3bcbd9e46f36f8d30f31000aae8a5b397622bc11e178b631f9e0ae521e53329e

Analysis

max time kernel
44s
max time network
45s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db-installer.exe
Size

28.2MB
MD5

e1fa0ae17ca2f4183ab9aa879ae26386
SHA1

efe091723398992b8e9ddc39774c5ef163fd7229
SHA256

3bcbd9e46f36f8d30f31000aae8a5b397622bc11e178b631f9e0ae521e53329e
SHA512

630b8ad741bc67df681525bd9fa9efa9ccc8ba23277c9bccf065eb572c808bffd76c7140074b55ce34a25733e2be9950de3bdef9d582f47bce2242fe68040369
SSDEEP

786432:DMN9xVlm8epz1/QD1CcSfdodCPOp8qBbPhv:meH+1Clgrzphv

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\HWiNFO\HWiNFO32.dll	acprotect

Executes dropped EXE 11 IoCs

Processes:

db-installer.tmpsetup.exedb-installer.tmpHWiNFO.exeCareScan.exeSetupHlp.exeRttHlp.exeInstStat.exeDriverBooster.exeSetupHlp.exeDriverBooster.exe

pid	process
2856	db-installer.tmp
2448	setup.exe
2744	db-installer.tmp
324	HWiNFO.exe
984	CareScan.exe
3060	SetupHlp.exe
2156	RttHlp.exe
2196	InstStat.exe
864	DriverBooster.exe
2960	SetupHlp.exe
2696	DriverBooster.exe

Loads dropped DLL 64 IoCs

Processes:

db-installer.exedb-installer.tmpdb-installer.exedb-installer.tmpHWiNFO.exeCareScan.exeSetupHlp.exeRttHlp.exeInstStat.exesetup.exeDriverBooster.exeWerFault.exe

pid	process
1768	db-installer.exe
2856	db-installer.tmp
2856	db-installer.tmp
2856	db-installer.tmp
2136	db-installer.exe
2744	db-installer.tmp
2744	db-installer.tmp
2744	db-installer.tmp
2744	db-installer.tmp
2744	db-installer.tmp
324	HWiNFO.exe
2744	db-installer.tmp
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
2744	db-installer.tmp
3060	SetupHlp.exe
3060	SetupHlp.exe
3060	SetupHlp.exe
3060	SetupHlp.exe
3060	SetupHlp.exe
3060	SetupHlp.exe
3060	SetupHlp.exe
3060	SetupHlp.exe
3060	SetupHlp.exe
2156	RttHlp.exe
2156	RttHlp.exe
2156	RttHlp.exe
2156	RttHlp.exe
2156	RttHlp.exe
2156	RttHlp.exe
2156	RttHlp.exe
2156	RttHlp.exe
2744	db-installer.tmp
2196	InstStat.exe
2196	InstStat.exe
2196	InstStat.exe
2196	InstStat.exe
2196	InstStat.exe
2196	InstStat.exe
2196	InstStat.exe
2196	InstStat.exe
2196	InstStat.exe
2448	setup.exe
2448	setup.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
864	DriverBooster.exe
1704	WerFault.exe
1704	WerFault.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

Processes:

CareScan.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop	CareScan.exe
Key opened	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Avira\AntiVirus	CareScan.exe
Key opened	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Avast Software\Avast	CareScan.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Avast Software\Avast	CareScan.exe
Key opened	\REGISTRY\MACHINE\Software\Avast Software\Avast	CareScan.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir Desktop	CareScan.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

CareScan.exe

description	ioc	process
File opened (read-only)	\??\G:	CareScan.exe
File opened (read-only)	\??\T:	CareScan.exe
File opened (read-only)	\??\U:	CareScan.exe
File opened (read-only)	\??\Y:	CareScan.exe
File opened (read-only)	\??\Z:	CareScan.exe
File opened (read-only)	\??\H:	CareScan.exe
File opened (read-only)	\??\I:	CareScan.exe
File opened (read-only)	\??\K:	CareScan.exe
File opened (read-only)	\??\M:	CareScan.exe
File opened (read-only)	\??\N:	CareScan.exe
File opened (read-only)	\??\O:	CareScan.exe
File opened (read-only)	\??\Q:	CareScan.exe
File opened (read-only)	\??\R:	CareScan.exe
File opened (read-only)	\??\W:	CareScan.exe
File opened (read-only)	\??\L:	CareScan.exe
File opened (read-only)	\??\S:	CareScan.exe
File opened (read-only)	\??\V:	CareScan.exe
File opened (read-only)	\??\X:	CareScan.exe
File opened (read-only)	\??\A:	CareScan.exe
File opened (read-only)	\??\B:	CareScan.exe
File opened (read-only)	\??\E:	CareScan.exe
File opened (read-only)	\??\J:	CareScan.exe
File opened (read-only)	\??\P:	CareScan.exe

Drops file in Program Files directory 64 IoCs

Processes:

db-installer.tmpSetupHlp.exeCareScan.exe

description	ioc	process
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\History\is-C4GP2.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Language\is-APS9Q.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Language\is-O5SHR.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Icons\Apps\is-AOBR9.tmp	db-installer.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\LocalData\Config.ini	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-36BV1.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-JOGCE.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-R3SUL.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\TaskbarPin\is-3LS1E.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-323BV.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\LocalData\is-UTHME.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Icons\Apps\is-8PO1L.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Language\is-OMTK2.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\LocalData\is-DUA0H.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Icons\Apps\is-P8QBB.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-O7SI6.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\TaskbarPin\is-J1EQM.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-MSTUV.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-LNVQN.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Boost\is-84M8U.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Icons\Apps\is-71FG6.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-4PL27.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-RLLJ4.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-AMAFB.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-JD69I.tmp	db-installer.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\InnoSetup.log	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\History\is-R15U6.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Language\is-93K9R.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-68PP9.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-1E0JF.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Language\is-TP9E1.tmp	db-installer.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\lang.dat	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ScanData\ScanResult_all.ini	CareScan.exe
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Database\Scan\initial.wlst.temp	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-UCRMQ.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-N4OA8.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\DrvInstall\is-POP8B.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-I9Q93.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Language\is-11NPD.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-54UE0.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-91AUG.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Icons\Apps\is-T1P3U.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-8GELV.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-R1PC3.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-GHC1C.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\unins000.msg	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-Q4A5G.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-IFLSQ.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Database\Scan\is-5T65L.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\database\Opt.dbd	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Boost\is-QPEQQ.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Language\is-GLCKN.tmp	db-installer.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ZLB792B.tmp	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-0BUH0.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\History\is-9779D.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-RFBEJ.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-PK89U.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-OQM7K.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-GDQRA.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-T793T.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-J8PDN.tmp	db-installer.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ErrCodeSpec\is-RMQP3.tmp	db-installer.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ZLB792C.tmp	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-0IREI.tmp	db-installer.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1704 864 WerFault.exe DriverBooster.exe
1112 2696 WerFault.exe DriverBooster.exe

pid	pid_target	process	target process
1704	864	WerFault.exe	DriverBooster.exe
1112	2696	WerFault.exe	DriverBooster.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\iobit.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8D30741-C9E2-11EE-94B6-42DF7B237CB2} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\iobit.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Modifies registry class 16 IoCs

Processes:

SetupHlp.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop\ = "DB_Open_dbop"	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\9.2.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\9.2.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd\ = "DB_Open_dbd"	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\	SetupHlp.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

db-installer.tmpsetup.exedb-installer.tmpCareScan.exeSetupHlp.exeInstStat.exeDriverBooster.exeSetupHlp.exeDriverBooster.exe

pid	process
2856	db-installer.tmp
2856	db-installer.tmp
2448	setup.exe
2448	setup.exe
2744	db-installer.tmp
2744	db-installer.tmp
984	CareScan.exe
984	CareScan.exe
2744	db-installer.tmp
3060	SetupHlp.exe
3060	SetupHlp.exe
2744	db-installer.tmp
2196	InstStat.exe
2196	InstStat.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
984	CareScan.exe
864	DriverBooster.exe
864	DriverBooster.exe
2960	SetupHlp.exe
2960	SetupHlp.exe
2960	SetupHlp.exe
2696	DriverBooster.exe
2696	DriverBooster.exe

Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid process

480
480
480
480
480
480

pid	process
480
480
480
480
480
480

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

db-installer.tmpdb-installer.tmpHWiNFO.exeCareScan.exe

description	pid	process
Token: SeDebugPrivilege	2856	db-installer.tmp
Token: SeDebugPrivilege	2744	db-installer.tmp
Token: SeLoadDriverPrivilege	324	HWiNFO.exe
Token: SeLoadDriverPrivilege	324	HWiNFO.exe
Token: SeLoadDriverPrivilege	324	HWiNFO.exe
Token: SeRestorePrivilege	984	CareScan.exe
Token: SeBackupPrivilege	984	CareScan.exe
Token: SeDebugPrivilege	984	CareScan.exe
Token: SeRestorePrivilege	984	CareScan.exe
Token: SeBackupPrivilege	984	CareScan.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

setup.exedb-installer.tmpiexplore.exe

pid process

2448 setup.exe
2744 db-installer.tmp
1248 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1248 iexplore.exe
1248 iexplore.exe
2656 IEXPLORE.EXE
2656 IEXPLORE.EXE

pid	process
2448	setup.exe
2744	db-installer.tmp
1248	iexplore.exe

pid	process
1248	iexplore.exe
1248	iexplore.exe
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

db-installer.exedb-installer.tmpsetup.exedb-installer.exedb-installer.tmpSetupHlp.exeDriverBooster.exe

description	pid	process	target process
PID 1768 wrote to memory of 2856	1768	db-installer.exe	db-installer.tmp
PID 1768 wrote to memory of 2856	1768	db-installer.exe	db-installer.tmp
PID 1768 wrote to memory of 2856	1768	db-installer.exe	db-installer.tmp
PID 1768 wrote to memory of 2856	1768	db-installer.exe	db-installer.tmp
PID 1768 wrote to memory of 2856	1768	db-installer.exe	db-installer.tmp
PID 1768 wrote to memory of 2856	1768	db-installer.exe	db-installer.tmp
PID 1768 wrote to memory of 2856	1768	db-installer.exe	db-installer.tmp
PID 2856 wrote to memory of 2448	2856	db-installer.tmp	setup.exe
PID 2856 wrote to memory of 2448	2856	db-installer.tmp	setup.exe
PID 2856 wrote to memory of 2448	2856	db-installer.tmp	setup.exe
PID 2856 wrote to memory of 2448	2856	db-installer.tmp	setup.exe
PID 2856 wrote to memory of 2448	2856	db-installer.tmp	setup.exe
PID 2856 wrote to memory of 2448	2856	db-installer.tmp	setup.exe
PID 2856 wrote to memory of 2448	2856	db-installer.tmp	setup.exe
PID 2448 wrote to memory of 2136	2448	setup.exe	db-installer.exe
PID 2448 wrote to memory of 2136	2448	setup.exe	db-installer.exe
PID 2448 wrote to memory of 2136	2448	setup.exe	db-installer.exe
PID 2448 wrote to memory of 2136	2448	setup.exe	db-installer.exe
PID 2448 wrote to memory of 2136	2448	setup.exe	db-installer.exe
PID 2448 wrote to memory of 2136	2448	setup.exe	db-installer.exe
PID 2448 wrote to memory of 2136	2448	setup.exe	db-installer.exe
PID 2136 wrote to memory of 2744	2136	db-installer.exe	db-installer.tmp
PID 2136 wrote to memory of 2744	2136	db-installer.exe	db-installer.tmp
PID 2136 wrote to memory of 2744	2136	db-installer.exe	db-installer.tmp
PID 2136 wrote to memory of 2744	2136	db-installer.exe	db-installer.tmp
PID 2136 wrote to memory of 2744	2136	db-installer.exe	db-installer.tmp
PID 2136 wrote to memory of 2744	2136	db-installer.exe	db-installer.tmp
PID 2136 wrote to memory of 2744	2136	db-installer.exe	db-installer.tmp
PID 2744 wrote to memory of 324	2744	db-installer.tmp	HWiNFO.exe
PID 2744 wrote to memory of 324	2744	db-installer.tmp	HWiNFO.exe
PID 2744 wrote to memory of 324	2744	db-installer.tmp	HWiNFO.exe
PID 2744 wrote to memory of 324	2744	db-installer.tmp	HWiNFO.exe
PID 2744 wrote to memory of 984	2744	db-installer.tmp	CareScan.exe
PID 2744 wrote to memory of 984	2744	db-installer.tmp	CareScan.exe
PID 2744 wrote to memory of 984	2744	db-installer.tmp	CareScan.exe
PID 2744 wrote to memory of 984	2744	db-installer.tmp	CareScan.exe
PID 2744 wrote to memory of 3060	2744	db-installer.tmp	SetupHlp.exe
PID 2744 wrote to memory of 3060	2744	db-installer.tmp	SetupHlp.exe
PID 2744 wrote to memory of 3060	2744	db-installer.tmp	SetupHlp.exe
PID 2744 wrote to memory of 3060	2744	db-installer.tmp	SetupHlp.exe
PID 2744 wrote to memory of 3060	2744	db-installer.tmp	SetupHlp.exe
PID 2744 wrote to memory of 3060	2744	db-installer.tmp	SetupHlp.exe
PID 2744 wrote to memory of 3060	2744	db-installer.tmp	SetupHlp.exe
PID 3060 wrote to memory of 2156	3060	SetupHlp.exe	RttHlp.exe
PID 3060 wrote to memory of 2156	3060	SetupHlp.exe	RttHlp.exe
PID 3060 wrote to memory of 2156	3060	SetupHlp.exe	RttHlp.exe
PID 3060 wrote to memory of 2156	3060	SetupHlp.exe	RttHlp.exe
PID 3060 wrote to memory of 2156	3060	SetupHlp.exe	RttHlp.exe
PID 3060 wrote to memory of 2156	3060	SetupHlp.exe	RttHlp.exe
PID 3060 wrote to memory of 2156	3060	SetupHlp.exe	RttHlp.exe
PID 2744 wrote to memory of 2196	2744	db-installer.tmp	InstStat.exe
PID 2744 wrote to memory of 2196	2744	db-installer.tmp	InstStat.exe
PID 2744 wrote to memory of 2196	2744	db-installer.tmp	InstStat.exe
PID 2744 wrote to memory of 2196	2744	db-installer.tmp	InstStat.exe
PID 2448 wrote to memory of 864	2448	setup.exe	DriverBooster.exe
PID 2448 wrote to memory of 864	2448	setup.exe	DriverBooster.exe
PID 2448 wrote to memory of 864	2448	setup.exe	DriverBooster.exe
PID 2448 wrote to memory of 864	2448	setup.exe	DriverBooster.exe
PID 2448 wrote to memory of 1248	2448	setup.exe	iexplore.exe
PID 2448 wrote to memory of 1248	2448	setup.exe	iexplore.exe
PID 2448 wrote to memory of 1248	2448	setup.exe	iexplore.exe
PID 2448 wrote to memory of 1248	2448	setup.exe	iexplore.exe
PID 864 wrote to memory of 1704	864	DriverBooster.exe	WerFault.exe
PID 864 wrote to memory of 1704	864	DriverBooster.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\db-installer.exe
"C:\Users\Admin\AppData\Local\Temp\db-installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1768

C:\Users\Admin\AppData\Local\Temp\is-U0BQ8.tmp\db-installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-U0BQ8.tmp\db-installer.tmp" /SL5="$4001C,28855075,139264,C:\Users\Admin\AppData\Local\Temp\db-installer.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2856

C:\Users\Admin\AppData\Local\Temp\is-1RBME.tmp-dbinst\setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-1RBME.tmp-dbinst\setup.exe" "C:\Users\Admin\AppData\Local\Temp\db-installer.exe" /title="Driver Booster 9" /dbver=9.2.0.196 /eula="C:\Users\Admin\AppData\Local\Temp\is-1RBME.tmp-dbinst\EULA.rtf" /showlearnmore /noemailpage /nochromepmt
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2448

C:\Users\Admin\AppData\Local\Temp\db-installer.exe
"C:\Users\Admin\AppData\Local\Temp\db-installer.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2136

C:\Users\Admin\AppData\Local\Temp\is-2MP5D.tmp\db-installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-2MP5D.tmp\db-installer.tmp" /SL5="$2018C,28855075,139264,C:\Users\Admin\AppData\Local\Temp\db-installer.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2744

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\HWiNFO\HWiNFO.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\HWiNFO\HWiNFO.exe" /brandname
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:324

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\CareScan.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\CareScan.exe" /savefile /silentscan /low /output="C:\Program Files (x86)\IObit\Driver Booster\9.2.0\ScanData\ScanResult_all.ini"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:984

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe" /install /setup="C:\Users\Admin\AppData\Local\Temp\db-installer.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3060

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\RttHlp.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\RttHlp.exe" /winstdate
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2156

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\InstStat.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\InstStat.exe" /install db9
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2196

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe" /autoscan
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 468
5⤵
- Loads dropped DLL
- Program crash
PID:1704

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.iobit.com/goto.php?&name=db&ver=9.2.0.196&id=db9scanvsinstall&ref=driver_booster&aff=137273&refs=db9scanvs&lan=
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe" /afterinstall /setup="C:\Users\Admin\AppData\Local\Temp\is-1RBME.tmp-dbinst\setup.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2960

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe
"C:\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 468
2⤵
- Program crash
PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Driver Booster\9.2.0\CareScan.exe

Filesize
768KB

MD5
8522072cccb402187010e358b70294b4

SHA1
9f4d80a9ac027fb2cde34cf7071e92857510d13e

SHA256
8d814599f517f95103f8bb93bd2faa8d8aca5f1928423ebfe8ad36274d4165d3

SHA512
a264cdb8c2d9cf3e1751a29948fc4c7e5f63041d6b16e7c5421824fdb332c509ffad918c27362151566c062c808a43cb5f34ada9c54a83895c8ba554f4b8da4d

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\CareScan.exe

Filesize
3.4MB

MD5
c6feb1cdfb75f6bf43176c68a6be5d1f

SHA1
a33c81b1813e0952684f776251f18442d728b446

SHA256
9da000115b0e339b87006085a2cd036ae6a8a3b6d1d1bd9b4fb6509e04f5e467

SHA512
5b5b68857e7b9fffffabbc08f2d692eb902c21f44e1d162ac46b88f5b79084804ea02e14fbc119a992292178ee2ceec6f895a73132b72d0fea2fd7dbdd672984

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Database\Opt.dbd

Filesize
34KB

MD5
ff465e242f59889437ee040ef11d71c9

SHA1
d140cc8fea91b7ade885242d618be0bc2fd478f7

SHA256
96b8e12acff09ef8ff2fe8a989e5545fda9a938cef4a57e9ae2273fdab51d552

SHA512
41c1ba277a47e9072879fc985d02b3ab9e0bcd847151927f50485aa05228b646ebb8f569bcc37eedc58b3f0281d6104a590d8d2c0b096f356f1355e3327f8b49

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Database\PriTemp.dbd

Filesize
34KB

MD5
2f001a9d00c9a51e7da0cd6b23e4917d

SHA1
4f64cc8a294e49a18df2fc6d388a9c04e10ad752

SHA256
8bf51a666c5db3390e2e29d898260b296c97db07a4bbc3600ca76fd46756e1af

SHA512
388b0e81bda7248df1adec01b6145ec6cf31150e4e4f20ff9c6c12a85d2b9d9228b840cd20c81dbce53968441a0215b7f32e9e089c177c07641c59179eb4c601

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Database\Reg.dbd

Filesize
22KB

MD5
98105a53cd8aaa20da1ef27e147f7d0c

SHA1
b19c71a5213115593fcb982a2ab9dc24c502be9d

SHA256
6fdb5829bfaad49bd29b4fd3ca5b5e82e0d8e31d5b2d865e328e97e7a224ce6e

SHA512
3daca5cd169a2bccb165e840d5d4e3d9c96c121c7a582fd4894ca34bf9643bb4a36637ebd3c85dd53006266812df3e84f899317ef2e8d0c394e550832d2ecebe

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Driver Booster 9.lnk

Filesize
1KB

MD5
b0f80b5b0538e82732cd972609b1181c

SHA1
d00031d8aad73b5be4e48cca0857f92ec2a23839

SHA256
614a85a2e1344616ca3dcdb8252a6a38adeef22c59c16783a3802d0ae8182a37

SHA512
69cee16e0175b4d4c3510c80ddc0fee9f906301749b8af53739859dbfe0962840ecbb08c1ff38d0abc094d671d27bcbec2b9e2604013a3b73a9a906929b82248

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe

Filesize
3.0MB

MD5
fa4c6bb0d3ce06aa9a5801e6506b1e9f

SHA1
370b82ae1078186649e3300660b1b0187ae7fe5d

SHA256
a91f9d15813b52ed286188e38d7f85475f2c80e40937a0fcb3519ef72e3d2cca

SHA512
7accf3164736c6570edeaad9567cd64759813080f976b57dffe05dc3dd89f6c03353acfd7f43301fa574b3ee378c1029ef1733b8d5a6b3cbf68612033595ef27

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\HWiNFO\HWiNFO32.dll

Filesize
1.2MB

MD5
e937e1a411075768ef3f287f9abc128a

SHA1
ee63928100563c1d846ecdc462a5c163ecce3d4c

SHA256
cb81c7cbd229b639f24db6655edc67f4c32954778d24e086d45a7229cc58351c

SHA512
a8a6123e1b88d3708ae76ab1ea2d3f15549d03549ee07fdf935357d06792fe63cceae7034e250588415040b8e11b0e892016bba165c488068c6c48f4cc7726a5

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Icons\Apps\is-S7KBV.tmp

Filesize
1KB

MD5
a364eb8919ad57f2278960cf6a062862

SHA1
dd7fa8dd5894960fa47e8c74e2acec034da803d3

SHA256
ac4531a4b4fe3b34054eb33f2caabe2776be0ea5fc5056670c139caffd51b4f4

SHA512
68e06dcbf244211caac4e386bc73856a7b4da97681e58de3470d6f1000abd336c2d13c84ee11e2bcda9a48afd176efc34f9567ef3bebd5577731956402ead96b

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\InstStat.exe

Filesize
960KB

MD5
f31924e45d40ba7acee83d8658d8de10

SHA1
c3df1c6863a83c960370423aa345d3f471f20aa1

SHA256
4ad7a5839cbf60bfca4bb4e423e9c14fc54147989eb2caab1e52059529bfb70c

SHA512
fe068b1170519970ae6ec2b6bbec6841aec36a610f127814615ca9026878e5ab6e676814e16880b77f66d243def8329f2dffca3a99410aa1def1c2e0670ad196

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\RttHlp.exe

Filesize
123KB

MD5
8abcd3adfd60590deb7d06e350c96873

SHA1
93b5bd0d1e44799dbdd91f8cba445006f481f3ff

SHA256
fa36fda225a0d7431e7f8335e20013f43d960cda87cdd447f4695aca187b1eed

SHA512
57b289a03966ef2d5398b433e2cb0b51c1b6caa58681b689b0fba0e5fecf0c5b970762ac94a61778e8a454ed101dd9492a98415c1d7943784c9fc1326dd83bfc

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe

Filesize
2.1MB

MD5
a8ceb3bf0534835a1e279e2bca9e0113

SHA1
bc029fd49d3e3987208e5cf67518f97677a3a38d

SHA256
3c99a02d2f1710f88e5d17eb931f0b5dcb7e151d23ea952a925f3fcd0ff0671f

SHA512
710b1bb59baa30598165672ec877b8ac6288f0fff81d81cb072a90b56b427fde8c43ee267979f15a7ace3466fa2d605218496709d41ab04c0f3d118a3af03ba9

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe

Filesize
2.2MB

MD5
775e86e79a328d6296d7af717e242a17

SHA1
6f5000487f8bc4992cfe5c9b7950e834500de0ba

SHA256
abf302b29e7d5b78ba2d682dfe60ee61d682e572db9f4a5eaf6e0fdc6a8e537c

SHA512
d643aca53eb1679887276ea0442c8a15f944e914e7180328fc5153a941aaa00fca1eb8251b7091c23a52efaee9e5b77e993040a6b8421592bbec449b26d3d4ef

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe

Filesize
1.6MB

MD5
5fb4c1a5560a48f51bf81d2b892a9c23

SHA1
9d5893b3c90a14b5995718245379f11d2871d4c7

SHA256
869a3cd0cb198a83aadd9552b466601eedeae6072c5efd3aa034128e93a15f40

SHA512
a94bede62899880c277413d3ace568074ad929e43c1565afa0cc619738534bc4784542de81c6f472d98584efdab40b59fcbfcbd70dd924e7f55bcba0a23713a1

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\Update\Update.ini

Filesize
1KB

MD5
9e6e954ffd11bacfe68d555ce1866869

SHA1
a28603f451dd1faccd9edc90909c078fcac48724

SHA256
604c72be9de9849090e96168c473de7ca3d813b890ae157599cd9ed09d079985

SHA512
be70bff84446810d44006990832908f4dd9dc41712d39e7b3d1679fb11d93eaa8353cddebefd2046dd1bea699ee00d4aadd5b3cc14ac94e9c22a3b39b6f8401e

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\cus.dat

Filesize
1KB

MD5
11cae1332523ca0548e1da550c0e290a

SHA1
44b7fd9b0063fb1d635a0bbaad350e3817378bf8

SHA256
bbe18253534f0eca73f7441379fff6f07016f833b150eb984a04ef430e534561

SHA512
7ce137fb173c49ad7cd8274e10c33e31940f981e3198e5ec95b7390c5e7fd15fe708635f48058b6b3a08ce001535c9f3343d5083e8c1e6517d94b9acee2c3d92

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\datastate.dll

Filesize
75KB

MD5
05d73ef4eac3ef5cd06f81ab292ec499

SHA1
4c8f7c64f2900ef70e048105f02805f1c38b94ff

SHA256
f4ab13542590fb63929cefc3c2c598d37637a61f49ab99b8de4eeb3f8a4683b9

SHA512
bd6bd095eb3281deb65590659a39fb9e34bab5c1e7ebd9796ec021514de149e9c09a9eabaa5a796371b5ec9d92989b5ae8dc6381fe7443aa0a9b5adcd795d102

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\is-54UE0.tmp

Filesize
28KB

MD5
b0381f0ba7ead83ea3bd882c1de4cd48

SHA1
c740f811623061595d76fce2ebb4e69d34316f3b

SHA256
44bc9472169403484a0d384f1ca81989ef7e4b07441758e8a0110078933cbcb5

SHA512
6cfb8bc562d22843d043411720db97d0b4cbac96a20983d83d19e59b8428ec202f2532cc5af254438dc34fca4161abbd3f6bac8d397590e41b6d41e60700e78a

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\local.dat

Filesize
1KB

MD5
69a25802c92c323ea139917f67ef865f

SHA1
fe6d3132a38daa1994795fa989b08c5308e0f52a

SHA256
d29cef64cff5e69dd1cac44e20d5763a71667c75404402fbc28fd9b26fe0b386

SHA512
3d68632ea3954421bea12d0f9e85f212a080f40f05b86152564e11c01354aa1f32ab1ff71ec5848bc86b0dff3e82fe44e2fc2981385adf2ed97c101d3468c70f

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\madExcept_.bpl

Filesize
320KB

MD5
38403698e969ab31884fa7722a87e1c6

SHA1
b6d0cf0518af1e7f14a2085ead1c418161ca1ddb

SHA256
c106c75890ac3b5ddca638d73efe734cb0a675d0feab0e415bf018d2a985b291

SHA512
dd42b8f7e6e08f1fb095e1fbaee847da936af66195cc6eaea305bc032d858e852ed96192de442d85f823af9108e4a90bf773d9fd1bfc8424b17c0286a639c788

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\rtl120.bpl

Filesize
768KB

MD5
e559680dc46bc923dfdb8cf3069e4c51

SHA1
608efad0fbc45e16c90453ced8adece7b6281215

SHA256
e510ba251a56fdc72d58508213ecddcd1876b99c8c990e6101cb157f280d43a4

SHA512
7c8cd9efe70c0b8190134c67f3efd40bcbfea9616b3f622fd4832af11ad31f52a5a0027da3931d2b6f899747a7e7c0a54804d3e503aeeea741e28af8b202d4e5

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\9.2.0\sqlite3.dll

Filesize
64KB

MD5
78625950be16b1840a7ae30b744efebc

SHA1
94b7806d0aa5c331edb086f7d322d11dc329c422

SHA256
f35250f8ebf53ad0d148234e4ed0cb5e6c411e121979da61a2ee79636d360e0b

SHA512
766003493e03a1f7923bab064271e96ee6131a485239561e0a0948c97b88cf23df9b5de3f6fc06f8c654fe0fad6ce8ebaf7d2556aa0869c10a103b0f10044ea9

Download Submit
C:\ProgramData\IObit\ASCCache.dat

Filesize
98KB

MD5
a734030a512a7fdd31ed658eefc00442

SHA1
f56fbd4d7defa256148df874ffcca07ae1acd288

SHA256
e6a457cbc5c545d315c37675577ec54c4c9ce9976dd66ca2b9374a8212730a83

SHA512
464c64a87293355321fa56f4f2a105151b78e86fa4dcd81ff1532e86c273d7dc276878f334b625dd828e3eb40a46e160ccbb5b79793fcc01bd2478297fd217ec

Download Submit
C:\ProgramData\IObit\Install.ini

Filesize
94B

MD5
e6b36e221469b4a822adbacb0053f22c

SHA1
4ed131b4e76e90cd6ffbcd29ceb7e37dbbc322dc

SHA256
4fbdc62ae67537105bf45bc5f5118848dd19daa347c787235a3f53a56e127f90

SHA512
5119402815ee532fbb07c60d5b8acccec222c54c52c5ccef990070637e51d39a8bbf714a0c3f55d1e790127ad7361c071c50397dcf4c503e4960c2c7e15f3766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
17babc908503d391f8b2b640f83aec75

SHA1
f84edb6831335e7eb5e6f08b04aeef60a4cc8778

SHA256
42f3d77cd3fd347178a7dff5c995ec1215dc7c76ec11860ddeceeca5dfc67424

SHA512
f4172a721ce767aa0cecec363b36a5ed5879c31d57f75482c80359ff212133085b3a172f30c65bdf8c3a08e739f82e7763e5af73644d8cf620d65f96cb1d258f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f85e921f9fd2c3791ab347adf54c204

SHA1
2eebf59ec5c574f61837e33a886f41194a52ef25

SHA256
91c528e24d75ae9174e3fadb3f2e15c26d59ca8259e15e53b5d5b6d37adce4ed

SHA512
94d21fb5e1077691da4dce9d045d59476b881818143a52e472d551587dcc1338fb5b698ea4d50bc1d10ddd49ad181e7639bb76823685e86b3d05ac40371f2661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a381f601993aba06b86dc7ea87b4b0d9

SHA1
de29aa8bac6fe484a869d01db92cf5a71cb61bc6

SHA256
56f5f8a939d1b03b89ca6c785ffa69fb1d6e201140856dcc97f58030b088148f

SHA512
4c7dacebf0f657e733271bb1801500cb505c7ff721a7696fe6b8122801e555dd240515d3ecb594d0d26ebc3dd38f23390251fb2e7306b80bdce5b94abea1dcc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe07f3dbea7e3e34dd72b822d1f72acf

SHA1
269eca3dcda23138311a4adaf08d3a3606115fde

SHA256
896e959f4ee5aa903494dffe01413c722a4e88f0038f5f53c479cefc52d1f1ed

SHA512
f00ae0ae201466711cc017c806bbc3f6f1940b7b8ce316345284e0f2f3cd31bc4df656f0b3aba69fbacfcbcb714982d849edf104f15ef9005daf97f2dfaef446

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c93da4434476869ea2f767c378965583

SHA1
c5f087f7e31cfa348d2de4e751ae61613f3c56cb

SHA256
df0792a00b6c516b59e5c97ca5858c41f7b9646316bc9abd13d412eecdabc8e0

SHA512
1156f2c89e416ad85a5f0006c02f98d276dd3421d214163dec170c5be4d9c078dd94d57779a80af55cac8fd59607d5ae9d70d4c0a8a3e08500124d6cb32ac455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c58e5bba52d142ed256ac1acd8b421b

SHA1
65a6e7c9878d9b8db7c1482714e4c4334cb48841

SHA256
eaac39c8624016ba3ca14d3a4f9119e35d32e3690fb2053a6229c78b9b9d0398

SHA512
3781f30431ad840c6baaec2bbe2681ebe4da52c3a568a0c948d16b9484b18a05259f83ea8920f6ac5b7b432ee7567faec97111223e2cbceac420bdb76927c90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2faee2c45b7bbc45022ad9135aff67e

SHA1
7f3b86e8aed852160afc7bb22befdfd0d8c1f856

SHA256
a9bf9639f6b2d02c3216d08fe24bbf80ffc57c45525d82a0e2225457547ca64a

SHA512
6d583f4f8051bda143ffbf97b7fcd0b186fc92b3b27d7b8907f71a11e26e832cf8685f188568c74093c89a2ab38fbbff271f4726631d0edcbbba052707642198

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3991d3362d5d9bb74a0de2199cdc973b

SHA1
b4e78be8c80369c7655e52d6dea233ca6e3f3b59

SHA256
fdb4462692cc47b15d817468924fd97ad447a17c75ff1fd4690875c51575c724

SHA512
67b539ddb7fc566fbac13309d511ef47604748c23c337668879ba3c359e05fcc5f6d659b7c95988565bf0ae3d62295cbe3538b7bfcd7ec92e11d71f558c60f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a12cf1c6776d6bbf598e03ff2f4b205

SHA1
3b56bfba2d31be78369f785b8326b752d06de579

SHA256
e811d0e920b2d3ab2743bbc5bf4fce31acb35e0dbfe59e0d18439c637f44cd7d

SHA512
b2e8bacf28fa22a7d39c734c7890639f4723c6b446a380b475f0d60a78fc2971fad7f9233d0a4dfdee96b87297d1b88f9d1f41d6403bac4f31fe876c4c9b14f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1b6d66c66bd5034a362a14d261436ed

SHA1
08de97f4092e82c14bd77134a79b025b4be0aebf

SHA256
ba285f87b223643dcc0b0da981242c83d844f5769e0e8cf39a10753af91f1254

SHA512
a2fdeaa06736c64c9de740f3de3ae90400a0a1f4c98414b32110a96484cd58f3737b7cc57df67adf494d21bc97f2b51e05ee6c3ee453483a0758f600435f1124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6eded7438ba7a142b6b1b1a10aea2a94

SHA1
4d747fb1d1f64053135e15ddc79fda80e3afe877

SHA256
ccda8315b327c86844ba0945d7c368ea0e8c545bfe6fc84bdb3b449b5731c09f

SHA512
e001597d62df93258a1694966853a3c0008f67dc67a31773b60c856ee90ae82b5a431b42f563170c26726bbe8315247e1f78d4ad1156a8fe65c7b54d134931a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c0e131e5e3d3bd3907d83f0ed7a2f3f

SHA1
7a9707c569b0d3e3fcfe7d75b5946c58daa762cd

SHA256
7f35ed8b524e086d571e3d34caefac39e65ec801acbbaaa4b95f040527356446

SHA512
831da8578fbe6c6e15fd2ec2d13b778afd8b6c76f0e84855bb103d7414923417ab6bed88201058c195438a74dcf9992f9c624b864a78d5ee6b6ca26378c55c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a22093757a08585fe6a347130793872

SHA1
7d1804a30c1e5136c59729cbc2e1eff61b5c5843

SHA256
f4bd101547ffaa3b86880edd5e7600ceb428c5d6dbf17d8f5f5644be37cbbe9e

SHA512
b9aa74892edc4ffbd6de402b1ad15d05d3cb415c583935c550add049bafd0df9458f7ba324cadf6a5ffdb6d83b4bbdf5677bb00439a7db4ea2365d275e44ef08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a682c75ac40c92ab79dd022b5676b270

SHA1
c52743cdc61ea9da150c795901534ba36cec0577

SHA256
45f124cafba810f234c7a191225743a20f060fda3b3d4af4d0212349e3474df1

SHA512
2afad025a8573b23c42d24d262146b807f3035c2ccd4ceb48033f986807e90708effa440cedb132f6c6097569a50b2116d39177904c86a01d918e9e56aff381a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0982abd30c6ef77e9f9fd9d5c062a52

SHA1
a9b61696c90e5981598f6f964d91e18656d10e3b

SHA256
27c6484305da44e3cd983ab71ce89aed653cb1fec62f2e530849bb2cea37ab26

SHA512
05b0384a64d8d63b4ffbce1230bd1a57ad284ba64dca652f0c2266e0bc4795058cb4604e712ae10dfbce9bd9e9bd59c7881ae710f4f49e14dcf4f051006375ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f6f55dccc8c92370f8313a1147899ff

SHA1
ba7df7d8d7bafbdfc2f27357ddaf7432151d6db4

SHA256
b299f5ba53f9c41fd55ccf9c15e59ac7f5756f3bb11d6fefbaee22cdef3e29e7

SHA512
2a2c2cea06d5d2d922d2798a4e7d07b846e69514dd3606fc12bb7396d0c626cdbc0ff3bb22dc3a2d87ead33bd9f7e69b19d3cc44049233b11728d7a7fa280ed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb3508a2b6c888a89d79b0e890bf4f9b

SHA1
e22704d173d7bbe2a525fd52ce27fa2c7f7bf69c

SHA256
e62c228ffaef8f815aeb5552cfb3c6d28c92a50938fb8f14d3daadf00441a571

SHA512
5de2e3a17b00f7be3be30ce406fb71583277d92d95f7fe47d384cc8bb85d39666f6d1fe4401c59133b1827eca946fd9de5f4743db1c142301bcecaecd6f2ea1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98d6b8e6d6ebfd992939da4c4c687df5

SHA1
4cd0028c773bd48eba6f4575251cd1e9a1d1b274

SHA256
47afb2044c55e1a78d49996d70bd633759f27d8af7efafd7b5ccdd4b7769a882

SHA512
8fe396e3fadbd908af982228d811e3296b11038ed5e67775285b858b3ed5f8a799c851c10df90410ead65fe52d680b1a19a04d7951b364ec1aec18dfe948d46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico

Filesize
1KB

MD5
fe4bf7aeee2044a60a1c90e571da86e4

SHA1
8e55902176ede5b0338a784abb561d2ca1de9e7f

SHA256
7ce5ff7d3ca3fa04ac4718ef6433256a44b6181cbf255f68fb248f7ee7b02239

SHA512
de9ee35369f03d1415f992c0827224d21d47108c55a5352244bf327379a45d8cd5717f32d92c0ca16754e437dd82033f24f308872265840341b106c8a38b2509

Download Submit
C:\Users\Admin\AppData\Local\Temp\1707768665\ENGLISH.lng

Filesize
24KB

MD5
b5df6251f4efc8d769f30bda8898d7d4

SHA1
19ec86318bd3641b66bc86c0489f686280fbc9ca

SHA256
647fa0cfc53ed76dfa6b87f89d46e06efc54c3c78ca4f34755e833d3df080c5c

SHA512
56e2a4a7f96b1d414bd6ed2e0372714bbe7f47ee51f4cb36504160fb0e1c8bf21070ed5fc056fc60c1bbc0b0dfbcbf3798b3ce2cd7d7aa067ac6f6dc7ad63c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA43D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\HWiNFO64A_151.SYS

Filesize
61KB

MD5
b8b796586c1c177ce49dac10c57088ea

SHA1
37df4c40300da4ef18971ef4dff96c864c3e463a

SHA256
a6e75c3a21436941e9a6a111fe3a708be1753ab656ba247a40b401206096641c

SHA512
e4039f6cb66115fcd01845ccc1cf3d0cff5791f2c7b5aa32a6fe741d8317e865e608e99174ecb13d5bd1130f0b12811c8f7bfd60b0e00b869c4d84d0265ca9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA4EC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempSet.ini

Filesize
176B

MD5
eedfd8bf2b9fd42cdab0c258d5af0aef

SHA1
ac99d013fb04c58535bfad04b9998f08e58e1f6b

SHA256
9516837ca54ecf3456e069aec48b322e2a26b575f06d46a8e06445a5ca39a24d

SHA512
483dc08dec15de5e7124ffa3e77a69f4ceeea69738b47583086b5d80c3e2016b4ecfa9b7f942c17cc68491aad1c199406b428bc4c266a3b7490b300f82cb7468

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1RBME.tmp-dbinst\setup.exe

Filesize
8.0MB

MD5
db4bd372a65daf22d56348e7db42621d

SHA1
71b251cb086602abacecf0d34f45f9caa9b5ddcc

SHA256
80a351603ace2074eaba136f114e12c1f8842e235b2187ae5aacb18f21e3533e

SHA512
39c1f1035ac7deb02eacf67eb082690d608079b94aa138e60cd6a2ab67434e0c73ce02a732ff6962866b115a2d8e75eaf3c60ccb67e5f396691bf6f4a5ceaaf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M6QFA.tmp\Inno_English.lng

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
56B

MD5
37ba980823908ef9d3dbbab646a0c436

SHA1
5a549c0e5b38479bdb797ad75ed20a3196c6976c

SHA256
bda1cde581bd73cff85aaebd778a7e4a13a4c6028477431a86ffd9ed43f481f6

SHA512
583c84bb9cdc3eca80ed484b29b747df27931b783af319733f4b90fc2d959e066f32f25f08b4d94906dfb4df895684f8db0fd0567d0f4ccdbba7dcb92867d242

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
148B

MD5
73261895c7d99b0a3d0f61a5cae3f789

SHA1
0f9624ceb3012658655debf68130ab9930f31741

SHA256
e716cfa34da413857ea276d96acf05eeaededcd0cdfce441496ac5bf5e2c2997

SHA512
d465341558435b424224c3bd7af7b9ed220cb6a31f8897f2344728d1eb759048a8470f74a208ca59e572d6f9a5baf437b58978fcb2ef643f73f70b0c4827a3b4

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
235B

MD5
1f96263707d3429d721531517c3d3101

SHA1
562762f6ea3fabe64ca8d93752edad5634dab22c

SHA256
2b885e2d91c23035fc456037584dd125fe1dac4676d5585615e73bc381e295ff

SHA512
645a15e1ac0990a7207f48fc8ba583208fd3ec3e48e77115b9492816576172d68e666cbfa1ddd5517d0e68d4121160ae8be2a9c834b4145f916170f45e06c049

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
580B

MD5
668eb4252a2bae9ed84f9826a8f38539

SHA1
88948e632ef52f4bacf4097ee46abcbe17e69a19

SHA256
6fd650c29ceb322676a537e063153ae0ccf4c6600e4a0540e219622009e942fa

SHA512
0151b06bd73f417db463018312ddb08594fc56565bed85f17d2f0e2a46112f9cc71ba234f2fb23fa60a8a84532b391187fdc855ade17c02f7e48bd563c88abce

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\CareScan.exe

Filesize
704KB

MD5
db28121843b3edadfdb7f66231a7c08a

SHA1
ba4e81cae583017f89ab51c19de90533c8f628ce

SHA256
bd73aa6c7363742d5e7376bebd5e0e925f8ef56454571db2b279ec45e5ee311b

SHA512
b9aa0a328d35bfac0576aaa90629d98cab9af5cd1d726e774927efa1fa365e06b25a1caed72c69e8b35f85f065f001b7254642ebecf93b235f0fbdd82960f752

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe

Filesize
2.2MB

MD5
62e01a950f3393f242d0651540fdcd3d

SHA1
2278a81a10df2b28ce9e6d897ea0d4c434175b2a

SHA256
f40fab89b6bc7e09dbbd1b61e0be49a379d999d6180331d307f22aa23d7f257a

SHA512
7bad65616b40339146f98cc0c3fbef5cbcfe6a2e14f78397b7eccaba380192b346bfabaab19b6bc766e9f5c368667e51b0c5790f77a8d2f4f5387c52c17741d6

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe

Filesize
2.2MB

MD5
6baae33ca93c7bd77507263c8b408e0f

SHA1
3ee2b49fd5a43d5cedb3a27b952751e8db3ac427

SHA256
199bb669920c57f585c3cc70a10ca53611eb72c022f75b7b1923a5bfdceb88ad

SHA512
1f89f5e5ed3ab526c4152d2bd6895d56dc40294e7027518105072be566824cb13161adc87e181b29ca25f395f2ae2533233323b24e05d670faf24697956ad222

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe

Filesize
2.0MB

MD5
efbb57af1dbeb08457ce8d892eaa81ae

SHA1
4b62aab828d4f9e04762d1c7777ba179a7a3130e

SHA256
7fa703669e930b6cd01f987e2a25a23ecbc012da3fe0c7e3589b9b685bc82790

SHA512
c9eea550e69256e047fec015a217a96948779c23be46cec28994ceb0c906317a7cab4e973e2d3f46defe6cc04cad60cf212ff972d62ef4d7a6c0fdc0e8f8c8d5

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe

Filesize
2.5MB

MD5
aaa1eeb94f9528d40abc4624f6150004

SHA1
ba8ac3235ca3f7c5024f06d056795142cef374d2

SHA256
c7c70ed48b2fe3ae2cc0207854a544b791cd3cf5b38da5c5ce7fad8d96368828

SHA512
d55da2c40a22a9e956ede36f35ea7b6768e4add434dfcbff2f21180bd91fe40657aab2a3f5898ed46e626025e9c8efd1547e1bf5cb1b3a0f089193b13adfc0cc

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\DriverBooster.exe

Filesize
3.9MB

MD5
c4be4a33044b9d7a47c54b958d6551fc

SHA1
c2fff49b7faafd2041e987475942387ec29b1986

SHA256
ebc5001bc71ec742a099dc72b109c6a2e972f0c0466fdb1296369ba893369c23

SHA512
a9f7d00c19b81f47c0649eb010fc5f13965de834d38937dc8eb4bb87459bb2f8eaf2df379cb89cad3f84510cefb39e85bc0b6a9d4a64bff7c2c252cc93d5b7b9

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\HWiNFO\HWiNFO.exe

Filesize
171KB

MD5
226c4e3cc9f513f98a128c08f3dc7e80

SHA1
428f8c580aff677e4a36d06f71bde29106d4e2ae

SHA256
9f1d61d16b505064c9cba003630c09b1d09f25e3e42deeaacb105a7b246d49e2

SHA512
a6fd2c5df7939ae18ec7c1f1dab883c23017028f74b3a6ea708fec3f568ce99ae69827b4e5ea4587b55a45ff13cf4ea229044521cd8a12ddf4a90e73f5504d9a

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\Register.dll

Filesize
1.0MB

MD5
6caa319bdaad461f70be7215b1a14f1c

SHA1
88e5e169f004e0a423df672219dca962e8a8c23d

SHA256
c06ef0b045143a04f3df20cf3cd9938f47be24c207f0af1c1fe011c01f39a795

SHA512
bbc2fc020167a083fbc0d615983968ebca77224f7cd91b4fc6a489d9a1b2c677cef8abc99c8268ef18f8b9fa3bf86960b0709aa164362a6066c8c93e4abb25fa

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe

Filesize
2.2MB

MD5
84c68bb116cceeebca613d4292fa6011

SHA1
9bc3d89b5e184ab93d29ceecd21e9c092bd0e112

SHA256
b48955ebcb7b3aa57a0dd95889d5ce28380a3cfc1187f6f22d534cdc6d7491e6

SHA512
a17230779afbc971b32bfe1817446231bcdbfb5ce5cf4abef0425660888ad8076e45d6acf41f2f6f8be2aafa48e73487dc283762bad7b2e2c4eeb0f5b854c004

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe

Filesize
2.3MB

MD5
55fc21b6a27e8ef8581ff5c0e56b0478

SHA1
d232b413b8197033ed04f5cae3902cd96f1f08f5

SHA256
fd690be6d7eebebd9c268be09154ac0a808369b277a21ebef01ff4275da5451d

SHA512
f82604d3a2ca05d518efd4a50cbf39e4c204dfb1ec71c9399ab58d5d86dbd474a26db12230e333b1fd0dfea47279a4dba636cb69001613347bc99066435d2f45

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe

Filesize
1.9MB

MD5
3b7702912a88980e838c5c0955f412d8

SHA1
a7253cf8050b92803576218884c98331abaea76a

SHA256
716aade73bc73176fa70cb7e2039ea54f5aa50da15a968abfc270c9d5080aaec

SHA512
6f9e9398371ec09bda80267023739e98c101e3c2d78eccd2ceab1b23010fdad3901086bdc7543239d0737bbfac77337b3e91e223836c6844addeeab100be2f1e

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\SetupHlp.exe

Filesize
2.0MB

MD5
b08499b4aa859fb964ca0460d5d3bae6

SHA1
29b7bc34cd001498d507483b38a0221e47beb8fb

SHA256
a40743adfe171606341ddf7ae44005d6fec7a11291e35b2975870dfb9eb5edaa

SHA512
4ec9ef8c870d398f9299478585c6abd0b60c1f108be9ca15c075df26742439af20a795e664c24d154d8404c42d5fd2ab49caf4cae2cef9318aaecf1545975de1

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\madBasic_.bpl

Filesize
209KB

MD5
752d6cd2023479342250eb576af4b451

SHA1
aabc6e14b64a68dd9e934036d25d3a602684cd3e

SHA256
6bd8913a44147de462eb971335938caa3906ad5a4bacbb8615c60024670caa5c

SHA512
15521c8a1d4d6a13783c347ebc601ecd6bbb3a489b46893ce0aa4c4dfafb9ce8f3cd2b8e80938d157e7812064b64836e187f274e3ffdaa68cc3bd5a4313c7ec2

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\madDisAsm_.bpl

Filesize
62KB

MD5
1856c3d0aba628ead9a1ac8a713fb11e

SHA1
196f94ce689b4de0537190582baba76e131e00cc

SHA256
9e3bda2c295be18ddcd7406366c325bf52b090f87612854ce3e35f80b633e931

SHA512
9e5896398def73664fa502ee4e0964aa3d4a5f3145cf118c2a2fd27e58e8908fd2bf26db472e8e96d2f2508d24bccd065a4a347da33c44f800ed4ab8599b389e

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\madExcept_.bpl

Filesize
435KB

MD5
70d73d518ceab5e50623cb73353dab4f

SHA1
c23656077432925131c95ab754ffb773d3cb9796

SHA256
eb2573197363b52d7a240c7e8944ab6b4a07fe101f1df0da764f281a611246fd

SHA512
8956b520619ce8380d19e58743c94a7a26980cc0dd3874172df9cfb9a09f4cff7855fc3d69c79acb42a21626590d59609d92a258ca8c8f99f16732080fe20688

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\rtl120.bpl

Filesize
448KB

MD5
d5c8a319deea00b00c3b31234f490846

SHA1
d5502dbd3f0f64f89eba8edeb52b8f977340dc54

SHA256
faae6ad54cb8787569e10f9fdfe0b1709a811c0dd4803dc3be1759d670edf1da

SHA512
1ace691bf835332a11b0e100777de4f2ec801cfed8a867a62f073b8c0686e75caf46bd37d1e1ddafe87b12f7f9034047fe9e5b8d750e5b7e40a9d05717f63b8b

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\rtl120.bpl

Filesize
1.1MB

MD5
af6ba2df6a5fd24af4074be3b9a3e419

SHA1
a507188f63e54b48a13f5f1f6350773b9b97605b

SHA256
d1dab9914233a86b06c4fdb192507db7a516367b274180accf181cde5bbf9efd

SHA512
242aadc1ea77870f3de5e866661be04ca2693b4a67ac8ea457ce9fe05ca067d2877b500a5cbb8a880a91f50a5bfe5c7407d7f784d97707ea4fb39c2f1d277942

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\vcl120.bpl

Filesize
256KB

MD5
b2e859cd2e095990de28772bc687f194

SHA1
6f6dadaeab3ee853fc606fa8c2e01c0d8c6f01e5

SHA256
a66f98d3fe09f76ea7c0577515fa97c404fde16c036971604436152e4506dfbe

SHA512
66cf4a9fd81fff99f50015977d04122e0c4a91455c1aeb96f686726b75ef99bd53c6fa2feb858fed8d52d7e22c6db361b198037ab8654c457991236dcf9ccac8

Download Submit
\Program Files (x86)\IObit\Driver Booster\9.2.0\vcl120.bpl

Filesize
1.9MB

MD5
3dac8fc6c8c43f85ef76d33b1736133f

SHA1
6d2d2ca5087b755c8e49be84871436b9fa6cf903

SHA256
132828f816e9e4f0ba2ed5ae5cd62d213e4cfc698bf06543cc7890c5ed5792e1

SHA512
68ddf4b68101fd9ca9899a901e7e22ed66067c0416ccc96780f8c109724ffe583aa135996fffe47b185c25d768ab48c84c256c43eb769ed90e143e5235530fc6

Download Submit
\Users\Admin\AppData\Local\Temp\is-1RBME.tmp\DriverBooster.exe

Filesize
8.3MB

MD5
d922c1b1fe676d4dc34bb5dd7cc0045a

SHA1
0a7ba1bde86198ba1eda0c5f683aadccbe3bdbe8

SHA256
b958a7acda35a81f3110de427fcbf1fd06204329afa4603955c0c23c62b42a5a

SHA512
f0032e08b9311863be1e020c993928ffc23dd51f0710fe8fa57c91e8db3da35c2d2373c5e685e8173388df69f5ee397d83f0ecd0eaab2ee01f0f26a28ec3514e

Download Submit
\Users\Admin\AppData\Local\Temp\is-U0BQ8.tmp\db-installer.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
memory/324-593-0x0000000010000000-0x0000000010237000-memory.dmp

Filesize
2.2MB

Download
memory/324-687-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/864-1813-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/864-1818-0x0000000000D00000-0x0000000000D97000-memory.dmp

Filesize
604KB

Download
memory/864-1815-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/864-1812-0x0000000000400000-0x0000000000C84000-memory.dmp

Filesize
8.5MB

Download
memory/864-1819-0x0000000000DA0000-0x0000000000FDE000-memory.dmp

Filesize
2.2MB

Download
memory/864-835-0x0000000000DA0000-0x0000000000FDE000-memory.dmp

Filesize
2.2MB

Download
memory/864-833-0x0000000000D00000-0x0000000000D97000-memory.dmp

Filesize
604KB

Download
memory/864-1820-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/864-1814-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/864-1816-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/984-828-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/984-823-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/984-822-0x0000000000400000-0x00000000007A4000-memory.dmp

Filesize
3.6MB

Download
memory/984-824-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/984-825-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/984-826-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/984-827-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/984-627-0x0000000004A60000-0x0000000004B6D000-memory.dmp

Filesize
1.1MB

Download
memory/984-829-0x0000000004A60000-0x0000000004B6D000-memory.dmp

Filesize
1.1MB

Download
memory/984-649-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1768-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1768-45-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2136-755-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2136-137-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2136-134-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2156-730-0x0000000003260000-0x000000000336D000-memory.dmp

Filesize
1.1MB

Download
memory/2156-729-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/2156-728-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2156-727-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2156-722-0x0000000003260000-0x000000000336D000-memory.dmp

Filesize
1.1MB

Download
memory/2196-765-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2196-788-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2196-754-0x0000000003740000-0x000000000384D000-memory.dmp

Filesize
1.1MB

Download
memory/2196-791-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2196-790-0x0000000003740000-0x000000000384D000-memory.dmp

Filesize
1.1MB

Download
memory/2448-148-0x00000000076C0000-0x00000000076C1000-memory.dmp

Filesize
4KB

Download
memory/2448-46-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2448-645-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2448-830-0x0000000000400000-0x0000000000C34000-memory.dmp

Filesize
8.2MB

Download
memory/2448-832-0x0000000005200000-0x0000000005240000-memory.dmp

Filesize
256KB

Download
memory/2448-136-0x00000000078D0000-0x00000000078D1000-memory.dmp

Filesize
4KB

Download
memory/2448-836-0x0000000007890000-0x0000000007891000-memory.dmp

Filesize
4KB

Download
memory/2448-559-0x0000000000400000-0x0000000000C34000-memory.dmp

Filesize
8.2MB

Download
memory/2448-837-0x0000000000400000-0x0000000000C34000-memory.dmp

Filesize
8.2MB

Download
memory/2448-133-0x00000000043E0000-0x00000000043E1000-memory.dmp

Filesize
4KB

Download
memory/2448-53-0x0000000004350000-0x0000000004351000-memory.dmp

Filesize
4KB

Download
memory/2448-48-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

Filesize
4KB

Download
memory/2696-1414-0x0000000000230000-0x00000000002C7000-memory.dmp

Filesize
604KB

Download
memory/2696-1415-0x0000000000F10000-0x000000000114E000-memory.dmp

Filesize
2.2MB

Download
memory/2744-143-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2744-753-0x0000000000400000-0x0000000000531000-memory.dmp

Filesize
1.2MB

Download
memory/2856-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2856-42-0x0000000000400000-0x0000000000531000-memory.dmp

Filesize
1.2MB

Download
memory/2960-839-0x0000000000400000-0x000000000064C000-memory.dmp

Filesize
2.3MB

Download
memory/2960-840-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2960-838-0x00000000046F0000-0x00000000047FD000-memory.dmp

Filesize
1.1MB

Download
memory/2960-841-0x00000000046F0000-0x00000000047FD000-memory.dmp

Filesize
1.1MB

Download
memory/3060-742-0x0000000000400000-0x000000000064C000-memory.dmp

Filesize
2.3MB

Download
memory/3060-743-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/3060-744-0x00000000046E0000-0x00000000047ED000-memory.dmp

Filesize
1.1MB

Download
memory/3060-662-0x00000000046E0000-0x00000000047ED000-memory.dmp

Filesize
1.1MB

Download