117

SHA256
2da4c87da840c799d59197e25393c1e751b6882184842e21ac95cf270ee5f958

SHA512
c30877acb03c7e51a02ce1d58667cda053897fb1ecad7d66903f51fa82564d5d75504cbb9d2ec8796d495768511b0f3898dea23885afc67a810ccba3d732bc72

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\HTCTL32.DLL

Filesize
320KB

MD5
c94005d2dcd2a54e40510344e0bb9435

SHA1
55b4a1620c5d0113811242c20bd9870a1e31d542

SHA256
3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899

SHA512
2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\LGPL_EXCEPTION.txt

Filesize
1KB

MD5
f983e0c26cbfd50b8721a4f058fb152c

SHA1
e757251f402ea574fc1681f6c8979564a8802a1a

SHA256
0c732ee589364d0b021587d0a39393cb461efbd57e3765a2b14b082499cd3c4d

SHA512
1dcc7865b2197d818a8fc9d89552ff32a80d46ad564a8a68d398559185dee58744c8ccb8cd49505a6f7e1dc7e5d8e29c661d0d6168ced5c807f81a3b876eedad

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\LICENSE.LGPL

Filesize
26KB

MD5
7266a93b753b03bc5f00522e65722b79

SHA1
a1b087217d26810acdf85a9db199e8f3605b743a

SHA256
319daefe38ebeead3df178e5937898a52d67c0c795f54f1c0bb10ac3b9cffb63

SHA512
db2be5f26c2a9b75d1df9ff6f8cf0088225b77ebda251af16cf728ed7fc5f4cf3d98ad147ddb699813dd4bf7b550a481c891014736dbff403d46cc122f6f7b6c

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\MSVC-Runtime-EULA.rtf

Filesize
6KB

MD5
19d028345aadcc05697eec6d8c5b5874

SHA1
70bd3d4d51373fb82f0257f28d5f3609bfc82520

SHA256
f4ff4eace31b75176a0806e1693041d546d2599aec0c77d295bad09cac7d9fe7

SHA512
9b3dffec7c1595197af69e59094588541558bef56982475dddd2c9e3d75fc8b970b384452713632ae20435ec0caec6cc4cd8cec9cd4b4809335fdc9f2cc7b842

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\MSVCP100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\MSVCR100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\NSM.LIC

Filesize
257B

MD5
17a78f50e32679f228c43823faabedfd

SHA1
55316c38ef8b383a2589c7cabb150a482feaa4a8

SHA256
ee07297db87c0acfabe9e409fa64819c12f25d2c79aef9a4136d36e8098c9e20

SHA512
f2004eb676cb8902f15ac2e3e2363b258567f02666a2f9f944a9b7844a927cf168b049c8257e41d4ef6db3d44f082026fb8ffadc753de0e98922a4302162f2f1

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\NSM.ini

Filesize
6KB

MD5
88b1dab8f4fd1ae879685995c90bd902

SHA1
3d23fb4036dc17fa4bee27e3e2a56ff49beed59d

SHA256
60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92

SHA512
4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\PCICHEK.DLL

Filesize
18KB

MD5
104b30fef04433a2d2fd1d5f99f179fe

SHA1
ecb08e224a2f2772d1e53675bedc4b2c50485a41

SHA256
956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd

SHA512
5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\PCICL32.DLL

Filesize
3.6MB

MD5
d3d39180e85700f72aaae25e40c125ff

SHA1
f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15

SHA256
38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5

SHA512
471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\PCICL32.dll

Filesize
3.6MB

MD5
d3d39180e85700f72aaae25e40c125ff

SHA1
f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15

SHA256
38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5

SHA512
471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QT-Third-Party-Licenses.rtf

Filesize
153KB

MD5
66c70e971d51d293b9fae8bb2bfbcf6d

SHA1
15bcbf7796b57803decb2b9906f607e9924a1be3

SHA256
03603b69c0f8ea4b259256f9ec7ba6cce5a3f51ee3ac7441777920e6893ffb63

SHA512
526f7e50396b7b990b92ba822db3e11dc0dc7a68a75bdbba2eb3b4392e1676c9db94af7d0fdf06dba944b49f543ffae4db1ae5271421da39208346a3e111b31e

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QtCore4.dll

Filesize
2.5MB

MD5
57507a6b17ffb855074e715510b6deec

SHA1
f750cbf94b98059990b680a4c81880a05f7e8b2a

SHA256
5641396ecb59afd714b79607c0278f4dfc9e4db441a90b56a2eb0c7108289839

SHA512
1e5acf82e76e733f895445d4c4070c8f3f8176c809f03c63c774099059ab364bec175f9032d0bdc0d713ff104e7d560aae85c5874d37dfb07f622b6bdf5c2a2a

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QtCore4.dll

Filesize
2.5MB

MD5
57507a6b17ffb855074e715510b6deec

SHA1
f750cbf94b98059990b680a4c81880a05f7e8b2a

SHA256
5641396ecb59afd714b79607c0278f4dfc9e4db441a90b56a2eb0c7108289839

SHA512
1e5acf82e76e733f895445d4c4070c8f3f8176c809f03c63c774099059ab364bec175f9032d0bdc0d713ff104e7d560aae85c5874d37dfb07f622b6bdf5c2a2a

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QtGui4.dll

Filesize
8.2MB

MD5
3b8d75773a1e84342ff14c0af36c5535

SHA1
780b7e8a11f3ee157f24d57acccbde528fb97932

SHA256
9770e60957d50872c83614d0f60be226d3091855a3ed62a9eb42a6c4bba40167

SHA512
7ccbebd60e9c4ad42cca87fa6a741189c6dac9ccdeef09bfe154588d350c80c6caf2c73d5b2d0a3fa42da5642aeedc14d157c8f46f3c416b1c1ff75e65d729da

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QtGui4.dll

Filesize
8.2MB

MD5
3b8d75773a1e84342ff14c0af36c5535

SHA1
780b7e8a11f3ee157f24d57acccbde528fb97932

SHA256
9770e60957d50872c83614d0f60be226d3091855a3ed62a9eb42a6c4bba40167

SHA512
7ccbebd60e9c4ad42cca87fa6a741189c6dac9ccdeef09bfe154588d350c80c6caf2c73d5b2d0a3fa42da5642aeedc14d157c8f46f3c416b1c1ff75e65d729da

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QtNetwork4.dll

Filesize
880KB

MD5
2708c840b639741a5c484f1f3707cf03

SHA1
eae5db676b23c6a2953719b2442d2641d23b0caf

SHA256
291b91eb166ee5f614d76249b3ac0063364fc4031b18671ee3e4925b8278a6b7

SHA512
517e7e48018b98ede2d76844e4a2a2ba63cac97b5a243c057e40f5746990f12ce912b37391c1c4fd8f6d13cc3f4ba50214b1159b8d39f3bb805183db24d9d4ec

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\QtNetwork4.dll

Filesize
880KB

MD5
2708c840b639741a5c484f1f3707cf03

SHA1
eae5db676b23c6a2953719b2442d2641d23b0caf

SHA256
291b91eb166ee5f614d76249b3ac0063364fc4031b18671ee3e4925b8278a6b7

SHA512
517e7e48018b98ede2d76844e4a2a2ba63cac97b5a243c057e40f5746990f12ce912b37391c1c4fd8f6d13cc3f4ba50214b1159b8d39f3bb805183db24d9d4ec

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\README.txt

Filesize
1KB

MD5
42d37db8bbf8b6a422ac7ce713154fef

SHA1
d4d0cc70a1c1aae1f8bb2be2d01b48b200622d2e

SHA256
2baafed8c7ec2617c4e91288db0bb2fff69481f21b10d15062a7455df6726d5f

SHA512
b643cbe4fdd5cc60eaf4482606c617b729a16e32a49d2a070e077a4ceb9ba4972babb30a638953058f3086e93eb016b9ba6211d11cc89dac11a2815fd7ad5b00

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\RawDigger.exe

Filesize
1.5MB

MD5
58483a36a5700f65d1a0d882c91d9d0b

SHA1
e60a76c27d0eca6b029b75a6318a46a5fdccb341

SHA256
da84713fd0239df43cbcbac590c44e48699f3fb1e07af7ba95957e3dda7d80c5

SHA512
3ebb4790274ef443357f0c38ead8a9a535e53b9a3dda69bcadda617b718653ce68fc0426b622612614cb6f9063768f5a1419faad18b2d15b35605a80741ffc7c

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\RawDigger.exe

Filesize
1.5MB

MD5
58483a36a5700f65d1a0d882c91d9d0b

SHA1
e60a76c27d0eca6b029b75a6318a46a5fdccb341

SHA256
da84713fd0239df43cbcbac590c44e48699f3fb1e07af7ba95957e3dda7d80c5

SHA512
3ebb4790274ef443357f0c38ead8a9a535e53b9a3dda69bcadda617b718653ce68fc0426b622612614cb6f9063768f5a1419faad18b2d15b35605a80741ffc7c

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avcodec-58.dll

Filesize
9.2MB

MD5
471384b8ab0412d9f49e73cddf66ee53

SHA1
8ae55ffaccbc9fb05dfee9209f87b2f8932b67be

SHA256
775de31d8f8212458e90ed205417c47679d62a9565ff988a967b50e176bb3615

SHA512
6fc3743638c3f58313929b134055698f46fb5ab4047711ebe79dc62cb9ec7299943b2ee85c3e0850405d7c04bace79bc8e8e6bebfdb5f87971cd14d025af3af9

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avcodec-58.dll

Filesize
9.2MB

MD5
471384b8ab0412d9f49e73cddf66ee53

SHA1
8ae55ffaccbc9fb05dfee9209f87b2f8932b67be

SHA256
775de31d8f8212458e90ed205417c47679d62a9565ff988a967b50e176bb3615

SHA512
6fc3743638c3f58313929b134055698f46fb5ab4047711ebe79dc62cb9ec7299943b2ee85c3e0850405d7c04bace79bc8e8e6bebfdb5f87971cd14d025af3af9

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avformat-58.dll

Filesize
1.8MB

MD5
74e7a063d078809e567d09d0602512b0

SHA1
ad52e1b87c046a06f787d120eb992f02108f79cf

SHA256
e0ecd90ff80c789b3859264d038cd2ebf1fecdc0546ed669dfc0bab1f3820e0c

SHA512
984de300fee3d9de77c71fbcf705acbbc724ce25ea86374d5532aa4cfa6245e8f66bc7e989b6afbbd8083b24f4282de328ab6afa8664a3be75fb044bf836b2d8

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avformat-58.dll

Filesize
1.8MB

MD5
74e7a063d078809e567d09d0602512b0

SHA1
ad52e1b87c046a06f787d120eb992f02108f79cf

SHA256
e0ecd90ff80c789b3859264d038cd2ebf1fecdc0546ed669dfc0bab1f3820e0c

SHA512
984de300fee3d9de77c71fbcf705acbbc724ce25ea86374d5532aa4cfa6245e8f66bc7e989b6afbbd8083b24f4282de328ab6afa8664a3be75fb044bf836b2d8

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avutil-56.dll

Filesize
455KB

MD5
c3997689e6b0bcdb31b2c29a2b0aa57d

SHA1
0ab05677dc3f8ee5bf8ab5a7811fd6cf1641166f

SHA256
27c480cd5d35361278039a91e3fcdf5d9df58ee9e4e4d9ac8cc132e79349154b

SHA512
fdf070baae47611978b9289c96e6c7c33e8c213e9c6428dbd35cb8b09e2f00904e1d760a83ca6ce7596807136db2e9066f186f5b0f26a2cabad156ee162e89fe

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\avutil-56.dll

Filesize
455KB

MD5
c3997689e6b0bcdb31b2c29a2b0aa57d

SHA1
0ab05677dc3f8ee5bf8ab5a7811fd6cf1641166f

SHA256
27c480cd5d35361278039a91e3fcdf5d9df58ee9e4e4d9ac8cc132e79349154b

SHA512
fdf070baae47611978b9289c96e6c7c33e8c213e9c6428dbd35cb8b09e2f00904e1d760a83ca6ce7596807136db2e9066f186f5b0f26a2cabad156ee162e89fe

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\client32.ini

Filesize
918B

MD5
20b38e27ca9720d69b204b8ff46b03c4

SHA1
3ed5bcdbbb62740b78e01e1324019ea322a5645a

SHA256
65e49fcdaf349d4237596cbf6c080fa4fa7eb8b1be1867556e6a6f37fcf1961c

SHA512
1c128940eff25b84ee8d5089f103abf5d05ef1820947701d3ea1799bfa9f234f265fdbcc12aed94156195a8555f315d071eb6421a94d9b5670d75c1a61500177

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\exiftool-artistic-license.html

Filesize
12KB

MD5
25a88e3d5f460a88680ab7b5dc73d97c

SHA1
38eb2ecf35077238f6738804277e98644cbf5aaa

SHA256
7240d44e3488a722cc4f61dfb0828249cd1ce2ec1cc1ec59cd211118f813adc3

SHA512
9101fefdf65b897e9e01123b7fbb8f51dd7657bc117ab8cdf1f038cdf9413658acd57c9040de9b25a1c7265122fdf4f3d5bacdd152d9e29951880eb78f32ccd7

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\hm

Filesize
1.5MB

MD5
f1f3bddc683a68c0b2a5c526ea1ea016

SHA1
e74a6cdf372f28a00a7c35ff43aac10a29d35aa7

SHA256
b162d7e9ed3f16042a67177d9f42e37473c9a045239f9ad3e3a4ed9b278bd170

SHA512
da234d087d3469c74151eb8951db0793c42011ee17c40a9807bc494a8c94ff228f23f5294ba7aaf0abf405435076fc7ef92646a02cdb60a9abedc2b3385e48a8

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\jpeg8.dll

Filesize
242KB

MD5
e925a83df59e7fc3db2c104e5e965ee3

SHA1
ff7cb4ac5ee65bbde9ef3de2532012a4572565ab

SHA256
c144153e88527567e9de84777a80f0f5305e07b6ffc036546a2cc587361cb806

SHA512
c3adbeee7e284037915f8a9c18e4c93e69c55e530cfa5da01a5ea46a6821d65377e1829d2532afd0788015246915778d154ae8ad38839554b11d6a2dd00547b9

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\jpeg8.dll

Filesize
242KB

MD5
e925a83df59e7fc3db2c104e5e965ee3

SHA1
ff7cb4ac5ee65bbde9ef3de2532012a4572565ab

SHA256
c144153e88527567e9de84777a80f0f5305e07b6ffc036546a2cc587361cb806

SHA512
c3adbeee7e284037915f8a9c18e4c93e69c55e530cfa5da01a5ea46a6821d65377e1829d2532afd0788015246915778d154ae8ad38839554b11d6a2dd00547b9

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libmap.dll

Filesize
32KB

MD5
53634bc76f19ea065981ac1b02225df9

SHA1
7d1cb4ae535c30d2443c4b8f14927300c8449839

SHA256
e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a

SHA512
3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libmap.dll

Filesize
32KB

MD5
53634bc76f19ea065981ac1b02225df9

SHA1
7d1cb4ae535c30d2443c4b8f14927300c8449839

SHA256
e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a

SHA512
3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libpushpp.dll

Filesize
85KB

MD5
87ca20f6bb901e31d7bc7ec019d101e4

SHA1
225ac915742a0f1e84afb530a54d056c86014680

SHA256
85e9f28bc839619cf1df3ec9115cda40741d2d169baa93fc8144a8957d23aa88

SHA512
2363cbb7774ebbcd8974f5fe995c26a486da0bbf76f8276c2c01b87cb0194fde11409221c40434dcc06eebaee68a17c460fd487c7a73434e114d2ef11c5717ee

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libpushpp.dll

Filesize
85KB

MD5
87ca20f6bb901e31d7bc7ec019d101e4

SHA1
225ac915742a0f1e84afb530a54d056c86014680

SHA256
85e9f28bc839619cf1df3ec9115cda40741d2d169baa93fc8144a8957d23aa88

SHA512
2363cbb7774ebbcd8974f5fe995c26a486da0bbf76f8276c2c01b87cb0194fde11409221c40434dcc06eebaee68a17c460fd487c7a73434e114d2ef11c5717ee

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\librawf.dll

Filesize
1.8MB

MD5
1a0d4dda536b37a08cc99e9fc2bde4f2

SHA1
dc8c5b319c069b3d2f5e7c632f6b70d48980fcd7

SHA256
f13e014ce258dc5ff00e43bd274751f773df0eefd69e44ef7ee4ce45461cc5e0

SHA512
120145fbb98fa2ed7ed89ab31e9fd2bf619e30b870799a39bf9c0e3755a9e5a7b57b06d46b128bb10fb4f50a21d05231d868d702e0fe151fdea74f097e5178f7

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\librawf.dll

Filesize
1.8MB

MD5
1a0d4dda536b37a08cc99e9fc2bde4f2

SHA1
dc8c5b319c069b3d2f5e7c632f6b70d48980fcd7

SHA256
f13e014ce258dc5ff00e43bd274751f773df0eefd69e44ef7ee4ce45461cc5e0

SHA512
120145fbb98fa2ed7ed89ab31e9fd2bf619e30b870799a39bf9c0e3755a9e5a7b57b06d46b128bb10fb4f50a21d05231d868d702e0fe151fdea74f097e5178f7

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libxml2.dll

Filesize
1007KB

MD5
d9c0a51baa596e5c6c294f531b2fcce4

SHA1
8dd53e5d5b02bdc25d5d859f68ca80c8e2485849

SHA256
a25ad1ab50d0c3abea22639c8f97cf3022072ef5aaf06fda7c77361bdbaa69e8

SHA512
463409830d59ba3e93400f2975653b9d36c74677eb253696f1cc21ddf6080592cfaafc916dea91652c1c44b5f1094e359450fb474222de0e553d49cba587c566

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\libxml2.dll

Filesize
1007KB

MD5
d9c0a51baa596e5c6c294f531b2fcce4

SHA1
8dd53e5d5b02bdc25d5d859f68ca80c8e2485849

SHA256
a25ad1ab50d0c3abea22639c8f97cf3022072ef5aaf06fda7c77361bdbaa69e8

SHA512
463409830d59ba3e93400f2975653b9d36c74677eb253696f1cc21ddf6080592cfaafc916dea91652c1c44b5f1094e359450fb474222de0e553d49cba587c566

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\msvcp100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\msvcr100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\nskbfltr.inf

Filesize
328B

MD5
26e28c01461f7e65c402bdf09923d435

SHA1
1d9b5cfcc30436112a7e31d5e4624f52e845c573

SHA256
d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368

SHA512
c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\pcicapi.dll

Filesize
32KB

MD5
34dfb87e4200d852d1fb45dc48f93cfc

SHA1
35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641

SHA256
2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703

SHA512
f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\pcicapi.dll

Filesize
32KB

MD5
34dfb87e4200d852d1fb45dc48f93cfc

SHA1
35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641

SHA256
2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703

SHA512
f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\pcichek.dll

Filesize
18KB

MD5
104b30fef04433a2d2fd1d5f99f179fe

SHA1
ecb08e224a2f2772d1e53675bedc4b2c50485a41

SHA256
956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd

SHA512
5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\rawspeed.dll

Filesize
253KB

MD5
f630b00f77fd586de61f0cf21da329cc

SHA1
799b4df8194d9179c9db81599798a3640e1ebb05

SHA256
9dbe6fc45b69ef8230389747b03ac914a16938d5dbfc9ad2ecb58260a4534316

SHA512
2f46de15ed4481278fdaa9b9037251b99771ab53ed1ef566c6a4a1e17ff4ee42a42914c8e2e09bb5a58f36143abd017bf7d2491e5ef6080d77ca3c8e7135ffbd

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\rawspeed.dll

Filesize
253KB

MD5
f630b00f77fd586de61f0cf21da329cc

SHA1
799b4df8194d9179c9db81599798a3640e1ebb05

SHA256
9dbe6fc45b69ef8230389747b03ac914a16938d5dbfc9ad2ecb58260a4534316

SHA512
2f46de15ed4481278fdaa9b9037251b99771ab53ed1ef566c6a4a1e17ff4ee42a42914c8e2e09bb5a58f36143abd017bf7d2491e5ef6080d77ca3c8e7135ffbd

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\settings.dat

Filesize
107KB

MD5
44132db52d32b268e6f42d0349acfe60

SHA1
c4b473526e598a10044c749cbf3973e72cece52e

SHA256
c44b09e0540a130c788e80689eee9d001a9005c8bd1a08d56a3b84bbb00e88c2

SHA512
6ed87468546589c5bf1d8087fb838506f04beb7c475a1f7b9646cf8ac2e6e80c5127b885eb6ac55013d87eaf67061071f2489fe92b6c6cc145d3ae543679849d

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\swresample-3.dll

Filesize
102KB

MD5
6384184848b3c98b104bc983769cf2e0

SHA1
9c56c4f533a3cf98f5bd77be7b8951fbb6838874

SHA256
cb3234381a5ca746c43fe1c80fc6dad996873f3fc25c99d6c6b8560afa2e41a5

SHA512
b63bab379e6897b89c95965a01747593eb73d7d90cc237a8f1418dcf881b844c978887ccb12233e60ad3f1bd1578e6fa2898ebecb8d306591b7b5afdd3ef6b0c

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\swresample-3.dll

Filesize
102KB

MD5
6384184848b3c98b104bc983769cf2e0

SHA1
9c56c4f533a3cf98f5bd77be7b8951fbb6838874

SHA256
cb3234381a5ca746c43fe1c80fc6dad996873f3fc25c99d6c6b8560afa2e41a5

SHA512
b63bab379e6897b89c95965a01747593eb73d7d90cc237a8f1418dcf881b844c978887ccb12233e60ad3f1bd1578e6fa2898ebecb8d306591b7b5afdd3ef6b0c

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\unins000.dat

Filesize
22KB

MD5
aa7e96f80039624228f031a49e210371

SHA1
62e65a8a504e35523b8b2de3bff62e16d3705600

SHA256
cac2d5baa6eee9b5469a18032389a5db4ed38945c5b561defe14611f933f8ab8

SHA512
a2a48f04b6c23b770bde5f85c5f7a330b24025b3a8fc5b8f839fe768d7463988017176b0e2ed69734a2810c5685d4cc61c8fa827eea2901526415e23faee49a7

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\unins000.msg

Filesize
22KB

MD5
79173da528082489a43f39cf200a7647

SHA1
aa253b477ce2bf9d886d07694cd5ddb7c7fe9eec

SHA256
4f36e6be09cd12e825c2a12ab33544744e7256c9094d7149258ea926705e8ffd

SHA512
c46eb9dd3d03a993fdc4f65ae2751ecfdcb1fb6e1fb69a119105fd40290ce5ec4427b04f813eed47415390689943d05b5432d4571b1aca0ce37ee52391790d18

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\PC Booster Pro\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
memory/4904-196-0x0000000007DA0000-0x0000000008290000-memory.dmp

Filesize
4.9MB

Download
memory/4904-197-0x0000000003870000-0x000000000388C000-memory.dmp

Filesize
112KB

Download