URL:

https://cdn.iobit.com/dl/driver_booster_setup.exe

Full analysis: https://app.any.run/tasks/78bb80dd-492b-4cbf-b570-4f12e746616f
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 16, 2025, 15:40:29
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
delphi
arch-doc
stealer
inno
installer
antivm
Indicators:
MD5:

5DD8F7B158903767A2771C3696D6988C

SHA1:

AF784185586060811EA556C44045BC402574D710

SHA256:

679DB311D40A364ADF89081C844E78BA7670ACF8B1AFEDF09F412F8C538BBF2A

SSDEEP:

3:N8coPxkKWRpHRu4A:2cQkDDu4A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Runs injected code in another process

      • ICONPIN64.exe (PID: 2324)

    • Application was injected by another process

      • explorer.exe (PID: 4488)

    • Actions looks like stealing of personal data

      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1916)
      • CareScan.exe (PID: 1080)
      • CareScan.exe (PID: 5160)

    • Steals credentials from Web Browsers

      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1080)
      • CareScan.exe (PID: 1916)
      • CareScan.exe (PID: 5160)

  • SUSPICIOUS

    • Cleans NTFS data stream (Zone Identifier)

      • chrome.exe (PID: 6384)

    • Executable content was dropped or overwritten

      • driver_booster_setup.exe (PID: 4996)
      • driver_booster_setup.exe (PID: 848)
      • driver_booster_setup.tmp (PID: 644)
      • driver_booster_setup.tmp (PID: 5308)
      • HWiNFO.exe (PID: 5748)
      • driver_booster_setup.exe (PID: 3840)

    • Reads security settings of Internet Explorer

      • driver_booster_setup.tmp (PID: 644)
      • driver_booster_setup.tmp (PID: 4624)
      • setup.exe (PID: 6364)
      • DriverBooster.exe (PID: 6948)
      • driver_booster_setup.tmp (PID: 5308)
      • AutoUpdate.exe (PID: 7076)
      • ProductStat3.exe (PID: 904)
      • DismHost.exe (PID: 5308)
      • CareScan.exe (PID: 3152)

    • Reads the Windows owner or organization settings

      • driver_booster_setup.tmp (PID: 644)
      • driver_booster_setup.tmp (PID: 5308)

    • Searches for installed software

      • setup.exe (PID: 6364)
      • InstStat.exe (PID: 7148)
      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1916)
      • CareScan.exe (PID: 1080)
      • DriverBooster.exe (PID: 6948)

    • Process drops SQLite DLL files

      • driver_booster_setup.tmp (PID: 5308)

    • Drops 7-zip archiver for unpacking

      • driver_booster_setup.tmp (PID: 5308)

    • Process drops legitimate windows executable

      • driver_booster_setup.tmp (PID: 5308)

    • Drops a system driver (possible attempt to evade defenses)

      • HWiNFO.exe (PID: 5748)

    • Checks Windows Trust Settings

      • DriverBooster.exe (PID: 6948)
      • DismHost.exe (PID: 5308)

    • Adds/modifies Windows certificates

      • DriverBooster.exe (PID: 6948)

    • Checks for Java to be installed

      • DriverBooster.exe (PID: 6948)

    • Application launched itself

      • ProductStat3.exe (PID: 904)

    • Detected use of alternative data streams (AltDS)

      • HVCIFix.exe (PID: 4912)

    • The process creates files with name similar to system file names

      • HVCIFix.exe (PID: 4912)

    • Starts a Microsoft application from unusual location

      • DismHost.exe (PID: 5308)

    • There is functionality for taking screenshot (YARA)

      • DriverBooster.exe (PID: 6948)
      • CareScan.exe (PID: 3152)

    • The process verifies whether the antivirus software is installed

      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1916)
      • CareScan.exe (PID: 1080)

    • There is functionality for communication over UDP network (YARA)

      • DriverBooster.exe (PID: 6948)
      • CareScan.exe (PID: 3152)

    • Reads Microsoft Outlook installation path

      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 1916)

    • Starts CMD.EXE for commands execution

      • CareScan.exe (PID: 3152)

    • Process uses IPCONFIG to clear DNS cache

      • cmd.exe (PID: 2076)

    • There is functionality for VM detection VMWare (YARA)

      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1916)

    • Creates or modifies Windows services

      • CareScan.exe (PID: 6256)

  • INFO

    • Checks supported languages

      • driver_booster_setup.tmp (PID: 4624)
      • driver_booster_setup.exe (PID: 848)
      • driver_booster_setup.exe (PID: 4996)
      • driver_booster_setup.tmp (PID: 644)
      • setup.exe (PID: 6364)
      • driver_booster_setup.tmp (PID: 5308)
      • driver_booster_setup.exe (PID: 3840)
      • SetupHlp.exe (PID: 6012)
      • RttHlp.exe (PID: 536)
      • HWiNFO.exe (PID: 5748)
      • ICONPIN64.exe (PID: 2324)
      • InstStat.exe (PID: 7148)
      • SetupHlp.exe (PID: 3848)
      • Manta.exe (PID: 7040)
      • ProductStat3.exe (PID: 7080)
      • AutoUpdate.exe (PID: 7076)
      • asrft.exe (PID: 6852)
      • DriverBooster.exe (PID: 6948)
      • NoteIcon.exe (PID: 6856)
      • Manta.exe (PID: 6776)
      • RttHlp.exe (PID: 5696)
      • ProductStat3.exe (PID: 6544)
      • ScanWinUpd.exe (PID: 6392)
      • RttHlp.exe (PID: 3140)
      • SetupHlp.exe (PID: 6596)
      • AUpdate.exe (PID: 3416)
      • Manta.exe (PID: 3540)
      • ProductStat3.exe (PID: 3560)
      • DBDownloader.exe (PID: 4264)
      • rma.exe (PID: 1448)
      • ScanWinUpd.exe (PID: 1480)
      • DBDownloader.exe (PID: 2292)
      • Manta.exe (PID: 2088)
      • ProductStat3.exe (PID: 3832)
      • Manta.exe (PID: 5788)
      • HVCIFix.exe (PID: 4912)
      • ProductStat3.exe (PID: 904)
      • Manta.exe (PID: 5460)
      • ProductStat3.exe (PID: 7060)
      • ProductStat3.exe (PID: 4244)
      • x64Proxy.exe (PID: 556)
      • Manta.exe (PID: 6096)
      • ProductStat3.exe (PID: 2428)
      • DismHost.exe (PID: 5308)
      • Manta.exe (PID: 3724)
      • RttHlp.exe (PID: 4020)
      • Boost.exe (PID: 6932)
      • CareScan.exe (PID: 4512)
      • ProductStat3.exe (PID: 7064)
      • ProductStat3.exe (PID: 6840)
      • Manta.exe (PID: 6928)
      • Manta.exe (PID: 6832)
      • Manta.exe (PID: 7000)
      • ProductStat3.exe (PID: 6388)
      • Manta.exe (PID: 244)
      • CareScan.exe (PID: 3152)
      • ProductStat3.exe (PID: 4228)
      • ProductStat3.exe (PID: 4724)
      • Manta.exe (PID: 6176)
      • ProductStat3.exe (PID: 6544)
      • Manta.exe (PID: 5316)
      • CareScan.exe (PID: 6256)
      • ProductStat3.exe (PID: 1400)
      • Manta.exe (PID: 2124)
      • CareScan.exe (PID: 1916)
      • ProductStat3.exe (PID: 4140)
      • CareScan.exe (PID: 1080)
      • Manta.exe (PID: 7112)
      • ProductStat3.exe (PID: 2040)
      • Manta.exe (PID: 5576)
      • ProductStat3.exe (PID: 1804)
      • Manta.exe (PID: 6976)
      • Manta.exe (PID: 2904)
      • ProductStat3.exe (PID: 6160)
      • Manta.exe (PID: 2324)
      • CareScan.exe (PID: 5160)
      • ProductStat3.exe (PID: 3820)
      • ProductStat3.exe (PID: 6996)
      • DpInstX64.exe (PID: 4972)
      • DpInstX64.exe (PID: 5004)
      • DpInstX64.exe (PID: 7120)
      • DpInstX64.exe (PID: 2160)
      • DpInstX64.exe (PID: 5176)
      • DpInstX64.exe (PID: 6920)
      • DpInstX64.exe (PID: 1608)
      • DpInstX64.exe (PID: 3544)
      • DpInstX64.exe (PID: 484)
      • DpInstX64.exe (PID: 784)
      • DpInstX64.exe (PID: 7008)
      • DpInstX64.exe (PID: 1576)
      • DpInstX64.exe (PID: 3084)
      • DpInstX64.exe (PID: 3056)
      • DpInstX64.exe (PID: 2148)
      • DpInstX64.exe (PID: 6192)
      • DpInstX64.exe (PID: 3104)
      • DpInstX64.exe (PID: 7052)
      • DpInstX64.exe (PID: 6668)
      • DpInstX64.exe (PID: 6640)
      • DpInstX64.exe (PID: 6680)
      • DpInstX64.exe (PID: 3264)
      • DpInstX64.exe (PID: 5400)
      • DpInstX64.exe (PID: 6632)
      • DpInstX64.exe (PID: 3680)
      • DpInstX64.exe (PID: 7040)
      • DpInstX64.exe (PID: 640)
      • DpInstX64.exe (PID: 3620)
      • DpInstX64.exe (PID: 5300)
      • DpInstX64.exe (PID: 1344)
      • DpInstX64.exe (PID: 6776)
      • DpInstX64.exe (PID: 5936)
      • DpInstX64.exe (PID: 1856)
      • DpInstX64.exe (PID: 2928)
      • DpInstX64.exe (PID: 1580)
      • DpInstX64.exe (PID: 6832)
      • DpInstX64.exe (PID: 4996)
      • DpInstX64.exe (PID: 5604)
      • DpInstX64.exe (PID: 3560)
      • DpInstX64.exe (PID: 68)
      • DpInstX64.exe (PID: 716)
      • DpInstX64.exe (PID: 4468)
      • FaultFixes.exe (PID: 4824)
      • Manta.exe (PID: 4384)
      • Manta.exe (PID: 6952)
      • DpInstX64.exe (PID: 2956)
      • ProductStat3.exe (PID: 6612)

    • Create files in a temporary directory

      • driver_booster_setup.exe (PID: 4996)
      • driver_booster_setup.tmp (PID: 644)
      • setup.exe (PID: 6364)
      • driver_booster_setup.exe (PID: 3840)
      • driver_booster_setup.exe (PID: 848)
      • driver_booster_setup.tmp (PID: 5308)
      • HWiNFO.exe (PID: 5748)
      • ICONPIN64.exe (PID: 2324)
      • explorer.exe (PID: 4488)
      • HVCIFix.exe (PID: 4912)
      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 1916)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1080)
      • CareScan.exe (PID: 5160)

    • Reads the computer name

      • driver_booster_setup.tmp (PID: 4624)
      • driver_booster_setup.tmp (PID: 644)
      • setup.exe (PID: 6364)
      • driver_booster_setup.tmp (PID: 5308)
      • HWiNFO.exe (PID: 5748)
      • SetupHlp.exe (PID: 6012)
      • InstStat.exe (PID: 7148)
      • SetupHlp.exe (PID: 3848)
      • DriverBooster.exe (PID: 6948)
      • AutoUpdate.exe (PID: 7076)
      • NoteIcon.exe (PID: 6856)
      • asrft.exe (PID: 6852)
      • ProductStat3.exe (PID: 6544)
      • AUpdate.exe (PID: 3416)
      • ScanWinUpd.exe (PID: 6392)
      • SetupHlp.exe (PID: 6596)
      • ProductStat3.exe (PID: 3560)
      • DBDownloader.exe (PID: 4264)
      • ProductStat3.exe (PID: 3832)
      • ScanWinUpd.exe (PID: 1480)
      • ProductStat3.exe (PID: 904)
      • ProductStat3.exe (PID: 2428)
      • ProductStat3.exe (PID: 7060)
      • HVCIFix.exe (PID: 4912)
      • DismHost.exe (PID: 5308)
      • CareScan.exe (PID: 4512)
      • ProductStat3.exe (PID: 6840)
      • Boost.exe (PID: 6932)
      • ProductStat3.exe (PID: 7064)
      • ProductStat3.exe (PID: 4724)
      • ProductStat3.exe (PID: 6388)
      • ProductStat3.exe (PID: 4228)
      • CareScan.exe (PID: 3152)
      • ProductStat3.exe (PID: 6544)
      • ProductStat3.exe (PID: 1400)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1916)
      • ProductStat3.exe (PID: 4140)
      • CareScan.exe (PID: 1080)
      • ProductStat3.exe (PID: 2040)
      • CareScan.exe (PID: 5160)
      • ProductStat3.exe (PID: 1804)
      • ProductStat3.exe (PID: 6160)
      • ProductStat3.exe (PID: 3820)
      • ProductStat3.exe (PID: 6996)
      • DpInstX64.exe (PID: 5004)
      • DpInstX64.exe (PID: 2160)
      • DpInstX64.exe (PID: 5176)
      • DpInstX64.exe (PID: 4972)
      • DpInstX64.exe (PID: 7120)
      • DpInstX64.exe (PID: 6920)
      • DpInstX64.exe (PID: 7008)
      • DpInstX64.exe (PID: 1608)
      • DpInstX64.exe (PID: 3544)
      • DpInstX64.exe (PID: 1576)
      • DpInstX64.exe (PID: 3084)
      • DpInstX64.exe (PID: 3056)
      • DpInstX64.exe (PID: 2148)
      • DpInstX64.exe (PID: 3264)
      • DpInstX64.exe (PID: 484)
      • DpInstX64.exe (PID: 784)
      • DpInstX64.exe (PID: 3104)
      • DpInstX64.exe (PID: 6668)
      • DpInstX64.exe (PID: 5400)
      • DpInstX64.exe (PID: 6640)
      • DpInstX64.exe (PID: 6680)
      • DpInstX64.exe (PID: 6192)
      • DpInstX64.exe (PID: 7052)
      • DpInstX64.exe (PID: 640)
      • DpInstX64.exe (PID: 7040)
      • DpInstX64.exe (PID: 3620)
      • DpInstX64.exe (PID: 1580)
      • DpInstX64.exe (PID: 5300)
      • DpInstX64.exe (PID: 6632)
      • DpInstX64.exe (PID: 3680)
      • DpInstX64.exe (PID: 6832)
      • DpInstX64.exe (PID: 6776)
      • DpInstX64.exe (PID: 1344)
      • DpInstX64.exe (PID: 1856)
      • DpInstX64.exe (PID: 5936)
      • DpInstX64.exe (PID: 4996)
      • DpInstX64.exe (PID: 5604)
      • DpInstX64.exe (PID: 3560)
      • DpInstX64.exe (PID: 2928)
      • DpInstX64.exe (PID: 716)
      • DpInstX64.exe (PID: 4468)
      • ProductStat3.exe (PID: 6612)
      • DpInstX64.exe (PID: 68)
      • DpInstX64.exe (PID: 2956)
      • DBDownloader.exe (PID: 2292)

    • The sample compiled with english language support

      • driver_booster_setup.tmp (PID: 644)
      • driver_booster_setup.tmp (PID: 5308)
      • HWiNFO.exe (PID: 5748)

    • Process checks computer location settings

      • driver_booster_setup.tmp (PID: 4624)
      • driver_booster_setup.tmp (PID: 644)
      • DriverBooster.exe (PID: 6948)
      • setup.exe (PID: 6364)
      • driver_booster_setup.tmp (PID: 5308)
      • AutoUpdate.exe (PID: 7076)
      • ProductStat3.exe (PID: 904)
      • CareScan.exe (PID: 3152)

    • Application launched itself

      • chrome.exe (PID: 6384)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6384)

    • Creates files in the program directory

      • setup.exe (PID: 6364)
      • driver_booster_setup.tmp (PID: 5308)
      • SetupHlp.exe (PID: 6012)
      • RttHlp.exe (PID: 536)
      • InstStat.exe (PID: 7148)
      • DriverBooster.exe (PID: 6948)
      • ProductStat3.exe (PID: 7080)
      • AutoUpdate.exe (PID: 7076)
      • DBDownloader.exe (PID: 4264)
      • HVCIFix.exe (PID: 4912)
      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 6256)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6364)
      • explorer.exe (PID: 4488)
      • InstStat.exe (PID: 7148)
      • AutoUpdate.exe (PID: 7076)
      • AUpdate.exe (PID: 3416)
      • HVCIFix.exe (PID: 4912)
      • Boost.exe (PID: 6932)
      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1916)
      • CareScan.exe (PID: 1080)
      • DpInstX64.exe (PID: 4972)
      • DriverBooster.exe (PID: 6948)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6364)
      • ICONPIN64.exe (PID: 2324)
      • InstStat.exe (PID: 7148)
      • asrft.exe (PID: 6852)
      • AutoUpdate.exe (PID: 7076)
      • DriverBooster.exe (PID: 6948)
      • ScanWinUpd.exe (PID: 6392)
      • AUpdate.exe (PID: 3416)
      • DBDownloader.exe (PID: 4264)
      • ProductStat3.exe (PID: 3832)
      • DismHost.exe (PID: 5308)
      • ScanWinUpd.exe (PID: 1480)

    • Compiled with Borland Delphi (YARA)

      • setup.exe (PID: 6364)
      • driver_booster_setup.tmp (PID: 5308)
      • driver_booster_setup.exe (PID: 3840)
      • CareScan.exe (PID: 3152)
      • CareScan.exe (PID: 6256)
      • CareScan.exe (PID: 1916)
      • DriverBooster.exe (PID: 6948)

    • Creates a software uninstall entry

      • driver_booster_setup.tmp (PID: 5308)

    • Detects InnoSetup installer (YARA)

      • driver_booster_setup.exe (PID: 3840)
      • driver_booster_setup.tmp (PID: 5308)

    • Reads CPU info

      • DriverBooster.exe (PID: 6948)

    • Reads the software policy settings

      • DriverBooster.exe (PID: 6948)
      • DismHost.exe (PID: 5308)

    • The sample compiled with arabic language support

      • driver_booster_setup.tmp (PID: 5308)

    • Reads Environment values

      • DismHost.exe (PID: 5308)

    • Reads Microsoft Office registry keys

      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 3152)

    • Reads mouse settings

      • CareScan.exe (PID: 4512)
      • CareScan.exe (PID: 6256)

    • Checks proxy server information

      • DriverBooster.exe (PID: 6948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
273
Monitored processes
143
Malicious processes
15
Suspicious processes
3

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs driver_booster_setup.exe driver_booster_setup.tmp no specs driver_booster_setup.exe driver_booster_setup.tmp setup.exe driver_booster_setup.exe driver_booster_setup.tmp hwinfo.exe setuphlp.exe no specs rtthlp.exe no specs iconpin64.exe inststat.exe driverbooster.exe setuphlp.exe no specs manta.exe no specs productstat3.exe no specs autoupdate.exe asrft.exe noteicon.exe rtthlp.exe no specs manta.exe no specs productstat3.exe no specs scanwinupd.exe rtthlp.exe setuphlp.exe no specs aupdate.exe manta.exe no specs productstat3.exe no specs dbdownloader.exe rma.exe no specs scanwinupd.exe dbdownloader.exe manta.exe no specs productstat3.exe manta.exe no specs hvcifix.exe no specs productstat3.exe no specs productstat3.exe no specs x64proxy.exe no specs conhost.exe no specs manta.exe no specs productstat3.exe no specs manta.exe no specs productstat3.exe no specs dismhost.exe no specs manta.exe no specs rtthlp.exe no specs boost.exe no specs productstat3.exe no specs manta.exe no specs productstat3.exe no specs carescan.exe manta.exe no specs manta.exe no specs productstat3.exe no specs productstat3.exe no specs manta.exe no specs productstat3.exe no specs manta.exe no specs carescan.exe productstat3.exe no specs cmd.exe no specs conhost.exe no specs ipconfig.exe no specs manta.exe no specs carescan.exe productstat3.exe no specs manta.exe no specs carescan.exe productstat3.exe no specs manta.exe no specs carescan.exe productstat3.exe no specs manta.exe no specs carescan.exe productstat3.exe no specs manta.exe no specs productstat3.exe no specs manta.exe no specs productstat3.exe no specs manta.exe no specs productstat3.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs dpinstx64.exe no specs faultfixes.exe no specs manta.exe no specs productstat3.exe no specs manta.exe no specs productstat3.exe no specs offlineupdater.exe no specs explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
68"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\Drvinstall\DpinstX64.exe" /u "NULL" STORAGE\VOLUME\{220EECFC-8567-11EB-B45B-806E6F6E6963}#0000003FCB800000C:\Program Files (x86)\IObit\Driver Booster\12.2.0\DrvInstall\DpInstX64.exeDriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Installer
Exit code:
0
Version:
12.2.0.66
244"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\Manta.exe" /CommStat /DoCommStat /Code="176" /PostNow=0 /Wait=0 /Path="" /ExtParam=""C:\Program Files (x86)\IObit\Driver Booster\12.2.0\Manta.exeDriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Manta
Exit code:
0
Version:
12.0.0.20
484"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\Drvinstall\DpinstX64.exe" /u "NULL" SW\{DDF4358E-BB2C-11D0-A42F-00A0C9223196}\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}C:\Program Files (x86)\IObit\Driver Booster\12.2.0\DrvInstall\DpInstX64.exeDriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Installer
Exit code:
0
Version:
12.2.0.66
536"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\RttHlp.exe" /winstdateC:\Program Files (x86)\IObit\Driver Booster\12.2.0\RttHlp.exeSetupHlp.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit RttHlp
Exit code:
0
Version:
12.0.0.3
Modules
Images
c:\program files (x86)\iobit\driver booster\12.2.0\rtthlp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
556"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\x64Proxy.exe" /IncompDriversC:\Program Files (x86)\IObit\Driver Booster\12.2.0\x64Proxy.exeHVCIFix.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Booster 64 bit proxy program
Exit code:
0
Version:
12.0.0.67
640"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\Drvinstall\DpinstX64.exe" /u "NULL" PCI\VEN_1AF4&DEV_1002&SUBSYS_00051AF4&REV_00\3&267A616A&1&28C:\Program Files (x86)\IObit\Driver Booster\12.2.0\DrvInstall\DpInstX64.exeDriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Installer
Exit code:
0
Version:
12.2.0.66
644"C:\Users\admin\AppData\Local\Temp\is-921TK.tmp\driver_booster_setup.tmp" /SL5="$1702B6,30959079,139264,C:\Users\admin\Downloads\driver_booster_setup.exe" /SPAWNWND=$70290 /NOTIFYWND=$602BA C:\Users\admin\AppData\Local\Temp\is-921TK.tmp\driver_booster_setup.tmp
driver_booster_setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
1
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-921tk.tmp\driver_booster_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
716"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\Drvinstall\DpinstX64.exe" /u "NULL" USB\ROOT_HUB\4&2AAC7BDF&0C:\Program Files (x86)\IObit\Driver Booster\12.2.0\DrvInstall\DpInstX64.exeDriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Installer
Exit code:
0
Version:
12.2.0.66
784"C:\Program Files (x86)\IObit\Driver Booster\12.2.0\Drvinstall\DpinstX64.exe" /u "NULL" SW\{96E080C7-143C-11D1-B40F-00A0C9223196}\{3C0D501A-140B-11D1-B40F-00A0C9223196}C:\Program Files (x86)\IObit\Driver Booster\12.2.0\DrvInstall\DpInstX64.exeDriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Installer
Exit code:
0
Version:
12.2.0.66
848"C:\Users\admin\Downloads\driver_booster_setup.exe" /SPAWNWND=$70290 /NOTIFYWND=$602BA C:\Users\admin\Downloads\driver_booster_setup.exe
driver_booster_setup.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Booster 12 Setup
Exit code:
1
Version:
12.2.0.542
Modules
Images
c:\users\admin\downloads\driver_booster_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
56 530
Read events
56 252
Write events
106
Delete events
172

Modification events

(PID) Process:(4488) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000502B4
Operation:writeName:VirtualDesktop
Value:
1000000030304456A48A294F7A40804AB924005FF030B61F
(PID) Process:(4488) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated
Operation:writeName:Chrome
Value:
6
(PID) Process:(6384) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6384) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6384) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6384) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6384) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(4444) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000DC61A9268980DB01
(PID) Process:(4488) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000502BA
Operation:writeName:VirtualDesktop
Value:
1000000030304456A48A294F7A40804AB924005FF030B61F
(PID) Process:(4488) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000502BA
Operation:delete keyName:(default)
Value:
Executable files
177
Suspicious files
410
Text files
335
Unknown types
0

Dropped files

PID
Process
Filename
Type
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF135d94.TMP
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF135d94.TMP
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF135d94.TMP
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF135da4.TMP
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF135e02.TMP
MD5:
SHA256:
6384chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
125
DNS requests
46
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5004
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6384
chrome.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEEj8k7RgVZSNNqfJionWlBY%3D
unknown
whitelisted
6596
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6384
chrome.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKEBCcCA2kVwXheYCEGIdbQxSAZ47kHkVIIkhHAo%3D
unknown
whitelisted
6384
chrome.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEA5GibtScxO5s5CqaFARGvg%3D
unknown
whitelisted
6596
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6948
DriverBooster.exe
GET
200
23.50.131.74:80
http://download.iobit.com/appnews/default/db_news.dat
unknown
whitelisted
6656
backgroundTaskHost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6948
DriverBooster.exe
GET
206
23.50.131.74:80
http://download.iobit.com/appnews/default/db_news.dat
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3996
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5004
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5004
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
92.123.104.53:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.164
  • 23.48.23.176
  • 23.48.23.167
  • 23.48.23.153
  • 23.48.23.174
  • 23.48.23.158
  • 23.48.23.162
  • 23.48.23.150
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
google.com
  • 142.250.186.174
whitelisted
www.bing.com
  • 92.123.104.53
  • 92.123.104.47
  • 92.123.104.33
  • 92.123.104.59
  • 92.123.104.32
  • 92.123.104.31
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
login.live.com
  • 20.190.159.23
  • 20.190.159.75
  • 40.126.31.131
  • 20.190.159.128
  • 20.190.159.0
  • 40.126.31.2
  • 20.190.159.64
  • 40.126.31.129
whitelisted
cdn.iobit.com
  • 23.50.131.76
  • 23.50.131.89
unknown
accounts.google.com
  • 209.85.145.84
whitelisted
go.microsoft.com
  • 23.35.238.131
  • 2.19.246.123
whitelisted

Threats

PID
Process
Class
Message
6948
DriverBooster.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6948
DriverBooster.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6948
DriverBooster.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6948
DriverBooster.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6948
DriverBooster.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2292
DBDownloader.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Process
Message
setup.exe
time1
setup.exe
doFinshedEvent_Freeware 0
setup.exe
time3
setup.exe
chk_uiid
setup.exe
chk_lcid
setup.exe
CheckInstall
setup.exe
CheckMalware
setup.exe
ProductVersion: 12.2.0.542
setup.exe
WinVer 100
setup.exe
CheckLastRecVer
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cdn.iobit.com/dl/driver_booster_setup.exe