Edit tour

Windows Analysis Report
driver booster setup.exe

Overview

General Information

Sample Name:	driver booster setup.exe
Analysis ID:	1325003
MD5:	d242a796ebc0219dc52b49b8f1d1af7a
SHA1:	e1997d7f4561448f5a4eb67cc24613995eba176b
SHA256:	dbde0fa5a6d41fb2fe920003b08fc9c46e7fc6f744e4781d41d4e69aec8388a2
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Sleep loop found (likely to delay execution)

Detected potential crypto function

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Found detection on Joe Sandbox Cloud Basic

Queries keyboard layouts

Creates a process in suspended mode (likely to inject code)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Process Tree

System is w10x64

driver booster setup.exe (PID: 7572 cmdline: C:\Users\user\Desktop\driver booster setup.exe MD5: D242A796EBC0219DC52B49B8F1D1AF7A)

driver booster setup.tmp (PID: 7592 cmdline: "C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp" /SL5="$2046E,25039561,139264,C:\Users\user\Desktop\driver booster setup.exe" MD5: 68B52A0B8E3D45BF3B520A0E7F16DAD1)

setup.exe (PID: 7692 cmdline: "C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe" "C:\Users\user\Desktop\driver booster setup.exe" /title="Driver Booster 9" /dbver=9.4.0.233 /eula="C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt MD5: 6233816372E39E2E2D22787A649D0187)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\DBInstaller.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Unpacked PEs

Source	Rule	Description	Author
1.3.driver booster setup.tmp.75b0000.0.raw.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
1.3.driver booster setup.tmp.75b0000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
2.0.setup.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion

Click to jump to signature section

Show All Signature Results

Source: driver booster setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\EULA.rtf			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\EULA.rtf			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

File created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-10-13 #001.txt

Jump to behavior

Source: driver booster setup.exe

Static PE information: certificate valid

Source: driver booster setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=0-61494
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=61495-122989
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=184485-245978
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=122990-184484
Source: global traffic	HTTP traffic detected: GET /infofiles/ac/appver-ac.upt HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /infofiles/itop/itopav.upt HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /dl/img/inst/img_screenshot_ied.png HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /dl/img/inst/logo_ied.png HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp	String found in binary or memory: "https://www.facebook.com/iobitsoft equals www.facebook.com (Facebook)
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: -https://www.facebook.com/sharer/sharer.php?u= equals www.facebook.com (Facebook)

Source: setup.exe, 00000002.00000002.3523496114.00000000038CE000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3520187161.0000000003285000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: HTTPS://WWW.ITOPVPN.COM/PRIVACY
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/active.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/multi_app/app_%S.php?action=insertU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/multi_app/app_db3promote.php?action=insert
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_audstatus.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_dchinststat.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_driverinstall.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_driverinstall_new.phpU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_extlink_download.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_reservepmt.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_reservepmt.phpU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_scanstats.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/db_temp_download.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/insert.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/installer/insert.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/other/installer/insert.phpU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/special/universal_db9.php?lang=%s&bws=%s
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://ascstats.iobit.com/usage_v2.php
Source: driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1771213332.0000000006538000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1762790105.000000000732A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://belazar.info/belsoft/
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: driver booster setup.tmp, 00000001.00000002.1767827932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: driver booster setup.tmp, 00000001.00000002.1767827932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1772702580.0000000002232000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1762790105.000000000732A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://counter-strike.com.ua/
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: driver booster setup.tmp, 00000001.00000002.1767827932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: driver booster setup.tmp, 00000001.00000002.1767827932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://forums.iobit.com/showthread.php?t=16792
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://idb.iobit.com
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000283D000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://idb.iobit.com/check.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://iobit.info/rd/agreement
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://iobit.info/rd/faq
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://iobit.info/rd/privacy
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://jp.iobit.com/S
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://jp.iobit.com/SV
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://jp.iobit.com/rd/db-download-asc
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://jp.iobit.com/rd/db-download-isu
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://jp.iobit.com/support.html
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: driver booster setup.tmp, 00000001.00000002.1767827932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: driver booster setup.tmp, 00000001.00000002.1767827932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://s.symcd.com06
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/e
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000003.1820494742.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822685552.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1821403415.000000007F450000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822067765.000000007F3D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://stats.iobit.com/multi_app.php?action=insert
Source: setup.exe, 00000002.00000003.1820494742.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822685552.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1821403415.000000007F450000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822067765.000000007F3D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stats.iobit.com/multi_app_new.php?action=insert
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://stats.iobit.com/share/db_share.php?action=get_id
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://stats.iobit.com/share/db_share.php?action=get_status
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://stats.iobit.com/share/db_share.php?action=share_via_email
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://stats.iobit.com/usage.php
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://update.ioS
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://update.ioU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobiS
Source: setup.exe, 00000002.00000002.3527114420.0000000006282000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.PS
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/S
Source: setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/img_screenshot_ied.pngP
Source: setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/img_screenshot_isr.pngP
Source: setup.exe, 00000002.00000002.3520187161.000000000318B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/img_screenshot_s_isr.pnga
Source: setup.exe, 00000002.00000002.3520187161.000000000318B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/img_screenshot_s_vpn.pnga
Source: setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/img_screenshot_vpn.pngP
Source: setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/logo_ied.pnga
Source: setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/logo_isr.png
Source: setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/logo_s_isr.png
Source: setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/logo_s_vpn.png
Source: setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/dl/img/inst/logo_vpn.pnga
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/ac/appver-ac.uptU
Source: setup.exe, 00000002.00000003.1820494742.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822685552.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1821403415.000000007F450000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822067765.000000007F3D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/infofiles/db/rmd/freeware-db.upt
Source: setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/infofiles/db/rmd/freeware-db.uptDFP
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db/rmd/freeware-db.uptU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db/rmd/install_cfg_n.zlb
Source: setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/infofiles/db/rmd/install_cfg_n.zlbP
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.0000000002836000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db2/Freeware-db.upt
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db2/db2_free.upt
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db2/db2_oth.upt
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db2/db2_pro.upt
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db3/embhtml/update.upt
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://update.iobit.com/infofiles/db6/db6_pro.upt
Source: setup.exe, 00000002.00000003.1820494742.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822685552.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1821403415.000000007F450000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822067765.000000007F3D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.iobit.com/infofiles/itop/itopav.upt
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://updatestats.cd4o.com/api.php?act=update
Source: EULA.rtf.1.dr	String found in binary or memory: http://www.7-zip.org/
Source: driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1771213332.0000000006538000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1762790105.000000000732A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.bernamegeh.net%1
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.cd4o.com/drivers/
Source: setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cd4o.com/drivers/l
Source: setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cd4o.com/drivers/ll
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.cd4o.com/drivers/wlst/v.json
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1772702580.0000000002232000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1762790105.000000000732A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://www.google.com/search?source=hp&q=%s&meta=&aq=f&aqi=g10&aql=&oq=&gs_rfai=openSVWU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://www.google.com/search?source=hp&q=%s&meta=&aq=f&aqi=g10&aql=&oq=&gs_rfai=openU
Source: driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1772702580.0000000002232000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1764411809.0000000002360000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.haysoft.org%1-k
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.indyproject.org/
Source: driver booster setup.exe, 00000000.00000003.1654814106.0000000006600000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000000.1657364774.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://www.iobit.com
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/cloud/db/index.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/compare/db/index.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/driver-booster-pro.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://www.iobit.com/en/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/faq.php?product=db
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/goto.php?id=dbproregister
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/goto.php?id=dbsurvey
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/goto.php?id=likefb01_DB
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/goto.php?id=plusgp01_DB
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/goto.php?id=plusgp01_DBU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/hotquestions-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/install/db/index.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/lostcode.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: http://www.iobit.com/process/show.php?r=%s&s=%sopenU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000283D000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: http://www.iobit.com/productfeedback.php?product=driver-booster
Source: driver booster setup.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: EULA.rtf.1.dr	String found in binary or memory: http://www.openssl.org/
Source: driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: http://www.openssl.org/V
Source: driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1772702580.0000000002232000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1764411809.0000000002360000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: driver booster setup.exe, 00000000.00000003.1654814106.0000000006600000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000000.1657364774.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://forums.iobit.com/forum/driver-booster/driver-booster-7
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://forums.iobit.com/forum/driver-booster/driver-booster-9
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://gamebooster.itopvpn.com/eula.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://gamebooster.itopvpn.com/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://interface.iobit.com/db/goto.php?id=
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://interface.iobit.com/db/goto.php?id=S
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://interface.iobit.com/db/goto.php?id=dchinfoU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://iotransfer.itopvpn.com/eula.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://iotransfer.itopvpn.com/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://jp.iobit.com/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://jp.iobit.com/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://ru.iobit.com/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://ru.iobit.com/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://s1.driverboosterscan.com
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://s1.driverboosterscan.com/worker.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://s2.driverboosterscan.com
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://s2.driverboosterscan.com/worker.php
Source: driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://twitter.com/intent/tweet?url=
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://twitter.com/iobitsoft
Source: setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/iobitsoftl
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.dashlane.com/?utm_source=iobi&utm_campaign=DBA&utm_medium=affiliate&utm_term=
Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: EULA.rtf.1.dr	String found in binary or memory: https://www.hwinfo.com/download.php
Source: DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?U
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=%s
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=activateweb
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=activateweb-%d
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=bannerbuy
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=bannerbuybtm
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=boostasc
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=compare
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=db7prebanner
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=db7preinner
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=dbproduct
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=download
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=expired
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=expop
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=expopgveS
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=faq
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=feature
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=feedback
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=filerupt
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=forum
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=gacomp
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=gaexpired
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=garegion
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=help
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=helptranslate
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=htmlfailed
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=index
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=install
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=likefb
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=lostcode
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=multipcexpired
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=ncupdate
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=nosoundcrst
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=othupdate
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=proupdate
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=purchase
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=purchase-%d
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=regexpired
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=reggaexpired
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=regovermax
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=regovermaxga
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=regvermismatch
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=reinstall
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=revokedkey
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=trialbuy
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=trialbuy_14
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=unplug
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=update
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=usermanual
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/appgoto.php?to=vertoold
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/de/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/de/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/dk/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/dk/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/allfaq.php#a1d33d0dfec820b41b54430b50e96b5c
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/eula-db.phpU
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/eula.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/eula.phpS
Source: EULA.rtf.1.dr	String found in binary or memory: https://www.iobit.com/en/onlinefeedback.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/privacy.phpS
Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.iobit.com/en/privacy.phpSV
Source: EULA.rtf.1.dr	String found in binary or memory: https://www.iobit.com/en/sampleclaim.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/es/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/es/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/feedback/db/feedback.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/fr/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/fr/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/it/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/it/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/nl/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/nl/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/pl/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/pl/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/pt/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/pt/privacy.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/sv/eula-db.php
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	String found in binary or memory: https://www.iobit.com/sv/privacy.php
Source: setup.exe, 00000002.00000002.3523496114.00000000037F2000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	String found in binary or memory: https://www.itopvpn.com/eula
Source: setup.exe, 00000002.00000002.3523496114.00000000037F2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.itopvpn.com/eula10d
Source: setup.exe, 00000002.00000002.3523496114.00000000037F2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.itopvpn.com/eula3c2
Source: setup.exe, 00000002.00000002.3523496114.00000000037F2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.itopvpn.com/eula48c
Source: driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3523496114.00000000038CE000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3523496114.00000000037F2000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	String found in binary or memory: https://www.itopvpn.com/privacy
Source: libcrypto-1_1.dll.1.dr	String found in binary or memory: https://www.openssl.org/docs/faq.html

Source: unknown

DNS traffic detected: queries for: update.iobit.com

Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=0-61494
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=61495-122989
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=184485-245978
Source: global traffic	HTTP traffic detected: GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.comRange: bytes=122990-184484
Source: global traffic	HTTP traffic detected: GET /infofiles/ac/appver-ac.upt HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /infofiles/itop/itopav.upt HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /dl/img/inst/img_screenshot_ied.png HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com
Source: global traffic	HTTP traffic detected: GET /dl/img/inst/logo_ied.png HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /User-Agent: Mozilla/4.0Host: update.iobit.com

Source: driver booster setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe

Code function: 2_2_004F6E30

2_2_004F6E30

Source: driver booster setup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: driver booster setup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Source: driver booster setup.exe, 00000000.00000003.1654814106.000000000671B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs driver booster setup.exe
Source: driver booster setup.exe, 00000000.00000003.1656586475.000000007FE37000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs driver booster setup.exe

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe

Section loaded: register.dll

Jump to behavior

Source: driver booster setup.exe

Joe Sandbox Cloud Basic: Detection: suspicious Score: 26 Threat Name: Analyzer: w10x64_ra

Perma Link

Source: C:\Users\user\Desktop\driver booster setup.exe

File read: C:\Users\user\Desktop\driver booster setup.exe

Jump to behavior

Source: C:\Users\user\Desktop\driver booster setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\driver booster setup.exe C:\Users\user\Desktop\driver booster setup.exe
Source: C:\Users\user\Desktop\driver booster setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp "C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp" /SL5="$2046E,25039561,139264,C:\Users\user\Desktop\driver booster setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe "C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe" "C:\Users\user\Desktop\driver booster setup.exe" /title="Driver Booster 9" /dbver=9.4.0.233 /eula="C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
Source: C:\Users\user\Desktop\driver booster setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp "C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp" /SL5="$2046E,25039561,139264,C:\Users\user\Desktop\driver booster setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe "C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe" "C:\Users\user\Desktop\driver booster setup.exe" /title="Driver Booster 9" /dbver=9.4.0.233 /eula="C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\Desktop\driver booster setup.exe

File created: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp

Jump to behavior

Source: classification engine

Classification label: sus21.winEXE@5/57@1/1

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\driver booster setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe

Mutant created: \Sessions\1\BaseNamedObjects\{066BAF58-22F1-4PQ6-BC2A-0731D99C8805}

Source: driver booster setup.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe

File written: C:\Users\user\AppData\Local\Temp\Installerupt45212.0208855671.ini

Jump to behavior

Source: Yara match	File source: 1.3.driver booster setup.tmp.75b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.driver booster setup.tmp.75b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.0.setup.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\DBInstaller.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: driver booster setup.exe

Static file information: File size 25763240 > 1048576

Source: driver booster setup.exe

Static PE information: certificate valid

Source: driver booster setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Code function: 2_2_004FBD4C push 004FBDA6h; ret		2_2_004FBD9E
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Code function: 2_2_005101AC push ecx; mov dword ptr [esp], ecx		2_2_005101B0

Source: initial sample	Static PE information: section name: .text entropy: 6.95668597868679
Source: initial sample	Static PE information: section name: .text entropy: 6.95668597868679

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\RdZone.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\DBInstaller.exe	Jump to dropped file
Source: C:\Users\user\Desktop\driver booster setup.exe	File created: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\DriverBooster.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\libcrypto-1_1.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\EULA.rtf			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\EULA.rtf			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

File created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-10-13 #001.txt

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4A189C value: E9 63 DB 0A 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4A12A0 value: E9 7B DF 0A 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 49D078 value: E9 7B 63 0B 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 49D09C value: E9 DB 63 0B 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 49D0AC value: E9 6F 65 0B 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 49D068 value: E9 7B 67 0B 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4C8090 value: E9 FF C9 09 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4F664C value: E9 2B 58 06 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 50EB34 value: E9 F3 FB 04 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 50EA00 value: E9 9F FB 04 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 50E970 value: E9 1F FB 04 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 5101DC value: E9 FF E1 04 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 50F4C0 value: E9 17 F8 04 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 515B8C value: E9 BB 69 04 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 50E190 value: E9 DB 0B 05 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4EFB70 value: E9 33 C3 06 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 51484C value: E9 23 77 04 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D8AE4 value: E9 5F DF 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D8A88 value: E9 EB D4 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D893C value: E9 43 AE 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D86B0 value: E9 DB B4 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D838C value: E9 FF CC 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4DCBA4 value: E9 4F 35 15 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4DCBE8 value: E9 6F 34 15 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4DB4BC value: E9 AF DF 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4DD378 value: E9 2B BF 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D82E4 value: E9 BF 0E 17 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4DC820 value: E9 E7 DA 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4DDA70 value: E9 1F BE 16 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D78D8 value: E9 13 29 17 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4D7A48 value: E9 07 28 17 00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Memory written: PID: 7692 base: 4FACD8 value: E9 4F 2E 15 00	Jump to behavior

Source: C:\Users\user\Desktop\driver booster setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe TID: 7724

Thread sleep time: -94550s >= -30000s

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe

Thread sleep count: Count: 9455 delay: -10

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\RdZone.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\DriverBooster.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp\libcrypto-1_1.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe

Window / User API: threadDelayed 9455

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: driver booster setup.tmp, 00000001.00000003.1766637347.00000000007E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: setup.exe, 00000002.00000002.3517345635.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: setup.exe, 00000002.00000002.3517345635.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe "c:\users\user\appdata\local\temp\is-mk7o5.tmp-dbinst\setup.exe" "c:\users\user\desktop\driver booster setup.exe" /title="driver booster 9" /dbver=9.4.0.233 /eula="c:\users\user\appdata\local\temp\is-mk7o5.tmp-dbinst\eula.rtf" /showlearnmore /pmtproduct /nochromepmt
Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe "c:\users\user\appdata\local\temp\is-mk7o5.tmp-dbinst\setup.exe" "c:\users\user\desktop\driver booster setup.exe" /title="driver booster 9" /dbver=9.4.0.233 /eula="c:\users\user\appdata\local\temp\is-mk7o5.tmp-dbinst\eula.rtf" /showlearnmore /pmtproduct /nochromepmt			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp

Process created: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe "C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe" "C:\Users\user\Desktop\driver booster setup.exe" /title="Driver Booster 9" /dbver=9.4.0.233 /eula="C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt

Jump to behavior

Source: driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr

Binary or memory string: Progman

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	12 Command and Scripting Interpreter	1 DLL Side-Loading	12 Process Injection	1 Masquerading	1 Credential API Hooking	1 Security Software Discovery	Remote Services	1 Credential API Hooking	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	2 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	12 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	2 System Owner/User Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 DLL Side-Loading	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	11 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://www.innosetup.com/	0%	Avira URL Cloud	safe
https://www.itopvpn.com/eula3c2	0%	Avira URL Cloud	safe
http://www.cd4o.com/drivers/ll	0%	Avira URL Cloud	safe
http://www.haysoft.org%1-k	0%	Avira URL Cloud	safe
http://updatestats.cd4o.com/api.php?act=update	0%	Avira URL Cloud	safe
http://iobit.info/rd/faq	0%	Avira URL Cloud	safe
https://s1.driverboosterscan.com/worker.php	0%	Avira URL Cloud	safe
http://www.palkornel.hu/innosetup%1	0%	Avira URL Cloud	safe
http://iobit.info/rd/agreement	0%	Avira URL Cloud	safe
http://www.indyproject.org/	0%	Avira URL Cloud	safe
HTTPS://WWW.ITOPVPN.COM/PRIVACY	0%	Avira URL Cloud	safe
http://update.iobiS	0%	Avira URL Cloud	safe
http://www.cd4o.com/drivers/	0%	Avira URL Cloud	safe
http://www.borland.com/namespaces/Types	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cs833182181.wpc.etacdn.net	152.195.19.156	true	false		unknown
update.iobit.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
http://update.iobit.com/dl/img/inst/logo_ied.png	false	high
http://update.iobit.com/dl/img/inst/img_screenshot_ied.png	false	high
http://update.iobit.com/infofiles/ac/appver-ac.upt	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.iobit.com/it/eula-db.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/infofiles/db/rmd/freeware-db.upt	setup.exe, 00000002.00000003.1820494742.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822685552.000000007F4D0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1821403415.000000007F450000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1822067765.000000007F3D0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://updatestats.cd4o.com/api.php?act=update	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false	Avira URL Cloud: safe	unknown
http://iobit.info/rd/faq	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://www.iobit.com/appgoto.php?to=dbproduct	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://jp.iobit.com/support.html	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://www.indyproject.org/	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://www.iobit.com/appgoto.php?to=filerupt	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=helptranslate	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/dl/img/inst/logo_s_vpn.png	setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.iobit.com/appgoto.php?to=index	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://idb.iobit.com	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://update.iobit.com/infofiles/db2/db2_oth.upt	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/en/eula.phpS	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://www.openssl.org/	EULA.rtf.1.dr	false		high
https://twitter.com/intent/tweet?url=	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://update.iobit.com/dl/img/inst/img_screenshot_s_vpn.pnga	setup.exe, 00000002.00000002.3520187161.000000000318B000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.cd4o.com/drivers/ll	setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.palkornel.hu/innosetup%1	driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1772702580.0000000002232000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1764411809.0000000002360000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.iobit.com/appgoto.php?to=feedback	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=unplug	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://www.innosetup.com/	driver booster setup.exe, 00000000.00000003.1654814106.0000000006600000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1656586475.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000000.1657364774.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
https://s1.driverboosterscan.com/worker.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://www.iobit.com/appgoto.php?to=ncupdate	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://www.iobit.com/goto.php?id=plusgp01_DBU	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=revokedkey	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/nl/privacy.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://www.iobit.com/driver-booster-pro.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/pl/privacy.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=install	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	false	URL Reputation: safe	unknown
https://www.iobit.com/en/eula-db.phpU	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=bannerbuybtm	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
https://jp.iobit.com/eula-db.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=gacomp	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/infofiles/db/rmd/install_cfg_n.zlbP	setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	false		high
https://interface.iobit.com/db/goto.php?id=S	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://www.haysoft.org%1-k	driver booster setup.exe, 00000000.00000003.1652479052.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.exe, 00000000.00000003.1772702580.0000000002232000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1764411809.0000000002360000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1658893070.00000000032F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://jp.iobit.com/SV	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://www.iobit.com	DriverBooster.exe.1.dr	false		high
https://www.itopvpn.com/eula3c2	setup.exe, 00000002.00000002.3523496114.00000000037F2000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ascstats.iobit.com/other/db_temp_download.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://jp.iobit.com/S	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://ru.iobit.com/eula-db.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://forums.iobit.com/showthread.php?t=16792	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=%s	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
https://www.iobit.com/en/allfaq.php#a1d33d0dfec820b41b54430b50e96b5c	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
https://www.iobit.com/es/privacy.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://twitter.com/iobitsoft	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/dl/img/inst/logo_s_isr.png	setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	false		high
http://update.iobit.com/S	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/infofiles/db/rmd/freeware-db.uptDFP	setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.iobit.com/goto.php?id=dbsurvey	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/pt/eula-db.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://iobit.info/rd/agreement	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false	Avira URL Cloud: safe	unknown
http://update.iobiS	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://www.iobit.com/appgoto.php?to=proupdate	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://jp.iobit.com/rd/db-download-asc	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://www.cd4o.com/drivers/	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://www.iobit.com/appgoto.php?to=usermanual	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://ocsp.sectigo.com0	driver booster setup.exe, libssl-1_1.dll.1.dr, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	false	URL Reputation: safe	unknown
http://www.openssl.org/V	driver booster setup.tmp, 00000001.00000003.1735638074.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll0.1.dr, libcrypto-1_1.dll.1.dr	false		high
https://www.iobit.com/sv/eula-db.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	driver booster setup.exe	false		high
https://www.iobit.com/appgoto.php?to=activateweb-%d	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/feedback/db/feedback.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
HTTPS://WWW.ITOPVPN.COM/PRIVACY	setup.exe, 00000002.00000002.3523496114.00000000038CE000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3520187161.0000000003285000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.iobit.com/appgoto.php?to=garegion	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=vertoold	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/en/privacy.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/it/privacy.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/dl/img/inst/img_screenshot_vpn.pngP	setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	false		high
http://stats.iobit.com/share/db_share.php?action=get_status	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
https://interface.iobit.com/db/goto.php?id=dchinfoU	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://update.iobit.com/infofiles/db6/db6_pro.upt	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://www.iobit.com/productfeedback.php?product=driver-booster	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.000000000283D000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://forums.iobit.com/forum/driver-booster/driver-booster-9	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://www.borland.com/namespaces/Types	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://forums.iobit.com/forum/driver-booster/driver-booster-7	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=db7prebanner	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://jp.iobit.com/rd/db-download-isu	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
http://ascstats.iobit.com/usage_v2.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://www.iobit.com/goto.php?id=likefb01_DB	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/dl/img/inst/logo_vpn.pnga	setup.exe, 00000002.00000002.3518294770.000000000282F000.00000004.00001000.00020000.00000000.sdmp	false		high
http://stats.iobit.com/share/db_share.php?action=share_via_email	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=download	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=db7preinner	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://ascstats.iobit.com/other/installer/insert.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
http://www.iobit.com/install/db/index.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.3518294770.00000000028A4000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://update.iobit.com/dl/img/inst/img_screenshot_isr.pngP	setup.exe, 00000002.00000002.3518294770.00000000027FA000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.iobit.com/en/privacy.php	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high
https://www.openssl.org/docs/faq.html	libcrypto-1_1.dll.1.dr	false		high
https://www.iobit.com/dk/privacy.php	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DBInstaller.exe.1.dr	false		high
https://www.iobit.com/appgoto.php?to=boostasc	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://www.iobit.com/goto.php?id=dbproregister	driver booster setup.tmp, 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.3518294770.000000000285C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, DriverBooster.exe.1.dr, DBInstaller.exe.1.dr	false		high
http://ascstats.iobit.com/other/db_reservepmt.php	driver booster setup.tmp, 00000001.00000003.1751330587.0000000007A48000.00000004.00001000.00020000.00000000.sdmp, DriverBooster.exe.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
152.195.19.156	cs833182181.wpc.etacdn.net	United States		15133	EDGECASTUS	false

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1325003
Start date and time:	2023-10-13 00:28:58 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	driver booster setup.exe
Detection:	SUS
Classification:	sus21.winEXE@5/57@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 14 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: driver booster setup.exe

Simulations

Behavior and APIs

Time	Type	Description
00:30:54	API Interceptor	7349x Sleep call for process: setup.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
152.195.19.156	driver_booster_setup.exe	Get hash	malicious	Raccoon Stealer v2	Browse	update.iobit.com/dl/img/inst/logo_asc.png

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cs833182181.wpc.etacdn.net	driver_booster_setup.exe	Get hash	malicious	Raccoon Stealer v2	Browse	152.195.19.156
	kK8Eaw8zsl.exe	Get hash	malicious	RedLine	Browse	152.199.20.140
	3BPp5OFB7v.exe	Get hash	malicious	Raccoon Stealer v2	Browse	152.199.20.140
	3BPp5OFB7v.exe	Get hash	malicious	Unknown	Browse	152.199.20.140
	42E07EA0F43BEC6913D6AC78FF74536695AE273CD28DB.exe	Get hash	malicious	RedLine	Browse	152.199.20.140
	driver_booster_setup.exe	Get hash	malicious	RedLine Xmrig	Browse	152.199.20.140
	mKWphZ6Wlh.exe	Get hash	malicious	Unknown	Browse	152.199.20.140
	zxwzNpKx8Q.exe	Get hash	malicious	Clipboard Hijacker	Browse	152.199.20.140
	4BB96E7C641E9F343965704CF4E7327E4448B83FC97CF.exe	Get hash	malicious	Unknown	Browse	152.199.20.140
	dc422ed2_by_Libranalysis.exe	Get hash	malicious	Raccoon	Browse	152.199.20.140

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
EDGECASTUS	http://usps.micheckadress.com	Get hash	malicious	Unknown	Browse	152.195.33.23
	Employee Handbook and Safety Manualdocx.html	Get hash	malicious	HTMLPhisher	Browse	152.199.4.73
	Remittance.html	Get hash	malicious	Unknown	Browse	152.199.4.44
	http://gateway.ipfs.io/ipfs/bafybeierk2s2ggq6ik4fb7bojtk7574c623k6il6ilauof2em3twfwcdi4/m4fire_cham-ei98n.html#fr.dweber@chs-adphila.org	Get hash	malicious	Unknown	Browse	192.229.173.207
	http://smtplink.usssa.com/ls/click?upn=WSslNwXrfTzmOiygdbhyJ3t7CDOcfhgBl-2B-2Fq7JL4-2ByqtyyXo5cYDdxn8A0VinP-2BVtHq-2FVJ1se3phjrq67r6nbphHhLw1sToYV3i4W2jaaIE-3D1dc5_WMf7rsf6kD6l7LM96TE0mF-2FnD3t2-2BZMyhwerTOCCBbSbnhA42OS1d1oRNQ-2F4Mreuz9hFOxWi2hJbNl50iWDQCCoSoTwR93cdcKDVsSISCZsm-2BL5IhXsL0w3VaDy-2B6QqA7UvRt2BwPJf-2BZkI-2Bekdw3nbmArCULTuLzWjb6ybyb-2BxLAJVoJZS5fLDDZa-2FWN-2FiIYNR0CMZ5E20cknpbptzwMkREsnkjIfv49YN2cjxNzFs-3D	Get hash	malicious	HTMLPhisher	Browse	152.199.4.73
	https://syswc3ar.page.link/jofZ	Get hash	malicious	HTMLPhisher	Browse	152.199.24.48
	https://www.bing.com/ck/a?!&&p=7716aa06586b818fJmltdHM9MTY5Njk4MjQwMCZpZ3VpZD0xMTQ2MzEwYi00OGFhLTZjZmYtMTdmNC0yMjc3NDk4NzZkOTkmaW5zaWQ9NTEzMw&ptn=3&hsh=3&fclid=1146310b-48aa-6cff-17f4-227749876d99&u=a1aHR0cDovL3d3dy50YXR0ZXJlZHByZXNzLm9yZy9ibG9nLzIwMTkvOS8yOC9mcmVlc2lhLW1ja2Vl#tony.doyle@iaa.ie	Get hash	malicious	Unknown	Browse	152.199.4.44
	payment.htm	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://bing.com/ck/a?!&&p=1e98c9f9a35fbd79JmltdHM9MTY5NjIwNDgwMCZpZ3VpZD0xZTQzNThiOS1jYzA3LTY2MmEtMjQyNi00YjI5Y2QwZTY3MDgmaW5zaWQ9NTAwMw&GEJmAVfmaV&ptn=3&taUHGIFcLB&hsh=3&fclid=1e4358b9-cc07-662a-2426-4b29cd0e6708&djvferIukj&u=a1aHR0cHM6Ly9mcmVlbGFuY2Vyd2FsYS5jb20v#&&yygpKSi20tdPNzNNq8xLTq8oN69MM88vy7QoLNczMy3OLq8w0ysq1U+qKk3WBwA=?sadie.wegner@ennead.com	Get hash	malicious	HTMLPhisher	Browse	152.199.4.73
	https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&ns=1&pli=1079576784&gdpr=$%7BGDPR%7D&gdpr	Get hash	malicious	Unknown	Browse	152.195.19.202
	Statement 8722.html	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	OriginalMessage.txt.msg	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	Check.html	Get hash	malicious	Unknown	Browse	152.199.4.33
	https://rosmodem.wordpress.com	Get hash	malicious	HTMLPhisher	Browse	152.199.5.184
	inat-box-v13_(1).apk	Get hash	malicious	Unknown	Browse	192.229.173.16
	https://monograph.notesnook.com/65241010f9f9f90408727274/	Get hash	malicious	HTMLPhisher	Browse	152.199.24.185
	https://faq-tbl50.powerappsportals.com	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://drive.proton.me/urls/XXEJ1EJENR#eeYYN9hWb5e2	Get hash	malicious	HTMLPhisher	Browse	152.199.24.185
	http://ibef.org/	Get hash	malicious	Unknown	Browse	192.229.163.25
	https://bing.com/ck/a?!&&p=4da481f4776356b8JmltdHM9MTY5NTE2ODAwMCZpZ3VpZD0xZTQzNThiOS1jYzA3LTY2MmEtMjQyNi00YjI5Y2QwZTY3MDgmaW5zaWQ9NTAwMw&DxTCugGytf&ptn=3&qxRmSKvCaB&hsh=3&fclid=1e4358b9-cc07-662a-2426-4b29cd0e6708&WdfvBvSAHk&u=a1aHR0cHM6Ly93d3cuc2h1YmhrYW1uYWluc3RpdHV0ZS5jb20v#&&yygpKSi20tfPqsrOTMk2TUlLMSwtN803NykszNeryqpKSkmz0Csq1a9KzEnWBwA=?dHJlbnQuZGF3c29uQHNvdXRoc2lkZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.4.73

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\libcrypto-1_1.dll	kK8Eaw8zsl.exe	Get hash	malicious	RedLine	Browse
	Driver.Booster.10.2.0.110.exe	Get hash	malicious	Unknown	Browse
	Driver.Booster.10.2.0.110.exe	Get hash	malicious	Unknown	Browse
	cdPUKIldlM.exe	Get hash	malicious	Unknown	Browse
	cdPUKIldlM.exe	Get hash	malicious	Unknown	Browse
	5YB5dKZ1Ow.exe	Get hash	malicious	MinerDownloader, Raccoon Stealer v2	Browse
C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp	driver_booster_setup.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	kK8Eaw8zsl.exe	Get hash	malicious	RedLine	Browse
	42E07EA0F43BEC6913D6AC78FF74536695AE273CD28DB.exe	Get hash	malicious	RedLine	Browse
	driver_booster_setup.exe	Get hash	malicious	RedLine Xmrig	Browse
C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\libssl-1_1.dll	kK8Eaw8zsl.exe	Get hash	malicious	RedLine	Browse
	Driver.Booster.10.2.0.110.exe	Get hash	malicious	Unknown	Browse
	Driver.Booster.10.2.0.110.exe	Get hash	malicious	Unknown	Browse
	cdPUKIldlM.exe	Get hash	malicious	Unknown	Browse
	cdPUKIldlM.exe	Get hash	malicious	Unknown	Browse
	5YB5dKZ1Ow.exe	Get hash	malicious	MinerDownloader, Raccoon Stealer v2	Browse

Process:	C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	96
Entropy (8bit):	3.151681239868763
Encrypted:	false
SSDEEP:	3:Q+WliViyl+CRWLlYrylos2oECRWLlYrWv:Q+Wl7yE7RYrPsPE7RYrWv
MD5:	7C8878D59BA801FC4CF5C465C6EF68F2
SHA1:	B45710B17463D71FED9F3400843588EFFD6FA253
SHA-256:	6481072B01B588D09E140E889B1CCEC0DC3DA5389B9B4BC2378C81A7404C30BD
SHA-512:	5DE1036D76BAC830C667FE229C5FAE13360BB45604BD5F0D473B55F6A536372AFEBAE2BA7B23FF682C53E2A5A5FBAE9C67CEB0C69E3DDEB72A5EA129FDB20701
Malicious:	false
Reputation:	low
Preview:	..[.i.t.o.p.].....D.B._.I.n.s.t.a.l.l.=.5.........[.i.s.r.].....D.B._.I.n.s.t.a.l.l.=.4.........

Process:	C:\Users\user\Desktop\driver booster setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1214488
Entropy (8bit):	6.438087745093695
Encrypted:	false
SSDEEP:	24576:YtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5t5Tx9Bc:oqTytRFk6ek1BM
MD5:	68B52A0B8E3D45BF3B520A0E7F16DAD1
SHA1:	E50408326EAFB5CA8ADC70DB29C33B64E25BBBBD
SHA-256:	B409D6D6F8896DC2AFD1774479C741CA253C0E9B4732DAAA08AF84AA9C96888B
SHA-512:	B8E0B486E2B9652831EB8EFE48CF9575EEF49204E827A64D69AE7C9C30304B2D98A66C28F1072FE8596847C15F13BBF7EC39D7708684FF64051BBAE7ED063FAF
Malicious:	false
Joe Sandbox View:	Filename: driver_booster_setup.exe, Detection: malicious, Browse Filename: kK8Eaw8zsl.exe, Detection: malicious, Browse Filename: 42E07EA0F43BEC6913D6AC78FF74536695AE273CD28DB.exe, Detection: malicious, Browse Filename: driver_booster_setup.exe, Detection: malicious, Browse
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W.....................H......l........ ....@..................................?....@......@..............................@8...0..@............F...B................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc...@....0.......l..............@..@....................................@..@........................................................................................................................................

Entrypoint:	0x4117dc
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x57051F88 [Wed Apr 6 14:39:04 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	20dd26497880c05caed9305b3c8b9109

Signature Valid:	true
Signature Issuer:	CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	25/03/2021 00:00:00 24/03/2024 23:59:59
Subject Chain	CN="IObit CO., LTD", O="IObit CO., LTD", STREET=45 Renmin South Road, STREET="No. 605, 6th Floor, Unit 1, Building 1", L=Chengdu Shi, S=Sichuan Sheng, PostalCode=610042, C=CN
Version:	3
Thumbprint MD5:	8AD2A09EBDD6E8444414E1FFE7FC9683
Thumbprint SHA-1:	145D90AD3134C665246DC1C93CD3E2D8C69E9231
Thumbprint SHA-256:	12DBEE7AA5DBB550CEEDC6172E5C34BA577759D8926AAFF08A781552B7FABDE9
Serial:	008BA1F172FD50BA8D4C11B74FFAC8A282

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19000	0xe04	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c000	0xf648	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x188d750	0x4658
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1b000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x19304	0x214	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xf244	0xf400	False	0.5481717469262295	data	6.3752135040515485	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x11000	0xf64	0x1000	False	0.55859375	data	5.732200666157372	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x12000	0xc88	0xe00	False	0.2533482142857143	data	2.2967209087898324	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x13000	0x56bc	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x19000	0xe04	0x1000	False	0.321533203125	data	4.597812557707959	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x1a000	0x8	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1b000	0x18	0x200	False	0.05078125	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1c000	0xf648	0xf800	False	0.3435767389112903	data	5.2407304254498515	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1c47c	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.6633795309168443
RT_ICON	0x1d324	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.8199458483754513
RT_ICON	0x1dbcc	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.5859826589595376
RT_ICON	0x1e134	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.5922199170124481
RT_ICON	0x206dc	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.7772045028142589
RT_ICON	0x21784	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.7198581560283688
RT_STRING	0x21bec	0x68	data			0.6538461538461539
RT_STRING	0x21c54	0xd4	data			0.5283018867924528
RT_STRING	0x21d28	0xa4	data			0.6524390243902439
RT_STRING	0x21dcc	0x2ac	data			0.45614035087719296
RT_STRING	0x22078	0x34c	data			0.4218009478672986
RT_STRING	0x223c4	0x294	data			0.4106060606060606
RT_RCDATA	0x22658	0x82e8	data	English	United States	0.11261637622344235
RT_RCDATA	0x2a940	0x10	data			1.5
RT_RCDATA	0x2a950	0x150	data			0.8392857142857143
RT_RCDATA	0x2aaa0	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x2aacc	0x5a	data	English	United States	0.7
RT_VERSION	0x2ab28	0x4f4	data	English	United States	0.2973186119873817
RT_MANIFEST	0x2b01c	0x62c	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4240506329113924

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	GetKeyboardType, LoadStringW, MessageBoxA, CharNextW
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
user32.dll	CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
comctl32.dll	InitCommonControls
kernel32.dll	Sleep
advapi32.dll	AdjustTokenPrivileges

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2023 00:30:03.250672102 CEST	64799	53	192.168.2.4	1.1.1.1
Oct 13, 2023 00:30:03.414012909 CEST	53	64799	1.1.1.1	192.168.2.4

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:04.581084013 CEST	0	OUT	GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com
Oct 13, 2023 00:30:04.743108034 CEST	2	IN	HTTP/1.0 200 OK Accept-Ranges: bytes Age: 227239 Cache-Control: max-age=604800 Content-Type: application/octet-stream Date: Thu, 12 Oct 2023 22:30:04 GMT Etag: "869216985" Expires: Thu, 19 Oct 2023 22:30:04 GMT Last-Modified: Tue, 10 Oct 2023 07:21:49 GMT Server: ECAcc (lac/55D2) X-Cache: HIT X-EC-BBR-Enable: 1 Content-Length: 245978 Connection: close Data Raw: 78 9c ec bd 57 af 2b 51 92 9d c9 67 01 fa 0f 7a 27 d4 f4 4e 85 c2 80 de 7b cf 6e a1 40 ef bd e7 8f 97 26 d6 b7 f3 96 ba ba 25 0c 34 98 97 01 84 8b 73 ee 21 99 cc dc b9 4d c4 8a 15 2b 76 fe f7 ff f6 cf be ba 6f ea db fa 4e be ff ea fb 8f be ff e0 1b f8 96 be 9b ef 6e ef 9c ed bd bf fa c2 be a0 fd e8 77 c4 7e 47 7c 21 5f 9c ff 83 f6 4f c7 ff f9 f9 67 5f d3 be b7 e0 db ee 4c 43 df df ec 1c 7f de fb ab 9d f1 61 af 2f be bf d8 5f 77 7b 47 ff 2f f8 7f 6a af e7 7c 27 ed 7b ff bb 6f 2d ed ef 7f 7b ec 5f ec 3c 0b df 8a f7 9f de 19 dd ff 47 de bd f3 9d 85 1d 75 fc 7b 0b bb be 0d 67 3f d9 19 3f d6 96 bf da bd fc cf de ff 1b d7 5e da 77 ff 1c 91 b7 f7 9a ff d0 a6 9e 77 27 69 fb 76 d6 fe 5f fa 66 f6 ce d9 b7 ff 87 33 76 ed 6c 5f df c1 3e fd ab fd 54 7c 3f 7b ad ab 1c ad ad 35 bb 8b 85 5d ef 62 af 1b be 89 2f 60 bf ef f6 13 b2 e3 36 36 0a 21 bb 8f 94 ef 6a bf cb 76 86 a2 6f 6d af 32 76 fe ae af 63 57 3d d8 55 b7 76 8e 85 7d e7 e1 7b d9 d5 9e 76 86 95 9d 2b 69 3d 14 b6 ef fb ed f8 9f 1d d1 f4 c5 7c 05 5f df be 97 b0 33 0f ec b8 9c 6f 67 e7 69 fa 46 f6 f7 d9 da 77 b7 ab d4 ed bd 82 9d f1 e3 1b db eb 9d 9d 6b eb 2b d9 39 aa 36 d2 49 1b c9 97 2f 6a d7 09 d8 27 57 fb bd b1 33 af ac 35 0d 8e 3b d8 11 7e 3b db 8b be df d9 f5 52 f6 ff c7 5e e9 f8 30 c7 ef 38 3e 68 7f 7f ed 8c 4b da 3a b2 b3 5c ad 0d 49 5e eb 3a 63 7b 57 d7 59 fa 5a 76 b6 80 fd 7d b1 df 2f eb b3 8f 7d fa b5 ab b4 ec 2e 02 f6 bd 0d df ba d9 ab 84 bd f2 db 31 49 eb 17 7d 1e b0 7f 7a 37 6a ad 18 d8 fb ba 8b 00 3f 2d fb bb c9 eb ab 7d 33 62 df 8b d2 4b 23 fb ee 8a f3 fc f8 f6 c6 7e 3a 8c cc cf 3e f3 5b 5f b5 68 61 9c 5e f8 d0 ba 00 9f ac ec 9d 1f f7 32 b3 9e ca d9 b9 0f f6 8e df ce f5 b1 df 31 eb 9b 95 7d 5a b7 6b ed ec 67 45 cb d5 c6 b8 7d 7b 65 ff ae f6 ff 9f 4f 02 36 56 3b fb e4 60 af b5 d2 1e 76 ac e6 4a 8a 2b 4c ac 45 2f fb 66 d4 fe 6f d1 33 13 eb cf 85 5d 33 60 73 63 c1 7d dc 39 77 de ce f9 b5 77 4e 5c 2d 65 47 26 ec 2c 2f 9b 6d 57 fb 8e df de bf da bb 29 7b 37 67 23 54 62 de c5 ed 55 c8 fe 45 ed c8 81 b5 3b ca fd 7e 6c bc 96 cc 24 cd 44 f5 58 dd fa 6f 65 9f 2f b8 8f ab 7d fb 65 ff 52 f6 4e 80 f7 7b f6 f7 d8 ae 3e 63 c4 de 76 3f 09 fa fd 64 7f 57 b9 96 66 45 8d b9 dd a2 cf 13 8c ff c2 be a5 be 3d 30 52 09 bb 93 a9 1d 1f b7 63 34 ca 23 7b e7 64 6d d7 4a aa 59 2b fc 36 97 f5 d9 c8 1b 69 8d f1 c3 5e c9 36 69 9d a8 17 53 f6 ee c5 8e f4 33 73 34 0f 47 f6 57 80 9e ee 59 cb 0f f6 49 d9 5e d5 ed ac 63 bb fe c1 ae 1e b6 9e 88 70 c7 6a 75 88 19 34 b2 eb 6c ed 2f 8d 52 c7 8e 9f f3 6e dd ee 3f 62 c7 84 ed 1c 47 ef 9c 63 eb ad 2f 7d 5e 60 8e 35 6c 95 9e ac 4f c6 d6 da 96 7d a7 6a c7 d4 ec 88 1f e7 79 d8 7d 6b 1e d4 ec 08 59 86 99 dd f1 94 19 36 a7 7f 93 76 f4 93 3e d8 31 2f d5 c7 71 3b 7b d2 da d6 b7 6f 36 99 7b 51 bb 56 de da 1e b6 eb 0d ed 8a 33 46 7a 44 af 6c ec Data Ascii: xW+Qgz'N{n@&%4s!M+voNnw~G\|!_Og_LCa/_w{G/j\|'{o-{_<Gu{g??^ww'iv_f3vl_>T\|?{5]b/`66!jvom2vcW=Uv}{v+i=\|_3ogiFwk+96I/j'W35;~;R^08>hK:\I^:c{WYZv}/}.1I}z7j?-}3bK#~:>[_ha^21}ZkgE}{eO6V;`vJ+LE/fo3]3`sc}9wwN\-eG&,/mW){7g#TbUE;~l$DXoe/}eRN{>cv?dWfE=0Rc4#{dmJY+6i^6iS3s4GWYI^cpju4l/Rn?bGc/}^`5lO}jy}kY6v>1/q;{o6{QV3FzDl
Oct 13, 2023 00:30:04.743149042 CEST	3	IN	Data Raw: 55 cd 8e af 60 27 03 76 86 a6 dd f7 c0 ce 15 b7 9f a5 9d cf 6f bf b7 f6 3b 6e 57 6a 70 94 66 d7 98 fb 7a d9 18 7c b1 27 27 fb 64 48 7f 54 ed ac 6b fb ec 64 e7 4a 32 82 73 bb 56 c9 de d5 da 4f d0 cf 35 bb 42 94 d5 bc 62 2c a3 ac 1b f5 bb 7a 61 66 Data Ascii: U`'vo;nWjpfz\|''dHTkdJ2sVO5Bb,zaf`5i/6EC[Zv&Yv.a7zZ9%]0C(FGe1Wq7dH_CW}[ln3AEVM]yjWLXO
Oct 13, 2023 00:30:04.743235111 CEST	4	IN	Data Raw: c3 d2 ce 9d 03 0f 5f 89 cb e4 4b 12 60 c4 9b 9d 41 d1 52 cf be 39 b5 bb 9d da 37 57 76 e4 d8 3e 3d 59 8b a3 f6 5e cf ee 5b de e9 69 f3 56 b1 d5 c9 66 5a 8f 38 75 02 0a 91 9d f9 e1 61 e5 0f 9d 1f fd 32 fe 71 3b 9b 62 b2 09 57 12 8a d5 8c cd da 59 Data Ascii: _K`AR97Wv>=Y^[iVfZ8ua2q;bWY6^:w\|tKi)gAinq/9\oVfYute4U^X_E7};T!2T5eOA,hc\9v83%
Oct 13, 2023 00:30:04.743328094 CEST	6	IN	Data Raw: 06 6c 87 a2 b8 8f cd f2 b1 bd fe 80 29 27 ac ad 05 7c e2 d3 fa 6e 0d e7 d5 b2 3e 52 5c 7a 63 fc 4b 20 ea 39 ab 7f 00 bf b5 62 ed 2f b9 cf 8a 5d 6b 00 2a 7b db 7d 89 09 aa 12 eb 0b 1b d7 40 1a f2 95 0f 78 9a 83 fd 68 f6 f4 e0 02 e6 76 57 2f 3b 4f Data Ascii: l)'\|n>R\zcK 9b/]k*{}@xhvW/;OSU^9]X"%E"OZOpP:bv`GG\Ol%imAR%nUUa}^ck+\g+}S[La@fbY#XeeF%\v6/:`kvgk
Oct 13, 2023 00:30:04.743396044 CEST	7	IN	Data Raw: f0 e9 0a 0b 5e 87 75 7a da df 69 6c a8 30 df 1e 3e 60 c1 6c 88 c3 8c 08 dd 85 60 92 8a d6 b2 0b 3d f7 85 ad d0 4c 5b d8 ef 0d d9 b6 2f 38 be 47 ae 76 44 bf 37 89 ba 27 5c 2b 8d bf 7a 80 67 ca e4 43 84 6b 22 c4 0e 57 fb 56 9c 2b f9 c9 96 16 ec e8 Data Ascii: ^uzil0>`l`=L[/8GvD7'\+zgCk"WV+CB'ctW;t[0>~I`NRO/'Q"uufx_]PEDY ?g.^>-,lx8y1;Fn[\-wv"q.(
Oct 13, 2023 00:30:04.743442059 CEST	8	IN	Data Raw: b2 af 6d 6b 4b 0a cf 23 a6 66 45 64 d3 05 69 69 85 49 5f b8 65 0e f9 b1 05 ca 68 e8 3b 57 7c 76 89 fb ca d9 59 af e4 7e b4 02 27 76 bc 98 f4 3e 76 fc 0b a6 70 f9 af 02 8c 40 96 98 ed 84 fd 54 fc d0 22 bb 75 b1 4f 87 70 2b e2 ff 65 41 bb 36 07 be Data Ascii: mkK#fEdiiI_eh;W\|vY~'v>vp@T"uOp+eA61a-y!r)LDx$"L)DEE@KP%nr1=uToemEo:z;x>B4%=9O\;,-"b+(a6h`
Oct 13, 2023 00:30:04.743544102 CEST	10	IN	Data Raw: 42 1a 6d 18 8f 1c 36 ea 82 ce 4b ea 85 10 76 a4 45 2d d2 19 cb bd 83 19 8d 12 35 5d c9 10 3e c0 f4 47 b4 c5 71 46 e4 0d 97 d3 63 b6 cd 58 7d 09 b2 7e 47 66 57 0d 8c 10 82 ed b8 a3 1a 6a a0 c5 39 a0 34 bc 61 ad 0a e0 b1 31 38 a9 43 b6 5f 71 de 9b Data Ascii: Bm6KvE-5]>GqFcX}~GfWj94a18C_qXHv$Jc46Bh."TeX{O'~a{QFd)hdI+MxaC<NDIC^OHF.(UR7%r\|p6B4s'
Oct 13, 2023 00:30:04.743630886 CEST	11	IN	Data Raw: 81 c7 75 a6 0c d6 75 04 6e 8d 83 9c d7 78 9d 29 fe a1 06 63 55 a5 5f 9b a8 25 6a b0 99 25 7a ea c7 fa 3e 92 f1 7d 12 1b bb 39 fc c6 3b 6e 40 7e c2 fe 62 2c cf ac c7 13 3a c2 29 1e 27 8c c2 50 f1 c8 1a db 76 a5 8a 5d 3a be 06 38 a3 4b af 8f c9 23 Data Ascii: uunx)cU_%j%z>}9;n@~b,:)'Pv]:8K#_=_/Vyf#0K65ur9uoPjxvoM-xOau!Q{:F<]FwY>^XWE"w,ne"ZbFvF}ey.
Oct 13, 2023 00:30:04.743777990 CEST	12	IN	Data Raw: 39 83 53 a5 10 bd 80 f4 0f ec c5 10 23 d2 6e 53 ed 15 25 ff 27 cb a1 35 39 c4 1e ee a9 62 6c b0 36 54 7d 56 44 f5 22 85 df 06 6e b2 c4 2a fe b3 9b 85 f2 ba 51 d4 61 2d 22 e5 38 59 da 0a b9 eb 20 79 9c 1b 7e e7 80 5d 77 aa e2 20 6c f7 9d fb 4d 79 Data Ascii: 9S#nS%'59bl6T}VD"nQa-"8Y y~]w lMyfp;?T\|wNz1B>d\|R%rT(EVhjdNfQAQKE%Pp Z@8DZ0#F`KU^c>WNl}O*
Oct 13, 2023 00:30:04.743824959 CEST	14	IN	Data Raw: 9c a1 fe d3 71 81 43 fc 4d 02 4c e7 66 f5 8b 5a 90 3d ba ce 82 c7 db df 61 cc e7 60 b7 2c 2c d4 17 a5 c8 9c 15 97 22 9f 9c 22 93 59 45 9b 55 02 47 8d 88 99 1f 64 57 26 d4 3c 8a 49 9d a1 68 4b f8 dc fe 25 5d 38 d6 0c 31 5a 96 98 a6 ef 31 dd 1b 18 Data Ascii: qCMLfZ=a`,,""YEUGdW&<IhK%]81Z1.S,~_,#0tk$!+a70y5G1r{Y`-N_)\| d,9T79ZuX7!g{8>bNJuDv[A4
Oct 13, 2023 00:30:04.746845961 CEST	15	IN	Data Raw: 3f 41 29 91 23 43 16 80 e9 2c 53 19 35 62 1e 1f 88 dd 6a ec 85 71 22 bb 10 a4 df cf d4 68 35 d1 c0 6f 51 29 1c 89 e2 73 68 43 56 3e b7 4b 5b 83 da ba 18 f5 12 aa 72 3b 61 7f 7b be 2d 99 90 1d 59 e5 bb cf ed 9f 99 42 13 fe 46 7f db a3 b2 42 7a 99 Data Ascii: ?A)#C,S5bjq"h5oQ)shCV>K[r;a{-YBFBz *>h@:xj=&RS@X\TGc;pWB/Q'Rx$ps8Qye-tIPa~ahdVhnGddj'vMrET4k{S

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:04.964519978 CEST	53	OUT	GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com Range: bytes=0-61494
Oct 13, 2023 00:30:05.126524925 CEST	55	IN	HTTP/1.0 206 Partial Content Accept-Ranges: bytes Age: 227240 Cache-Control: max-age=604800 Content-Range: bytes 0-61494/245978 Content-Type: application/octet-stream Date: Thu, 12 Oct 2023 22:30:05 GMT Etag: "869216985" Expires: Thu, 19 Oct 2023 22:30:05 GMT Last-Modified: Tue, 10 Oct 2023 07:21:49 GMT Server: ECAcc (lac/55D2) X-Cache: HIT Content-Length: 61495 Connection: close Data Raw: 78 9c ec bd 57 af 2b 51 92 9d c9 67 01 fa 0f 7a 27 d4 f4 4e 85 c2 80 de 7b cf 6e a1 40 ef bd e7 8f 97 26 d6 b7 f3 96 ba ba 25 0c 34 98 97 01 84 8b 73 ee 21 99 cc dc b9 4d c4 8a 15 2b 76 fe f7 ff f6 cf be ba 6f ea db fa 4e be ff ea fb 8f be ff e0 1b f8 96 be 9b ef 6e ef 9c ed bd bf fa c2 be a0 fd e8 77 c4 7e 47 7c 21 5f 9c ff 83 f6 4f c7 ff f9 f9 67 5f d3 be b7 e0 db ee 4c 43 df df ec 1c 7f de fb ab 9d f1 61 af 2f be bf d8 5f 77 7b 47 ff 2f f8 7f 6a af e7 7c 27 ed 7b ff bb 6f 2d ed ef 7f 7b ec 5f ec 3c 0b df 8a f7 9f de 19 dd ff 47 de bd f3 9d 85 1d 75 fc 7b 0b bb be 0d 67 3f d9 19 3f d6 96 bf da bd fc cf de ff 1b d7 5e da 77 ff 1c 91 b7 f7 9a ff d0 a6 9e 77 27 69 fb 76 d6 fe 5f fa 66 f6 ce d9 b7 ff 87 33 76 ed 6c 5f df c1 3e fd ab fd 54 7c 3f 7b ad ab 1c ad ad 35 bb 8b 85 5d ef 62 af 1b be 89 2f 60 bf ef f6 13 b2 e3 36 36 0a 21 bb 8f 94 ef 6a bf cb 76 86 a2 6f 6d af 32 76 fe ae af 63 57 3d d8 55 b7 76 8e 85 7d e7 e1 7b d9 d5 9e 76 86 95 9d 2b 69 3d 14 b6 ef fb ed f8 9f 1d d1 f4 c5 7c 05 5f df be 97 b0 33 0f ec b8 9c 6f 67 e7 69 fa 46 f6 f7 d9 da 77 b7 ab d4 ed bd 82 9d f1 e3 1b db eb 9d 9d 6b eb 2b d9 39 aa 36 d2 49 1b c9 97 2f 6a d7 09 d8 27 57 fb bd b1 33 af ac 35 0d 8e 3b d8 11 7e 3b db 8b be df d9 f5 52 f6 ff c7 5e e9 f8 30 c7 ef 38 3e 68 7f 7f ed 8c 4b da 3a b2 b3 5c ad 0d 49 5e eb 3a 63 7b 57 d7 59 fa 5a 76 b6 80 fd 7d b1 df 2f eb b3 8f 7d fa b5 ab b4 ec 2e 02 f6 bd 0d df ba d9 ab 84 bd f2 db 31 49 eb 17 7d 1e b0 7f 7a 37 6a ad 18 d8 fb ba 8b 00 3f 2d fb bb c9 eb ab 7d 33 62 df 8b d2 4b 23 fb ee 8a f3 fc f8 f6 c6 7e 3a 8c cc cf 3e f3 5b 5f b5 68 61 9c 5e f8 d0 ba 00 9f ac ec 9d 1f f7 32 b3 9e ca d9 b9 0f f6 8e df ce f5 b1 df 31 eb 9b 95 7d 5a b7 6b ed ec 67 45 cb d5 c6 b8 7d 7b 65 ff ae f6 ff 9f 4f 02 36 56 3b fb e4 60 af b5 d2 1e 76 ac e6 4a 8a 2b 4c ac 45 2f fb 66 d4 fe 6f d1 33 13 eb cf 85 5d 33 60 73 63 c1 7d dc 39 77 de ce f9 b5 77 4e 5c 2d 65 47 26 ec 2c 2f 9b 6d 57 fb 8e df de bf da bb 29 7b 37 67 23 54 62 de c5 ed 55 c8 fe 45 ed c8 81 b5 3b ca fd 7e 6c bc 96 cc 24 cd 44 f5 58 dd fa 6f 65 9f 2f b8 8f ab 7d fb 65 ff 52 f6 4e 80 f7 7b f6 f7 d8 ae 3e 63 c4 de 76 3f 09 fa fd 64 7f 57 b9 96 66 45 8d b9 dd a2 cf 13 8c ff c2 be a5 be 3d 30 52 09 bb 93 a9 1d 1f b7 63 34 ca 23 7b e7 64 6d d7 4a aa 59 2b fc 36 97 f5 d9 c8 1b 69 8d f1 c3 5e c9 36 69 9d a8 17 53 f6 ee c5 8e f4 33 73 34 0f 47 f6 57 80 9e ee 59 cb 0f f6 49 d9 5e d5 ed ac 63 bb fe c1 ae 1e b6 9e 88 70 c7 6a 75 88 19 34 b2 eb 6c ed 2f 8d 52 c7 8e 9f f3 6e dd ee 3f 62 c7 84 ed 1c 47 ef 9c 63 eb ad 2f 7d 5e 60 8e 35 6c 95 9e ac 4f c6 d6 da 96 7d a7 6a c7 d4 ec 88 1f e7 79 d8 7d 6b 1e d4 ec 08 59 86 99 dd f1 94 19 36 a7 7f 93 76 f4 93 3e d8 31 2f d5 c7 Data Ascii: xW+Qgz'N{n@&%4s!M+voNnw~G\|!_Og_LCa/_w{G/j\|'{o-{_<Gu{g??^ww'iv_f3vl_>T\|?{5]b/`66!jvom2vcW=Uv}{v+i=\|_3ogiFwk+96I/j'W35;~;R^08>hK:\I^:c{WYZv}/}.1I}z7j?-}3bK#~:>[_ha^21}ZkgE}{eO6V;`vJ+LE/fo3]3`sc}9wwN\-eG&,/mW){7g#TbUE;~l$DXoe/}eRN{>cv?dWfE=0Rc4#{dmJY+6i^6iS3s4GWYI^cpju4l/Rn?bGc/}^`5lO}jy}kY6v>1/
Oct 13, 2023 00:30:05.126636982 CEST	57	IN	Data Raw: 71 3b 7b d2 da d6 b7 6f 36 99 7b 51 bb 56 de da 1e b6 eb 0d ed 8a 33 46 7a 44 af 6c ec 55 cd 8e af 60 27 03 76 86 a6 dd f7 c0 ce 15 b7 9f a5 9d cf 6f bf b7 f6 3b 6e 57 6a 70 94 66 d7 98 fb 7a d9 18 7c b1 27 27 fb 64 48 7f 54 ed ac 6b fb ec 64 e7 Data Ascii: q;{o6{QV3FzDlU`'vo;nWjpfz\|''dHTkdJ2sVO5Bb,zaf`5i/6EC[Zv&Yv.a7zZ9%]0C(FGe1Wq7dH_CW}[ln3
Oct 13, 2023 00:30:05.126653910 CEST	58	IN	Data Raw: 41 d4 b2 dc 29 2c f3 d2 da 90 b1 57 42 49 45 5e 55 ed d3 27 76 a7 6f 77 9f e3 0a 2b 6b c3 d2 ce 9d 03 0f 5f 89 cb e4 4b 12 60 c4 9b 9d 41 d1 52 cf be 39 b5 bb 9d da 37 57 76 e4 d8 3e 3d 59 8b a3 f6 5e cf ee 5b de e9 69 f3 56 b1 d5 c9 66 5a 8f 38 Data Ascii: A),WBIE^U'vow+k_K`AR97Wv>=Y^[iVfZ8ua2q;bWY6^:w\|tKi)gAinq/9\oVfYute4U^X_E7};T!2T5
Oct 13, 2023 00:30:05.126733065 CEST	59	IN	Data Raw: da ae 5b a5 e7 23 76 9e bc 5d ad 66 fd 7c 02 71 69 ae 74 98 97 37 7b fd b1 f7 63 e0 ba 06 6c 87 a2 b8 8f cd f2 b1 bd fe 80 29 27 ac ad 05 7c e2 d3 fa 6e 0d e7 d5 b2 3e 52 5c 7a 63 fc 4b 20 ea 39 ab 7f 00 bf b5 62 ed 2f b9 cf 8a 5d 6b 00 2a 7b db Data Ascii: [#v]f\|qit7{cl)'\|n>R\zcK 9b/]k*{}@xhvW/;OSU^9]X"%E"OZOpP:bv`GG\Ol%imAR%nUUa}^ck+\g+}S[La@fbY#Xe
Oct 13, 2023 00:30:05.126810074 CEST	61	IN	Data Raw: 44 a5 6d d8 66 79 f1 b2 b5 43 6b b2 05 a3 ba 87 4b 5d 33 4f e2 76 ad 01 59 25 31 99 09 f0 e9 0a 0b 5e 87 75 7a da df 69 6c a8 30 df 1e 3e 60 c1 6c 88 c3 8c 08 dd 85 60 92 8a d6 b2 0b 3d f7 85 ad d0 4c 5b d8 ef 0d d9 b6 2f 38 be 47 ae 76 44 bf 37 Data Ascii: DmfyCkK]3OvY%1^uzil0>`l`=L[/8GvD7'\+zgCk"WV+CB'ctW;t[0>~I`NRO/'Q"uufx_]PEDY ?g.^>-,lx8y1;Fn
Oct 13, 2023 00:30:05.126827002 CEST	62	IN	Data Raw: 89 0a 98 a4 8e cf ed 91 a7 d0 5a 72 39 ef be b5 68 64 67 d8 33 b7 42 20 a0 91 37 52 17 b2 af 6d 6b 4b 0a cf 23 a6 66 45 64 d3 05 69 69 85 49 5f b8 65 0e f9 b1 05 ca 68 e8 3b 57 7c 76 89 fb ca d9 59 af e4 7e b4 02 27 76 bc 98 f4 3e 76 fc 0b a6 70 Data Ascii: Zr9hdg3B 7RmkK#fEdiiI_eh;W\|vY~'v>vp@T"uOp+eA61a-y!r)LDx$"L)DEE@KP%nr1=uToemEo:z;x>B4%=9
Oct 13, 2023 00:30:05.126921892 CEST	63	IN	Data Raw: 13 cd e9 09 31 5f 10 06 f1 84 76 60 89 4e f3 4d ff 1c d0 74 35 50 3f b7 40 27 05 14 00 42 1a 6d 18 8f 1c 36 ea 82 ce 4b ea 85 10 76 a4 45 2d d2 19 cb bd 83 19 8d 12 35 5d c9 10 3e c0 f4 47 b4 c5 71 46 e4 0d 97 d3 63 b6 cd 58 7d 09 b2 7e 47 66 57 Data Ascii: 1_v`NMt5P?@'Bm6KvE-5]>GqFcX}~GfWj94a18C_qXHv$Jc46Bh."TeX{O'~a{QFd)hdI+MxaC<NDIC^OHF.(
Oct 13, 2023 00:30:05.126943111 CEST	65	IN	Data Raw: fe 45 b5 20 0d 4c 18 e6 30 8f 8f cf f1 fd ab 87 ab ba 54 0b e5 59 6f 55 7c df 8a 31 39 81 c7 75 a6 0c d6 75 04 6e 8d 83 9c d7 78 9d 29 fe a1 06 63 55 a5 5f 9b a8 25 6a b0 99 25 7a ea c7 fa 3e 92 f1 7d 12 1b bb 39 fc c6 3b 6e 40 7e c2 fe 62 2c cf Data Ascii: E L0TYoU\|19uunx)cU_%j%z>}9;n@~b,:)'Pv]:8K#_=_/Vyf#0K65ur9uoPjxvoM-xOau!Q{:F<]FwY>^XWE"w,
Oct 13, 2023 00:30:05.127021074 CEST	66	IN	Data Raw: f6 39 43 c4 e6 27 b7 f0 26 4f 1c a6 fe c5 69 57 a5 b1 ae c3 7d 8d 58 ef 2d 46 ad 83 95 39 83 53 a5 10 bd 80 f4 0f ec c5 10 23 d2 6e 53 ed 15 25 ff 27 cb a1 35 39 c4 1e ee a9 62 6c b0 36 54 7d 56 44 f5 22 85 df 06 6e b2 c4 2a fe b3 9b 85 f2 ba 51 Data Ascii: 9C'&OiW}X-F9S#nS%'59bl6T}VD"nQa-"8Y y~]w lMyfp;?T\|wNz1B>d\|R%rT(EVhjdNfQAQKE%Pp Z@8DZ0
Oct 13, 2023 00:30:05.127080917 CEST	67	IN	Data Raw: c5 d8 ab ea ad 4f e6 3d 40 8e f0 4a 16 38 0a 56 28 10 19 5f b1 69 17 d8 53 d5 77 2b af 9c a1 fe d3 71 81 43 fc 4d 02 4c e7 66 f5 8b 5a 90 3d ba ce 82 c7 db df 61 cc e7 60 b7 2c 2c d4 17 a5 c8 9c 15 97 22 9f 9c 22 93 59 45 9b 55 02 47 8d 88 99 1f Data Ascii: O=@J8V(_iSw+qCMLfZ=a`,,""YEUGdW&<IhK%]81Z1.S,~_,#0tk$!+a70y5G1r{Y`-N_)\| d,9T79ZuX7!g{8>
Oct 13, 2023 00:30:05.127129078 CEST	69	IN	Data Raw: 74 76 71 08 87 7f 87 db 4d c0 32 5f c0 14 69 3c ab cb ee e4 f1 04 27 2c ad d6 5d 81 b5 3f 41 29 91 23 43 16 80 e9 2c 53 19 35 62 1e 1f 88 dd 6a ec 85 71 22 bb 10 a4 df cf d4 68 35 d1 c0 6f 51 29 1c 89 e2 73 68 43 56 3e b7 4b 5b 83 da ba 18 f5 12 Data Ascii: tvqM2_i<',]?A)#C,S5bjq"h5oQ)shCV>K[r;a{-YBFBz *>h@:xj=&RS@X\TGc;pWB/Q'Rx$ps8Qye-tIPa~ahdVh

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:04.964570999 CEST	53	OUT	GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com Range: bytes=61495-122989
Oct 13, 2023 00:30:05.133611917 CEST	176	IN	HTTP/1.0 206 Partial Content Accept-Ranges: bytes Age: 227240 Cache-Control: max-age=604800 Content-Range: bytes 61495-122989/245978 Content-Type: application/octet-stream Date: Thu, 12 Oct 2023 22:30:05 GMT Etag: "869216985" Expires: Thu, 19 Oct 2023 22:30:05 GMT Last-Modified: Tue, 10 Oct 2023 07:21:49 GMT Server: ECAcc (lac/55D2) X-Cache: HIT Content-Length: 61495 Connection: close Data Raw: d1 4a 37 55 3a 0d ab a3 6b fc 04 3e 58 eb d9 6d f3 3d a4 a8 f3 a0 ab e3 c4 db 39 d1 e7 90 26 f8 47 97 f7 56 87 c3 4e 2f c9 29 24 91 c7 d5 56 ec 91 11 66 2f 62 eb 29 fe 35 90 7f 55 be 2e e2 97 be 73 69 f6 c1 33 7d a5 45 4f bb e2 7a f9 b1 37 66 56 5e 5d 4c 4c b3 e2 5a 76 f6 b7 ee 9a ad 18 f9 81 2b bf 12 1d 6f f1 40 9f 3c 50 7b e8 ed 97 bf 2a 75 37 75 4d 07 d9 ab b0 4f 31 4d 7d ee 99 67 18 69 a6 c6 4d e7 84 ac f0 7b 9f 1c f4 25 4e b2 bc ae 9f 53 b5 74 78 4f 7a 34 c5 98 c7 92 c7 ff 4f 55 87 c1 aa 5e 52 32 ce 64 f6 05 ff cc 3b 47 4e 0d 7a 9c d3 59 8f 55 be 5f d9 dc a1 0d de fc 87 9f ed 4c 9d 7e ae 1f 7b 96 e5 cf a2 3a f3 09 ce 5c e9 4d 9a 7a ab 63 71 24 71 9a 7f b8 9d b5 7d d0 d1 95 3a 57 cd 54 5c f7 0c 3e 78 f6 39 65 ce a4 47 79 77 92 4b b3 20 ff 68 bb 71 15 1f 7c c5 5f f8 ed b9 ff 0e b1 83 33 6e aa 35 fd a3 ee bd dd d1 62 de 44 cd d0 e7 5e a8 11 69 12 60 d1 13 39 54 d7 d4 e1 d8 43 2c 59 53 35 dd 53 41 86 42 9f 66 03 96 3d 99 73 5c 6d 83 42 7c a9 0f a5 80 11 da d1 f3 2b f8 87 c7 cc f7 da a3 ba a7 f5 98 d7 0d 9c 66 a0 16 78 79 93 42 3f e3 83 1f 58 59 e7 b9 3f 95 7e c1 f3 ac 52 9f 7e 69 1b 81 07 aa f8 f9 4b 08 b0 6a 02 fd 9e b3 b8 2b 9b f6 ed 94 d4 d7 b2 a1 94 1f 67 f1 b3 81 fb 9f c8 7d 45 dd 0f 79 57 12 6a 5f 1e 0b 3a 97 0b da fa 12 9e f9 7a 4e dc c9 58 57 c6 5c 2c 3b 87 b4 6b 66 bc dc 79 3a 0f 2a fe 3b 78 ed 01 36 09 ac 57 a7 66 ae e0 ad 03 de b9 32 9c 3e b7 f2 a2 3f 7f 0a 17 a4 59 86 09 05 ee d5 a1 27 2a fe b6 cc f9 a4 36 ff f5 cf 3b 07 6b 70 a5 7f dc 70 c1 79 87 23 35 d0 cb 36 97 a6 da 16 38 0a ee b0 42 b1 df c3 a5 f6 89 8f d9 73 98 f5 d4 65 7d 78 be 83 a7 8f 67 f3 ab 4b fb 80 03 79 4d 6b 7d 86 79 86 b9 74 7e d7 18 b3 5f d4 6b 70 2b c3 d4 45 b4 9a 15 bd 84 2a 27 7a 7e a6 74 c6 11 9f db 26 f3 b5 ad 55 3e e1 1f 3e e5 10 a8 a8 b5 4e 5d cd 2f 6e ec 8b d6 78 90 4b 27 78 37 a8 17 65 48 64 2e 46 1f e9 ba ff c2 7b 8d 39 dd c3 b1 d4 f3 be 23 cb 3f 60 bb cb 6a f4 57 48 e5 d0 de 39 b7 b6 42 9b 39 b6 2f 3e f1 19 87 38 e0 47 08 f5 58 75 15 5d 6c cf 62 c3 ab e7 5d a5 f0 dc 5a 19 c9 e5 35 11 49 ae 3c d1 1d 5c 11 6f f6 0c 5a db 53 f2 17 3a 39 92 9b fa d5 7e 3b 87 2e 5f 64 d6 4b f8 74 c7 2d 7e 07 95 5e 73 9f de d1 23 5e 31 0d 3f 9c f7 15 fe ca 36 84 3a 94 5b d3 04 d3 2e f6 b6 8e 81 ae 62 4b 46 76 c4 8a d7 b4 c2 13 1f eb 21 fc 91 9f 90 dc 4b 2e 9d ab 55 a6 54 f4 b2 3e bb 98 aa 75 4c d7 5c c2 65 69 c6 48 9b ff 75 9b 7d e6 b5 a9 15 fd ac 9b 32 b1 d5 0b dd a8 7b 6c 6c 03 e6 4d 27 08 45 9d d5 57 c3 35 32 35 33 4d 91 0f 07 cf 24 97 4e 7e 7d c7 23 44 5d 9b 26 e4 15 bd bd 43 99 32 9d 42 7b 86 a9 bd c2 41 8e 28 e3 79 58 e2 81 86 54 d1 23 fc 4d 41 ff c6 d7 7f e1 1a 3e b9 95 ba 59 85 3a c6 38 55 39 25 16 ea a1 91 7d 9a 74 fc c0 Data Ascii: J7U:k>Xm=9&GVN/)$Vf/b)5U.si3}EOz7fV^]LLZv+o@<P{u7uMO1M}giM{%NStxOz4OU^R2d;GNzYU_L~{:\Mzcq$q}:WT\>x9eGywK hq\|_3n5bD^i`9TC,YS5SABf=s\mB\|+fxyB?XY?~R~iKj+g}EyWj_:zNXW\,;kfy:;x6Wf2>?Y'6;kppy#568Bse}xgKyMk}yt~_kp+E'z~t&U>>N]/nxK'x7eHd.F{9#?`jWH9B9/>8GXu]lb]Z5I<\oZS:9~;._dKt-~^s#^1?6:[.bKFv!K.UT>uL\eiHu}2{llM'EW5253M$N~}#D]&C2B{A(yXT#MA>Y:8U9%}t
Oct 13, 2023 00:30:05.133645058 CEST	177	IN	Data Raw: f5 03 95 d9 d6 ee 4a fa 42 5d 0e fe 83 ed 86 dc 83 03 9d 20 c1 d5 8d 30 87 13 15 42 1f 8f 1c cc c0 0f af cb 19 95 ea 15 47 3b e4 31 8f dd 34 50 9d 04 8a d8 e7 d2 f4 c4 33 1e d9 a3 5c 4b ef c0 25 47 e7 25 ce 7e 86 87 7e c1 eb ee 20 bf 7b f9 7f 25 Data Ascii: JB] 0BG;14P3\K%G%~~ {%w'9Uc_D.SaM'}EoXOLn]a{K(u}wt5-Mp'{_pv2~Qtt\|fC=TJhV[^VIgXGz:l
Oct 13, 2023 00:30:05.133712053 CEST	178	IN	Data Raw: df 2e 70 98 b4 31 79 b1 46 cf b3 ca 3c aa 9f 09 36 f6 1b fb 1b 8c c5 c4 cf 5f a8 05 da 7a 6c bf 32 37 f0 41 96 65 0a a2 7e 74 6a ff a9 05 3a 3c d8 e7 7a 0a 46 34 c2 6b aa e5 c8 2e bf e7 ad ae 64 2a d0 8f fd 30 e7 ae ec ab 31 67 a2 fe a7 fd 34 c4 Data Ascii: .p1yF<6_zl27Ae~tj:<zF4k.d01g4D3:c~FL}wlcb@cl;3O{X~n_=KX+1J^>)Dku>wZt#*BK\=7\|pG
Oct 13, 2023 00:30:05.133805037 CEST	180	IN	Data Raw: bc d2 79 d9 8f 22 6e 70 e1 5b f8 28 50 76 89 7b af ed a7 b7 5c a7 7b 15 e3 31 75 34 4d c8 be d0 e7 70 ae f6 1b e8 e2 0f 95 69 4b af e8 fa d3 12 56 e7 36 5b e9 4f 14 e2 91 bd d1 d0 d3 b0 cf a5 b3 ce 27 aa 9d 22 44 30 b6 17 e2 dc 9f 81 88 d1 e0 af Data Ascii: y"np[(Pv{\{1u4MpiKV6[O'"D0pA'Tn?TKOA+qU{N{g G}m"]g+=%ULul[~J%S[V8&jO9O<z=8c>#6OOLmtj}q=)6m5Chz8Gx
Oct 13, 2023 00:30:05.133853912 CEST	181	IN	Data Raw: 3b 87 d9 f4 92 1b 99 a8 e4 53 4f b9 53 da 76 51 74 27 9c c8 34 15 19 a1 c0 d7 fe e5 cd 86 8e 73 88 15 ff 10 a3 0f 55 6e bf b8 d2 40 27 1d b3 1d 16 32 7a 8d 47 61 4b 23 1b e3 73 7e 4c 2b 78 b1 6a f7 58 d3 11 a4 fa a7 b7 ea 81 33 e6 1c 8f f1 aa c3 Data Ascii: ;SOSvQt'4sUn@'2zGaK#s~L+xjX3riAKgq1{?t'/UI~gu0E5U*&{sGcwkl\JxUEod;g:;T~9ciry`"WummQ-pKSr,E.P&hm%2-FrZ
Oct 13, 2023 00:30:05.133886099 CEST	182	IN	Data Raw: 33 f9 d5 9f 50 f1 37 4f e1 9d 26 85 66 44 f3 8e 48 1a 48 f4 9e 52 54 a4 28 df e3 ea da b8 8b a9 ba 6a 22 06 16 ed f7 47 f1 77 44 47 da 63 ac 6e f5 7b 56 e4 bc 27 99 a4 47 89 1b ea 1a 6a d3 c9 6e a9 74 e1 19 fb 16 f1 4e b3 49 14 f1 4f 95 b2 f7 68 Data Ascii: 3P7O&fDHHRT(j"GwDGcn{V'GjntNIOh)S><Zx]fa=ev6y@~&{'%8H554r4[Af=R7Nb@;qr@n<Cwg,NhWj/[35L>5vkC8
Oct 13, 2023 00:30:05.133999109 CEST	184	IN	Data Raw: dc bb 29 c9 f1 5f a2 45 78 87 7f a1 cc 34 db 61 a1 76 8d d8 12 ce ea 43 2a 43 c3 ef e6 d5 e8 e9 6c f6 81 eb 3c 57 db 4c 32 8c 1d 98 64 cd ff f4 23 e7 16 39 cc f3 78 f3 3e 8c 58 96 3b d3 44 8c a2 69 14 51 cd b7 64 e3 53 7e a1 09 8f 42 55 16 48 1d Data Ascii: )_Ex4avCCl<WL2d#9x>X;DiQdS~BUHeFxAT0^uqzVF-J[kzVWXP]%TXFN\|VmY\`}b/D:9uu&UQ<pkrB-m%pJ
Oct 13, 2023 00:30:05.134083986 CEST	185	IN	Data Raw: 7c 92 53 f3 9e 03 af 7d 70 6a 86 fb e5 4a 6c 7a 53 87 dc ca b3 91 a1 e2 74 e0 35 27 6b 11 0b f7 c6 63 7b a5 16 4e a7 e2 bd f3 21 77 70 d5 05 38 a7 a9 c6 be f0 bc 92 4b 2d 18 a9 27 ef fa c4 2c 97 02 ec 1d 79 3f 66 dd bd 61 9c 17 34 d9 2f 7f 3b a6 Data Ascii: \|S}pjJlzSt5'kc{N!wp8K-',y?fa4/;m,D_{SotPv9#d{:]s[1;pPJonUh$QE6uNUqp"#\|EJ~IXg"[Srg(Z8Ko &CYrg2w^
Oct 13, 2023 00:30:05.134160042 CEST	186	IN	Data Raw: 8b 4e 93 22 37 f5 0d 5d 3e b9 ef a3 a2 99 e3 ef d2 89 f7 8f 18 e1 b2 ff b6 32 b7 cb 06 4e ff b4 56 5f f0 de 65 1c d4 87 3a 35 dc 37 03 6a 49 1d e7 51 d4 09 db d3 3d d2 d3 05 ba 81 60 ee c4 9e 34 09 e8 c0 ee 19 5b 65 2f 3e 27 9c bb a7 b9 74 e2 c8 Data Ascii: N"7]>2NV_e:57jIQ=`4[e/>'tw6?GZw$\}S3~4Nt=?fN-qk[wW/3>I{<<C;W~uF(\J`s*^<IYDB'RT#<jTMU=Y94Q
Oct 13, 2023 00:30:05.134223938 CEST	188	IN	Data Raw: 20 94 86 a7 f1 cd bf d6 87 63 9f 21 e1 bd 9c f3 a1 3b a1 a0 ff 60 6d 3f 1e ca fc 9f 2a ce 37 2e d4 e4 3a ae 89 bb 2d f1 2d 3a 7b 6f 3c d1 bd 08 f5 01 55 ef 71 1c 2d 28 ec dc f3 69 43 38 7d 1d 5b e7 58 b9 e8 a3 38 b3 bb d3 0c d2 29 5e 3b 9d f3 7b Data Ascii: c!;`m?*7.:--:{o<Uq-(iC8}[X8)^;{K{KO>2{VoeIRc~aczt>K<w3[!wk"igE=m,v:9Z~3K##lfjY;}U}J4Or4?[
Oct 13, 2023 00:30:05.134255886 CEST	189	IN	Data Raw: bc fd 93 fa c7 d2 74 91 bd ee f3 01 47 f4 39 b6 f7 c8 da 09 17 cb 86 73 ac c3 33 9d f0 7f 91 0b f8 2b 97 4e 73 fa e6 3f 8e 4f 3a a2 36 4e e5 c0 92 ea 72 42 45 fa 95 5d 63 ef 2c f9 a7 a6 98 fc 2e 2d b7 9b d5 51 9f f0 40 05 5f 94 7c 49 73 ff be 66 Data Ascii: tG9s3+Ns?O:6NrBE]c,.-Q@_\|Isfip]2J.ks_r\|cTG T6#7XQ78#WL6Uc fTty\|H,]clhPwky5jfzN0-7j_E.W&O]9

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:04.964673042 CEST	53	OUT	GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com Range: bytes=184485-245978
Oct 13, 2023 00:30:05.129125118 CEST	95	IN	HTTP/1.0 206 Partial Content Accept-Ranges: bytes Age: 227240 Cache-Control: max-age=604800 Content-Range: bytes 184485-245977/245978 Content-Type: application/octet-stream Date: Thu, 12 Oct 2023 22:30:05 GMT Etag: "869216985" Expires: Thu, 19 Oct 2023 22:30:05 GMT Last-Modified: Tue, 10 Oct 2023 07:21:49 GMT Server: ECAcc (lac/55D2) X-Cache: HIT Content-Length: 61493 Connection: close Data Raw: 0b f5 dc 08 0e 4e b3 ab ab 78 99 40 e8 03 0a 47 83 56 58 a3 6e 0e f9 2d e6 d0 ee 44 8d db d1 07 55 a4 f5 95 ed cf 34 91 fa 8c 7e 5e c5 e0 86 52 b9 85 67 03 a7 74 75 7f bc 5b bb f1 34 03 ff a7 f3 6d db b8 eb 8d 6e fc 98 60 70 4d 1d 3c d0 95 31 a1 fe 96 e5 b1 d4 39 d5 b6 c7 0f 3c 95 8e de 95 4b 9d 05 3d f1 ab af d3 f7 81 53 6b c3 b9 1e f5 69 e8 81 0b 39 a0 6d e2 4c f0 1a 69 2e d5 2f 3d 6d c3 a1 fb 80 43 7a c0 78 bd 5a d9 97 76 f0 14 57 38 a5 c2 fc 60 12 f7 f1 0e 3b b4 f3 39 9f 69 49 7d 1a 15 4e 95 4b 33 39 60 7e c4 a6 67 bd 80 c1 36 fc 62 4c d7 14 9e e0 d0 a7 14 c8 15 6c df a5 91 3c 88 d8 ef 26 22 6c d5 a9 73 9f bb a7 3a 7b 82 3c ca 94 e6 bf f6 5d 41 5c ac 5a 9f 6d f8 2c 72 ee 23 5f cd 8e 1c d5 96 23 9e 39 69 ef a9 f9 cf dc 8f bb b8 c2 40 2f f7 b0 49 68 3f 5d c8 7f a9 ae 6c aa 05 8f c4 8b 0b f5 5e 07 6a 78 55 9d 1d da d3 0d f9 ed dd 3e 8a 09 87 6f 10 5a 5b 0e b8 d0 57 b4 36 07 ab cb 8d f0 a1 f7 2c 50 77 64 97 7d dd 4d 5f b9 76 b3 80 f2 22 de bc e4 5d 2c 5b b3 1c 4a b8 83 d0 7b ea fc ec 07 59 9a 54 1a ae ae 11 c6 29 90 c8 1d 3c 7c 9f a5 59 79 35 2c 57 dc db 07 16 be c2 c1 f6 c2 87 51 e1 6d 9b e9 87 59 a8 fb c2 ab b8 a7 2f 72 4b 49 7a b6 66 6f e8 ba 13 7b 72 02 61 d7 44 fd 17 77 55 16 37 62 c2 43 cc 17 bc c3 ee a5 f3 cb 1b 76 e2 4c cd 1a fd ad b1 d6 53 67 f0 67 96 26 4b 2e 30 ba 57 d8 9a 06 c5 6a 23 b6 4c 69 b8 29 d2 ed ab 60 d3 0c e6 2b 77 f6 c5 df bc f5 b7 31 67 a4 9b f7 c8 44 bd 30 81 0e bb f0 4c 20 f7 c8 84 1b 6e dd f0 f4 74 55 6f 25 9c 53 0d 6e 38 11 fd 5f 28 1c 97 7a 0b b7 7a 7d a7 38 b3 6e 96 e6 aa ef 72 a5 ac f8 dc 5e e8 de 53 98 fc 9c 2f bb 27 c2 16 e4 e7 63 aa 64 3a 45 27 7c 91 77 fc 7f 65 a8 bc c3 67 d6 e5 c1 78 92 db 2a b2 de bb 0e c4 0d 47 d1 10 b2 b9 f7 a9 4b ef 67 68 3a c7 17 7d ac a7 cb 26 3c eb 71 b2 53 78 68 46 30 7d b0 10 c7 56 73 fc a9 a2 97 e4 90 da b4 4b 89 7a e0 a8 38 50 4b 74 73 6c 16 5d e2 0b 5a 75 55 d4 aa b9 e7 22 b5 bf 07 7b 05 53 31 b6 37 7e 74 dd c6 54 98 57 8c da 91 6e e7 34 ff f5 1d 06 3a 97 f7 af 20 e6 7b cf e6 9d a3 77 2d 5e 3d 71 d1 74 38 50 0b b9 0b f2 56 dd 71 49 07 af 5b bf af 10 76 42 df 13 fa 73 ac 8e aa 09 46 2f 34 b8 d4 a3 1c e7 70 9d d3 a2 4f 29 91 4d 7b ea 53 47 77 3c c9 63 2b ee 52 8c ac 51 9d 46 10 63 f8 91 ee a9 34 0d dc 63 64 f7 5f 13 22 82 79 fa c6 98 8c 31 c2 f7 10 74 55 37 67 28 24 6f bc 35 c1 43 de 79 cb 0b 7d 5c e9 54 83 c4 c7 7e f0 57 4e dd 7f f8 dc 63 b6 42 1b cf 76 a3 4e 3d e1 3c 2e 62 53 2e dc 69 c3 5a 0e c5 ad 6c a2 4a 54 91 e9 64 b7 4f e8 34 fc 32 a7 54 f1 3d f3 6b 1a 34 9e 0a d5 f1 17 1b 1d f3 70 ca 39 2b b3 b4 ba f6 c4 e5 81 df 11 ca c7 39 4c 35 a7 90 cf e9 2c 5d 1a e6 af 7b 6c 71 9b 34 a1 fc 91 9e ac 53 6a 77 0f 37 f3 a9 96 ff 91 57 2a dc Data Ascii: Nx@GVXn-DU4~^Rgtu[4mn`pM<19<K=Ski9mLi./=mCzxZvW8`;9iI}NK39`~g6bLl<&"ls:{<]A\Zm,r#_#9i@/Ih?]l^jxU>oZ[W6,Pwd}M_v"],[J{YT)<\|Yy5,WQmY/rKIzfo{raDwU7bCvLSgg&K.0Wj#Li)`+w1gD0L ntUo%Sn8_(zz}8nr^S/'cd:E'\|wegxGKgh:}&<qSxhF0}VsKz8PKtsl]ZuU"{S17~tTWn4: {w-^=qt8PVqI[vBsF/4pO)M{SGw<c+RQFc4cd_"y1tU7g($o5Cy}\T~WNcBvN=<.bS.iZlJTdO42T=k4p9+9L5,]{lq4Sjw7W
Oct 13, 2023 00:30:05.129160881 CEST	97	IN	Data Raw: 95 35 1e 81 13 b9 31 d8 a1 d4 b5 1c 2a 41 c7 bb 78 e1 7f 5d 59 21 c1 0e 84 87 6b a6 77 a8 8a 25 3c e1 dd 8f bf 9b 61 a2 83 0d 9f 53 8f ca 6a db 39 fc 3b 80 36 6f 3d cb 33 5e 91 dd dc 7b 33 ca d2 59 68 4d fa 7e 20 95 4f ec e0 45 96 4e d0 fa a6 96 Data Ascii: 51*Ax]Y!kw%<aSj9;6o=3^{3YhM~ OENUe;E[.M=Qev~:Kn-dY'=AktoqEH=V-}P%z<ENveg)?mUsN"546`X
Oct 13, 2023 00:30:05.129216909 CEST	98	IN	Data Raw: df 5e 7b 32 bf f9 7b 6f 88 92 bb 76 c4 ad f8 55 84 35 76 3d f9 89 6e d2 16 04 5f f2 7b b7 76 61 53 26 78 a2 9f 5c 41 02 d1 57 7b 2d fe b4 f2 df d3 e6 42 8c 08 5c 87 71 bf 28 5a 03 d8 79 e3 e7 23 b2 37 45 94 3b 77 de 84 23 a7 18 b1 2b 6f aa 2c c7 Data Ascii: ^{2{ovU5v=n_{vaS&x\AW{-B\q(Zy#7E;w#+o,}683Knu'k}iVO8p)8/*qAMk>S=ym+v3MIms\:uuJa/<-62fMe8n^'X^%1W(jx_([8[UU
Oct 13, 2023 00:30:05.129285097 CEST	99	IN	Data Raw: 3c e1 08 0c 96 e2 13 7f 7f 2e 2f be d3 24 56 b9 5e 78 af 22 de d3 db f0 89 d1 5d d9 25 bf 90 65 83 a7 e4 1e 83 76 89 fd ad ab 0d b6 30 ce 10 2a 4c 9d 3b 1b de d4 23 f8 21 75 cd 5e 58 c7 1b 35 69 53 87 56 03 be db cf aa 50 75 cc 5d ec 53 a6 d6 7c Data Ascii: <./$V^x"]%ev0*L;#!u^X5iSVPu]S\|/\;fP2}v3i<~ODcMRnrrKv+R#}HyOzw-I94.\|hO:ge.%Dv3]t{[C{<]\|D;`^uA]hz
Oct 13, 2023 00:30:05.129332066 CEST	101	IN	Data Raw: 56 38 57 31 fd c2 a4 cf b9 07 24 18 b6 74 a2 71 e4 c4 33 0c 45 4c 76 ba e2 d7 48 93 d0 ae a8 df 2d 9d 11 f1 66 ab 3c b8 27 b0 72 4d bf cf 1e d7 c2 a9 af ad c5 c6 82 88 52 c4 ed 34 f4 33 57 f1 8b df b9 cb b8 47 89 19 70 88 ee 63 4f 1f d4 7d 7b b4 Data Ascii: V8W1$tq3ELvH-f<'rMR43WGpcO}{,_`nk#qw.~-jj`r!7tDe\R_Q/Has?(z{[Ot]#RWdKk&>0TD{\|x'\|k:%Mwols6q
Oct 13, 2023 00:30:05.129374981 CEST	102	IN	Data Raw: 83 b9 f8 52 ab 7d a9 11 8e 30 71 63 78 23 e6 c9 d7 f5 3d bc 70 f3 7f d2 59 e7 59 3a 17 ba af 63 60 ea 37 54 78 f0 c7 aa f7 b9 9a 34 56 d2 15 34 57 b4 03 07 b9 1f a4 a1 c3 ea 33 4b e7 50 cc f8 5c 5f 78 e4 8a 79 e7 53 4c 3e 3a c9 d5 9e b5 fd b6 a3 Data Ascii: R}0qcx#=pYY:c`7Tx4V4W3KP\_xySL>:+2HEnAe7WbGZW!B?<^554N!>%"?B(0S]]l5.7Z*Ao-t64Syixyunlw{8l
Oct 13, 2023 00:30:05.129514933 CEST	106	IN	Data Raw: d6 a6 01 8d a8 37 33 99 72 20 36 ec f0 1c bc a8 98 7f 29 0a 5f 66 be 6d 74 2f ec 40 f5 05 2c 4a d7 f5 c5 cf 74 78 ac 9e ad d3 01 a5 f3 eb cf f7 bf 72 32 04 af 1a 39 f3 9a 77 fd 0e f3 59 a7 7e 0c f1 59 b1 3e 4a 7e c3 14 db ff cd 13 3f 13 e9 de 20 Data Ascii: 73r 6)_fmt/@,Jtxr29wY~Y>J~? skz=O*8vGtZb.Z'j#zwtB;q{+rFY.SP=F~2n>5n'a(0+}k)'\0CU/wrw
Oct 13, 2023 00:30:05.129585028 CEST	107	IN	Data Raw: a3 e7 d4 f9 3e a5 e6 8d 5f f7 99 3a 15 ec 68 3a 53 eb 0c aa be e1 1a be a2 af 4e 60 bf 74 42 fc 93 88 fa a9 e3 76 9c bb 73 5f 28 b2 e9 14 cf 99 2a e5 4b fc 5a da b7 8f f2 48 9a 33 58 e2 d9 0b fc 71 9d a5 b3 3c ef f4 4d bf cb 28 f7 d8 b7 a9 15 d9 Data Ascii: >_:h:SN`tBvs_(*KZH3Xq<M(fctejO[\|a]5a"%gG0E:?NfXo%!Np-30pUjF}E}scOSTwq/VsO\|k>W7GEv
Oct 13, 2023 00:30:05.129641056 CEST	109	IN	Data Raw: 3d 51 f9 5c f1 84 86 6f b6 82 31 99 65 0f fc b7 3b dc 21 f7 f8 df 7a 96 ce 9d be a5 e5 85 66 da d4 6f d7 55 7f 3e e2 12 9e f4 82 bd f0 06 5d d2 7b 17 b9 7f ee 49 de ad 70 5b 1e c9 27 2b ec e8 25 cf e5 be 08 94 3a 8e df b0 ca 2d 77 3e e7 42 8e 37 Data Ascii: =Q\o1e;!zfoU>]{Ip['+%:-w>B7vG(-{Pdss%wn8cUMOvtC]q\?JZWN>a0L9_{j:qV6*cVI1>JZ%n"2dD=6<e
Oct 13, 2023 00:30:05.129928112 CEST	110	IN	Data Raw: 5f a3 34 d7 f4 7f 3d 71 86 ef 7b de 37 39 af 32 17 79 87 7c 24 63 11 75 e6 93 ee e0 88 01 cf cd 37 26 a2 99 3f ef 5b de bc 4f bd ea 89 79 99 5b 97 13 73 f1 8e 28 3c bb 5c c5 ab 2c 9d fa f9 83 01 5f eb 43 df a3 26 bc 62 7a d2 1c d2 d4 b9 f8 05 51 Data Ascii: _4=q{792y\|$cu7&?[Oy[s(<\,_C&bzQ,tV:E9KBCO(l{^4:;3 x;u{+*G3LR@bSV'}%uV@L8jJ\GQwz?=1oL~- y9qVk9U
Oct 13, 2023 00:30:05.130197048 CEST	115	IN	Data Raw: d6 71 6a 4d e8 30 f8 d8 82 3a 2e 2a 85 f0 db 3d 50 9a 16 d6 f6 91 6a 74 47 8d 9b e6 49 d6 f3 e8 77 89 89 3c c8 d9 d3 81 ae 97 8a ec 7c 6b c7 fe 88 32 81 f6 df b9 ad 7e bd d7 47 d1 69 4c 79 3a e1 c6 db 40 58 6d 7c c5 57 96 4e 50 7c 95 fb 8b 3a c6 Data Ascii: qjM0:.*=PjtGIw<\|k2~GiLy:@Xm\|WNP\|:~AFmq+bvx'pR__ghO8O{:74j5='G{&nT+kDk=:Ol>wfv07,1)aXntA]sb

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:04.964751959 CEST	54	OUT	GET /infofiles/db/rmd/install_cfg_n.zlb HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com Range: bytes=122990-184484
Oct 13, 2023 00:30:05.129436970 CEST	103	IN	HTTP/1.0 206 Partial Content Accept-Ranges: bytes Age: 227240 Cache-Control: max-age=604800 Content-Range: bytes 122990-184484/245978 Content-Type: application/octet-stream Date: Thu, 12 Oct 2023 22:30:05 GMT Etag: "869216985" Expires: Thu, 19 Oct 2023 22:30:05 GMT Last-Modified: Tue, 10 Oct 2023 07:21:49 GMT Server: ECAcc (lac/55D2) X-Cache: HIT Content-Length: 61495 Connection: close Data Raw: 3f 7c 33 7b fc a9 b3 dc f7 79 a3 77 fc 3a 4b 27 0e 84 d3 f9 44 d5 b5 c8 d2 89 d2 af 5c 4b 7d 2e 9f 1a 26 6f 9b 77 81 cc f1 b2 b3 2c 9d c9 36 93 a7 8e 20 b9 a5 fd 38 d4 27 de cd d2 b9 10 9f 94 d2 01 4e 34 bc 53 57 39 6a 7b 56 8b 1d 40 cc 87 7a f4 62 8e c6 af 9f 2d ca 19 35 f1 e9 12 22 b8 c6 9a d7 4c c3 e9 cb 4c df f4 f1 47 7b ed 16 1f 72 91 63 c6 ad a8 14 73 91 22 d2 cf b1 63 69 4d ad 54 c7 03 ba eb 96 0b bc 95 3b 39 62 b2 7b f8 17 63 8e 67 ea 79 99 70 09 b7 f5 84 c5 c9 76 0f 5c 0a 2b f9 3b cd 3a 78 c7 cc af f1 98 35 7c 6e 51 9c 6c f2 fe bd ea fb af e1 ec 87 ea e6 ad e7 11 6a f4 15 b6 ad 61 25 36 b8 fd c7 f9 d4 92 21 e4 5d 10 03 97 38 ca 77 ca 63 5f 16 9e 61 50 eb bc c7 31 3f ea dc d4 90 26 bf cc 37 bf 52 85 06 78 22 0e 04 5e bb f6 94 26 f6 ed 84 8f 34 4d f9 2c a9 74 0e e8 31 75 8e d9 88 49 ad dc 81 f6 a3 76 3a c8 95 86 b1 2c 7a 47 d1 fc c3 49 c6 0c 84 78 cb 23 79 f1 59 ec 1f 79 b3 25 ae a6 7d 57 ff ec dd 95 38 49 ea 7e e6 91 b6 94 9c 97 35 68 bb ce 0f b3 84 08 1e a8 10 c9 ed 3a c4 f3 34 30 d1 ef 9e ef 1f f6 b9 88 0f 89 0e 9b d3 2c cd eb fd 53 d7 c5 be 88 b3 83 fb dc 9e 6b 9e bf 42 96 a6 63 dd c9 2e 7f b8 b2 d8 09 e7 59 9a e8 17 6c cd 39 af dd 3e cd 26 39 98 6f 28 1d 07 e2 fe 23 7d fc 09 8e ee 40 88 1b b9 e4 50 44 6b f2 7f 9c f1 cd 7c 51 f6 ae e9 f6 0d 77 75 82 01 fe d0 85 17 fe 95 11 1c 7b ca a9 54 a3 5c 44 07 c5 12 df 1f 1e b4 21 67 64 81 ee 77 4f db 8e 4e 91 50 2a 8f 55 16 37 62 e5 95 da a5 8e 73 3d f6 94 be 39 97 aa 2a d3 be a8 11 ca de 4a 9f 40 9a 96 75 6b 27 46 4f ff 11 74 d1 c6 c7 ff d0 66 3f 71 b1 4d ec 62 1d ab 1e 1d 55 e9 74 de 3d ce a0 11 0c 3d 54 ed b6 71 22 a1 75 bd d0 a0 6f 44 e7 50 59 76 b4 88 5b be ed 1f 18 af ce 2d 31 e5 0a 58 5b d7 9f 56 c2 be bd 50 17 8d 4a aa dd 2e d4 7c c0 7b b8 6f dd b6 69 25 71 8d 13 d5 57 29 4b b3 4f 6e 54 ce 4f 94 8b 95 3a 3e 62 72 44 84 79 ce bb 94 f9 4e 43 ef 7f e1 6e a9 d9 0f 81 8e e2 1c b6 a1 27 3c 97 cb d2 f4 e9 1b ce c0 89 2a 34 62 d9 05 e4 f7 41 29 5d 71 69 b4 a0 dd e8 3a 5b 5b 65 15 7d 8b e7 3e 77 1f ea bd d6 89 b6 15 0f ab 3c 48 6f f2 f3 29 7f d4 47 96 3a 59 ee 79 05 aa b2 63 51 b5 bd d6 05 9a 78 da 29 97 6e ac bc ef 5c a9 7a 32 3d e0 4c 97 c8 4a 75 fb ea a9 f7 74 12 94 ac d9 22 37 7c ec 87 7d 11 32 f2 57 27 4b 27 2e 8c b8 fd 1f 31 5a 2d 59 fa 46 bc ed 73 4f a4 7e e5 72 1e b5 c2 b1 f8 90 77 23 ec 73 d0 37 a9 53 7b 76 d2 35 c6 f7 8e 3f a8 8c 13 db e5 6e 9b 25 76 6b a2 2b 22 f9 0e ee a1 87 33 15 df 8f 1d b8 af 8a 1f 43 52 e1 fb 2b a9 9d ee 70 e4 05 c8 31 ee 26 e5 f3 b2 88 1a 67 ef a6 69 96 7d 59 e7 1e 9f fd 80 57 6a 43 77 2f 56 fc 67 ce 2c 4c 60 a3 95 7a e6 91 ab b4 8f 2b 99 99 0b d3 57 73 17 ed e3 89 2e af 22 1d 2c ba 1a 22 c3 84 3a 59 81 cf 07 a2 Data Ascii: ?\|3{yw:K'D\K}.&ow,6 8'N4SW9j{V@zb-5"LLG{rcs"ciMT;9b{cgypv\+;:x5\|nQlja%6!]8wc_aP1?&7Rx"^&4M,t1uIv:,zGIx#yYy%}W8I~5h:40,SkBc.Yl9>&9o(#}@PDk\|Qwu{T\D!gdwONPU7bs=9J@uk'FOtf?qMbUt==Tq"uoDPYv[-1X[VPJ.\|{oi%qW)KOnTO:>brDyNCn'<*4bA)]qi:[[e}>w<Ho)G:YycQx)n\z2=LJut"7\|}2W'K'.1Z-YFsO~rw#s7S{v5?n%vk+"3CR+p1&gi}YWjCw/Vg,L`z+Ws.",":Y
Oct 13, 2023 00:30:05.129498005 CEST	105	IN	Data Raw: cb 2d 46 ac ca 9d f8 0c 47 5f c9 f7 c1 d4 8e 64 cb 54 9f 7f 43 a2 e1 e3 bc 93 0d de e8 6a e9 14 d0 73 7c f5 27 a7 dd 17 e7 43 4c 49 7f ce d2 69 25 6b 0e a8 a5 eb 4d 9e fb 60 85 63 42 ee 8d fa e3 41 35 9e e6 3d 4f 3d d5 d7 2c 4d 03 8c 6a fa d9 cf Data Ascii: -FG_dTCjs\|'CLIi%kM`cBA5=O=,MjGN]j4wj,9F7KOD\|NW:qnoO.SMs3qLLNrIx~H's:pGmPxX.SY\Y:d
Oct 13, 2023 00:30:05.130028963 CEST	111	IN	Data Raw: 90 a4 e9 cb 03 78 ec 87 06 17 5a ff 18 a7 fc 20 7b ae 45 b4 34 93 74 5f 05 11 67 45 1d 51 90 4a 22 5d ea 98 38 a5 b6 7f 72 a9 5e c1 c5 cf d6 fd 3b 5f d2 0c c6 89 4c f5 fb 7f 32 f6 6f 4d c9 6d 5b 9f e0 3b ae 2b 62 7f 87 bc 37 22 41 8e 12 6f e4 85 Data Ascii: xZ {E4t_gEQJ"]8r^;_L2oMm[;+b7"AogQrx@ENl>[Ub3}T'H6<o~9{GJ/OD5v?w7EV2BCCn8/77ErY?QKtoCp#(N
Oct 13, 2023 00:30:05.130084991 CEST	113	IN	Data Raw: 33 71 43 69 59 cb 27 3d 62 16 5d fa 48 47 36 a2 48 ff 98 4b 75 3e d8 ff 91 9b fe c6 a8 6f a8 7f c7 12 fb c7 92 b6 89 87 bf 4b 91 df cb c7 7c a8 5c 7b fe e6 48 8d 58 4a b7 c4 89 d3 ca 3b 38 7e 75 d6 1e 63 f7 7b 56 55 87 47 31 80 1e 52 57 e6 dc 49 Data Ascii: 3qCiY'=b]HG6HKu>oK\|\{HXJ;8~uc{VUG1RWI;!l+?I~tLt@7Z^&')9g"TU@k@g-]'ogURGp-)~{1'GI7_zqLp^\E^eDjI
Oct 13, 2023 00:30:05.130101919 CEST	114	IN	Data Raw: 37 7c a9 0f 4c 29 52 d6 55 0c f1 1c 97 ec 5a 67 3f 98 dd 0c 93 58 cb b2 ef 51 10 3b 74 80 6b 3a e8 d8 5e 5d 50 78 ea ce c1 63 6a d4 33 36 51 c4 18 ee 9d 21 15 dd 30 63 3a 62 ba 99 fe 3e 3f cd ab fa b4 6a ba d2 ca 7e 4e 43 1f c6 ad 7f 5b 94 63 4b Data Ascii: 7\|L)RUZg?XQ;tk:^]Pxcj36Q!0c:b>?j~NC[cKSv97V{]s_e /XwYy^5\N';gFN.uO>,o%LwJG[X=92Dv{\|o0"+DktWTweV"wB
Oct 13, 2023 00:30:05.130597115 CEST	123	IN	Data Raw: 99 36 3d e1 0e 03 da d9 e5 47 74 9a 67 55 76 44 ff be e7 12 8f 74 a4 4c a5 b6 d2 9d d3 e7 b4 e8 6f b5 7b 65 3a c5 23 77 e0 8f fa 10 7a c2 08 87 dc c0 85 bb 5c 63 df cb d2 2d 23 ef 76 dc d2 8e 09 0c 36 e2 76 95 68 d0 e7 d0 6b cf de 8c ac c8 04 0a Data Ascii: 6=GtgUvDtLo{e:#wz\c-#v6vhk-$yv6T55 ]Dg{jY%un#r%qHE~=jnKO`W?A_jO\|I1R,Mt/8{ClTGzTs>ZHo=fF
Oct 13, 2023 00:30:05.130629063 CEST	125	IN	Data Raw: 2d 0e 1a 48 a0 67 f5 a7 ee fd d8 9d b1 6b e2 13 1d 79 a3 a7 f2 03 9d 2c dd 4b fe 95 a5 5b f8 ca 7a 1a 66 79 f2 e2 18 56 fd 90 fe 1c 49 e0 6e 3d c9 22 7d b4 2b f9 f0 e6 0d 14 a5 48 3a 74 e8 19 9e fc 86 bd 7e c3 b9 73 d9 9d 74 ef 51 3f c7 fa 07 f2 Data Ascii: -Hgky,K[zfyVIn="}+H:t~stQ?`'K%)]?2OsIO,uYS/sa\|Ay(8vzfcYAu\yo^-6>u_2%uE64rW;
Oct 13, 2023 00:30:05.130673885 CEST	126	IN	Data Raw: d8 ad d1 19 78 e6 8c f8 75 7a ac fc c6 6f f0 d3 c2 a9 7d c4 9b 0d 3f a9 cc 99 8e 4f 71 07 d7 ae f8 6c cd 2c dd 79 be e5 99 57 4c 30 b8 b1 32 36 f2 3b 93 5c b3 4a 5d 5d 1f f6 eb 0f d5 71 22 51 12 6c ee c2 39 fc 8a 43 ec 63 84 73 d3 6c 62 c2 c2 85 Data Ascii: xuzo}?Oql,yWL026;\J]]q"Ql9Ccslb6v{Q:9+`3-K}AdQFs4g)=.xSCRChMv'MeCsP6ghKC>GljhqvK1Fn@yFi
Oct 13, 2023 00:30:05.130743027 CEST	127	IN	Data Raw: b2 72 ba a7 0e 8d 3b b8 79 43 d7 28 60 b0 45 55 3c aa 5d f0 b8 70 8f bf 74 30 55 ec 86 3d a9 85 73 49 a3 8a 75 d8 a1 96 1f a8 39 4d cf ea d3 0c 82 3e 0d f5 80 5a 90 fc c3 a5 bc 60 9a b2 f6 c0 bd ab 63 f3 6f 79 d7 d5 73 9e 01 7f 50 7f f7 61 c9 a6 Data Ascii: r;yC(`EU<]pt0U=sIu9M>Z`coysPa"K"I5GXLb?5%<&}pAGO*M_B-ZAQz>-L+!kyt<xMgMzZj ]1M9!_G.345;jzn(Wl2lv$s
Oct 13, 2023 00:30:05.130865097 CEST	129	IN	Data Raw: 21 ff 32 0e f5 ea 84 09 c4 73 e2 eb 63 f2 4f dc 34 fc cd f9 3a 81 f8 5f f4 dc ef a4 fe ee ac a5 78 17 33 ae d4 a1 93 7c 48 d9 6e 70 b5 2e 20 e9 3e 06 b5 b5 cf e2 56 c3 f7 1c b5 a4 5a 7c 4b 83 2f ca ea ee 53 60 4e e0 a8 2a 76 30 ca bb 17 ef f2 64 Data Ascii: !2scO4:_x3\|Hnp. >VZ\|K/S`N*v0d=T^w;~$X]?f\)G7WQ5KwuKYDFflTu/tN{-l/CYB7LEI~WI_iAet<64c;bB:8=>%
Oct 13, 2023 00:30:05.130911112 CEST	130	IN	Data Raw: 4f 7e df 38 eb 2f bd ef f7 2c 4d 3a 1c f0 ca 23 25 90 66 bc 47 b7 ee c6 a9 5f c2 30 7e 9c ca fb f6 d2 92 ab f1 c7 89 18 39 97 1e 78 af 53 e7 48 95 d7 bb 86 e3 96 39 de bd a3 14 0f 64 6c 5f 20 89 a8 a0 6f 54 83 63 7f fe ef 79 53 73 c6 96 70 ae 22 Data Ascii: O~8/,M:#%fG_0~9xSH9dl_ oTcySsp"N:?G)}@3\|w?f[\o>y<08GS'9>iUlx=T.:>:{ORYNe_dOf_T+YeveQ:%y*

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:05.788088083 CEST	313	OUT	GET /infofiles/ac/appver-ac.upt HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com
Oct 13, 2023 00:30:05.951330900 CEST	314	IN	HTTP/1.0 200 OK Accept-Ranges: bytes Age: 328823 Cache-Control: max-age=604800 Content-Type: application/octet-stream Date: Thu, 12 Oct 2023 22:30:05 GMT Etag: "3018307681" Expires: Thu, 19 Oct 2023 22:30:05 GMT Last-Modified: Mon, 09 Oct 2023 03:08:48 GMT Server: ECAcc (lac/55C0) X-Cache: HIT Content-Length: 851 Connection: close Data Raw: 5b 61 70 70 76 65 72 73 69 6f 6e 5d 0d 0a 61 73 63 3d 31 36 2e 36 2e 30 2e 32 35 39 0d 0a 64 62 3d 31 30 2e 36 2e 30 2e 31 34 31 0d 0a 69 75 3d 31 33 2e 30 2e 30 2e 31 33 0d 0a 69 6d 66 3d 31 30 2e 34 2e 30 2e 31 31 30 34 0d 0a 61 73 63 75 3d 31 36 2e 32 2e 30 2e 31 38 0d 0a 73 64 3d 39 2e 30 2e 30 2e 33 30 37 0d 0a 69 6f 74 3d 34 2e 33 2e 31 2e 31 35 36 31 0d 0a 69 73 75 3d 36 2e 31 2e 30 2e 31 30 0d 0a 73 6d 38 3d 36 2e 30 2e 30 2e 32 0d 0a 73 6d 67 62 3d 35 2e 32 2e 34 2e 36 34 33 0d 0a 69 74 6f 70 3d 35 2e 30 2e 30 2e 34 37 38 35 0d 0a 69 73 72 3d 34 2e 31 2e 30 2e 38 38 39 0d 0a 69 76 62 3d 33 2e 31 2e 30 2e 32 35 35 0d 0a 69 70 62 3d 33 2e 32 2e 30 2e 32 37 35 0d 0a 69 64 72 3d 33 2e 36 2e 30 2e 31 31 32 0d 0a 64 70 6d 3d 31 2e 34 2e 30 2e 31 34 0d 0a 70 64 66 3d 33 2e 35 2e 30 2e 31 38 0d 0a 69 65 64 3d 32 2e 31 2e 30 2e 33 38 0d 0a 0d 0a 5b 50 72 6f 64 75 63 74 5f 50 5d 0d 0a 43 6f 6d 70 61 72 61 64 69 67 68 74 3d 31 0d 0a 41 63 74 69 6f 6e 43 65 6e 74 65 72 5f 43 6f 6d 70 61 72 61 64 69 67 68 74 3d 32 0d 0a 41 53 43 5f 76 65 72 73 69 6f 6e 3d 31 36 2e 36 2e 30 2e 32 35 39 0d 0a 41 53 43 55 5f 76 65 72 73 69 6f 6e 3d 31 36 2e 33 2e 30 2e 33 30 0d 0a 44 42 5f 76 65 72 73 69 6f 6e 3d 31 31 2e 30 2e 30 2e 32 31 0d 0a 46 50 5f 76 65 72 73 69 6f 6e 3d 33 2e 30 2e 32 2e 32 31 33 35 0d 0a 49 4d 46 5f 76 65 72 73 69 6f 6e 3d 31 30 2e 34 2e 30 2e 31 31 30 34 0d 0a 49 55 5f 76 65 72 73 69 6f 6e 3d 31 33 2e 31 2e 30 2e 33 0d 0a 49 4f 54 5f 76 65 72 73 69 6f 6e 3d 34 2e 33 2e 31 2e 31 35 36 31 0d 0a 49 53 55 5f 76 65 72 73 69 6f 6e 3d 36 2e 31 2e 30 2e 31 30 0d 0a 69 74 6f 70 5f 76 65 72 73 69 6f 6e 3d 35 2e 30 2e 30 2e 34 37 38 35 0d 0a 76 70 6e 5f 76 65 72 73 69 6f 6e 3d 34 2e 35 2e 31 2e 34 31 39 30 0d 0a 49 56 43 5f 76 65 72 73 69 6f 6e 3d 31 2e 30 2e 31 2e 32 36 30 36 0d 0a 53 44 5f 76 65 72 73 69 6f 6e 3d 39 2e 31 2e 30 2e 33 31 39 0d 0a 53 47 42 5f 76 65 72 73 69 6f 6e 3d 33 2e 31 2e 31 2e 31 35 31 0d 0a 53 4d 38 5f 76 65 72 73 69 6f 6e 3d 36 2e 30 2e 30 2e 32 0d 0a 53 4d 47 42 5f 76 65 72 73 69 6f 6e 3d 35 2e 32 2e 34 2e 36 34 33 0d 0a 49 53 52 5f 76 65 72 73 69 6f 6e 3d 34 2e 32 2e 30 2e 31 30 38 36 0d 0a 49 56 42 5f 76 65 72 73 69 6f 6e 3d 33 2e 30 2e 30 2e 32 34 36 0d 0a 49 50 42 5f 76 65 72 73 69 6f 6e 3d 33 2e 32 2e 30 2e 32 37 35 0d 0a 49 44 52 5f 76 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 34 37 35 0d 0a 44 50 4d 5f 76 65 72 73 69 6f 6e 3d 31 2e 34 2e 30 2e 31 34 0d 0a 50 44 46 5f 76 65 72 73 69 6f 6e 3d 33 2e 35 2e 30 2e 31 38 0d 0a 49 45 44 5f 76 65 72 73 69 6f 6e 3d 32 2e 31 2e 30 2e 33 34 0d 0a Data Ascii: [appversion]asc=16.6.0.259db=10.6.0.141iu=13.0.0.13imf=10.4.0.1104ascu=16.2.0.18sd=9.0.0.307iot=4.3.1.1561isu=6.1.0.10sm8=6.0.0.2smgb=5.2.4.643itop=5.0.0.4785isr=4.1.0.889ivb=3.1.0.255ipb=3.2.0.275idr=3.6.0.112dpm=1.4.0.14pdf=3.5.0.18ied=2.1.0.38[Product_P]Comparadight=1ActionCenter_Comparadight=2ASC_version=16.6.0.259ASCU_version=16.3.0.30DB_version=11.0.0.21FP_version=3.0.2.2135IMF_version=10.4.0.1104IU_version=13.1.0.3IOT_version=4.3.1.1561ISU_version=6.1.0.10itop_version=5.0.0.4785vpn_version=4.5.1.4190IVC_version=1.0.1.2606SD_version=9.1.0.319SGB_version=3.1.1.151SM8_version=6.0.0.2SMGB_version=5.2.4.643ISR_version=4.2.0.1086IVB_version=3.0.0.246IPB_version=3.2.0.275IDR_version=4.0.0.475DPM_version=1.4.0.14PDF_version=3.5.0.18IED_version=2.1.0.34

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:06.129302979 CEST	315	OUT	GET /infofiles/itop/itopav.upt HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com
Oct 13, 2023 00:30:06.291605949 CEST	315	IN	HTTP/1.0 200 OK Accept-Ranges: bytes Age: 4460665 Cache-Control: max-age=604800 Content-Type: application/octet-stream Date: Thu, 12 Oct 2023 22:30:06 GMT Etag: "935634287" Expires: Thu, 19 Oct 2023 22:30:06 GMT Last-Modified: Wed, 23 Feb 2022 03:42:59 GMT Server: ECAcc (lac/55D7) X-Cache: HIT Content-Length: 336 Connection: close Data Raw: ff fe 5b 00 50 00 5f 00 4d 00 63 00 41 00 66 00 65 00 65 00 5d 00 0d 00 0a 00 44 00 69 00 73 00 70 00 6c 00 61 00 79 00 4e 00 61 00 6d 00 65 00 3d 00 28 00 28 00 27 00 4d 00 63 00 41 00 66 00 65 00 65 00 27 00 20 00 26 00 20 00 28 00 27 00 41 00 6e 00 74 00 69 00 56 00 69 00 72 00 75 00 73 00 27 00 20 00 7c 00 20 00 27 00 53 00 65 00 63 00 75 00 72 00 69 00 74 00 79 00 27 00 20 00 7c 00 20 00 27 00 50 00 72 00 6f 00 74 00 65 00 63 00 74 00 69 00 6f 00 6e 00 27 00 20 00 7c 00 20 00 27 00 4c 00 69 00 76 00 65 00 53 00 61 00 66 00 65 00 27 00 20 00 7c 00 20 00 27 00 46 00 69 00 72 00 65 00 77 00 61 00 6c 00 6c 00 27 00 20 00 7c 00 20 00 27 00 56 00 50 00 4e 00 27 00 29 00 29 00 20 00 7c 00 20 00 28 00 27 00 c8 8f 4b 51 f2 83 27 00 29 00 20 00 7c 00 20 00 28 00 27 00 42 00 54 00 20 00 4e 00 65 00 74 00 50 00 72 00 6f 00 74 00 65 00 63 00 74 00 27 00 20 00 7c 00 20 00 27 00 46 00 69 00 72 00 65 00 77 00 61 00 6c 00 6c 00 27 00 20 00 7c 00 20 00 27 00 56 00 50 00 4e 00 27 00 29 00 29 00 0d 00 0a 00 Data Ascii: [P_McAfee]DisplayName=(('McAfee' & ('AntiVirus' \| 'Security' \| 'Protection' \| 'LiveSafe' \| 'Firewall' \| 'VPN')) \| ('KQ') \| ('BT NetProtect' \| 'Firewall' \| 'VPN'))

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:06.631412983 CEST	317	OUT	GET /dl/img/inst/img_screenshot_ied.png HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com
Oct 13, 2023 00:30:06.795044899 CEST	318	IN	HTTP/1.0 200 OK Accept-Ranges: bytes Age: 4461586 Cache-Control: max-age=604800 Content-Type: image/png Date: Thu, 12 Oct 2023 22:30:06 GMT Etag: "4180324065" Expires: Thu, 19 Oct 2023 22:30:06 GMT Last-Modified: Thu, 03 Aug 2023 01:28:51 GMT Server: ECAcc (lac/55CE) X-Cache: HIT Content-Length: 63485 Connection: close Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 90 00 00 01 90 08 06 00 00 00 80 bf 36 cc 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 20 00 49 44 41 54 78 5e ec 7d 07 a0 56 c5 d1 f6 dc 42 87 0b 28 28 5d 44 05 15 7b 8b 35 d8 4b f4 4b f2 c5 5e 12 8d 88 5d b1 d7 d8 4b ec d8 1b 16 ec 31 76 40 44 40 14 1b 2a 36 44 50 b1 80 62 ef 82 d2 6e fb 67 76 b6 cc ee 39 e7 bd 97 37 ff 97 a8 99 a3 97 f7 94 ad cf ce ce b3 33 bb 67 4f 05 e8 a1 08 28 02 8a 80 22 a0 08 94 81 40 45 19 71 34 8a 22 a0 08 28 02 8a 80 22 00 4a 20 2a 04 8a 80 22 a0 08 28 02 65 21 a0 04 52 16 6c 1a 49 11 50 04 14 01 45 40 09 44 65 40 11 50 04 14 01 45 a0 2c 04 94 40 ca 82 4d 23 29 02 8a 80 22 a0 08 28 81 a8 0c 28 02 8a 80 22 a0 08 94 85 80 12 48 59 b0 69 24 45 40 11 50 04 14 01 25 10 95 01 45 40 11 50 04 14 81 b2 10 50 02 29 0b 36 8d a4 08 28 02 8a 80 22 a0 04 a2 32 a0 08 28 02 8a 80 22 50 16 02 4a 20 65 c1 a6 91 14 01 45 40 11 50 04 94 40 54 06 14 01 45 40 11 50 04 ca 42 40 09 a4 2c d8 34 92 22 a0 08 28 02 8a 80 12 88 ca 80 22 a0 08 28 02 8a 40 59 08 28 81 94 05 9b 46 52 04 14 01 45 40 11 50 02 51 19 50 04 14 01 45 40 11 28 0b 01 25 90 b2 60 d3 48 8a 80 22 a0 08 28 02 4a 20 2a 03 8a 80 22 a0 08 28 02 65 21 a0 04 52 16 6c 1a 49 11 50 04 14 01 45 40 09 44 65 40 11 50 04 14 01 45 a0 2c 04 94 40 ca 82 4d 23 29 02 8a 80 22 a0 08 28 81 a8 0c 28 02 8a 80 22 a0 08 94 85 80 12 48 59 b0 69 24 45 40 11 50 04 14 01 25 10 95 01 45 40 11 50 04 14 81 b2 10 50 02 29 0b 36 8d a4 08 28 02 8a 80 22 a0 04 a2 32 a0 08 28 02 8a 80 22 50 16 02 4a 20 65 c1 a6 91 14 01 45 40 11 50 04 94 40 54 06 14 01 45 40 11 50 04 ca 42 40 09 a4 2c d8 34 92 22 a0 08 28 02 8a 80 12 88 ca 80 22 a0 08 28 02 8a 40 59 08 28 81 94 05 9b 46 52 04 14 01 45 40 11 50 02 51 19 50 04 14 01 45 40 11 28 0b 01 25 90 b2 60 d3 48 8a 80 22 a0 08 28 02 4a 20 2a 03 8a 80 22 a0 08 28 02 65 21 a0 04 52 16 6c 1a 49 11 50 04 14 01 45 40 09 44 65 40 11 50 04 14 01 45 a0 2c 04 94 40 ca 82 4d 23 29 02 8a 80 22 a0 08 28 81 a8 0c 28 02 8a 80 22 a0 08 94 85 80 12 48 59 b0 69 24 45 40 11 50 04 14 01 25 10 95 01 45 40 11 50 04 14 81 b2 10 50 02 29 0b 36 8d a4 08 28 02 8a 80 22 a0 04 a2 32 a0 08 28 02 8a 80 22 50 16 02 4a 20 65 c1 a6 91 14 01 45 40 11 50 04 94 40 54 06 14 01 45 40 11 50 04 ca 42 40 09 a4 2c d8 34 92 22 a0 08 28 02 8a 80 12 88 ca 80 22 a0 08 28 02 8a 40 59 08 28 81 94 05 9b 46 52 04 14 01 45 40 11 50 02 51 19 50 04 14 01 45 40 11 28 0b 01 25 90 b2 60 d3 48 8a 80 22 a0 08 28 02 4a 20 2a 03 8a 80 22 a0 08 28 02 65 21 a0 04 52 16 6c 1a 49 11 50 04 14 01 45 40 09 44 65 40 11 50 04 14 01 45 a0 2c 04 94 40 ca 82 4d 23 29 02 8a 80 22 a0 08 28 81 a8 0c 28 02 8a 80 22 a0 08 94 85 80 12 48 59 b0 69 24 45 40 11 50 04 14 01 25 10 95 01 45 40 11 50 04 14 81 b2 10 50 02 29 0b 36 8d a4 08 28 02 8a 80 22 a0 04 a2 32 a0 08 28 02 8a 80 22 50 16 02 4a 20 65 c1 a6 91 14 01 45 40 11 50 04 94 40 54 06 Data Ascii: PNGIHDR6sBIT\|d IDATx^}VB((]D{5KK^]K1v@D@6DPbngv973gO("@Eq4"("J "(e!RlIPE@De@PE,@M#)"(("HYi$E@P%E@PP)6("2("PJ eE@P@TE@PB@,4"("(@Y(FRE@PQPE@(%`H"(J "(e!RlIPE@De@PE,@M#)"(("HYi$E@P%E@PP)6("2("PJ eE@P@TE@PB@,4"("(@Y(FRE@PQPE@(%`H"(J "(e!RlIPE@De@PE,@M#)"(("HYi$E@P%E@PP)6("2("PJ eE@P@TE@PB@,4"("(@Y(FRE@PQPE@(%`H"(J *"(e!RlIPE@De@PE,@M#)"(("HYi$E@P%E@PP)6("2("PJ eE@P@T
Oct 13, 2023 00:30:06.795087099 CEST	319	IN	Data Raw: 14 01 45 40 11 50 04 ca 42 40 09 a4 2c d8 34 92 22 a0 08 28 02 8a 80 12 88 ca 80 22 a0 08 28 02 8a 40 59 08 28 81 94 05 9b 46 52 04 14 01 45 40 11 50 02 51 19 50 04 14 01 45 40 11 28 0b 01 25 90 b2 60 d3 48 8a 80 22 a0 08 28 02 4a 20 2a 03 8a 80 Data Ascii: E@PB@,4"("(@Y(FRE@PQPE@(%`H"(J *"(e!RlIPE@De@PE,@M#)"(("HYi$E@P%E@PP)6("2("PJ eE@P@TE@PB@,4"("
Oct 13, 2023 00:30:06.795126915 CEST	321	IN	Data Raw: 76 7c 7c dc b8 4a 9d 38 ff f9 09 aa 96 48 11 f8 4f 23 50 5d 5d dd 30 e4 80 03 16 d6 d6 d5 1d 38 7c f8 f0 bb fe d3 e5 f9 39 e4 af 04 82 ad b0 f9 e6 9b 57 0f da 6c b3 47 5e 78 f1 c5 1d c6 4f 98 00 4a 20 3f 07 d1 d4 32 28 02 3f 2f 04 70 69 6f c3 81 Data Ascii: v\|\|J8HO#P]]08\|9WlG^xOJ ?2(?/pioC,Xk8~^Fq?3[TW\|Wp{O=?;beuIO?]J RiU/QHA&9`Kjtzy(4A Gw"V
Oct 13, 2023 00:30:06.795166969 CEST	322	IN	Data Raw: d3 b9 49 69 0a a4 f3 04 da 75 24 af 24 84 50 b3 0e 61 a5 51 d4 19 c2 33 1a 75 d2 e8 91 47 8c d4 c2 c6 bd 63 6b 51 4d 6a 5d 28 5e d7 c4 92 28 cc e8 96 14 1d 45 b2 64 93 8e 1c dd b5 53 64 b2 13 f2 e8 94 94 4e c8 4b c6 67 02 23 a5 87 c1 5c fa 4e cb Data Ascii: Iiu$$PaQ3uGckQMj](^(EdSdNKg#\N,Y<z5h-ICUN1,V_CBW[c$+\|cCQalYI4v2dCm\P6;bADd{JML`
Oct 13, 2023 00:30:06.795239925 CEST	323	IN	Data Raw: b0 5b cb fd b2 c5 b9 18 07 09 4c 2a dc c6 2c 35 89 95 c5 d5 e5 f4 0d 81 04 cb 32 1a 78 51 dd 88 40 d0 2a 30 f2 82 6e 2a f7 3c 33 11 cf 10 7b d2 4c eb ca d7 59 55 27 f3 33 ab b6 1c c1 db f4 5e 7f fd 61 25 90 a4 5f a5 97 4a 20 88 48 29 0b e4 6f 07 Data Ascii: [L,52xQ@0n<3{LYU'3^a%_J H)oE/O,Br1YO%DQ&}w:MsZdZG8y<~#?YVz{Shp'Fa3aFfh&y-3c\&`x{fgZRjXj*\j={e
Oct 13, 2023 00:30:06.795370102 CEST	325	IN	Data Raw: c2 76 30 a3 6c 10 cd 97 a6 4f b6 6a 25 d6 b4 e9 28 3a ab 87 4b 68 b4 dc 9e 19 df f4 1e 5e d9 cb 9d 0e 4e 34 ad 54 26 b1 66 2e a5 aa 72 9e e5 55 4a d4 3e 56 31 e2 aa 20 5e 26 07 ab fd 3c 49 26 9a b3 18 b1 a0 74 b2 a5 ce 19 29 27 1a 87 42 ac d6 77 Data Ascii: v0lOj%(:Kh^N4T&f.rUJ>V1 ^&<I&t)'Bwu;ng#X@D,XWyK"%/~Tz%&9~OkxBH=?+koyzR'\|-#{-;.8nCx.CUXjUAMQO=vcE@B_7\$$Q^
Oct 13, 2023 00:30:06.795409918 CEST	326	IN	Data Raw: 39 8f 65 4b 1e 45 4d 6b 94 7b 24 03 7c 15 dd 2b 48 2b 4f 8e 8a 90 a4 f7 76 06 f4 44 02 31 3b fd f2 d6 8f 94 8b 5b 57 c7 5b dd c4 c7 c3 2f de 9b b1 40 94 40 62 8c 94 40 10 8f 92 04 72 d8 19 8c 58 e2 6b 75 a3 22 39 82 a1 09 b9 67 de 7c d9 8a 66 4e Data Ascii: 9eKEMk{$\|+H+OvD1;[W[/@@b@rXku"9g\|fNrLG`y(DSE"@(~C?[#,i>=t?9p_};cFAL#&[mm5'\|{Y8SwmX}e\x?sf}7]vCGc
Oct 13, 2023 00:30:06.795483112 CEST	327	IN	Data Raw: 34 b7 bb 2b 91 cd 6d 33 71 33 df 4e 49 b0 c5 b6 1a d8 8b 09 c4 59 1b b4 a4 97 b6 a6 37 73 9b 76 ff 2d 96 2f de ab ec fe 17 d4 85 95 2f a1 e1 6e b3 f5 4f 53 09 fd 92 9f 97 22 90 ab 87 9e 8e c2 6f 86 2b a1 df d3 ea 8d 48 80 83 4b ea e9 37 5e b2 04 Data Ascii: 4+m3q3NIY7sv-//nOS"o+HK7^CN]'yP\$domwyA>6;h,;d'/-;ag}h2q${>,T"+fAVz\}\b&%z+e
Oct 13, 2023 00:30:06.795555115 CEST	329	IN	Data Raw: 99 17 09 d3 55 58 b7 1d 77 b2 f9 68 8e fd 2a 86 d7 06 ac 18 e9 c3 3a f1 c7 92 26 bc f6 b2 f7 a5 4a 92 91 5a 36 af 53 49 1d 50 52 0d d8 87 cd 51 5a 51 03 15 25 5a 5a e7 64 46 a3 9c 66 a2 8a 13 65 90 67 91 48 22 91 ca 86 ce 53 65 19 13 52 a8 45 aa Data Ascii: UXwh*:&JZ6SIPRQZQ%ZZdFfegH"SeRE"R1G%b6ic7_TYT2.KcM[@r@OUu^J@ C2"(m"e.~QPHIQ}Xhxg.vua!A:E~G
Oct 13, 2023 00:30:06.795594931 CEST	330	IN	Data Raw: e1 c7 1e 7b ec 88 52 b2 f8 df f2 4c 09 04 5b 9a 08 a4 13 12 c8 04 24 90 31 09 81 8c 39 9d df 8a f6 8a c1 8f 76 4c d7 0b ee 2c 1a c6 e0 46 6d 8f bd 42 ab b0 ac b2 c9 51 b2 69 27 c8 76 1e a1 94 64 4f 11 5d 3c 4f e1 35 5b d9 24 69 fa b2 26 09 e4 11 Data Ascii: {RL[$19vL,FmBQi'vdO]<O5[$i&E$?H+MzJ?NX-d\}gHcX62^\p8+qNf-#A9Z4tSH93EB'&r@"FVe_a%?xE
Oct 13, 2023 00:30:06.795664072 CEST	332	IN	Data Raw: df fb 91 be bd 7b 26 65 b7 32 39 f2 c8 23 cd 5e 58 4a 20 0c 5c 93 83 96 52 1d f5 d7 f2 8c 08 a4 73 a7 4e a3 26 4c 98 b0 dd a3 09 81 bc 36 ec 74 1e 9d e1 ff 34 5a 24 02 31 6f 05 e0 35 7d 06 b3 82 de 50 27 df 69 43 bd 79 9f e0 de c9 d6 dd 61 95 a7 Data Ascii: {&e29#^XJ \RsN&L6t4Z$1o5}P'iCya4GU]w$L$EQ.Y"//;xFIy+}f[f!klV2Y$tbHEFNJ4K%S"#K/mQ<I+/G+9j

Timestamp	kBytes transferred	Direction	Data
Oct 13, 2023 00:30:07.122168064 CEST	388	OUT	GET /dl/img/inst/logo_ied.png HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, / User-Agent: Mozilla/4.0 Host: update.iobit.com
Oct 13, 2023 00:30:07.284154892 CEST	390	IN	HTTP/1.0 200 OK Accept-Ranges: bytes Age: 4461587 Cache-Control: max-age=604800 Content-Type: image/png Date: Thu, 12 Oct 2023 22:30:07 GMT Etag: "452507291" Expires: Thu, 19 Oct 2023 22:30:07 GMT Last-Modified: Tue, 30 Aug 2022 02:54:20 GMT Server: ECAcc (lac/5596) X-Cache: HIT Content-Length: 5033 Connection: close Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 01 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 32 20 37 39 2e 31 36 34 34 38 38 2c 20 32 30 32 30 2f 30 37 2f 31 30 2d 32 32 3a 30 36 3a 35 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 20 78 6d 6c 6e 73 3a 73 74 45 76 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 64 63 3d 22 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 65 6c 65 6d 65 6e 74 73 2f 31 2e 31 2f 22 20 78 6d 6c 6e 73 3a 70 68 6f 74 6f 73 68 6f 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 70 68 6f 74 6f 73 68 6f 70 2f 31 2e 30 2f 22 20 78 6d 70 4d 4d 3a 4f 72 69 67 69 6e 61 6c 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 32 42 30 30 37 43 31 35 42 41 45 37 45 32 31 31 38 36 34 46 46 32 38 38 35 34 43 42 43 33 36 34 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 43 44 32 35 46 45 45 38 30 37 30 46 31 31 45 44 42 31 31 37 43 38 32 34 31 35 45 44 32 33 37 41 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 31 38 37 36 38 31 65 38 2d 65 32 39 65 2d 34 32 34 61 2d 62 39 33 32 2d 39 34 65 39 62 61 65 61 65 63 39 62 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 43 20 32 30 31 37 20 28 57 69 6e 64 6f 77 73 29 22 20 78 6d 70 3a 43 72 65 61 74 65 44 61 74 65 3d 22 32 30 32 32 2d 30 38 2d 33 30 54 31 30 3a 30 35 3a 30 34 2b 30 38 3a 30 30 22 20 78 6d 70 3a 4d 6f 64 69 66 79 44 61 74 Data Ascii: PNGIHDR22?pHYsiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmpMM:OriginalDocumentID="xmp.did:2B007C15BAE7E211864FF28854CBC364" xmpMM:DocumentID="xmp.did:CD25FEE8070F11EDB117C82415ED237A" xmpMM:InstanceID="xmp.iid:187681e8-e29e-424a-b932-94e9baeaec9b" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmp:CreateDate="2022-08-30T10:05:04+08:00" xmp:ModifyDat
Oct 13, 2023 00:30:07.284198046 CEST	391	IN	Data Raw: 65 3d 22 32 30 32 32 2d 30 38 2d 33 30 54 31 30 3a 30 36 3a 31 38 2b 30 38 3a 30 30 22 20 78 6d 70 3a 4d 65 74 61 64 61 74 61 44 61 74 65 3d 22 32 30 32 32 2d 30 38 2d 33 30 54 31 30 3a 30 36 3a 31 38 2b 30 38 3a 30 30 22 20 64 63 3a 66 6f 72 6d Data Ascii: e="2022-08-30T10:06:18+08:00" xmp:MetadataDate="2022-08-30T10:06:18+08:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:86dd2433-17ec-4642-bfeb-a80e3dc6803
Oct 13, 2023 00:30:07.284235001 CEST	392	IN	Data Raw: 08 fc f8 fd d9 ea 80 28 82 8c 07 6b af 5b c6 dc 15 37 f0 e0 1f de c9 f8 d0 41 0a 73 16 a3 a1 df 7a d3 9d 9b ad 5f 11 c1 af 4d 71 ee f4 30 77 dc f3 20 2b d7 5c c3 d1 83 11 53 13 01 46 a4 2e b4 88 34 00 8a ef 51 65 28 eb b1 f6 86 6b b9 fb cf ee e5 Data Ascii: (k[7Asz_Mq0w +\SF.4Qe(kE\|+ajGD2W,/ycj1k?lWPI5J%b8szRu.&`b<"}_&'CNw5J7>J3/xtYvyjYFW]GaLB\|yS1J
Oct 13, 2023 00:30:07.284272909 CEST	394	IN	Data Raw: d0 47 9d b6 ad d7 da 02 51 85 5c 3e cb d1 23 87 a9 54 e6 f2 f0 e7 be c0 8d 37 6f 40 bd 02 ae 4d 0f ad 4e 09 9d b2 60 c1 e5 2c 9f 9f 67 5b 3f 3c f9 32 bc fa d5 df 67 cf cb cf 10 01 77 fc c1 1f f1 5b bf f6 7e 32 85 0e fc 20 ac 6f 44 da 6d 02 58 63 Data Ascii: GQ\>#T7o@MN`,g[?<2gw[~2 oDmXc$v_%K4L& ~<ojjh{*cY}/8<t/>Pcz'C_A`imZ&=_}~5{;rAX#
Oct 13, 2023 00:30:07.284311056 CEST	394	IN	Data Raw: 58 c3 13 13 93 84 61 eb 8d 68 45 e5 72 19 11 69 a7 89 94 7e e2 a9 ea 53 aa da 1e 08 c9 01 4c ae 40 36 df a6 cf 6c 22 55 88 9a e2 72 1c 44 20 97 cb 91 cf e7 a7 bf 78 81 1f 19 5c 00 40 4a af 48 b1 58 ec 75 ce ed 12 91 16 7e f2 ff 86 6e f0 9c 73 27 Data Ascii: XahEri~SL@6l"UrD x\@JHXu~ns':q~t~cNS"C\|;"m;f ~"</]tmQKAmx?,"%gtQqD<)"?N~(IENDB`

Target ID:	0
Start time:	00:29:47
Start date:	13/10/2023
Path:	C:\Users\user\Desktop\driver booster setup.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\driver booster setup.exe
Imagebase:	0x400000
File size:	25'763'240 bytes
MD5 hash:	D242A796EBC0219DC52B49B8F1D1AF7A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	00:29:48
Start date:	13/10/2023
Path:	C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-FLQS7.tmp\driver booster setup.tmp" /SL5="$2046E,25039561,139264,C:\Users\user\Desktop\driver booster setup.exe"
Imagebase:	0x400000
File size:	1'214'488 bytes
MD5 hash:	68B52A0B8E3D45BF3B520A0E7F16DAD1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000003.1751330587.00000000075B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report driver booster setup.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\IObit\iobitpromotion.ini

C:\Users\user\AppData\Local\Temp\1697157002\ARABIC.lng

C:\Users\user\AppData\Local\Temp\1697157002\CATALAN.lng

C:\Users\user\AppData\Local\Temp\1697157002\CHINESESIMP.lng

C:\Users\user\AppData\Local\Temp\1697157002\CHINESETRAD.lng

C:\Users\user\AppData\Local\Temp\1697157002\CZECH.lng

C:\Users\user\AppData\Local\Temp\1697157002\DANISH.lng

C:\Users\user\AppData\Local\Temp\1697157002\DUTCH.lng

C:\Users\user\AppData\Local\Temp\1697157002\ENGLISH.lng

C:\Users\user\AppData\Local\Temp\1697157002\FINNISH.lng

C:\Users\user\AppData\Local\Temp\1697157002\FRENCH.lng

C:\Users\user\AppData\Local\Temp\1697157002\GEORGIAN.lng

C:\Users\user\AppData\Local\Temp\1697157002\GERMAN.lng

C:\Users\user\AppData\Local\Temp\1697157002\GREEK.lng

C:\Users\user\AppData\Local\Temp\1697157002\HEBREW.lng

C:\Users\user\AppData\Local\Temp\1697157002\HUNGARIAN.lng

C:\Users\user\AppData\Local\Temp\1697157002\INDONESIAN.lng

C:\Users\user\AppData\Local\Temp\1697157002\ITALIAN.lng

C:\Users\user\AppData\Local\Temp\1697157002\JAPANESE.lng

C:\Users\user\AppData\Local\Temp\1697157002\KOREAN.lng

C:\Users\user\AppData\Local\Temp\1697157002\LATVIAN.lng

Windows Analysis Report
driver booster setup.exe

Target ID:	2
Start time:	00:29:57
Start date:	13/10/2023
Path:	C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe" "C:\Users\user\Desktop\driver booster setup.exe" /title="Driver Booster 9" /dbver=9.4.0.233 /eula="C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
Imagebase:	0x400000
File size:	6'075'480 bytes
MD5 hash:	6233816372E39E2E2D22787A649D0187
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000002.00000000.1747731405.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\is-MK7O5.tmp-dbinst\setup.exe, Author: Joe Security
Reputation:	low
Has exited:	false

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	71
Total number of Limit Nodes:	1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Loaded DLLs, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre