Analysis Overview
SHA256
3eb510694db766b5cfd4fb897d670df4434d4724e9b8e4e06abc2aef27cccf29
Threat Level: Likely malicious
The file DR1V3R B00ST3R 12 FULL_by_M4ST3RC1T0_YT.rar was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
A potential corporate email address has been identified in the URL: Montserratwght@900
Executes dropped EXE
Checks computer location settings
Checks installed software on the system
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:06
Reported
2024-11-09 22:09
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: Montserratwght@900
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-U0U5V.tmp\driver_booster_setup.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-1I1IM.tmp\driver_booster_setup.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0475FB98\driver_booster_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-U0U5V.tmp\driver_booster_setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-ENULQ.tmp-dbinst\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\driver_booster_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-1I1IM.tmp\driver_booster_setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe | N/A |
Checks installed software on the system
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO0475FB98\driver_booster_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-U0U5V.tmp\driver_booster_setup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-ENULQ.tmp-dbinst\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\driver_booster_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-1I1IM.tmp\driver_booster_setup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\wmic.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756637097507474" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\DR1V3R B00ST3R 12 FULL_by_M4ST3RC1T0_YT.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\7zO0475FB98\driver_booster_setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0475FB98\driver_booster_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-U0U5V.tmp\driver_booster_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-U0U5V.tmp\driver_booster_setup.tmp" /SL5="$902A4,31285930,139264,C:\Users\Admin\AppData\Local\Temp\7zO0475FB98\driver_booster_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-ENULQ.tmp-dbinst\setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-ENULQ.tmp-dbinst\setup.exe" "C:\Users\Admin\AppData\Local\Temp\7zO0475FB98\driver_booster_setup.exe" /title="Driver Booster 12" /dbver=12.0.0.308 /eula="C:\Users\Admin\AppData\Local\Temp\is-ENULQ.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbb91ecc40,0x7ffbb91ecc4c,0x7ffbb91ecc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3380,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5328,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5332,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5524,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5528,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3424,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6016,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6044 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3388,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5864,i,12569021433319389608,8476914733993778918,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5816 /prefetch:8
C:\Users\Admin\Downloads\driver_booster_setup.exe
"C:\Users\Admin\Downloads\driver_booster_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-1I1IM.tmp\driver_booster_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1I1IM.tmp\driver_booster_setup.tmp" /SL5="$401EC,29901681,139264,C:\Users\Admin\Downloads\driver_booster_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe" "C:\Users\Admin\Downloads\driver_booster_setup.exe" /title="Driver Booster 12" /dbver=12.0.0.356 /eula="C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
C:\Windows\SysWOW64\Wbem\wmic.exe
wmic computersystem get model
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.iobit.com | udp |
| US | 34.236.105.50:443 | www.iobit.com | tcp |
| US | 34.236.105.50:443 | www.iobit.com | tcp |
| US | 34.236.105.50:443 | www.iobit.com | tcp |
| US | 34.236.105.50:443 | www.iobit.com | tcp |
| US | 34.236.105.50:443 | www.iobit.com | tcp |
| US | 34.236.105.50:443 | www.iobit.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.105.236.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | cdn.iobit.com | udp |
| FR | 152.199.20.140:443 | cdn.iobit.com | tcp |
| US | 8.8.8.8:53 | 140.20.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.iobit.com | udp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | stats.iobit.com | udp |
| US | 54.198.87.243:443 | stats.iobit.com | tcp |
| US | 54.198.87.243:443 | stats.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| FR | 152.199.20.140:443 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | 243.87.198.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zO0475FB98\driver_booster_setup.exe
| MD5 | e6ce743d5b58b5f1c04ed63b6e9139a1 |
| SHA1 | f4c2e6b974d80bb045cfe6956634a1d38acdd569 |
| SHA256 | 6c708deec6e5fba99b6dea92fc604417774b3e6a51aae24fcffe2ba1cd96b6a2 |
| SHA512 | a810a16c18815bd535022ffd95b740d3643ff3535d02a51d4da3f8d71256018bc128a3c44106883c5b4ca54fe2f9a101bfc17d6541d73054f96ad9641523d963 |
memory/1112-12-0x0000000000400000-0x000000000042C000-memory.dmp
memory/1112-14-0x0000000000401000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-U0U5V.tmp\driver_booster_setup.tmp
| MD5 | 048f89f1be0ce17f10350b121c08b6bd |
| SHA1 | d0746f79ab4c1c6712e787d30e7896cf02439d1a |
| SHA256 | 8dfc033ff5a1ebac9282f15f14ab048b73fb058fec927a1f5d188a359315c6eb |
| SHA512 | f21b627324fb58f2a585c99df6309e11ae11f895e6f5b6f0d4f9b02368ec9982728e43a3aba5d346d3ca45419fc593293665305f067d9d9f41753d201a9ea90a |
C:\Users\Admin\AppData\Local\Temp\is-ENULQ.tmp\EULA.rtf
| MD5 | b0381f0ba7ead83ea3bd882c1de4cd48 |
| SHA1 | c740f811623061595d76fce2ebb4e69d34316f3b |
| SHA256 | 44bc9472169403484a0d384f1ca81989ef7e4b07441758e8a0110078933cbcb5 |
| SHA512 | 6cfb8bc562d22843d043411720db97d0b4cbac96a20983d83d19e59b8428ec202f2532cc5af254438dc34fca4161abbd3f6bac8d397590e41b6d41e60700e78a |
C:\Users\Admin\AppData\Local\Temp\is-ENULQ.tmp-dbinst\setup.exe
| MD5 | 520e45d9974779f189291d0af776479e |
| SHA1 | 10ec615240bf36a431f3fa4039dc6f7a8c77d2b3 |
| SHA256 | 961acf1c9c20b1f2d435adf4a0b6277a6d07c4925d6e56863197a401fd3756e1 |
| SHA512 | d73b2fdb9745223707ddcfc0aedcb43b124a1df394110e49a47a52b48ded1dfbfb3239c061af8f11ecd13432419d605a5a3be688f057373ede4e106630d8caba |
memory/2280-67-0x0000000000400000-0x0000000000532000-memory.dmp
memory/1112-68-0x0000000000400000-0x000000000042C000-memory.dmp
memory/32-69-0x0000000000400000-0x0000000000996000-memory.dmp
\??\pipe\crashpad_2316_CVQSFSFHXYWYWKVK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\f2486a24-8286-45f0-984b-e8f039428f5a.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2316_124484925\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 30d0bc3c0f45202ae1e9f7144098958c |
| SHA1 | bf2fdc3aa069f05b51591a37e17ace30ec908607 |
| SHA256 | 858aa0bfe61bc01d70b0571cdf6345402e0030ebb69fbda24a8c0529e912ba6d |
| SHA512 | 70361f45bfa17cc3b4c1e322eda1b9b111246caf7f2fc6fa5cd54f44d4d5b31a4048bf3883ea12bc53315aec56c5da06a4ec6592702ccc06d1b91c9b5e2c3199 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c54cd6c77cc84370778f0eaacebfd182 |
| SHA1 | 9e80fc1479e1e23b10b8cc6a7cfa1edee6d94df9 |
| SHA256 | 5774f00b8d3f12455d5f79c7d100abc7260cc9a7d8311b9f26d042c466955dce |
| SHA512 | f4738d2f7180c9ad9521204b575730894837478771ee4a9dafef5abbf4d9a0f2ac5561db98dcdf8db231e06dc4c8e6afc719bc587f1accdb346b21b51ab7b955 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74fe8d62029415873bdd895f4ffdbb23 |
| SHA1 | bf7934dc5ade1c49e1c71a8df1c9000dad7fdb9e |
| SHA256 | f731541b6fcf985ae6d75ec386899dd01a5ec78eb2ae9733f84e6c8b9f057058 |
| SHA512 | feb25e62033139055ba17ab00cdb95cb5e3391c61c00dd7cfa6fabb27e6bae6e74f9204df70419b45ef7f57097be9f55cc95dddf9dff8c4e4b87be9415d23d32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 509a7dab7df5197bcc62dcba4c6e68fe |
| SHA1 | 0d1a4971bd30eec221c33fda9ea25764ab8d9780 |
| SHA256 | 0b35afdceeeb46a706784a7efac57c4fe18530916fbbc0c8441a55c9eb8b097a |
| SHA512 | 60c42b723fb172ae2527c3c9c1a481fce9e1f1269c53b22fc10f7ca640681fdde86559b2ffd48ba7a0ea77353eca05fc16e45f5a70fb82fd068461c6a593c9ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3bd3cb3a218c3ccf756417f99743974e |
| SHA1 | 68bfc4cd1b581633974c77c51dcd3ea115c273b0 |
| SHA256 | 9b0f5ea4445757f0eb4bb5d252cae5f4c2ca7442dd0806e9e5d0ee3938e6bce4 |
| SHA512 | fc6af69717307bb4275f0fe2050798d6589c2f697ef198cd0dfe28a9e215d8e6051f36a04c57bf1352533000ff606ce41c0fe8a6bcce9f5a56aaa61eff221224 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e0cf8a41fd00ae2e83368f5f6fae1a0 |
| SHA1 | 0760fec654a9c51209750389523546d44a948b2a |
| SHA256 | 128f3b19a9903de1a657fea90172a40810c992f436358dc79c6018c07653a964 |
| SHA512 | 4306db216a7806f6aede726ca47402a1cc3552dc9130cec4eb4b165b7186a9650d038b483cd9705fb5805b31442766024ff7ce4c3378ef5d38ceb120d9f21317 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e43a47f6c5127a84bb6d6b82e2b72e38 |
| SHA1 | 25dec0859505346715fe99139d59364d810b081e |
| SHA256 | 778231e09e30459a640ea6f43cd449cd31b8fe1fc72cc80c918d718e3343509a |
| SHA512 | 26b0d22dc2f2f1015aa58f25729841435ce9c4a8c123612299d299d1354bcf0470c141955585fcaaa8d612c3eb1caf38e92d1bcaf19016b3199f6d63454a0a96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ce83be95f3c08460ed786df471e5de67 |
| SHA1 | 61041fa3320c1a051a26e38b4225209cdbb33c4e |
| SHA256 | d892507bc9e15b6e6dad8fc6d706a38cf064803699033d1e496fd55bf4958c27 |
| SHA512 | 2b304ecc73def0fb5d15337de4d81435a56eb420156a8f2a03eef6844970fdef7f6d4e8f4accc99dc5b55d703654fcaf8547143bb03ed1cb396ba44d6006ba47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d128e3636c76829722a7804a12a9fd3d |
| SHA1 | a8d9622d74d0dc0694c9247deda9308d7c109a01 |
| SHA256 | b1378853a89bc4705a96a5ea851f1beaf5b23f817460a01155f68f8a28df2349 |
| SHA512 | 79ce1969bb329ac7b6aa5a7fe8a7f7e8c757e30f9edb0fcad0d9a6f358f7fa678b23dbf1ae202a3a3a88560f16bb84fc4bfc7f79fb169a96ea5694d2f1281f86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c4cbb700047f5fe038c3c689276e3ac9 |
| SHA1 | 59c0710f4203eba8fbd1d48882217458796433d3 |
| SHA256 | 5c54019533d2f58a37788c8703b5640b9137989d1c6bc31188713f0af8c9a1d9 |
| SHA512 | e44c418176380236ea781857c92efd49330255cab57f0ae3b26f5e72eabb7259f07aa59cef5c3f8b2749545fb2ee091344371f1e1a96e3ad57baba2da989e267 |
C:\Users\Admin\Downloads\driver_booster_setup.exe
| MD5 | 14d740ecd920da2b1fcb5c1c13220069 |
| SHA1 | 1ec1194e11b48cbd443b132316af0e6912f0d0e3 |
| SHA256 | 0d9ba977ebc5aa0324835655026294cf7b3319d38f9549c58d2bc518a7b30054 |
| SHA512 | 25672b2e3292c24596a080f482e19f90b0efc62903de828a5e3406cdaa1f94b19a8e3b5ba688cf318862f66e5a4caaafc51f5cfc28fcd8f5399e0e639d5fa26c |
memory/4800-772-0x0000000000400000-0x000000000042C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-87378.tmp\libssl-1_1.dll
| MD5 | beae2f18755207f855bd745a95a0e0df |
| SHA1 | 4a97186d28354bebb8879a31a675764da456e272 |
| SHA256 | 76eb04aa269163a918e09a82717d39f51bfd9934f4671f8b81eb7a71cf1b3ba4 |
| SHA512 | b0743b6a7e4f0a334ee753c26b383b521838700438da71ea6a2b4bb2e9019bac53a0982fc76e8eddff4c9a4e99a2f51f8653b12d602e5d91cee152bc6bfaf31f |
C:\Users\Admin\AppData\Local\Temp\is-87378.tmp\libcrypto-1_1.dll
| MD5 | 902385503375a1c52787e2c88895e030 |
| SHA1 | d3b7fab10695c7c70a611572a7f6593d3a391533 |
| SHA256 | 078d662af771a3b93c44415447294db364e22710cedc274b685ec639783ac928 |
| SHA512 | 48cfd677a51691906daddb5034d9098dfe7b09b35507812c6373d17bbec76618b5f914fde2d1b134d89705a03d8135f6d6ac10b87ed5f40e726479c3ed94e89c |
C:\Users\Admin\AppData\Local\Temp\is-87378.tmp-dbinst\setup.exe
| MD5 | f707be8e8ebb2a58a4234b334b7bb483 |
| SHA1 | 19a04a09c98fd4fdcbb6a46bc46946682e1fb3fb |
| SHA256 | e4d9caaec9652a2456673e05ebd6adf1a38c2009aa88ecdc913bc716ab6758f2 |
| SHA512 | 478832e124b92160be56a4473a4d5e890bea9cc95b472616f58b8444fef45f0868124a58651c709c89565d4346c25238e42edba56c5e71ff3dc58a8f74695c7e |
memory/4064-835-0x0000000000400000-0x0000000000532000-memory.dmp
memory/4800-836-0x0000000000400000-0x000000000042C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 846a87394837663f8053c10e8ab292c9 |
| SHA1 | 5a429288dcc8960a554fce2ce5705adc839d572c |
| SHA256 | d1240e37936ae8ce274f1f19dfade0cb5e205c8b9cd6de09fe3f6c4cdd8c0f9d |
| SHA512 | 6b172d22554d27d2fd1007a67e6fc064df9f764aea0afd4ba3458bf264b2e551ebedcfb6e50035984504ca609f6a10e58e7b5cb211fff93b8748c82d1ebc96c9 |
C:\ProgramData\IObit\iobitpromotion.ini
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e432f632146b2338e926e93083bde3e0 |
| SHA1 | a7f98f7e1d5ad10c6c49d8cc1073a7eb97dbf91c |
| SHA256 | c2ab68bc1163d6151b07cf67138e2d399edc4f94b8384e7b2af43160a5c9be16 |
| SHA512 | 46acb0c282047c25268401ad86daf939d3eb4e66bf662c93db501a18a2a7af401d896eaceef37781565d14ad07f594089fe87aaa9801f0d1f2753759c9c5e768 |
C:\Users\Admin\AppData\Local\Temp\1731190158\ENGLISH.lng
| MD5 | e1f018c00b7991f518e5c930e58f8e1d |
| SHA1 | e577eb25a365c698c3020051de477ce1be465a6a |
| SHA256 | d3eb1ff5b56d7a91da5e32be1d6957acd3139186b99ad25ddb0609551123ef7b |
| SHA512 | e19caf280f470f35704c3fe2b47e037c59dc57e845427d0e11b9662fe98e13ed0aae469a83b59ff754fc6739b54530d28421db957eb3d130dd05b4c2dd1c1f5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1f31fed4eaa6bdcd5af896fffdabdeb1 |
| SHA1 | 4cc2859d338f66a6252238218347e9e8b1827d9b |
| SHA256 | db0e3d73af895d69e175f4e0767a8dec28385804fde407d7ca358771d3731277 |
| SHA512 | fa9f1b2d9671ed0dd869335072b5f5b3dfcd996765354c40f18c7b778a4c1e85eeab0c53e1b9b577d3bbefab2dadc88a5b9a05e88ea5ab3018ad947baee0cbe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 834aa57e6bb8dfe30a307379338c5fa0 |
| SHA1 | bd1f2d8dc3deccdf13c837f0d4a9a0e92063b724 |
| SHA256 | 78161ada54c405d6eedcd740e44376435ce2b00cc3151a42d8e519daec3ed545 |
| SHA512 | d0b023b85850f2f9839b161843340b9a517d90841e236ed18abdb82388bbc476b46d21a41cceaca39b4930083030c5131e01f7ce90f3dc5d548595a3e3de0722 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | ee61d3683dca39658e8356be474ac2fe |
| SHA1 | 285d4693d595472a4af6e3aa0bdedc4f527e6176 |
| SHA256 | 6cebe2a1691ffc8ae6b7e43f081e8d8517ff5b6fbeac72da5352bd1233bb02fa |
| SHA512 | eb0613c12224317e623c2193dbfee5404378bf1b66c024a7e07204e6bcb08c409750cfe416eec35ba750f8134e9806d88a3abb1573fa53161b028e18010dbc64 |
memory/3724-1075-0x0000000000400000-0x00000000009A4000-memory.dmp