39c6c6aeca196c769ec43efcafa1bfd83e4b666064815277f35c4076b319c122

Analysis

max time kernel
55s
max time network
102s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28-03-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

driver_booster_setup.exe
Size

28.3MB
MD5

db4740fd60c6bfc5a29c6557a16f49fb
SHA1

7e0787c9776017ea72034c252517c0ca2118e919
SHA256

39c6c6aeca196c769ec43efcafa1bfd83e4b666064815277f35c4076b319c122
SHA512

fcdd914c1ec0e954546cd370012907dbc5cb8577135b13f5e4181cafe14faf6c202d35f5313d43b4a0a538f36196fafc6ab0754eaaf243530e8b5f347e473fbb
SSDEEP

786432:OkyJPHCuZBzt9B1HF/T1PKaIv4wqsZ4lp/25Oh:mjv/3HtNxIgRs+lp/2o

Score

7^/10

discovery

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000100000002a7dc-624.dat	acprotect

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast	CareScan.exe
Key opened	\REGISTRY\MACHINE\Software\Avast Software\Avast	CareScan.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop	CareScan.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop	CareScan.exe
Key opened	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\SOFTWARE\Avira\AntiVirus	CareScan.exe
Key opened	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Avast Software\Avast	CareScan.exe

Downloads MZ/PE file

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	CareScan.exe
File opened (read-only)	\??\U:	CareScan.exe
File opened (read-only)	\??\Z:	CareScan.exe
File opened (read-only)	\??\G:	CareScan.exe
File opened (read-only)	\??\K:	CareScan.exe
File opened (read-only)	\??\M:	CareScan.exe
File opened (read-only)	\??\P:	CareScan.exe
File opened (read-only)	\??\E:	CareScan.exe
File opened (read-only)	\??\I:	CareScan.exe
File opened (read-only)	\??\W:	CareScan.exe
File opened (read-only)	\??\Y:	CareScan.exe
File opened (read-only)	\??\S:	CareScan.exe
File opened (read-only)	\??\T:	CareScan.exe
File opened (read-only)	\??\X:	CareScan.exe
File opened (read-only)	\??\A:	CareScan.exe
File opened (read-only)	\??\B:	CareScan.exe
File opened (read-only)	\??\J:	CareScan.exe
File opened (read-only)	\??\Q:	CareScan.exe
File opened (read-only)	\??\V:	CareScan.exe
File opened (read-only)	\??\H:	CareScan.exe
File opened (read-only)	\??\L:	CareScan.exe
File opened (read-only)	\??\N:	CareScan.exe
File opened (read-only)	\??\O:	CareScan.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-BF5Q5.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-BMIF9.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-E93G7.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\TaskbarPin\is-OQ7TG.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-7VNLH.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-29C2C.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-6CL5K.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-UE32M.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-4H80O.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\History\is-5Q01B.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-45RB7.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Update\is-MDVGL.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Icons\Apps\is-IQ7BA.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-STASU.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\InnoSetup.log	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-SM3J1.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-E1O5B.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-FN6IJ.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\DrvInstall\is-V2NP6.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\LocalData\is-809UR.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\database\PriTemp.dbd	CareScan.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Boost\is-7911F.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-RR3NN.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-NBC5S.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Database\is-6O111.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-I5Q0U.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Icons\Apps\is-F83RF.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-RSJIB.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-I534Q.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-2V2S7.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-C76LG.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-2AI4K.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Icons\Apps\is-I85B9.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-0F7OC.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\database\StartupDRate.db	CareScan.exe
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\LocalData\WhiteList.ini	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-O69R4.tmp	driver_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\unins000.dat	driver_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\LocalData\Config.ini	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-8SS12.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-BN1M4.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-KJ912.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-DGQ7F.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-ROND0.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-CTR9M.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-RKOEF.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Icons\Apps\is-I6MPE.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-1O0PK.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\LocalData\is-53IH8.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Icons\Apps\is-J2JPQ.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\DpInst\x86\is-UO2ML.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-FLH2R.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Icons\Apps\is-D3C2V.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-TLT3I.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-KN8JF.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-19G6T.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-CH8CL.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-QH9AR.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-HATH4.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Language\is-FFVG7.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\History\is-ARFM7.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ErrCodeSpec\is-C44UU.tmp	driver_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\lang.dat	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-Q4VQU.tmp	driver_booster_setup.tmp

Executes dropped EXE 9 IoCs

pid	Process
2596	driver_booster_setup.tmp
888	setup.exe
2692	driver_booster_setup.tmp
660	HWiNFO.exe
2044	CareScan.exe
5116	SetupHlp.exe
3872	RttHlp.exe
3868	ICONPIN64.exe
1724	InstStat.exe

Loads dropped DLL 21 IoCs

pid	Process
660	HWiNFO.exe
2044	CareScan.exe
2044	CareScan.exe
2044	CareScan.exe
2044	CareScan.exe
2044	CareScan.exe
2044	CareScan.exe
2044	CareScan.exe
2044	CareScan.exe
2044	CareScan.exe
5116	SetupHlp.exe
5116	SetupHlp.exe
5116	SetupHlp.exe
3872	RttHlp.exe
3872	RttHlp.exe
3872	RttHlp.exe
3872	RttHlp.exe
1724	InstStat.exe
1724	InstStat.exe
3220	Explorer.EXE
3220	Explorer.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4384	3080	WerFault.exe	90

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop\ = "DB_Open_dbop"	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\11.3.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\11.3.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd\ = "DB_Open_dbd"	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell	SetupHlp.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2596	driver_booster_setup.tmp
2596	driver_booster_setup.tmp
2596	driver_booster_setup.tmp
2596	driver_booster_setup.tmp
888	setup.exe
888	setup.exe
2692	driver_booster_setup.tmp
2692	driver_booster_setup.tmp
2692	driver_booster_setup.tmp
2692	driver_booster_setup.tmp
2692	driver_booster_setup.tmp
2692	driver_booster_setup.tmp
2044	CareScan.exe
2044	CareScan.exe
5116	SetupHlp.exe
5116	SetupHlp.exe
2692	driver_booster_setup.tmp
2692	driver_booster_setup.tmp
1724	InstStat.exe
1724	InstStat.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	2596	driver_booster_setup.tmp
Token: SeDebugPrivilege	2692	driver_booster_setup.tmp
Token: SeLoadDriverPrivilege	660	HWiNFO.exe
Token: SeLoadDriverPrivilege	660	HWiNFO.exe
Token: SeLoadDriverPrivilege	660	HWiNFO.exe
Token: SeRestorePrivilege	2044	CareScan.exe
Token: SeBackupPrivilege	2044	CareScan.exe
Token: SeShutdownPrivilege	3220	Explorer.EXE
Token: SeCreatePagefilePrivilege	3220	Explorer.EXE
Token: SeShutdownPrivilege	3220	Explorer.EXE
Token: SeCreatePagefilePrivilege	3220	Explorer.EXE
Token: SeShutdownPrivilege	3220	Explorer.EXE
Token: SeCreatePagefilePrivilege	3220	Explorer.EXE

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
888	setup.exe
2692	driver_booster_setup.tmp
3868	ICONPIN64.exe
3220	Explorer.EXE

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2596	2440	driver_booster_setup.exe	78
PID 2440 wrote to memory of 2596	2440	driver_booster_setup.exe	78
PID 2440 wrote to memory of 2596	2440	driver_booster_setup.exe	78
PID 2596 wrote to memory of 888	2596	driver_booster_setup.tmp	79
PID 2596 wrote to memory of 888	2596	driver_booster_setup.tmp	79
PID 2596 wrote to memory of 888	2596	driver_booster_setup.tmp	79
PID 888 wrote to memory of 3964	888	setup.exe	80
PID 888 wrote to memory of 3964	888	setup.exe	80
PID 888 wrote to memory of 3964	888	setup.exe	80
PID 3964 wrote to memory of 2692	3964	driver_booster_setup.exe	81
PID 3964 wrote to memory of 2692	3964	driver_booster_setup.exe	81
PID 3964 wrote to memory of 2692	3964	driver_booster_setup.exe	81
PID 2692 wrote to memory of 660	2692	driver_booster_setup.tmp	91
PID 2692 wrote to memory of 660	2692	driver_booster_setup.tmp	91
PID 2692 wrote to memory of 660	2692	driver_booster_setup.tmp	91
PID 2692 wrote to memory of 2044	2692	driver_booster_setup.tmp	84
PID 2692 wrote to memory of 2044	2692	driver_booster_setup.tmp	84
PID 2692 wrote to memory of 2044	2692	driver_booster_setup.tmp	84
PID 2692 wrote to memory of 5116	2692	driver_booster_setup.tmp	85
PID 2692 wrote to memory of 5116	2692	driver_booster_setup.tmp	85
PID 2692 wrote to memory of 5116	2692	driver_booster_setup.tmp	85
PID 5116 wrote to memory of 3872	5116	SetupHlp.exe	87
PID 5116 wrote to memory of 3872	5116	SetupHlp.exe	87
PID 5116 wrote to memory of 3872	5116	SetupHlp.exe	87
PID 2692 wrote to memory of 3868	2692	driver_booster_setup.tmp	88
PID 2692 wrote to memory of 3868	2692	driver_booster_setup.tmp	88
PID 2692 wrote to memory of 1724	2692	driver_booster_setup.tmp	89
PID 2692 wrote to memory of 1724	2692	driver_booster_setup.tmp	89
PID 2692 wrote to memory of 1724	2692	driver_booster_setup.tmp	89
PID 3868 wrote to memory of 3220	3868	ICONPIN64.exe	53

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3220
- C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe
  "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\is-KM4VV.tmp\driver_booster_setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-KM4VV.tmp\driver_booster_setup.tmp" /SL5="$50204,28914716,137216,C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\is-VOEV3.tmp-dbinst\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-VOEV3.tmp-dbinst\setup.exe" "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe" /title="Driver Booster 11" /dbver=11.3.0.43 /eula="C:\Users\Admin\AppData\Local\Temp\is-VOEV3.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\is-9KVBJ.tmp\driver_booster_setup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-9KVBJ.tmp\driver_booster_setup.tmp" /SL5="$701F0,28914716,137216,C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:2692
        
        C:\Program Files (x86)\IObit\Driver Booster\11.3.0\HWiNFO\HWiNFO.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\HWiNFO\HWiNFO.exe" /brandname
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        
        PID:660
        
        C:\Program Files (x86)\IObit\Driver Booster\11.3.0\CareScan.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\CareScan.exe" /savefile /silentscan /low /output="C:\Program Files (x86)\IObit\Driver Booster\11.3.0\ScanData\ScanResult_all.ini"
        7⤵
        Checks for any installed AV software in registry
        Enumerates connected drives
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2044
        
        C:\Program Files (x86)\IObit\Driver Booster\11.3.0\SetupHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\SetupHlp.exe" /install /setup="C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
        7⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5116
        
        C:\Program Files (x86)\IObit\Driver Booster\11.3.0\RttHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\RttHlp.exe" /winstdate
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3872
        
        C:\Program Files (x86)\IObit\Driver Booster\11.3.0\TaskbarPin\ICONPIN64.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\TaskbarPin\ICONPIN64.exe" pin "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\DriverBooster.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:3868
        
        C:\Program Files (x86)\IObit\Driver Booster\11.3.0\InstStat.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\InstStat.exe" /install db11
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1724
    - - C:\Program Files (x86)\IObit\Driver Booster\11.3.0\DriverBooster.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\DriverBooster.exe" /autoscan
        5⤵
        
        PID:3080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 796
        6⤵
        Program crash
        
        PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.iobit.com/appgoto.php?to=install&name=db&ver=11.3.0.43&lan=&ref=db11&type=free
        5⤵
        
        PID:124
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffee14e3cb8,0x7ffee14e3cc8,0x7ffee14e3cd8
        6⤵
        
        PID:840
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
        6⤵
        
        PID:2936
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
        6⤵
        
        PID:2724
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
        6⤵
        
        PID:4988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        6⤵
        
        PID:584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
        6⤵
        
        PID:4024
      - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
        6⤵
        
        PID:4792
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
        6⤵
        
        PID:1140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
        6⤵
        
        PID:412
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
        6⤵
        
        PID:4068
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
        6⤵
        
        PID:3108
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,13351891160922331009,15761568296676892774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
        6⤵
        
        PID:2412
    - - C:\Program Files (x86)\IObit\Driver Booster\11.3.0\IObitDownloader.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\IObitDownloader.exe" "/Config=http://update.iobit.com/infofiles/db/rmd/freeware-db.upt" /show /lang=English.lng /product=db11 "iTop VPN Installer B" "IFun Screen Recorder Installer"
        5⤵
        
        PID:4892
      - C:\ProgramData\IObit\Driver Booster\Downloader\db11\iTopSetup.exe
        
        "C:\ProgramData\IObit\Driver Booster\Downloader\db11\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /norestart /insur=db_in_fre
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\is-7M1HQ.tmp\iTopSetup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-7M1HQ.tmp\iTopSetup.tmp" /SL5="$80102,38305074,141312,C:\ProgramData\IObit\Driver Booster\Downloader\db11\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /norestart /insur=db_in_fre
        7⤵
        
        PID:4340
    - - C:\Program Files (x86)\IObit\Driver Booster\11.3.0\SetupHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.3.0\SetupHlp.exe" /afterinstall /setup="C:\Users\Admin\AppData\Local\Temp\is-VOEV3.tmp-dbinst\setup.exe"
        5⤵
        
        PID:3292

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3080 -ip 3080
  2⤵
  PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Driver Booster\11.3.0\CareScan.exe

Filesize
3.4MB

MD5
db87c75f0220fb32e8c919993664b95c

SHA1
d5e4ab1599bb44525e5510090adfdf7f994782c1

SHA256
edbc0c2ca1e87fb9f1c07d8892ffa0e6e8dfffa4af814ee12d9fa803cbae386b

SHA512
b07391b2b3a92d90d92166a8d23f07f88e8a21d73771931f734202981a72d15a06107499ff55c4fd4d83ffabb55ed1669f17461e73ba7d51fa221b08a0e246d7

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\DataState.dll

Filesize
77KB

MD5
01c2e74799bfec9b06546adcc8db2337

SHA1
d4b73ea0e83e0177eec95070826d12321df9825f

SHA256
0b9e80726a2dc59741fb7d951b1bd31de99c2c79f714f3101988b2eb3f6eeff4

SHA512
6af310e48b285176a75fe7c0b15d0c2ae1e850cf4a931eb6ba57fa6f28b9bff2168c0139988ae640411d5c2526d88677dc82eddb0ac55c015f76a7f12c6c672e

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Database\Opt.dbd

Filesize
34KB

MD5
ff465e242f59889437ee040ef11d71c9

SHA1
d140cc8fea91b7ade885242d618be0bc2fd478f7

SHA256
96b8e12acff09ef8ff2fe8a989e5545fda9a938cef4a57e9ae2273fdab51d552

SHA512
41c1ba277a47e9072879fc985d02b3ab9e0bcd847151927f50485aa05228b646ebb8f569bcc37eedc58b3f0281d6104a590d8d2c0b096f356f1355e3327f8b49

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Database\PriTemp.dbd

Filesize
34KB

MD5
2f001a9d00c9a51e7da0cd6b23e4917d

SHA1
4f64cc8a294e49a18df2fc6d388a9c04e10ad752

SHA256
8bf51a666c5db3390e2e29d898260b296c97db07a4bbc3600ca76fd46756e1af

SHA512
388b0e81bda7248df1adec01b6145ec6cf31150e4e4f20ff9c6c12a85d2b9d9228b840cd20c81dbce53968441a0215b7f32e9e089c177c07641c59179eb4c601

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Database\Reg.dbd

Filesize
22KB

MD5
98105a53cd8aaa20da1ef27e147f7d0c

SHA1
b19c71a5213115593fcb982a2ab9dc24c502be9d

SHA256
6fdb5829bfaad49bd29b4fd3ca5b5e82e0d8e31d5b2d865e328e97e7a224ce6e

SHA512
3daca5cd169a2bccb165e840d5d4e3d9c96c121c7a582fd4894ca34bf9643bb4a36637ebd3c85dd53006266812df3e84f899317ef2e8d0c394e550832d2ecebe

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Database\Scan\initial.wlst

Filesize
1.7MB

MD5
9bcdf6aa1ff8894b99c0a619c9aa85ee

SHA1
bdb6eb527513122995d54ed3cca1d5788f804689

SHA256
318583bba9d98b399c90868b182ab456f57e0d5015e6fc085714f719a89724bb

SHA512
110acf2b0e1b4dd205d7111ba088819568e7ff7a36065210e8d0cabc843472349225b1173e082912d129189b479df8b3cabfeb66ec2962e8a21b50c71b4171be

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\DriverBooster.exe

Filesize
8.6MB

MD5
757edfc52e75088c0c5cf29fddecf212

SHA1
9336bb66fe08de1201b617d999f33283856094fd

SHA256
6570e3280738dc1dd003fea0c0f3244ba8e05f23df18f0c8f39172b982f4505b

SHA512
202bb49da392be936afbbdaa4d2b8da2cb6487db12d1fd04f5bf21d70133aa97a5286d2bd397c59339e488aafec2f23d14d00e54adf65c256c65c33f24803e4f

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\HWiNFO\HWiNFO.exe

Filesize
173KB

MD5
117e4edaacd5c4d127fe404b07cfecd4

SHA1
e041ced94ffb3bb19a64b9df3eb258aa5f59febc

SHA256
5fc8c7c6f8e56fab9595e8d50139ce7aa3413ae484ebe9ad109896b227c04d2f

SHA512
bb52e40a99d945fb0a3594c929dfd0c03a6dc5441e6402fedf913104025e9d154ab082ad0c4142959164cf73df45907fafb434112c8da882712825c5e1676b98

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\HWiNFO\HWiNFO32.dll

Filesize
1.2MB

MD5
e937e1a411075768ef3f287f9abc128a

SHA1
ee63928100563c1d846ecdc462a5c163ecce3d4c

SHA256
cb81c7cbd229b639f24db6655edc67f4c32954778d24e086d45a7229cc58351c

SHA512
a8a6123e1b88d3708ae76ab1ea2d3f15549d03549ee07fdf935357d06792fe63cceae7034e250588415040b8e11b0e892016bba165c488068c6c48f4cc7726a5

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Icons\Apps\is-E2IRA.tmp

Filesize
1KB

MD5
a364eb8919ad57f2278960cf6a062862

SHA1
dd7fa8dd5894960fa47e8c74e2acec034da803d3

SHA256
ac4531a4b4fe3b34054eb33f2caabe2776be0ea5fc5056670c139caffd51b4f4

SHA512
68e06dcbf244211caac4e386bc73856a7b4da97681e58de3470d6f1000abd336c2d13c84ee11e2bcda9a48afd176efc34f9567ef3bebd5577731956402ead96b

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\InstStat.exe

Filesize
1.6MB

MD5
b8cd832013322d22c4c026383eefcec2

SHA1
406706f1cc5276f50dea4e32d7db27c326ca37d3

SHA256
13db9a072473c27380b917b94d441cbbd34b8d8558f370495f7f6de27dcea225

SHA512
2c316adfdbac0184233b3f4bbc4babe813daa5e0d4684fdf4c959152a3bb938334db05504e8b79a56f417865666db0506b59b8fd64a708e4aac548fefb87c039

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\LocalData\WhiteList.ini

Filesize
132B

MD5
dcc60deb5b7314e77419758f47a2f8e7

SHA1
15906559a866bba27ad35e756ef9a606f4137119

SHA256
ce9d30835c84235b060146710975a7ebce6675176dea247f114e8bba90b325b9

SHA512
f2ff4501a044f35bb99c0a2331586304326ed0e49ffff589d91c150088374eb9447688d06ef019e19049a8cac333c7700f2f77e16cb6b9f18c6f1262fce182d7

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Register.dll

Filesize
1.0MB

MD5
40b9628354ef4e6ef3c87934575545f4

SHA1
8fb5da182dea64c842953bf72fc573a74adaa155

SHA256
372b14fce2eb35b264f6d4aeef7987da56d951d3a09ef866cf55ed72763caa12

SHA512
02b0ea82efbfbe2e7308f86bfbec7a5109f3fe91d42731812d2e46aebedce50aabc565d2da9d3fbcd0f46febbff49c534419d1a91e0c14d5a80f06b74888c641

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\RttHlp.exe

Filesize
135KB

MD5
a2d70fbab5181a509369d96b682fc641

SHA1
22afcdc180400c4d2b9e5a6db2b8a26bff54dd38

SHA256
8aed681ad8d660257c10d2f0e85ae673184055a341901643f27afc38e5ef8473

SHA512
219c6e7e88004fad9f4392be9a852c58fc43b7f6900e40370991427f37eaea5c18f48d2954f9479dde8bcb787345f4e292d5620add8224aec4d93d7968820b83

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\SetupHlp.exe

Filesize
2.3MB

MD5
c457865cc2c3383111800d592992ff26

SHA1
ee54eb87102b8b63a60a2c268f6404e8555f4492

SHA256
791f2cbb8913d5314d9251ff20f7cace0c2a92b6475aecc8074a92639b58e4fd

SHA512
c358fefb02dcfd9e404a73c35b61cee160ef5575d4c15c31b2c11c66c709879f22dc7860c79ae9d14856903a6c18d6d0f6fe39afafc96e48a5f18668eb6cf4e9

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\TaskbarPin\ICONPIN64.dll

Filesize
607KB

MD5
ceec1e1c6002972827e018fc1db72a85

SHA1
099e640d502855d09f03340bbbe8e83c294db158

SHA256
97cb1c31c5ab29af3a8a78d53f48e8ebbfa11ea4632af02f8d6394db9c24df11

SHA512
2eaf0a142dc248ee1aad1de4f63ed5c04848d58319de849ea5c8608367eee9f76b50478824c362dc93a38f77c9c9215e408f0024a8526aaac438dc0b2773c35f

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\TaskbarPin\ICONPIN64.exe

Filesize
1.6MB

MD5
04dbe777a2ee9d35c452b959b17f2b5f

SHA1
07368e63efb8e2169b0dec6732d476c0b598dbbe

SHA256
0b63193c6556834c0043cf27c592eb2e76584617a17ffa4cab5f3a0f13afc473

SHA512
7d1f42b5441a9cdaed0d52bcbef216972d59a1dd9100311aaaa6006d02f92d78520ed5969fc5a61a36bb8f9255bd6af8f77f74d8bb5cfa1b5af93ba2c11c250a

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\Update\Update.ini

Filesize
1KB

MD5
56bb63d40e766da1f69e61d6e2974020

SHA1
057ad45dcbc608d171e9d6b12419685a1c229513

SHA256
9d3781b4cd87d9e2303a9314b68555878284f2e672f3b28ec23bbc9ace0ae9ed

SHA512
666606b62849e44375e96a17718e150768e481ac6a7ebdf76e927f381b0dfac62f36af8f092d0861dae140e11fcc4a68379a2a139ecb8a7cb47fd49f78a1c794

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-3E508.tmp

Filesize
1.7MB

MD5
902385503375a1c52787e2c88895e030

SHA1
d3b7fab10695c7c70a611572a7f6593d3a391533

SHA256
078d662af771a3b93c44415447294db364e22710cedc274b685ec639783ac928

SHA512
48cfd677a51691906daddb5034d9098dfe7b09b35507812c6373d17bbec76618b5f914fde2d1b134d89705a03d8135f6d6ac10b87ed5f40e726479c3ed94e89c

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\is-Q9BEQ.tmp

Filesize
355KB

MD5
beae2f18755207f855bd745a95a0e0df

SHA1
4a97186d28354bebb8879a31a675764da456e272

SHA256
76eb04aa269163a918e09a82717d39f51bfd9934f4671f8b81eb7a71cf1b3ba4

SHA512
b0743b6a7e4f0a334ee753c26b383b521838700438da71ea6a2b4bb2e9019bac53a0982fc76e8eddff4c9a4e99a2f51f8653b12d602e5d91cee152bc6bfaf31f

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\lang.dat

Filesize
27B

MD5
25f5875159bd806eadaa7bc41cd61dc1

SHA1
02f5ae9c79c122bb52236d930c2541b2d3ead3a8

SHA256
d5062ff936c218c4c23c1f0846fa1ab4ec359be885cd2ab1cb24178da5b0ff2c

SHA512
0292ff0478ce6819d56bd430c786bb0c648895e8d9e6a689383274e37a643cca46958de23e75a25637c760911bb4328e7fb1d02882dfa42dbed7d17ee90fe8b5

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\local.dat

Filesize
1KB

MD5
89c2da9d5383a711466c79151e9fe94e

SHA1
440d79b5eb1a0efb0eb9fa6ae30b1af3bdb757a8

SHA256
abfc229576e849cfee5210c9cecd80d7d0bb0c52d6b19ab21bd89d65ac112343

SHA512
738d54d88ac76f344bdd7df31e9e80beb4321830510c016fff92d38bd78e1a19b77b7e834475898fc425fcc2f0a54b7b0ac15edb4efde0dff2e92a09ee3b673c

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\madBasic_.bpl

Filesize
211KB

MD5
641c567225e18195bc3d2d04bde7440b

SHA1
20395a482d9726ad80820c08f3a698cf227afd10

SHA256
c2df993943c87b1e0f07ddd7a807bb66c2ef518c7cf427f6aa4ba0f2543f1ea0

SHA512
1e6023d221ba16a6374cfeb939f795133130b9a71f6f57b1bc6e13e3641f879d409783cf9b1ef4b8fd79b272793ba612d679a213ff97656b3a728567588ecfb9

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\madDisAsm_.bpl

Filesize
64KB

MD5
3936a92320f7d4cec5fa903c200911c7

SHA1
a61602501ffebf8381e39015d1725f58938154ca

SHA256
2aec41414aca38de5aba1cab7bda2030e1e2b347e0ae77079533722c85fe4566

SHA512
747ea892f6e5e3b7500c363d40c5c2a62e9fcf898ade2648262a4277ad3b31e0bcd5f8672d79d176b4759790db688bf1a748b09cbcb1816288a44554016e46d3

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\madExcept_.bpl

Filesize
437KB

MD5
e8818a6b32f06089d5b6187e658684ba

SHA1
7d4f34e3a309c04df8f60e667c058e84f92db27a

SHA256
91ee84d5ab6d3b3de72a5cd74217700eb1309959095214bd2c77d12e6af81c8e

SHA512
d00ecf234cb642c4d060d15f74e4780fc3834b489516f7925249df72747e1e668c4ac66c6cc2887efde5a9c6604b91a688ba37c2a3b13ee7cf29ed7adcfa666d

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\rtl120.bpl

Filesize
1.1MB

MD5
adf82ed333fb5567f8097c7235b0e17f

SHA1
e6ccaf016fc45edcdadeb40da64c207ddb33859f

SHA256
d6dd7a4f46f2cfde9c4eb9463b79d5ff90fc690da14672ba1da39708ee1b9b50

SHA512
2253c7b51317a3b5734025b6c7639105dbc81c340703718d679a00c13d40dd74ccaba1f6d04b21ee440f19e82ba680aa4b2a6a75c618aed91bd85a132be9fc92

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\sqlite3.dll

Filesize
908KB

MD5
753be2d89198c016fe02d922f6d6d808

SHA1
56d6ca0fb0ebed16de7cda10842317f3cc4ea249

SHA256
7cc676d23aa669a035fe9a2b35144ca97a1753e3c99ef76c519d5016bc672975

SHA512
3c936304d1f5df81580e6624ebd49da932ce69229814f858d1b0611b68deab203d956edaf4b381de3c2427a5df56208c04726fed27682a2ad29a3b8e7173d313

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.3.0\vcl120.bpl

Filesize
1.9MB

MD5
c594d746ff6c99d140b5e8da97f12fd4

SHA1
f21742707c5f3fee776f98641f36bd755e24a7b0

SHA256
572edb7d630e9b03f93bd15135d2ca360176c1232051293663ec5b75c2428aec

SHA512
33b9902b2cf1154d850779cd012c0285882e158b9d1422c54ea9400ca348686773b6bacb760171060d1a0e620f8ff4a26ecd889dea3c454e8fc5fa59b173832b

Download Submit
C:\ProgramData\IObit\ASCCache.dat

Filesize
142KB

MD5
e9eaa90846cbd9d2bad1b0f980a8d9dc

SHA1
239471cb773259cffad7c8d3e69fab71dcebd88b

SHA256
9ce5c019c0b3ebc778286b30c9e6ccc2dd25a0849c32236ebb81ebedd5d5b2ed

SHA512
a29e7abfb5330a8410c798089a8da85f335bbe69d4fcf216b71c8c1fae3c4a8693c2f0f61be8a50e3e338b418bdc0fccb959670b53bd660012b356e1bf1a7e11

Download Submit
C:\ProgramData\IObit\Driver Booster\Downloader\db11DownloaderAC.log

Filesize
1KB

MD5
cb68e89e2a3ef4c9a0ce2a5541ffc67c

SHA1
7b59fa57d57facac78e0c0c4d5637ec7a51dfdf8

SHA256
d29204af814b9caa2e24a6d4345d42e171992087c5312aaec5a0b9975d5809df

SHA512
c5294d3260ad822ee1a22924e17cdaadedc01243d6baa92c871227ec30a4754cdf0c0fb0d84cdb0a6a1afda0622323fecdef06e761c1b6e30678053c284fed62

Download Submit
C:\ProgramData\IObit\Driver Booster\Downloader\db11DownloaderAC.log

Filesize
3KB

MD5
5045959cca2048b1b7d384a3b324bd6a

SHA1
52ba8e092c815206279e8c19c1af750cb3b0beed

SHA256
b51c7995587ca23bf1bcbd7fe1a6c9a706360a4c877ac5974e1d1cf367b14203

SHA512
b9d3d71b1f7efc2d0be01651fb035399a1fd2eb3ba4c85fd2b44e55efccf19525c8697dbf592bff98c1f1f6982d099e7fa0ccd1d4304b13b9bb2991ec50af132

Download Submit
C:\ProgramData\IObit\Driver Booster\Downloader\db11DownloaderAC.log

Filesize
5KB

MD5
f366a3b0109db26b2e432ad5c0732f2b

SHA1
06e6a7e044d675685ce3fa16a9e98abe48306cef

SHA256
b4c5844d31ee5bb32cc215ecadb103cd2eae58ed04c019281fb5c36fc821e2ec

SHA512
ebfd3d79d562c14396112d5e2ba6dc80b3ea89b167c2307fd7327f1c1fa1215fcfef77dbfddafa0b8143217997b5790ebb7b2d5faa6dd600c9a20eda309b4eb3

Download Submit
C:\ProgramData\IObit\Driver Booster\Downloader\db11\Freeware.dat

Filesize
40KB

MD5
d6b276c73f3d0dc20018dea4f3ed460e

SHA1
75be06faf0fd93f9699e04a7fe91fd09328e63e8

SHA256
21dfc4ca3919ca90505d4940cdb397e281c516f2f7727be1834f3c38b11fa25d

SHA512
71ebdb96f28bee6b9947d4f6871943c03b1ef328ed10229c3432b41530918301f5d236661ce55e3da327b3c132cef2e72d5c89c81b795ca280884e8495d15584

Download Submit
C:\ProgramData\IObit\Driver Booster\Downloader\db11\iTopSetup.exe

Filesize
3.8MB

MD5
fd5f765c2f7c5ebc3879a537f5473188

SHA1
f7266993914c8edc0da752a5129ac50262968df6

SHA256
5153b60185bf6d6175dfb1f696ac90b8b15cb376e2fa990b964a10f60fb1a302

SHA512
6f1030f6f68839e7f8713f5e1c9d65334bd9893e4322abf07df613aa4bc3473d828159f32228cd6382f3c264988ab385ac774d409064e8402d6be626ab0874d4

Download Submit
C:\ProgramData\IObit\Driver Booster\Downloader\db11\iTopSetup.exe.dat

Filesize
806B

MD5
9e93334ab1e9c84b0180b181aef0b651

SHA1
a95e470d505e633256d9b732519f3dd18e048a4c

SHA256
103e5963493673a74c710abd3e821465e6e9279ba53ccab506bc15ef366ee7e5

SHA512
4eeb75fb97395bd065bcd79c3ac386c9a417e46aec110435733c2360920530464cfdaaa03e277b6172935e75e4e8b52baa453c3e17ad4aa2ed6c8d53cb8b30c6

Download Submit
C:\ProgramData\IObit\IObitRtt\DBRtt.ept

Filesize
148B

MD5
437f13f95a5b2bbd100ba5a17338b6e9

SHA1
291fddad7024eb47cc448d315b221dfd620b09b3

SHA256
73f4df427063346cc1d3bd1dd5cf53c91f78d685d52b8777707dfee5c59ab7fd

SHA512
36ad757acc9adb3f63bc757231ac7af633dd3efe14a276b88370da7001afcbe0cad5a43f20fb35fdbfdefac264943b034d62a09aa320dce67550f9bf791cfb70

Download Submit
C:\ProgramData\IObit\Install.ini

Filesize
97B

MD5
727901fa7966016a76976cefca525f75

SHA1
011868ee337d48ba9907604fe7b9be07b50e2887

SHA256
774368c8fc6324370b11cf9a1e148a006beedb5dc1d766a83ea851c38c636b9e

SHA512
9f9f7b87ef76da388e540b26d3357fd895559dace3e24dfdabd94e1255afa31b9402cd934b020f77025a57cefc4574c5c985073abc28a4c09c1a4a9222a00164

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b155117e13cb7c0d3c27aff2eb9c8f7b

SHA1
2bdb7753972b74c3132b864e751dd3ac21cf99ac

SHA256
f888dccfd7a5ba9bda1058f1603351f28420477754013049154f14ae8a06ca57

SHA512
540a011e57bb4cd4948a8ec9e3f0b102b38db542be83fddad5d81db8eb1156d6450fcab24cb389e6413d941471f3676c2c98d23ad7e214327de96b19f6dc6b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbb6101afe40103c1e22ac547107a5ad

SHA1
b4f42f2c65285e480b8efa29e4657fadd3991caf

SHA256
feb9ef055bdb37881e975c4edb8de0ab760d9614899b67229be5d9536cad2d05

SHA512
298cbddd7ef8d901dac7a737e1ba9d6230c6fe59aa8ccb6581973b06c98ee85f5e8dfaf6bca2c0b8d448b06c2afdf12674357f7614238feee475db77e2379c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42688cc7b03f28062963737cda5818f2

SHA1
676c0364dc4f6ffafb88222f8d37ba91b74ef1d4

SHA256
da5d7a4a4dba617fa12013cc71bebf4c6ad5bbbb624dc62ad8d99d4f8d85bd94

SHA512
4034fb8521ef550915b277cd5d78da4c7cdf3a0809b29ec606fee7f97b1cb4dbc38b9811de7765eb287e5798f3dca9d22f33a3c44763457bce1f40199270c447

Download Submit
C:\Users\Admin\AppData\Local\Temp\1711657342\ENGLISH.lng

Filesize
24KB

MD5
6265a3d8b6ea027b596c0c6e9afd5c38

SHA1
4502ff9bccfcbee6d6fc5d65e5381288f2d9f3a0

SHA256
193facd48ea0e183c7825c5efa2638c594cb73d9b40a1505a5ce14b478c6fb2e

SHA512
54b3492a3f4bfaf9f6b02b6d95710a5f7b0b8ef1078623ea77303f253bd0e1d44dad3e725afe0afa12a433b21b8d0cfea55c0214bf09213de7a3cebbf78fd8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Commu.ini

Filesize
233B

MD5
8184de04104be1bf6c8ceba2d0971ea9

SHA1
25372c0b8921f965acf252770019a48bd0447896

SHA256
c4e407892dd12589281a6cfbf5026da51d167ea4b0e9eb5f9b0583af93d623ea

SHA512
7a032d1b4edbb59c0e4ce14d1b9ec2fe1d3c6b70993aabbcba66d5042060c8477295d5c5bcb680ad78895f7345945c9f0e862524cdd37e84055ec9e2d5636ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\HWiNFO64A_151.SYS

Filesize
61KB

MD5
b8b796586c1c177ce49dac10c57088ea

SHA1
37df4c40300da4ef18971ef4dff96c864c3e463a

SHA256
a6e75c3a21436941e9a6a111fe3a708be1753ab656ba247a40b401206096641c

SHA512
e4039f6cb66115fcd01845ccc1cf3d0cff5791f2c7b5aa32a6fe741d8317e865e608e99174ecb13d5bd1130f0b12811c8f7bfd60b0e00b869c4d84d0265ca9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-03-28 #002.txt

Filesize
72KB

MD5
fb5282033d2fef6b4ea4d1164199553f

SHA1
4c21ce1b180dd9a91a2a49cb1adbbe008289b321

SHA256
336b6cb09330a5b345f36c097628fcffad3c476631db581164395b1df892d7c9

SHA512
864f79802b2fae8a05df9ae761b9c6e09421039d629ffb3c1d2b1255efaa99345ee475a656e18cbb68611bdd6d6c7e4fda374d463ec9bca0c10db60c30b5b4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempSet.ini

Filesize
176B

MD5
eedfd8bf2b9fd42cdab0c258d5af0aef

SHA1
ac99d013fb04c58535bfad04b9998f08e58e1f6b

SHA256
9516837ca54ecf3456e069aec48b322e2a26b575f06d46a8e06445a5ca39a24d

SHA512
483dc08dec15de5e7124ffa3e77a69f4ceeea69738b47583086b5d80c3e2016b4ecfa9b7f942c17cc68491aad1c199406b428bc4c266a3b7490b300f82cb7468

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-50IHD.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KM4VV.tmp\driver_booster_setup.tmp

Filesize
1.2MB

MD5
b33804e19c60bc7c3071289ca6ed9e3f

SHA1
1642fccf505739481cd8460399a6249632fdddd1

SHA256
382260dc9bc80dfa8bc5e0bc6592fb3b9799bcf454e6e5b61c80b94e8a3703ac

SHA512
300241d0c23214cd491f981c5f1c33ccd2fef360ee36ce3c58e02a931e1b83d3b3633576ad2b4d851062b4619066cdf06d4a876c424e10b3ed7bb062454f5533

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VOEV3.tmp-dbinst\setup.exe

Filesize
5.8MB

MD5
d47bdf9814e9682443fff06e7950b6ce

SHA1
c1ad32b2a4f7ecf123bb2487ff5370a8a52a4d7a

SHA256
02444937bdf1a642bee51b67231cb8de89b0107ace32fea4a0ccdb103f0d77cd

SHA512
d2118477319d0a8d08b84c6ad4cc7deeb733f80ed06284afaf657e5ff648f819f623cb9f5e2722df3dd3a414e1da04d6640f1c832317585c20e04400dc2f7bae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VOEV3.tmp\EULA.rtf

Filesize
28KB

MD5
b0381f0ba7ead83ea3bd882c1de4cd48

SHA1
c740f811623061595d76fce2ebb4e69d34316f3b

SHA256
44bc9472169403484a0d384f1ca81989ef7e4b07441758e8a0110078933cbcb5

SHA512
6cfb8bc562d22843d043411720db97d0b4cbac96a20983d83d19e59b8428ec202f2532cc5af254438dc34fca4161abbd3f6bac8d397590e41b6d41e60700e78a

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
85B

MD5
27d78444c8ec04fb8f47f8e8092146b7

SHA1
e0958861389fd4f119aa619b6ffdc013a45fc696

SHA256
2e5713d77fac109b8e3f3be06a51de5b2b9137192bf2ee6948c061eec371dd5c

SHA512
87c8f7b75161fa584f2a308844d2057a4082bdace958ee9019ce4507dd8e5b2b4d765ef76d90944e9c189f66b7d1ddf8c3fbdaf1f23c50e2c5f9cfda64a8181e

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
265B

MD5
4777d0c59995a3f6cc6538c172924a0a

SHA1
46d6850d8f6b9e95bd519edd30d85bafbda1d777

SHA256
f0d91144e90fdceb09d2c120c2c0145c98fa25904f6eda6c6238a629ba24f03a

SHA512
8b61869bb09862d26b3019862327ff0ba737ebb457898b215859762de56f3ab134ae00bf22692eec3ef0d3e43976326be03b5d5ecac286f06ed38295f038ae06

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
265B

MD5
feda2f34445c3d63b6c480d24b7c240b

SHA1
199d40a1ddbfd38beafaa43507faace1062c92da

SHA256
bb7e45bf39c97fc0e0b24cabefb9aac10e5a30592007e9523f3306f01f4c3374

SHA512
1ba0c6b7e7fbed60f5c4173689c22b33583fadedb7da6a34f77280e180cffbe3ea37790549b46eac63ba4c8ae5363f2447efb4993bc76b9b50b7b5c05ffae5e7

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
618B

MD5
1c146b5224753d2c38f78892c06c5744

SHA1
4f39f703da94a7a253bc1e0bae8f912675589f79

SHA256
186bc7e79858a7f22444de5b79b70c13461f5871682f6b87bc148e7e294d11e2

SHA512
36999922a23ae4dd418878c84cbb9fde17e5900c977cc2e5e8fb5c44de9d06271c4d1b498d86a135846ea86d0582ff58555f6ac91ecf2d9d162f4d8783aca6a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk

Filesize
1KB

MD5
28044426bb7801302d4456237111a9a4

SHA1
90e1936f69080c7379344b22e2a08253c4920b9f

SHA256
9f3793acd1f0cb8b419778fe0b2073a8a8a757a95444c737380ef96bc7769402

SHA512
44537e1b7b1c2502937056c2cbecd4eec1fb9e408730202df6608d50596bb7c5f2f5c3d25ac680b7a5eccdc871ca924ddd5be8943b70b9b78031b836e351d50f

Download Submit
memory/660-640-0x0000000010000000-0x0000000010237000-memory.dmp

Filesize
2.2MB

Download
memory/660-680-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/888-139-0x0000000003130000-0x0000000003140000-memory.dmp

Filesize
64KB

Download
memory/888-162-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/888-960-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/888-164-0x0000000002F60000-0x0000000002F61000-memory.dmp

Filesize
4KB

Download
memory/888-927-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/888-926-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/888-62-0x0000000002F60000-0x0000000002F61000-memory.dmp

Filesize
4KB

Download
memory/888-901-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/888-165-0x0000000003130000-0x0000000003140000-memory.dmp

Filesize
64KB

Download
memory/888-187-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/888-169-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/1724-854-0x0000000003D30000-0x0000000003E3F000-memory.dmp

Filesize
1.1MB

Download
memory/1724-855-0x0000000003F90000-0x0000000003F91000-memory.dmp

Filesize
4KB

Download
memory/1724-811-0x0000000003D30000-0x0000000003E3F000-memory.dmp

Filesize
1.1MB

Download
memory/1724-816-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/1724-852-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/2044-850-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/2044-902-0x00000000045D0000-0x00000000045D1000-memory.dmp

Filesize
4KB

Download
memory/2044-915-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2044-662-0x0000000004170000-0x000000000427F000-memory.dmp

Filesize
1.1MB

Download
memory/2044-916-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/2044-911-0x0000000000400000-0x00000000007A4000-memory.dmp

Filesize
3.6MB

Download
memory/2044-917-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/2044-914-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/2044-856-0x00000000045B0000-0x00000000045B1000-memory.dmp

Filesize
4KB

Download
memory/2044-912-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2044-871-0x00000000045C0000-0x00000000045C1000-memory.dmp

Filesize
4KB

Download
memory/2044-918-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/2044-919-0x0000000004170000-0x000000000427F000-memory.dmp

Filesize
1.1MB

Download
memory/2044-906-0x0000000004600000-0x0000000004601000-memory.dmp

Filesize
4KB

Download
memory/2044-679-0x0000000004020000-0x0000000004021000-memory.dmp

Filesize
4KB

Download
memory/2044-658-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/2044-758-0x00000000045A0000-0x00000000045A1000-memory.dmp

Filesize
4KB

Download
memory/2044-772-0x00000000043D0000-0x00000000043D1000-memory.dmp

Filesize
4KB

Download
memory/2440-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2440-61-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2440-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2556-1182-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2596-6-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2596-59-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2692-808-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2692-770-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2692-181-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2692-769-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/3080-936-0x0000000001320000-0x000000000154F000-memory.dmp

Filesize
2.2MB

Download
memory/3080-1121-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/3080-1119-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/3080-1117-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/3080-935-0x0000000001280000-0x0000000001317000-memory.dmp

Filesize
604KB

Download
memory/3080-1116-0x0000000000400000-0x0000000000CD5000-memory.dmp

Filesize
8.8MB

Download
memory/3080-1124-0x0000000001320000-0x000000000154F000-memory.dmp

Filesize
2.2MB

Download
memory/3080-1123-0x0000000001280000-0x0000000001317000-memory.dmp

Filesize
604KB

Download
memory/3080-1122-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/3080-1118-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/3220-833-0x0000000007170000-0x0000000007211000-memory.dmp

Filesize
644KB

Download
memory/3220-829-0x0000000007170000-0x0000000007211000-memory.dmp

Filesize
644KB

Download
memory/3220-815-0x0000000007170000-0x0000000007211000-memory.dmp

Filesize
644KB

Download
memory/3292-986-0x0000000004040000-0x0000000004041000-memory.dmp

Filesize
4KB

Download
memory/3292-972-0x0000000003DC0000-0x0000000003DC1000-memory.dmp

Filesize
4KB

Download
memory/3292-973-0x0000000000400000-0x000000000064C000-memory.dmp

Filesize
2.3MB

Download
memory/3292-984-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/3292-987-0x0000000003DE0000-0x0000000003EEF000-memory.dmp

Filesize
1.1MB

Download
memory/3292-971-0x0000000003DE0000-0x0000000003EEF000-memory.dmp

Filesize
1.1MB

Download
memory/3868-853-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/3872-732-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/3872-736-0x0000000002880000-0x000000000298F000-memory.dmp

Filesize
1.1MB

Download
memory/3872-734-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/3872-735-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/3872-733-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3872-724-0x0000000002880000-0x000000000298F000-memory.dmp

Filesize
1.1MB

Download
memory/3872-725-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/3964-753-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3964-176-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3964-817-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4340-1191-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/4892-1172-0x0000000004010000-0x0000000004011000-memory.dmp

Filesize
4KB

Download
memory/4892-965-0x0000000003E20000-0x0000000003E21000-memory.dmp

Filesize
4KB

Download
memory/4892-1000-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

Filesize
4KB

Download
memory/4892-1183-0x0000000003E20000-0x0000000003E21000-memory.dmp

Filesize
4KB

Download
memory/4892-1145-0x0000000000400000-0x00000000006AE000-memory.dmp

Filesize
2.7MB

Download
memory/5116-775-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/5116-683-0x0000000003E50000-0x0000000003F5F000-memory.dmp

Filesize
1.1MB

Download
memory/5116-773-0x0000000000400000-0x000000000064C000-memory.dmp

Filesize
2.3MB

Download
memory/5116-684-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/5116-776-0x0000000003E50000-0x0000000003F5F000-memory.dmp

Filesize
1.1MB

Download
memory/5116-771-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download