743881f014d40332960f205a12a438e90f45b0f01516d2948b3e3ea1b460e109

Resubmissions

13-08-2024 04:26

240813-e2kybaygqk 10

13-08-2024 04:11

240813-er4mnsydmn 10

07-08-2024 20:05

240807-yvb7dawhrb 7

Analysis

max time kernel
207s
max time network
32s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

driver_booster_setup.exe
Size

28.4MB
MD5

2c99c30d6e3805acda4235e789b7d089
SHA1

0a1e695ad2db32c91773599c1a8d637c8a975c57
SHA256

743881f014d40332960f205a12a438e90f45b0f01516d2948b3e3ea1b460e109
SHA512

4ddb9e8d090593d380df94c59ff4604a0e6ee40417e5ecfe451baa8b05a5df48b42d26fbdda742f4ec0335222193e7a641d1b9377259d9376a534c7d6a89e69e
SSDEEP

786432:09NT6fGyBjXfVHe2M5CJxPxIT40oHt6ZJdBjls6cj7RxYAP/i+:0/uGyy2Xx5zVHu3s6cjcu//

Score

7^/10

discovery

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000400000001cb95-618.dat	acprotect

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Boost\is-FKC0T.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-H513H.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-T0ARD.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-H64BR.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-CHHGO.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-TUKKB.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Language\is-FFN47.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Database\is-SPC56.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-QJUTR.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\LocalData\is-LPIUH.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-J0U1F.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-EAL74.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-JR67V.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Skin\is-A52LG.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-D5SLL.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-4D0HP.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\DrvInstall\is-NTTGE.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-VF0TG.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-ICTOU.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-9807A.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-9SAN4.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-EPU4C.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-RSMV2.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-EG3QA.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-7F7DO.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\History\is-V0I43.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Language\is-94FFM.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Update\is-81JKA.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-52RII.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\History\is-IK8QB.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Language\is-VQHH5.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Language\is-NEP8E.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\DrvInstall\is-15PVA.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-FBOVU.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Main\is-33D6C.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-6PQDL.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-VDHJF.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-FP9E9.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\History\is-ATMO1.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-9FOA2.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\TaskbarPin\is-P4H41.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Boost\is-0KVMH.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-F5TF6.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-PES36.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-0ODMO.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Skin\is-TFNU1.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Update\is-2N6OU.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-QQNHD.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Boost\is-MTG2C.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-AAA56.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Update\is-0GOMQ.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\DpInst\x86\is-COCO3.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\HWiNFO\is-5J47N.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-R3KEG.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-1V770.tmp	driver_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\lang.dat	SetupHlp.exe
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Language\is-B8HQT.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\ErrCodeSpec\is-24M63.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\unins000.msg	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Language\is-IOOF0.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\LocalData\is-GNE21.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-BHT0S.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-7M201.tmp	driver_booster_setup.tmp
File created	C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-RER7A.tmp	driver_booster_setup.tmp

Executes dropped EXE 7 IoCs

pid	Process
1716	driver_booster_setup.tmp
2612	setup.exe
580	driver_booster_setup.tmp
2376	HWiNFO.exe
1712	SetupHlp.exe
2808	RttHlp.exe
3048	InstStat.exe

Loads dropped DLL 41 IoCs

pid	Process
2540	driver_booster_setup.exe
1716	driver_booster_setup.tmp
1716	driver_booster_setup.tmp
1716	driver_booster_setup.tmp
340	driver_booster_setup.exe
2612	setup.exe
2612	setup.exe
580	driver_booster_setup.tmp
580	driver_booster_setup.tmp
580	driver_booster_setup.tmp
580	driver_booster_setup.tmp
580	driver_booster_setup.tmp
2376	HWiNFO.exe
580	driver_booster_setup.tmp
1712	SetupHlp.exe
1712	SetupHlp.exe
1712	SetupHlp.exe
1712	SetupHlp.exe
1712	SetupHlp.exe
1712	SetupHlp.exe
1712	SetupHlp.exe
1712	SetupHlp.exe
1712	SetupHlp.exe
2808	RttHlp.exe
2808	RttHlp.exe
2808	RttHlp.exe
2808	RttHlp.exe
2808	RttHlp.exe
2808	RttHlp.exe
2808	RttHlp.exe
2808	RttHlp.exe
580	driver_booster_setup.tmp
3048	InstStat.exe
3048	InstStat.exe
3048	InstStat.exe
3048	InstStat.exe
3048	InstStat.exe
3048	InstStat.exe
3048	InstStat.exe
3048	InstStat.exe
3048	InstStat.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HWiNFO.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driver_booster_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driver_booster_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driver_booster_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupHlp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RttHlp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstStat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driver_booster_setup.exe

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd\ = "DB_Open_dbd"	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop\ = "DB_Open_dbop"	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbop	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\11.6.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dbd	SetupHlp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbd\shell\open\command\ = "C:\\Program Files (x86)\\IObit\\Driver Booster\\11.6.0\\OfflineUpdater.exe \"%1\""	SetupHlp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DB_Open_dbop	SetupHlp.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1716	driver_booster_setup.tmp
1716	driver_booster_setup.tmp
2612	setup.exe
2612	setup.exe
580	driver_booster_setup.tmp
580	driver_booster_setup.tmp
580	driver_booster_setup.tmp
1712	SetupHlp.exe
1712	SetupHlp.exe
580	driver_booster_setup.tmp
3048	InstStat.exe
3048	InstStat.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1716	driver_booster_setup.tmp
Token: SeDebugPrivilege	580	driver_booster_setup.tmp
Token: SeLoadDriverPrivilege	2376	HWiNFO.exe
Token: SeLoadDriverPrivilege	2376	HWiNFO.exe
Token: SeLoadDriverPrivilege	2376	HWiNFO.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2612	setup.exe
580	driver_booster_setup.tmp

Suspicious use of WriteProcessMemory 50 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 1716	2540	driver_booster_setup.exe	29
PID 2540 wrote to memory of 1716	2540	driver_booster_setup.exe	29
PID 2540 wrote to memory of 1716	2540	driver_booster_setup.exe	29
PID 2540 wrote to memory of 1716	2540	driver_booster_setup.exe	29
PID 2540 wrote to memory of 1716	2540	driver_booster_setup.exe	29
PID 2540 wrote to memory of 1716	2540	driver_booster_setup.exe	29
PID 2540 wrote to memory of 1716	2540	driver_booster_setup.exe	29
PID 1716 wrote to memory of 2612	1716	driver_booster_setup.tmp	30
PID 1716 wrote to memory of 2612	1716	driver_booster_setup.tmp	30
PID 1716 wrote to memory of 2612	1716	driver_booster_setup.tmp	30
PID 1716 wrote to memory of 2612	1716	driver_booster_setup.tmp	30
PID 1716 wrote to memory of 2612	1716	driver_booster_setup.tmp	30
PID 1716 wrote to memory of 2612	1716	driver_booster_setup.tmp	30
PID 1716 wrote to memory of 2612	1716	driver_booster_setup.tmp	30
PID 2612 wrote to memory of 340	2612	setup.exe	31
PID 2612 wrote to memory of 340	2612	setup.exe	31
PID 2612 wrote to memory of 340	2612	setup.exe	31
PID 2612 wrote to memory of 340	2612	setup.exe	31
PID 2612 wrote to memory of 340	2612	setup.exe	31
PID 2612 wrote to memory of 340	2612	setup.exe	31
PID 2612 wrote to memory of 340	2612	setup.exe	31
PID 340 wrote to memory of 580	340	driver_booster_setup.exe	32
PID 340 wrote to memory of 580	340	driver_booster_setup.exe	32
PID 340 wrote to memory of 580	340	driver_booster_setup.exe	32
PID 340 wrote to memory of 580	340	driver_booster_setup.exe	32
PID 340 wrote to memory of 580	340	driver_booster_setup.exe	32
PID 340 wrote to memory of 580	340	driver_booster_setup.exe	32
PID 340 wrote to memory of 580	340	driver_booster_setup.exe	32
PID 580 wrote to memory of 2376	580	driver_booster_setup.tmp	33
PID 580 wrote to memory of 2376	580	driver_booster_setup.tmp	33
PID 580 wrote to memory of 2376	580	driver_booster_setup.tmp	33
PID 580 wrote to memory of 2376	580	driver_booster_setup.tmp	33
PID 580 wrote to memory of 1712	580	driver_booster_setup.tmp	35
PID 580 wrote to memory of 1712	580	driver_booster_setup.tmp	35
PID 580 wrote to memory of 1712	580	driver_booster_setup.tmp	35
PID 580 wrote to memory of 1712	580	driver_booster_setup.tmp	35
PID 580 wrote to memory of 1712	580	driver_booster_setup.tmp	35
PID 580 wrote to memory of 1712	580	driver_booster_setup.tmp	35
PID 580 wrote to memory of 1712	580	driver_booster_setup.tmp	35
PID 1712 wrote to memory of 2808	1712	SetupHlp.exe	37
PID 1712 wrote to memory of 2808	1712	SetupHlp.exe	37
PID 1712 wrote to memory of 2808	1712	SetupHlp.exe	37
PID 1712 wrote to memory of 2808	1712	SetupHlp.exe	37
PID 1712 wrote to memory of 2808	1712	SetupHlp.exe	37
PID 1712 wrote to memory of 2808	1712	SetupHlp.exe	37
PID 1712 wrote to memory of 2808	1712	SetupHlp.exe	37
PID 580 wrote to memory of 3048	580	driver_booster_setup.tmp	38
PID 580 wrote to memory of 3048	580	driver_booster_setup.tmp	38
PID 580 wrote to memory of 3048	580	driver_booster_setup.tmp	38
PID 580 wrote to memory of 3048	580	driver_booster_setup.tmp	38

C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe
"C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\is-AL0TQ.tmp\driver_booster_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AL0TQ.tmp\driver_booster_setup.tmp" /SL5="$40218,28998482,139264,C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\is-OH37G.tmp-dbinst\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-OH37G.tmp-dbinst\setup.exe" "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe" /title="Driver Booster 11" /dbver=11.6.0.128 /eula="C:\Users\Admin\AppData\Local\Temp\is-OH37G.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe
      "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\is-OURO7.tmp\driver_booster_setup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-OURO7.tmp\driver_booster_setup.tmp" /SL5="$30208,28998482,139264,C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe" /sp- /verysilent /Installer /norestart /DIR="C:\Program Files (x86)\IObit\Driver Booster" /Installer-DeskIcon /Installer-TaskIcon
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:580
      - C:\Program Files (x86)\IObit\Driver Booster\11.6.0\HWiNFO\HWiNFO.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.6.0\HWiNFO\HWiNFO.exe" /brandname
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2376
      - C:\Program Files (x86)\IObit\Driver Booster\11.6.0\SetupHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.6.0\SetupHlp.exe" /install /setup="C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
        6⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1712
        
        C:\Program Files (x86)\IObit\Driver Booster\11.6.0\RttHlp.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.6.0\RttHlp.exe" /winstdate
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2808
      - C:\Program Files (x86)\IObit\Driver Booster\11.6.0\InstStat.exe
        
        "C:\Program Files (x86)\IObit\Driver Booster\11.6.0\InstStat.exe" /install db11
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Database\Scan\initial.wlst

Filesize
1.8MB

MD5
8c73757ae39515653588eff5cedd6577

SHA1
e510c58fe6184bdea3cbe7c4bfef61f17a669f32

SHA256
2e76e5407a4bdd119f8d317c3260b2e383472359df76f41a0bcf8aa4fa29109a

SHA512
8399935d41e93ba25512efd439f4b81dec4d0cccdf8d927ba7a6294a2da5da32dbd479f47a7be3f42ac81ac41a6536b4a992d1527fda69340732dbba3cb9c658

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Driver Booster 11.lnk

Filesize
1KB

MD5
fdc0feb4039757b5c7076da08340c1ba

SHA1
2e5ab75b24092eb49d47bc366b46a8a8f6cab827

SHA256
b3d63b76e03ebec2cb388ba7c335832712f0ddf97f6b85aba83457062c52cc27

SHA512
77183eb8741bbe5d790842b9c82b25947d8b7bb7a40bbbb922ab5fa7e16bc056d4232d43989d415f5f6602f107aebd34b46ca18c2fdcabb7d2ec15c747320f72

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\HWiNFO\HWiNFO32.dll

Filesize
1.2MB

MD5
e937e1a411075768ef3f287f9abc128a

SHA1
ee63928100563c1d846ecdc462a5c163ecce3d4c

SHA256
cb81c7cbd229b639f24db6655edc67f4c32954778d24e086d45a7229cc58351c

SHA512
a8a6123e1b88d3708ae76ab1ea2d3f15549d03549ee07fdf935357d06792fe63cceae7034e250588415040b8e11b0e892016bba165c488068c6c48f4cc7726a5

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Icons\Apps\is-9FOA2.tmp

Filesize
1KB

MD5
a364eb8919ad57f2278960cf6a062862

SHA1
dd7fa8dd5894960fa47e8c74e2acec034da803d3

SHA256
ac4531a4b4fe3b34054eb33f2caabe2776be0ea5fc5056670c139caffd51b4f4

SHA512
68e06dcbf244211caac4e386bc73856a7b4da97681e58de3470d6f1000abd336c2d13c84ee11e2bcda9a48afd176efc34f9567ef3bebd5577731956402ead96b

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\Register.dll

Filesize
1.0MB

MD5
7c8d2f57f34a5d6a501813274f4febe1

SHA1
9fd6ae9bff728e3fe4e3236db43533e39aaff492

SHA256
e06648637c124f47b79f21d1e3db2eac2a39383571758594afce73935b58f88e

SHA512
a46d693b55243d5f45a07105874eaf6c67c8f5e06eb92eb5b7035808acba8e040c85ababfed061b563d7b975a23263e7ac8bd2ba589e2f3c11c8e8ff13ff3f11

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\RttHlp.exe

Filesize
135KB

MD5
a2d70fbab5181a509369d96b682fc641

SHA1
22afcdc180400c4d2b9e5a6db2b8a26bff54dd38

SHA256
8aed681ad8d660257c10d2f0e85ae673184055a341901643f27afc38e5ef8473

SHA512
219c6e7e88004fad9f4392be9a852c58fc43b7f6900e40370991427f37eaea5c18f48d2954f9479dde8bcb787345f4e292d5620add8224aec4d93d7968820b83

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\is-EAL74.tmp

Filesize
28KB

MD5
b0381f0ba7ead83ea3bd882c1de4cd48

SHA1
c740f811623061595d76fce2ebb4e69d34316f3b

SHA256
44bc9472169403484a0d384f1ca81989ef7e4b07441758e8a0110078933cbcb5

SHA512
6cfb8bc562d22843d043411720db97d0b4cbac96a20983d83d19e59b8428ec202f2532cc5af254438dc34fca4161abbd3f6bac8d397590e41b6d41e60700e78a

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\lang.dat

Filesize
27B

MD5
25f5875159bd806eadaa7bc41cd61dc1

SHA1
02f5ae9c79c122bb52236d930c2541b2d3ead3a8

SHA256
d5062ff936c218c4c23c1f0846fa1ab4ec359be885cd2ab1cb24178da5b0ff2c

SHA512
0292ff0478ce6819d56bd430c786bb0c648895e8d9e6a689383274e37a643cca46958de23e75a25637c760911bb4328e7fb1d02882dfa42dbed7d17ee90fe8b5

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\local.dat

Filesize
1KB

MD5
89c2da9d5383a711466c79151e9fe94e

SHA1
440d79b5eb1a0efb0eb9fa6ae30b1af3bdb757a8

SHA256
abfc229576e849cfee5210c9cecd80d7d0bb0c52d6b19ab21bd89d65ac112343

SHA512
738d54d88ac76f344bdd7df31e9e80beb4321830510c016fff92d38bd78e1a19b77b7e834475898fc425fcc2f0a54b7b0ac15edb4efde0dff2e92a09ee3b673c

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\rtl120.bpl

Filesize
1.1MB

MD5
adf82ed333fb5567f8097c7235b0e17f

SHA1
e6ccaf016fc45edcdadeb40da64c207ddb33859f

SHA256
d6dd7a4f46f2cfde9c4eb9463b79d5ff90fc690da14672ba1da39708ee1b9b50

SHA512
2253c7b51317a3b5734025b6c7639105dbc81c340703718d679a00c13d40dd74ccaba1f6d04b21ee440f19e82ba680aa4b2a6a75c618aed91bd85a132be9fc92

Download Submit
C:\Program Files (x86)\IObit\Driver Booster\11.6.0\vcl120.bpl

Filesize
1.9MB

MD5
c594d746ff6c99d140b5e8da97f12fd4

SHA1
f21742707c5f3fee776f98641f36bd755e24a7b0

SHA256
572edb7d630e9b03f93bd15135d2ca360176c1232051293663ec5b75c2428aec

SHA512
33b9902b2cf1154d850779cd012c0285882e158b9d1422c54ea9400ca348686773b6bacb760171060d1a0e620f8ff4a26ecd889dea3c454e8fc5fa59b173832b

Download Submit
C:\ProgramData\IObit\IObitRtt\DBRtt.ept

Filesize
148B

MD5
c563e1be4d3971c7ffdb64b6ab480f35

SHA1
6db88a6ebe08070e46e22bde2c39c826ec972b6e

SHA256
bd716a4c1ea3262da310522fe89691925e5489ea877d534cb2f4d4b4ad8d6b10

SHA512
985243db9ed22dc0fe0fc13b7f36b190d924c6f5315a4fbf14ab3eaeac92c2ede20784f2e501f1456b7afe946068229620baa8b1464908238ea8e81b3c1ad9e3

Download Submit
C:\ProgramData\IObit\Install.ini

Filesize
98B

MD5
27cb491ad7c209aadc830aaf6edbbb6e

SHA1
185f7d7c326753cf7fc6292003c333735d007c36

SHA256
4274544227f027907823cb03e7e28bb228bcbf47f116ebe5a8fcf2a4b493856f

SHA512
89fb8e84ff695369ed4a4e7ba8b9689b2d530cd7ab26d945c87643209f03a759685d4bbc077d8e5a2aed79ec2c04b5eb8467504f97c67579d0bc1004e1cb5abc

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini

Filesize
140B

MD5
bfff3466f85d4ef2331f5e14de8a511e

SHA1
c8562af3a2f07b65c24d6cc679dc7b6bb8d19387

SHA256
444e4ea91ab530ce1b4709546940d8e6d5c330d9e715723deea5538ed3168d5b

SHA512
f5c80c985fe8f542b9be54aa1337dec0264f58ef13e918f5e5b80e2cc716f0ace85bf958b49ff83756ca6b84d06e7a776270a82e7307854af0a54fc0b14fc562

Download Submit
C:\Users\Admin\AppData\Local\Temp\1723061187\ENGLISH.lng

Filesize
25KB

MD5
db9aeac1d5b95fe0a91de7109052bb1c

SHA1
be4936d76a69a21a31c06c87b560c454a1eda5d2

SHA256
e22df1557d7a50f85c96cf4a2c2c843a737433a56447aa0423f41ec201232d4a

SHA512
41702e00071df9aad72e19010638a89d3bcf43473754a57ab393c90f8f952b511aec2a531893e6ff94dc14cf0cddb7146cb7e1add0c55166eb07f253035e335f

Download Submit
C:\Users\Admin\AppData\Local\Temp\HWiNFO64A_151.SYS

Filesize
61KB

MD5
b8b796586c1c177ce49dac10c57088ea

SHA1
37df4c40300da4ef18971ef4dff96c864c3e463a

SHA256
a6e75c3a21436941e9a6a111fe3a708be1753ab656ba247a40b401206096641c

SHA512
e4039f6cb66115fcd01845ccc1cf3d0cff5791f2c7b5aa32a6fe741d8317e865e608e99174ecb13d5bd1130f0b12811c8f7bfd60b0e00b869c4d84d0265ca9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\appver-ac.ini

Filesize
852B

MD5
73d9587d9f8d9e437e032c1803f24baa

SHA1
43986323bb8d478eb4449b8db17503b297da5ae7

SHA256
b8941604d911f5c939bd53ae2ae7d91166b9e16bf63b5898ea73c70956d4a3cb

SHA512
4b7092be14c68f3424eceadda749d3608f73b3907d709f1e4b5aaab5ed5a38d48c5e8f9d49d81af19a5de570235b5db8bcb44f00951a191c5a68b60c8a06cec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0V802.tmp\Inno_English.lng

Filesize
8KB

MD5
4014e584f7eb5936a6d2b8b75ade700f

SHA1
4a4b6017c27727aadb8e3726805cdfab11e97fb1

SHA256
5acf921d2b7d33d5fc9ab02569be5f46b5f3cf8656bf1c245f2f61f55529bb3b

SHA512
f9b8b8ca6c2e52bb8aa29c1d313874f5f66672838530d2d6f8075ec4c53132a5b195ade82105f831e4151ce317f174ba27026800ab4c6c8f67521a3c0eea1693

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OH37G.tmp-dbinst\setup.exe

Filesize
5.8MB

MD5
2e169828a673a1141fec2a966a3f7aa3

SHA1
78ca1d53fcce00a7f0271aa1237fb95041509f76

SHA256
23c1b303adc0fa0f93c53a33ac82ae38cdb93f4067d0d04205e8dadbe73ea50a

SHA512
dd27f81311c71510af3b271c2625dd4d59c1a753daba13d6fe33e91824bc709741936e500d44ae7339f428e8429a811e287d21a1f9913ca080a1a4441ad0c09b

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
85B

MD5
27d78444c8ec04fb8f47f8e8092146b7

SHA1
e0958861389fd4f119aa619b6ffdc013a45fc696

SHA256
2e5713d77fac109b8e3f3be06a51de5b2b9137192bf2ee6948c061eec371dd5c

SHA512
87c8f7b75161fa584f2a308844d2057a4082bdace958ee9019ce4507dd8e5b2b4d765ef76d90944e9c189f66b7d1ddf8c3fbdaf1f23c50e2c5f9cfda64a8181e

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
177B

MD5
f180caa24363cc37b307f42e613b70d4

SHA1
210fec3014e41a70915a79776124f74e8f2a5d28

SHA256
945084f5aad4ec328af19488340b0487ff2f34035b96c298216c96be0395f335

SHA512
35b33b4ce7044d8b64c2ca51acaa9b648be1a6cdfd6c362d997bd5b49b2f7a938128ad549dc7cc06004a71c382dbe01ce83918c9f62f964073715c10bda8d177

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
262B

MD5
86cb0b5daf3dce8b1f0fc842f7b8520e

SHA1
79af317e181c4899aa8dafa601112fcdc30aab11

SHA256
af7bb9499dd501ac925cf5885f52f13cd8ad69c9cbf06a648a240bbd8fd11927

SHA512
29992b732578386202936e7e513a73a7ed568781d78a65c05589531ef3be582e09ad7bfd7d48999ed4fa11eadece29873a99009f759c327825aa224ffdd53c67

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
262B

MD5
fedc5b1d257ec4b272c177fd71182f96

SHA1
cb77f80fa6684d0a0433f42dca89abfbfe75cb0a

SHA256
e1a1f469c717a71f0075d79310e9bc20c33de0745fe87b45be94f5eee3c24c44

SHA512
2c29d0847e486496324ca2285d778a3a1a4d48a4ec8e48b593fcd4494b33ee38ba0c772503078a7d5cfec08ae6d8588c780b69fe4f7a6af8b1cd1e0ea70e29c8

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Driver Booster\Config.ini

Filesize
612B

MD5
3d4107e1fa5f19fd67fdaf54cfbdca67

SHA1
4b57bc1d19af98b7ed902cabd45825e1b0b176d0

SHA256
1700058c091961d7427cbd6bc4cfdaa99a5e2197ade0695658119c33f4b9c829

SHA512
85e1901616f3ff53e78be5f8466979ed80561cae409843c205e839acbf7e235d58ccc96bbe2e4646312a244b69ea541e04007a0ea8c63182adcefcb012c1a101

Download Submit
\Program Files (x86)\IObit\Driver Booster\11.6.0\HWiNFO\HWiNFO.exe

Filesize
173KB

MD5
117e4edaacd5c4d127fe404b07cfecd4

SHA1
e041ced94ffb3bb19a64b9df3eb258aa5f59febc

SHA256
5fc8c7c6f8e56fab9595e8d50139ce7aa3413ae484ebe9ad109896b227c04d2f

SHA512
bb52e40a99d945fb0a3594c929dfd0c03a6dc5441e6402fedf913104025e9d154ab082ad0c4142959164cf73df45907fafb434112c8da882712825c5e1676b98

Download Submit
\Program Files (x86)\IObit\Driver Booster\11.6.0\InstStat.exe

Filesize
1.6MB

MD5
b8cd832013322d22c4c026383eefcec2

SHA1
406706f1cc5276f50dea4e32d7db27c326ca37d3

SHA256
13db9a072473c27380b917b94d441cbbd34b8d8558f370495f7f6de27dcea225

SHA512
2c316adfdbac0184233b3f4bbc4babe813daa5e0d4684fdf4c959152a3bb938334db05504e8b79a56f417865666db0506b59b8fd64a708e4aac548fefb87c039

Download Submit
\Program Files (x86)\IObit\Driver Booster\11.6.0\SetupHlp.exe

Filesize
2.3MB

MD5
c457865cc2c3383111800d592992ff26

SHA1
ee54eb87102b8b63a60a2c268f6404e8555f4492

SHA256
791f2cbb8913d5314d9251ff20f7cace0c2a92b6475aecc8074a92639b58e4fd

SHA512
c358fefb02dcfd9e404a73c35b61cee160ef5575d4c15c31b2c11c66c709879f22dc7860c79ae9d14856903a6c18d6d0f6fe39afafc96e48a5f18668eb6cf4e9

Download Submit
\Users\Admin\AppData\Local\Temp\is-AL0TQ.tmp\driver_booster_setup.tmp

Filesize
1.2MB

MD5
048f89f1be0ce17f10350b121c08b6bd

SHA1
d0746f79ab4c1c6712e787d30e7896cf02439d1a

SHA256
8dfc033ff5a1ebac9282f15f14ab048b73fb058fec927a1f5d188a359315c6eb

SHA512
f21b627324fb58f2a585c99df6309e11ae11f895e6f5b6f0d4f9b02368ec9982728e43a3aba5d346d3ca45419fc593293665305f067d9d9f41753d201a9ea90a

Download Submit
\Users\Admin\AppData\Local\Temp\is-OH37G.tmp-dbinst\libcrypto-1_1.dll

Filesize
1.7MB

MD5
902385503375a1c52787e2c88895e030

SHA1
d3b7fab10695c7c70a611572a7f6593d3a391533

SHA256
078d662af771a3b93c44415447294db364e22710cedc274b685ec639783ac928

SHA512
48cfd677a51691906daddb5034d9098dfe7b09b35507812c6373d17bbec76618b5f914fde2d1b134d89705a03d8135f6d6ac10b87ed5f40e726479c3ed94e89c

Download Submit
\Users\Admin\AppData\Local\Temp\is-OH37G.tmp-dbinst\libssl-1_1.dll

Filesize
355KB

MD5
beae2f18755207f855bd745a95a0e0df

SHA1
4a97186d28354bebb8879a31a675764da456e272

SHA256
76eb04aa269163a918e09a82717d39f51bfd9934f4671f8b81eb7a71cf1b3ba4

SHA512
b0743b6a7e4f0a334ee753c26b383b521838700438da71ea6a2b4bb2e9019bac53a0982fc76e8eddff4c9a4e99a2f51f8653b12d602e5d91cee152bc6bfaf31f

Download Submit
\Users\Admin\AppData\Local\Temp\is-OH37G.tmp\DriverBooster.exe

Filesize
8.6MB

MD5
9d547220e340c5b4c8cd6300ffffddca

SHA1
e23189683a92c51189eeb3fcd0624fc27cfe2f15

SHA256
42f94d425c2574d3b4672ca68483841cc9f86f4d865ed4a64c4a616fa677e8d1

SHA512
ff5d07dbee05ff5ff096c94bd1914e4a5c3eeee4606f425b33dcc19fcaa7bf952d0b27a42bf8de211db4032cb11f639c7428068bf2c81fe977778334e242b2d4

Download Submit
memory/340-704-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/340-163-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/340-751-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/580-750-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/580-705-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/1712-717-0x0000000000400000-0x000000000064C000-memory.dmp

Filesize
2.3MB

Download
memory/1712-718-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/1712-719-0x0000000003C60000-0x0000000003D6F000-memory.dmp

Filesize
1.1MB

Download
memory/1712-649-0x0000000003C60000-0x0000000003D6F000-memory.dmp

Filesize
1.1MB

Download
memory/1716-51-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/1716-8-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/2376-620-0x0000000010000000-0x0000000010237000-memory.dmp

Filesize
2.2MB

Download
memory/2376-655-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2540-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2540-54-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2540-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2612-703-0x0000000000400000-0x0000000000A0D000-memory.dmp

Filesize
6.1MB

Download
memory/2612-777-0x0000000000400000-0x0000000000A0D000-memory.dmp

Filesize
6.1MB

Download
memory/2612-787-0x0000000000400000-0x0000000000A0D000-memory.dmp

Filesize
6.1MB

Download
memory/2612-785-0x0000000000400000-0x0000000000A0D000-memory.dmp

Filesize
6.1MB

Download
memory/2612-784-0x0000000000400000-0x0000000000A0D000-memory.dmp

Filesize
6.1MB

Download
memory/2612-165-0x0000000000400000-0x0000000000A0D000-memory.dmp

Filesize
6.1MB

Download
memory/2808-701-0x00000000028C0000-0x00000000029CF000-memory.dmp

Filesize
1.1MB

Download
memory/2808-700-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/2808-699-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2808-698-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2808-690-0x00000000028C0000-0x00000000029CF000-memory.dmp

Filesize
1.1MB

Download
memory/3048-776-0x00000000045E0000-0x00000000046EF000-memory.dmp

Filesize
1.1MB

Download
memory/3048-775-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/3048-753-0x00000000045E0000-0x00000000046EF000-memory.dmp

Filesize
1.1MB

Download